From a643f60c53876be0d57b4b7373770e6cb356fd13 Mon Sep 17 00:00:00 2001 From: Siddhesh Poyarekar Date: Wed, 20 Oct 2021 18:12:41 +0530 Subject: Make sure that the fortified function conditionals are constant In _FORTIFY_SOURCE=3, the size expression may be non-constant, resulting in branches in the inline functions remaining intact and causing a tiny overhead. Clang (and in future, gcc) make sure that the -1 case is always safe, i.e. any comparison of the generated expression with (size_t)-1 is always false so that bit is taken care of. The rest is avoidable since we want the _chk variant whenever we have a size expression and it's not -1. Rework the conditionals in a uniform way to clearly indicate two conditions at compile time: - Either the size is unknown (-1) or we know at compile time that the operation length is less than the object size. We can call the original function in this case. It could be that either the length, object size or both are non-constant, but the compiler, through range analysis, is able to fold the *comparison* to a constant. - The size and length are known and the compiler can see at compile time that operation length > object size. This is valid grounds for a warning at compile time, followed by emitting the _chk variant. For everything else, emit the _chk variant. This simplifies most of the fortified function implementations and at the same time, ensures that only one call from _chk or the regular function is emitted. Signed-off-by: Siddhesh Poyarekar Reviewed-by: Adhemerval Zanella --- wcsmbs/bits/wchar2.h | 219 ++++++++++++++------------------------------------- 1 file changed, 61 insertions(+), 158 deletions(-) (limited to 'wcsmbs') diff --git a/wcsmbs/bits/wchar2.h b/wcsmbs/bits/wchar2.h index ea2518dc72..26012ef936 100644 --- a/wcsmbs/bits/wchar2.h +++ b/wcsmbs/bits/wchar2.h @@ -39,17 +39,9 @@ __fortify_function wchar_t * __NTH (wmemcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, size_t __n)) { - if (__glibc_objsize0 (__s1) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wmemcpy_chk (__s1, __s2, __n, - __glibc_objsize0 (__s1) / sizeof (wchar_t)); - - if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t)) - return __wmemcpy_chk_warn (__s1, __s2, __n, - __glibc_objsize0 (__s1) / sizeof (wchar_t)); - } - return __wmemcpy_alias (__s1, __s2, __n); + return __glibc_fortify_n (wmemcpy, __n, sizeof (wchar_t), + __glibc_objsize0 (__s1), + __s1, __s2, __n); } @@ -67,18 +59,9 @@ extern wchar_t *__REDIRECT_NTH (__wmemmove_chk_warn, __fortify_function wchar_t * __NTH (wmemmove (wchar_t *__s1, const wchar_t *__s2, size_t __n)) { - if (__glibc_objsize0 (__s1) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wmemmove_chk (__s1, __s2, __n, - __glibc_objsize0 (__s1) / sizeof (wchar_t)); - - if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t)) - return __wmemmove_chk_warn (__s1, __s2, __n, - (__glibc_objsize0 (__s1) - / sizeof (wchar_t))); - } - return __wmemmove_alias (__s1, __s2, __n); + return __glibc_fortify_n (wmemmove, __n, sizeof (wchar_t), + __glibc_objsize0 (__s1), + __s1, __s2, __n); } @@ -101,18 +84,9 @@ __fortify_function wchar_t * __NTH (wmempcpy (wchar_t *__restrict __s1, const wchar_t *__restrict __s2, size_t __n)) { - if (__glibc_objsize0 (__s1) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wmempcpy_chk (__s1, __s2, __n, - __glibc_objsize0 (__s1) / sizeof (wchar_t)); - - if (__n > __glibc_objsize0 (__s1) / sizeof (wchar_t)) - return __wmempcpy_chk_warn (__s1, __s2, __n, - (__glibc_objsize0 (__s1) - / sizeof (wchar_t))); - } - return __wmempcpy_alias (__s1, __s2, __n); + return __glibc_fortify_n (wmempcpy, __n, sizeof (wchar_t), + __glibc_objsize0 (__s1), + __s1, __s2, __n); } #endif @@ -130,17 +104,9 @@ extern wchar_t *__REDIRECT_NTH (__wmemset_chk_warn, __fortify_function wchar_t * __NTH (wmemset (wchar_t *__s, wchar_t __c, size_t __n)) { - if (__glibc_objsize0 (__s) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wmemset_chk (__s, __c, __n, - __glibc_objsize0 (__s) / sizeof (wchar_t)); - - if (__n > __glibc_objsize0 (__s) / sizeof (wchar_t)) - return __wmemset_chk_warn (__s, __c, __n, - __glibc_objsize0 (__s) / sizeof (wchar_t)); - } - return __wmemset_alias (__s, __c, __n); + return __glibc_fortify_n (wmemset, __n, sizeof (wchar_t), + __glibc_objsize0 (__s), + __s, __c, __n); } @@ -154,9 +120,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscpy_alias, __fortify_function wchar_t * __NTH (wcscpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) { - if (__glibc_objsize (__dest) != (size_t) -1) - return __wcscpy_chk (__dest, __src, - __glibc_objsize (__dest) / sizeof (wchar_t)); + size_t sz = __glibc_objsize (__dest); + if (sz != (size_t) -1) + return __wcscpy_chk (__dest, __src, sz / sizeof (wchar_t)); return __wcscpy_alias (__dest, __src); } @@ -171,9 +137,9 @@ extern wchar_t *__REDIRECT_NTH (__wcpcpy_alias, __fortify_function wchar_t * __NTH (wcpcpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) { - if (__glibc_objsize (__dest) != (size_t) -1) - return __wcpcpy_chk (__dest, __src, - __glibc_objsize (__dest) / sizeof (wchar_t)); + size_t sz = __glibc_objsize (__dest); + if (sz != (size_t) -1) + return __wcpcpy_chk (__dest, __src, sz / sizeof (wchar_t)); return __wcpcpy_alias (__dest, __src); } @@ -196,17 +162,9 @@ __fortify_function wchar_t * __NTH (wcsncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, size_t __n)) { - if (__glibc_objsize (__dest) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wcsncpy_chk (__dest, __src, __n, - __glibc_objsize (__dest) / sizeof (wchar_t)); - if (__n > __glibc_objsize (__dest) / sizeof (wchar_t)) - return __wcsncpy_chk_warn (__dest, __src, __n, - (__glibc_objsize (__dest) - / sizeof (wchar_t))); - } - return __wcsncpy_alias (__dest, __src, __n); + return __glibc_fortify_n (wcsncpy, __n, sizeof (wchar_t), + __glibc_objsize (__dest), + __dest, __src, __n); } @@ -228,17 +186,9 @@ __fortify_function wchar_t * __NTH (wcpncpy (wchar_t *__restrict __dest, const wchar_t *__restrict __src, size_t __n)) { - if (__glibc_objsize (__dest) != (size_t) -1) - { - if (!