mirror of
git://sourceware.org/git/glibc.git
synced 2024-11-27 03:41:23 +08:00
Do not use -Wp to disable fortify (BZ 31928)
The -Wp does not work properly if the compiler is configured to enable fortify by default, since it bypasses the compiler driver (which defines the fortify flags in this case). This patch is similar to the one used on Ubuntu [1]. I checked with a build for x86_64-linux-gnu, i686-linux-gnu, aarch64-linux-gnu, s390x-linux-gnu, and riscv64-linux-gnu with gcc-13 that enables the fortify by default. Co-authored-by: Matthias Klose <matthias.klose@canonical.com> [1] https://git.launchpad.net/~ubuntu-core-dev/ubuntu/+source/glibc/tree/debian/patches/ubuntu/fix-fortify-source.patch Reviewed-by: DJ Delorie <dj@redhat.com>
This commit is contained in:
parent
9dfea3de7f
commit
127cefd84d
4
configure
vendored
4
configure
vendored
@ -7718,7 +7718,7 @@ printf "%s\n" "#define HAVE_LIBCAP 1" >>confdefs.h
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
|
|
||||||
no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
|
no_fortify_source="-U_FORTIFY_SOURCE"
|
||||||
fortify_source="${no_fortify_source}"
|
fortify_source="${no_fortify_source}"
|
||||||
|
|
||||||
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for maximum supported _FORTIFY_SOURCE level" >&5
|
{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for maximum supported _FORTIFY_SOURCE level" >&5
|
||||||
@ -7773,7 +7773,7 @@ esac
|
|||||||
|
|
||||||
if test "$libc_cv_fortify_source" = yes
|
if test "$libc_cv_fortify_source" = yes
|
||||||
then :
|
then :
|
||||||
fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"
|
fortify_source="${fortify_source} -D_FORTIFY_SOURCE=${enable_fortify_source}"
|
||||||
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -1536,7 +1536,7 @@ dnl If not, then don't use it.
|
|||||||
dnl Note that _FORTIFY_SOURCE may have been set through FLAGS too.
|
dnl Note that _FORTIFY_SOURCE may have been set through FLAGS too.
|
||||||
dnl _FORTIFY_SOURCE value will be selectively disabled for function that can't
|
dnl _FORTIFY_SOURCE value will be selectively disabled for function that can't
|
||||||
dnl support it
|
dnl support it
|
||||||
no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
|
no_fortify_source="-U_FORTIFY_SOURCE"
|
||||||
fortify_source="${no_fortify_source}"
|
fortify_source="${no_fortify_source}"
|
||||||
|
|
||||||
AC_CACHE_CHECK([for maximum supported _FORTIFY_SOURCE level],
|
AC_CACHE_CHECK([for maximum supported _FORTIFY_SOURCE level],
|
||||||
@ -1555,7 +1555,7 @@ AS_CASE([$enable_fortify_source],
|
|||||||
[libc_cv_fortify_source=no])
|
[libc_cv_fortify_source=no])
|
||||||
|
|
||||||
AS_IF([test "$libc_cv_fortify_source" = yes],
|
AS_IF([test "$libc_cv_fortify_source" = yes],
|
||||||
[fortify_source="${fortify_source},-D_FORTIFY_SOURCE=${enable_fortify_source}"]
|
[fortify_source="${fortify_source} -D_FORTIFY_SOURCE=${enable_fortify_source}"]
|
||||||
)
|
)
|
||||||
|
|
||||||
AC_SUBST(enable_fortify_source)
|
AC_SUBST(enable_fortify_source)
|
||||||
|
@ -171,16 +171,16 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
|
|||||||
# set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
|
# set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
|
||||||
# <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
|
# <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
|
||||||
CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
|
CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
|
||||||
CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
|
CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1
|
||||||
CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
|
CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
|
||||||
CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
|
CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1
|
||||||
CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
|
CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
|
||||||
CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
|
CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source) -D_FORTIFY_SOURCE=1
|
||||||
CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
|
CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
|
||||||
CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
|
CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
|
||||||
CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
|
CFLAGS-tst-sprintf-fortify-rdonly.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
|
||||||
CFLAGS-tst-fortify-syslog.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
|
CFLAGS-tst-fortify-syslog.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
|
||||||
CFLAGS-tst-fortify-wide.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
|
CFLAGS-tst-fortify-wide.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
|
||||||
|
|
||||||
# _FORTIFY_SOURCE tests.
|
# _FORTIFY_SOURCE tests.
|
||||||
# Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
|
# Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
|
||||||
@ -218,7 +218,8 @@ src-chk-nongnu = \#undef _GNU_SOURCE
|
|||||||
# cannot be disabled via pragmas, so require -Wno-error to be used.
|
# cannot be disabled via pragmas, so require -Wno-error to be used.
|
||||||
define gen-chk-test
|
define gen-chk-test
|
||||||
tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
|
tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
|
||||||
CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
|
CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source) -D_FORTIFY_SOURCE=$(3) \
|
||||||
|
-Wno-format \
|
||||||
-Wno-deprecated-declarations \
|
-Wno-deprecated-declarations \
|
||||||
-Wno-error
|
-Wno-error
|
||||||
$(eval $(call cflags-$(2),$(1),$(3),$(4)))
|
$(eval $(call cflags-$(2),$(1),$(3),$(4)))
|
||||||
|
@ -295,7 +295,7 @@ CFLAGS-read.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-i
|
|||||||
CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
|
CFLAGS-write.c += -fexceptions -fasynchronous-unwind-tables $(config-cflags-wno-ignored-attributes)
|
||||||
CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
|
CFLAGS-close.c += -fexceptions -fasynchronous-unwind-tables
|
||||||
CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
|
CFLAGS-lseek64.c += $(config-cflags-wno-ignored-attributes)
|
||||||
CFLAGS-tst-read-zero.c += $(no-fortify-source),-D_FORTIFY_SOURCE=$(supported-fortify)
|
CFLAGS-tst-read-zero.c += $(no-fortify-source) -D_FORTIFY_SOURCE=$(supported-fortify)
|
||||||
|
|
||||||
CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
|
CFLAGS-test-stat.c += -D_FILE_OFFSET_BITS=64 -D_LARGEFILE64_SOURCE
|
||||||
CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE
|
CFLAGS-test-lfs.c += -D_LARGEFILE64_SOURCE
|
||||||
|
@ -598,7 +598,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
|
|||||||
|
|
||||||
# BZ #11319 was first fixed for regular vdprintf, then reopened because
|
# BZ #11319 was first fixed for regular vdprintf, then reopened because
|
||||||
# the fortified version had the same bug.
|
# the fortified version had the same bug.
|
||||||
CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
|
CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
|
||||||
|
|
||||||
CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
|
CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
|
||||||
|
|
||||||
|
@ -264,7 +264,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
|
|||||||
CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
|
CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
|
||||||
CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
|
CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
|
||||||
CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
|
CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
|
||||||
CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
|
CPPFLAGS-tst-wchar-h.c += $(no-fortify-source) -D_FORTIFY_SOURCE=2
|
||||||
|
|
||||||
CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
|
CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
|
||||||
CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
|
CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)
|
||||||
|
Loading…
Reference in New Issue
Block a user