198 lines
6.5 KiB
Diff
198 lines
6.5 KiB
Diff
From e6683d001a95d7c3d4d992496f00f77e01fcd268 Mon Sep 17 00:00:00 2001
|
|
From: Hauke Mehrtens <hauke@hauke-m.de>
|
|
Date: Sun, 22 Nov 2015 15:04:23 +0100
|
|
Subject: [PATCH v2] Add format attribute to some function declarations
|
|
|
|
GCC and Clang are able to check the format arguments given to a
|
|
function and warn the user if there is a error in the format arguments
|
|
or if there is a potential uncontrolled format string security problem
|
|
in the code. GCC does this automatically for some functions like
|
|
printf(), but it is also possible to annotate other functions in a way
|
|
that it will check them too. This feature is used by glibc for many
|
|
functions. This patch adds the attribute to the some functions of musl
|
|
expect for these functions where gcc automatically adds it.
|
|
|
|
GCC automatically adds checks for these functions: printf, fprintf,
|
|
sprintf, scanf, fscanf, sscanf, strftime, vprintf, vfprintf and
|
|
vsprintf.
|
|
|
|
The documentation from gcc is here:
|
|
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html
|
|
|
|
The documentation from Clang is here:
|
|
http://clang.llvm.org/docs/AttributeReference.html#format-gnu-format
|
|
|
|
Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
|
|
---
|
|
include/err.h | 26 +++++++++++++++++---------
|
|
include/monetary.h | 12 ++++++++++--
|
|
include/stdio.h | 29 ++++++++++++++++++++---------
|
|
include/syslog.h | 12 ++++++++++--
|
|
4 files changed, 57 insertions(+), 22 deletions(-)
|
|
|
|
--- a/include/err.h
|
|
+++ b/include/err.h
|
|
@@ -8,15 +8,23 @@
|
|
extern "C" {
|
|
#endif
|
|
|
|
-void warn(const char *, ...);
|
|
-void vwarn(const char *, va_list);
|
|
-void warnx(const char *, ...);
|
|
-void vwarnx(const char *, va_list);
|
|
+#if __GNUC__ >= 3
|
|
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
|
|
+#else
|
|
+#define __fp(x, y)
|
|
+#endif
|
|
|
|
-_Noreturn void err(int, const char *, ...);
|
|
-_Noreturn void verr(int, const char *, va_list);
|
|
-_Noreturn void errx(int, const char *, ...);
|
|
-_Noreturn void verrx(int, const char *, va_list);
|
|
+void warn(const char *, ...) __fp(1, 2);
|
|
+void vwarn(const char *, va_list) __fp(1, 0);
|
|
+void warnx(const char *, ...) __fp(1, 2);
|
|
+void vwarnx(const char *, va_list) __fp(1, 0);
|
|
+
|
|
+_Noreturn void err(int, const char *, ...) __fp(2, 3);
|
|
+_Noreturn void verr(int, const char *, va_list) __fp(2, 0);
|
|
+_Noreturn void errx(int, const char *, ...) __fp(2, 3);
|
|
+_Noreturn void verrx(int, const char *, va_list) __fp(2, 0);
|
|
+
|
|
+#undef __fp
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
--- a/include/monetary.h
|
|
+++ b/include/monetary.h
|
|
@@ -13,8 +13,16 @@ extern "C" {
|
|
|
|
#include <bits/alltypes.h>
|
|
|
|
-ssize_t strfmon(char *__restrict, size_t, const char *__restrict, ...);
|
|
-ssize_t strfmon_l(char *__restrict, size_t, locale_t, const char *__restrict, ...);
|
|
+#if __GNUC__ >= 3
|
|
+#define __fsfm(x, y) __attribute__ ((__format__ (__strfmon__, x, y)))
|
|
+#else
|
|
+#define __fsfm(x, y)
|
|
+#endif
|
|
+
|
|
+ssize_t strfmon(char *__restrict, size_t, const char *__restrict, ...) __fsfm(3, 4);
|
|
+ssize_t strfmon_l(char *__restrict, size_t, locale_t, const char *__restrict, ...) __fsfm(4, 5);
|
|
+
|
|
+#undef __fsfm
|
|
|
|
#ifdef __cplusplus
|
|
}
|
|
--- a/include/stdio.h
|
|
+++ b/include/stdio.h
|
|
@@ -21,6 +21,14 @@ extern "C" {
|
|
|
|
#include <bits/alltypes.h>
|
|
|
|
+#if __GNUC__ >= 3
|
|
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
|
|
+#define __fs(x, y) __attribute__ ((__format__ (__scanf__, x, y)))
|
|
+#else
|
|
+#define __fp(x, y)
|
|