__builtin_constant_p (__n)) - return __wcpncpy_chk (__dest, __src, __n, - __glibc_objsize (__dest) / sizeof (wchar_t)); - if (__n > __glibc_objsize (__dest) / sizeof (wchar_t)) - return __wcpncpy_chk_warn (__dest, __src, __n, - (__glibc_objsize (__dest) - / sizeof (wchar_t))); - } - return __wcpncpy_alias (__dest, __src, __n); + return __glibc_fortify_n (wcpncpy, __n, sizeof (wchar_t), + __glibc_objsize (__dest), + __dest, __src, __n); } @@ -252,9 +202,9 @@ extern wchar_t *__REDIRECT_NTH (__wcscat_alias, __fortify_function wchar_t * __NTH (wcscat (wchar_t *__restrict __dest, const wchar_t *__restrict __src)) { - if (__glibc_objsize (__dest) != (size_t) -1) - return __wcscat_chk (__dest, __src, - __glibc_objsize (__dest) / sizeof (wchar_t)); + size_t sz = __glibc_objsize (__dest); + if (sz != (size_t) -1) + return __wcscat_chk (__dest, __src, sz / sizeof (wchar_t)); return __wcscat_alias (__dest, __src); } @@ -271,9 +221,9 @@ __fortify_function wchar_t * __NTH (wcsncat (wchar_t *__restrict __dest, const wchar_t *__restrict __src, size_t __n)) { - if (__glibc_objsize (__dest) != (size_t) -1) - return __wcsncat_chk (__dest, __src, __n, - __glibc_objsize (__dest) / sizeof (wchar_t)); + size_t sz = __glibc_objsize (__dest); + if (sz != (size_t) -1) + return __wcsncat_chk (__dest, __src, __n, sz / sizeof (wchar_t)); return __wcsncat_alias (__dest, __src, __n); } @@ -293,10 +243,10 @@ __fortify_function int __NTH (swprintf (wchar_t *__restrict __s, size_t __n, const wchar_t *__restrict __fmt, ...)) { - if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + size_t sz = __glibc_objsize (__s); + if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) return __swprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - __glibc_objsize (__s) / sizeof (wchar_t), - __fmt, __va_arg_pack ()); + sz / sizeof (wchar_t), __fmt, __va_arg_pack ()); return __swprintf_alias (__s, __n, __fmt, __va_arg_pack ()); } #elif !defined __cplusplus @@ -323,10 +273,10 @@ __fortify_function int __NTH (vswprintf (wchar_t *__restrict __s, size_t __n, const wchar_t *__restrict __fmt, __gnuc_va_list __ap)) { - if (__glibc_objsize (__s) != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) + size_t sz = __glibc_objsize (__s); + if (sz != (size_t) -1 || __USE_FORTIFY_LEVEL > 1) return __vswprintf_chk (__s, __n, __USE_FORTIFY_LEVEL - 1, - __glibc_objsize (__s) / sizeof (wchar_t), __fmt, - __ap); + sz / sizeof (wchar_t), __fmt, __ap); return __vswprintf_alias (__s, __n, __fmt, __ap); } @@ -392,18 +342,12 @@ extern wchar_t *__REDIRECT (__fgetws_chk_warn, __fortify_function __wur wchar_t * fgetws (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) { - if (__glibc_objsize (__s) != (size_t) -1) - { - if (!__builtin_constant_p (__n) || __n <= 0) - return __fgetws_chk (__s, __glibc_objsize (__s) / sizeof (wchar_t), - __n, __stream); - - if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t)) - return __fgetws_chk_warn (__s, - __glibc_objsize (__s) / sizeof (wchar_t), - __n, __stream); - } - return __fgetws_alias (__s, __n, __stream); + size_t sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) + return __fgetws_alias (__s, __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) + return __fgetws_chk_warn (__s, sz / sizeof (wchar_t), __n, __stream); + return __fgetws_chk (__s, sz / sizeof (wchar_t), __n, __stream); } #ifdef __USE_GNU @@ -424,20 +368,13 @@ extern wchar_t *__REDIRECT (__fgetws_unlocked_chk_warn, __fortify_function __wur wchar_t * fgetws_unlocked (wchar_t *__restrict __s, int __n, __FILE *__restrict __stream) { - if (__glibc_objsize (__s) != (size_t) -1) - { - if (!