You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
freifunkist-firmware/toolchain/musl/patches/400-Add-format-attribute-to...

198 lines
6.6 KiB

From e6683d001a95d7c3d4d992496f00f77e01fcd268 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 22 Nov 2015 15:04:23 +0100
Subject: [PATCH v2] Add format attribute to some function declarations
GCC and Clang are able to check the format arguments given to a
function and warn the user if there is a error in the format arguments
or if there is a potential uncontrolled format string security problem
in the code. GCC does this automatically for some functions like
printf(), but it is also possible to annotate other functions in a way
that it will check them too. This feature is used by glibc for many
functions. This patch adds the attribute to the some functions of musl
expect for these functions where gcc automatically adds it.
GCC automatically adds checks for these functions: printf, fprintf,
sprintf, scanf, fscanf, sscanf, strftime, vprintf, vfprintf and
vsprintf.
The documentation from gcc is here:
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html
The documentation from Clang is here:
http://clang.llvm.org/docs/AttributeReference.html#format-gnu-format
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
include/err.h | 26 +++++++++++++++++---------
include/monetary.h | 12 ++++++++++--
include/stdio.h | 29 ++++++++++++++++++++---------
include/syslog.h | 12 ++++++++++--
4 files changed, 57 insertions(+), 22 deletions(-)
--- a/include/err.h
+++ b/include/err.h
@@ -8,15 +8,23 @@
extern "C" {
#endif
-void warn(const char *, ...);
-void vwarn(const char *, va_list);
-void warnx(const char *, ...);
-void vwarnx(const char *, va_list);
+#if __GNUC__ >= 3
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
+#else
+#define __fp(x, y)
+#endif
+
+void warn(const char *, ...) __fp(1, 2);
+void vwarn(const char *, va_list) __fp(1, 0);
+void warnx(const char *, ...) __fp(1, 2);
+void vwarnx(const char *, va_list) __fp(1, 0);
+
+_Noreturn void err(int, const char *, ...) __fp(2, 3);
+_Noreturn void verr(int, const char *, va_list) __fp(2, 0);
+_Noreturn void errx(int, const char *, ...) __fp(2, 3);
+_Noreturn void verrx(int, const char *, va_list) __fp(2, 0);
-_Noreturn void err(int, const char *, ...);
-_Noreturn void verr(int, const char *, va_list);
-_Noreturn void errx(int, const char *, ...);
-_Noreturn void verrx(int, const char *, va_list);
+#undef __fp
#ifdef __cplusplus
}
--- a/include/monetary.h
+++ b/include/monetary.h
@@ -13,8 +13,16 @@ extern "C" {
#include <bits/alltypes.h>
-ssize_t strfmon(char *__restrict, size_t, const char *__restrict, ...);
-ssize_t strfmon_l(char *__restrict, size_t, locale_t, const char *__restrict, ...);
+#if __GNUC__ >= 3
+#define __fsfm(x, y) __attribute__ ((__format__ (__strfmon__, x, y)))
+#else
+#define __fsfm(x, y)
+#endif
+
+ssize_t strfmon(char *__restrict, size_t, const char *__restrict, ...) __fsfm(3, 4);
+ssize_t strfmon_l(char *__restrict, size_t, locale_t, const char *__restrict, ...) __fsfm(4, 5);
+
+#undef __fsfm
#ifdef __cplusplus
}
--- a/include/stdio.h
+++ b/include/stdio.h
toolchain/musl: update to version 1.1.22 new features: - priority-inheritance mutexes - membarrier syscall, pre-registration to use it, fallback emulation - header-level support for new linux features in 4.19, 4.20, 5.0 major internal changes: - complete, async-safe view of all existent threads as global list - robust __synccall based on new thread list - new dynamic TLS is installed synchronously at dlopen - TLSDESC resolver functions no longer make bad ABI assumptions to call C - resolved shared library dependencies are now recorded compatibility & conformance: - dependency-order shared library constructor execution - sigaltstack no longer rejects SS_AUTODISARM, future flags - FILE is now a complete (dummy) type in pre-C11 feature profiles - setvbuf reports failure on invalid arguments - TSVTX is exposed unconditionally in tar.h - multithreaded set*id() no longer depends on /proc - key slot reuse after pthread_key_delete no longer depends on /proc bugs fixed: - failures in multithreaded set*id() with concurrent thread creation/exit - interposed free was called from invalid/inconsistent contexts - freeaddrinfo performed invalid free of some partial results lists - dlsym dependency order search had false negatives and false positives - dn_skipname gave wrong results for labels with 8-bit content - dcngettext clobbered errno, often breaking printing of error messages - sscanf read past end of buffer under certain conditions (1.1.21 regression) - pthread_key_create spuriously failed under race condition (1.1.21 regression) - fdopendir wrongly succeeded with O_PATH file descriptors - gets behaved incorrectly in presence of null bytes - namespace violations in c11 tsd and mutex function dependencies - incorrect prototype for makecontext (unimplemented) arch-specfic bugs fixed: - s390x had wrong values for POSIX_FADV_DONTNEED/_NOREUSE Extensively tested on dozens of devices, covering most popular architectures. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com> Signed-off-by: Roman Yeryomin <roman@advem.lv>
6 years ago
@@ -25,6 +25,14 @@ extern "C" {
#include <bits/alltypes.h>
+#if __GNUC__ >= 3
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
+#define __fs(x, y) __attribute__ ((__format__ (__scanf__, x, y)))
+#else
+#define __fp(x, y)
+#define __fs(x, y)
+#endif
+
#ifdef __cplusplus
#define NULL 0L
#else
toolchain/musl: update to version 1.1.22 new features: - priority-inheritance mutexes - membarrier syscall, pre-registration to use it, fallback emulation - header-level support for new linux features in 4.19, 4.20, 5.0 major internal changes: - complete, async-safe view of all existent threads as global list - robust __synccall based on new thread list - new dynamic TLS is installed synchronously at dlopen - TLSDESC resolver functions no longer make bad ABI assumptions to call C - resolved shared library dependencies are now recorded compatibility & conformance: - dependency-order shared library constructor execution - sigaltstack no longer rejects SS_AUTODISARM, future flags - FILE is now a complete (dummy) type in pre-C11 feature profiles - setvbuf reports failure on invalid arguments - TSVTX is exposed unconditionally in tar.h - multithreaded set*id() no longer depends on /proc - key slot reuse after pthread_key_delete no longer depends on /proc bugs fixed: - failures in multithreaded set*id() with concurrent thread creation/exit - interposed free was called from invalid/inconsistent contexts - freeaddrinfo performed invalid free of some partial results lists - dlsym dependency order search had false negatives and false positives - dn_skipname gave wrong results for labels with 8-bit content - dcngettext clobbered errno, often breaking printing of error messages - sscanf read past end of buffer under certain conditions (1.1.21 regression) - pthread_key_create spuriously failed under race condition (1.1.21 regression) - fdopendir wrongly succeeded with O_PATH file descriptors - gets behaved incorrectly in presence of null bytes - namespace violations in c11 tsd and mutex function dependencies - incorrect prototype for makecontext (unimplemented) arch-specfic bugs fixed: - s390x had wrong values for POSIX_FADV_DONTNEED/_NOREUSE Extensively tested on dozens of devices, covering most popular architectures. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com> Signed-off-by: Roman Yeryomin <roman@advem.lv>
6 years ago
@@ -107,19 +115,19 @@ int puts(const char *);
int printf(const char *__restrict, ...);
int fprintf(FILE *__restrict, const char *__restrict, ...);
int sprintf(char *__restrict, const char *__restrict, ...);
-int snprintf(char *__restrict, size_t, const char *__restrict, ...);
+int snprintf(char *__restrict, size_t, const char *__restrict, ...) __fp(3, 4);
int vprintf(const char *__restrict, __isoc_va_list);
int vfprintf(FILE *__restrict, const char *__restrict, __isoc_va_list);
int vsprintf(char *__restrict, const char *__restrict, __isoc_va_list);
-int vsnprintf(char *__restrict, size_t, const char *__restrict, __isoc_va_list);
+int vsnprintf(char *__restrict, size_t, const char *__restrict, __isoc_va_list) __fp(3, 0);
int scanf(const char *__restrict, ...);
int fscanf(FILE *__restrict, const char *__restrict, ...);
int sscanf(const char *__restrict, const char *__restrict, ...);
-int vscanf(const char *__restrict, __isoc_va_list);
