On 06/01/2012 03:34 PM, Jakub Jelinek wrote:
The standard -D_FORTIFY_SOURCE failure is __chk_fail (), so IMNSHO
if this is presented as _FORTIFY_SOURCE check, it should call that
and not some other function. You'd need to use
#if __USE_FORTIFY_LEVEL> 0
test instead (as __chk_fail is only provided by glibcs that on
_FORTIFY_SOURCE definition sets __USE_FORTIFY_LEVEL), but it would be
consistent with all other fortification failures (and, even
-fstack-protector failures are similar).
__chk_fail it is, then. This means that the test case will be specific
to GNU libc platforms. How can I mark it as such?
Or of course if you want it to do something else on failures, better
enable it using a different macro.
I'm aiming for a consistent developer experience.
There is little documentation for _FORTIFY_SOURCE, and we plan to change
that. However, due to the way most additional checks are implemented
(reliance upon __builtin_object_size in particular), it will always be
magic you cannot rely on, which makes good documentation difficult. But
we should at least explain that! (Obviously, the std::vector check
doesn't share this problem.)
--
Florian Weimer / Red Hat Product Security Team