__builtin_constant_p (__n) || __n <= 0) - return __fgetws_unlocked_chk (__s, - __glibc_objsize (__s) / sizeof (wchar_t), - __n, __stream); - - if ((size_t) __n > __glibc_objsize (__s) / sizeof (wchar_t)) - return __fgetws_unlocked_chk_warn (__s, - (__glibc_objsize (__s) - / sizeof (wchar_t)), - __n, __stream); - } - return __fgetws_unlocked_alias (__s, __n, __stream); + size_t sz = __glibc_objsize (__s); + if (__glibc_safe_or_unknown_len (__n, sizeof (wchar_t), sz)) + return __fgetws_unlocked_alias (__s, __n, __stream); + if (__glibc_unsafe_len (__n, sizeof (wchar_t), sz)) + return __fgetws_unlocked_chk_warn (__s, sz / sizeof (wchar_t), __n, + __stream); + return __fgetws_unlocked_chk (__s, sz / sizeof (wchar_t), __n, __stream); } #endif @@ -488,18 +425,9 @@ __fortify_function size_t __NTH (mbsrtowcs (wchar_t *__restrict __dst, const char **__restrict __src, size_t __len, mbstate_t *__restrict __ps)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __mbsrtowcs_chk (__dst, __src, __len, __ps, - __glibc_objsize (__dst) / sizeof (wchar_t)); - - if (__len > __glibc_objsize (__dst) / sizeof (wchar_t)) - return __mbsrtowcs_chk_warn (__dst, __src, __len, __ps, - (__glibc_objsize (__dst) - / sizeof (wchar_t))); - } - return __mbsrtowcs_alias (__dst, __src, __len, __ps); + return __glibc_fortify_n (mbsrtowcs, __len, sizeof (wchar_t), + __glibc_objsize (__dst), + __dst, __src, __len, __ps); } @@ -523,17 +451,9 @@ __fortify_function size_t __NTH (wcsrtombs (char *__restrict __dst, const wchar_t **__restrict __src, size_t __len, mbstate_t *__restrict __ps)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __wcsrtombs_chk (__dst, __src, __len, __ps, - __glibc_objsize (__dst)); - - if (__len > __glibc_objsize (__dst)) - return __wcsrtombs_chk_warn (__dst, __src, __len, __ps, - __glibc_objsize (__dst)); - } - return __wcsrtombs_alias (__dst, __src, __len, __ps); + return __glibc_fortify (wcsrtombs, __len, sizeof (char), + __glibc_objsize (__dst), + __dst, __src, __len, __ps); } @@ -559,18 +479,9 @@ __fortify_function size_t __NTH (mbsnrtowcs (wchar_t *__restrict __dst, const char **__restrict __src, size_t __nmc, size_t __len, mbstate_t *__restrict __ps)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __mbsnrtowcs_chk (__dst, __src, __nmc, __len, __ps, - __glibc_objsize (__dst) / sizeof (wchar_t)); - - if (__len > __glibc_objsize (__dst) / sizeof (wchar_t)) - return __mbsnrtowcs_chk_warn (__dst, __src, __nmc, __len, __ps, - (__glibc_objsize (__dst) - / sizeof (wchar_t))); - } - return __mbsnrtowcs_alias (__dst, __src, __nmc, __len, __ps); + return __glibc_fortify_n (mbsnrtowcs, __len, sizeof (wchar_t), + __glibc_objsize (__dst), + __dst, __src, __nmc, __len, __ps); } @@ -596,16 +507,8 @@ __fortify_function size_t __NTH (wcsnrtombs (char *__restrict __dst, const wchar_t **__restrict __src, size_t __nwc, size_t __len, mbstate_t *__restrict __ps)) { - if (__glibc_objsize (__dst) != (size_t) -1) - { - if (!__builtin_constant_p (__len)) - return __wcsnrtombs_chk (__dst, __src, __nwc, __len, __ps, - __glibc_objsize (__dst)); - - if (__len > __glibc_objsize (__dst)) - return __wcsnrtombs_chk_warn (__dst, __src, __nwc, __len, __ps, - __glibc_objsize (__dst)); - } - return __wcsnrtombs_alias (__dst, __src, __nwc, __len, __ps); + return __glibc_fortify (wcsnrtombs, __len, sizeof (char), + __glibc_objsize (__dst), + __dst, __src, __nwc, __len, __ps); } #endif -- cgit v1.2.3-70-g09d2