-int vfscanf(FILE *__restrict, const char *__restrict, __isoc_va_list);
-int vsscanf(const char *__restrict, const char *__restrict, __isoc_va_list);
+int vscanf(const char *__restrict, __isoc_va_list) __fs(1, 0);
+int vfscanf(FILE *__restrict, const char *__restrict, __isoc_va_list) __fs(2, 0);
+int vsscanf(const char *__restrict, const char *__restrict, __isoc_va_list) __fs(2, 0);
void perror(const char *);
toolchain/musl: update to version 1.1.22 new features: - priority-inheritance mutexes - membarrier syscall, pre-registration to use it, fallback emulation - header-level support for new linux features in 4.19, 4.20, 5.0 major internal changes: - complete, async-safe view of all existent threads as global list - robust __synccall based on new thread list - new dynamic TLS is installed synchronously at dlopen - TLSDESC resolver functions no longer make bad ABI assumptions to call C - resolved shared library dependencies are now recorded compatibility & conformance: - dependency-order shared library constructor execution - sigaltstack no longer rejects SS_AUTODISARM, future flags - FILE is now a complete (dummy) type in pre-C11 feature profiles - setvbuf reports failure on invalid arguments - TSVTX is exposed unconditionally in tar.h - multithreaded set*id() no longer depends on /proc - key slot reuse after pthread_key_delete no longer depends on /proc bugs fixed: - failures in multithreaded set*id() with concurrent thread creation/exit - interposed free was called from invalid/inconsistent contexts - freeaddrinfo performed invalid free of some partial results lists - dlsym dependency order search had false negatives and false positives - dn_skipname gave wrong results for labels with 8-bit content - dcngettext clobbered errno, often breaking printing of error messages - sscanf read past end of buffer under certain conditions (1.1.21 regression) - pthread_key_create spuriously failed under race condition (1.1.21 regression) - fdopendir wrongly succeeded with O_PATH file descriptors - gets behaved incorrectly in presence of null bytes - namespace violations in c11 tsd and mutex function dependencies - incorrect prototype for makecontext (unimplemented) arch-specfic bugs fixed: - s390x had wrong values for POSIX_FADV_DONTNEED/_NOREUSE Extensively tested on dozens of devices, covering most popular architectures. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com> Signed-off-by: Roman Yeryomin <roman@advem.lv>
6 years ago
@@ -140,8 +148,8 @@ int pclose(FILE *);
int fileno(FILE *);
int fseeko(FILE *, off_t, int);
off_t ftello(FILE *);
-int dprintf(int, const char *__restrict, ...);
-int vdprintf(int, const char *__restrict, __isoc_va_list);
+int dprintf(int, const char *__restrict, ...) __fp(2, 3);
+int vdprintf(int, const char *__restrict, __isoc_va_list) __fp(2, 0);
void flockfile(FILE *);
int ftrylockfile(FILE *);
void funlockfile(FILE *);
toolchain/musl: update to version 1.1.22 new features: - priority-inheritance mutexes - membarrier syscall, pre-registration to use it, fallback emulation - header-level support for new linux features in 4.19, 4.20, 5.0 major internal changes: - complete, async-safe view of all existent threads as global list - robust __synccall based on new thread list - new dynamic TLS is installed synchronously at dlopen - TLSDESC resolver functions no longer make bad ABI assumptions to call C - resolved shared library dependencies are now recorded compatibility & conformance: - dependency-order shared library constructor execution - sigaltstack no longer rejects SS_AUTODISARM, future flags - FILE is now a complete (dummy) type in pre-C11 feature profiles - setvbuf reports failure on invalid arguments - TSVTX is exposed unconditionally in tar.h - multithreaded set*id() no longer depends on /proc - key slot reuse after pthread_key_delete no longer depends on /proc bugs fixed: - failures in multithreaded set*id() with concurrent thread creation/exit - interposed free was called from invalid/inconsistent contexts - freeaddrinfo performed invalid free of some partial results lists - dlsym dependency order search had false negatives and false positives - dn_skipname gave wrong results for labels with 8-bit content - dcngettext clobbered errno, often breaking printing of error messages - sscanf read past end of buffer under certain conditions (1.1.21 regression) - pthread_key_create spuriously failed under race condition (1.1.21 regression) - fdopendir wrongly succeeded with O_PATH file descriptors - gets behaved incorrectly in presence of null bytes - namespace violations in c11 tsd and mutex function dependencies - incorrect prototype for makecontext (unimplemented) arch-specfic bugs fixed: - s390x had wrong values for POSIX_FADV_DONTNEED/_NOREUSE Extensively tested on dozens of devices, covering most popular architectures. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com> Signed-off-by: Roman Yeryomin <roman@advem.lv>
6 years ago
@@ -180,8 +188,8 @@ int fileno_unlocked(FILE *);
int getw(FILE *);
int putw(int, FILE *);
char *fgetln(FILE *, size_t *);
-int asprintf(char **, const char *, ...);
-int vasprintf(char **, const char *, __isoc_va_list);
+int asprintf(char **, const char *, ...) __fp(2, 3);
+int vasprintf(char **, const char *, __isoc_va_list) __fp(2, 0);
#endif
#ifdef _GNU_SOURCE
toolchain/musl: update to version 1.1.22 new features: - priority-inheritance mutexes - membarrier syscall, pre-registration to use it, fallback emulation - header-level support for new linux features in 4.19, 4.20, 5.0 major internal changes: - complete, async-safe view of all existent threads as global list - robust __synccall based on new thread list - new dynamic TLS is installed synchronously at dlopen - TLSDESC resolver functions no longer make bad ABI assumptions to call C - resolved shared library dependencies are now recorded compatibility & conformance: - dependency-order shared library constructor execution - sigaltstack no longer rejects SS_AUTODISARM, future flags - FILE is now a complete (dummy) type in pre-C11 feature profiles - setvbuf reports failure on invalid arguments - TSVTX is exposed unconditionally in tar.h - multithreaded set*id() no longer depends on /proc - key slot reuse after pthread_key_delete no longer depends on /proc bugs fixed: - failures in multithreaded set*id() with concurrent thread creation/exit - interposed free was called from invalid/inconsistent contexts - freeaddrinfo performed invalid free of some partial results lists - dlsym dependency order search had false negatives and false positives - dn_skipname gave wrong results for labels with 8-bit content - dcngettext clobbered errno, often breaking printing of error messages - sscanf read past end of buffer under certain conditions (1.1.21 regression) - pthread_key_create spuriously failed under race condition (1.1.21 regression) - fdopendir wrongly succeeded with O_PATH file descriptors - gets behaved incorrectly in presence of null bytes - namespace violations in c11 tsd and mutex function dependencies - incorrect prototype for makecontext (unimplemented) arch-specfic bugs fixed: - s390x had wrong values for POSIX_FADV_DONTNEED/_NOREUSE Extensively tested on dozens of devices, covering most popular architectures. Signed-off-by: Koen Vandeputte <koen.vandeputte@ncentric.com> Signed-off-by: Dainis Jonitis <dainis.jonitis@ubnt.com> Signed-off-by: Roman Yeryomin <roman@advem.lv>
6 years ago
@@ -203,6 +211,9 @@ typedef struct _IO_cookie_io_functions_t
FILE *fopencookie(void *, const char *, cookie_io_functions_t);
#endif
+#undef __fp
+#undef __fs
+
#if defined(_LARGEFILE64_SOURCE) || defined(_GNU_SOURCE)
#define tmpfile64 tmpfile
#define fopen64 fopen
--- a/include/syslog.h
+++ b/include/syslog.h
@@ -56,16 +56,22 @@ extern "C" {
#define LOG_NOWAIT 0x10
#define LOG_PERROR 0x20
+#if __GNUC__ >= 3
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
+#else
+#define __fp(x, y)
+#endif
+
void closelog (void);
void openlog (const char *, int, int);
int setlogmask (int);
-void syslog (int, const char *, ...);
+void syslog (int, const char *, ...) __fp(2, 3);
#if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
#define _PATH_LOG "/dev/log"
#define __NEED_va_list
#include <bits/alltypes.h>
-void vsyslog (int, const char *, va_list);
+void vsyslog (int, const char *, va_list) __fp(2, 0);
#if defined(SYSLOG_NAMES)
#define INTERNAL_NOPRI 0x10
#define INTERNAL_MARK (LOG_NFACILITIES<<3)
@@ -93,6 +99,8 @@ typedef struct {
#endif
#endif
+#undef __fp
+
#ifdef __cplusplus
}
#endif