+#define __fs(x, y)
|
|
+#endif
|
|
+
|
|
#ifdef __cplusplus
|
|
#define NULL 0L
|
|
#else
|
|
@@ -102,19 +110,19 @@ int puts(const char *);
|
|
int printf(const char *__restrict, ...);
|
|
int fprintf(FILE *__restrict, const char *__restrict, ...);
|
|
int sprintf(char *__restrict, const char *__restrict, ...);
|
|
-int snprintf(char *__restrict, size_t, const char *__restrict, ...);
|
|
+int snprintf(char *__restrict, size_t, const char *__restrict, ...) __fp(3, 4);
|
|
|
|
int vprintf(const char *__restrict, __isoc_va_list);
|
|
int vfprintf(FILE *__restrict, const char *__restrict, __isoc_va_list);
|
|
int vsprintf(char *__restrict, const char *__restrict, __isoc_va_list);
|
|
-int vsnprintf(char *__restrict, size_t, const char *__restrict, __isoc_va_list);
|
|
+int vsnprintf(char *__restrict, size_t, const char *__restrict, __isoc_va_list) __fp(3, 0);
|
|
|
|
int scanf(const char *__restrict, ...);
|
|
int fscanf(FILE *__restrict, const char *__restrict, ...);
|
|
int sscanf(const char *__restrict, const char *__restrict, ...);
|
|
-int vscanf(const char *__restrict, __isoc_va_list);
|
|
-int vfscanf(FILE *__restrict, const char *__restrict, __isoc_va_list);
|
|
-int vsscanf(const char *__restrict, const char *__restrict, __isoc_va_list);
|
|
+int vscanf(const char *__restrict, __isoc_va_list) __fs(1, 0);
|
|
+int vfscanf(FILE *__restrict, const char *__restrict, __isoc_va_list) __fs(2, 0);
|
|
+int vsscanf(const char *__restrict, const char *__restrict, __isoc_va_list) __fs(2, 0);
|
|
|
|
void perror(const char *);
|
|
|
|
@@ -135,8 +143,8 @@ int pclose(FILE *);
|
|
int fileno(FILE *);
|
|
int fseeko(FILE *, off_t, int);
|
|
off_t ftello(FILE *);
|
|
-int dprintf(int, const char *__restrict, ...);
|
|
-int vdprintf(int, const char *__restrict, __isoc_va_list);
|
|
+int dprintf(int, const char *__restrict, ...) __fp(2, 3);
|
|
+int vdprintf(int, const char *__restrict, __isoc_va_list) __fp(2, 0);
|
|
void flockfile(FILE *);
|
|
int ftrylockfile(FILE *);
|
|
void funlockfile(FILE *);
|
|
@@ -175,8 +183,8 @@ int fileno_unlocked(FILE *);
|
|
int getw(FILE *);
|
|
int putw(int, FILE *);
|
|
char *fgetln(FILE *, size_t *);
|
|
-int asprintf(char **, const char *, ...);
|
|
-int vasprintf(char **, const char *, __isoc_va_list);
|
|
+int asprintf(char **, const char *, ...) __fp(2, 3);
|
|
+int vasprintf(char **, const char *, __isoc_va_list) __fp(2, 0);
|
|
#endif
|
|
|
|
#ifdef _GNU_SOURCE
|
|
@@ -184,6 +192,9 @@ char *fgets_unlocked(char *, int, FILE *
|
|
int fputs_unlocked(const char *, FILE *);
|
|
#endif
|
|
|
|
+#undef __fp
|
|
+#undef __fs
|
|
+
|
|
#if defined(_LARGEFILE64_SOURCE) || defined(_GNU_SOURCE)
|
|
#define tmpfile64 tmpfile
|
|
#define fopen64 fopen
|
|
--- a/include/syslog.h
|
|
+++ b/include/syslog.h
|
|
@@ -56,16 +56,22 @@ extern "C" {
|
|
#define LOG_NOWAIT 0x10
|
|
#define LOG_PERROR 0x20
|
|
|
|
+#if __GNUC__ >= 3
|
|
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
|
|
+#else
|
|
+#define __fp(x, y)
|
|
+#endif
|
|
+
|
|
void closelog (void);
|
|
void openlog (const char *, int, int);
|
|
int setlogmask (int);
|
|
-void syslog (int, const char *, ...);
|
|
+void syslog (int, const char *, ...) __fp(2, 3);
|
|
|
|
#if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
|
|
#define _PATH_LOG "/dev/log"
|
|
#define __NEED_va_list
|
|
#include <bits/alltypes.h>
|
|
-void vsyslog (int, const char *, va_list);
|
|
+void vsyslog (int, const char *, va_list) __fp(2, 0);
|
|
#if defined(SYSLOG_NAMES)
|
|
#define INTERNAL_NOPRI 0x10
|
|
#define INTERNAL_MARK (LOG_NFACILITIES<<3)
|
|
@@ -93,6 +99,8 @@ typedef struct {
|
|
#endif
|
|
#endif
|
|
|
|
+#undef __fp
|
|
+
|
|
#ifdef __cplusplus
|
|
}
|
|
#endif
|