NetBSD Problem Report #57288

From www@netbsd.org  Fri Mar 24 06:03:49 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 5C3071A9239
	for <gnats-bugs@gnats.NetBSD.org>; Fri, 24 Mar 2023 06:03:49 +0000 (UTC)
Message-Id: <20230324060348.3BC721A923C@mollari.NetBSD.org>
Date: Fri, 24 Mar 2023 06:03:48 +0000 (UTC)
From: arthur200126@gmail.com
Reply-To: arthur200126@gmail.com
To: gnats-bugs@NetBSD.org
Subject: include/ssp/ssp.h: Use __builtin_dynamic_object_size for LLVM > 9 and GCC > 12
X-Send-Pr-Version: www-1.0

>Number:         57288
>Category:       lib
>Synopsis:       include/ssp/ssp.h: Use __builtin_dynamic_object_size for LLVM > 9 and GCC > 12
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    lib-bug-people
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Fri Mar 24 06:05:00 +0000 2023
>Last-Modified:  Wed Mar 29 13:40:01 +0000 2023
>Originator:     Mingye Wang
>Release:        trunk, 24 March 2023
>Organization:
>Environment:
Irrelevant, just reading the source code.
>Description:
LLVM 9.0 and GCC 12.0 introduced support for __builtin_dynamic_object_size, which feeds into glibc's level 3 of _FORTIFY_SOURCE -- the point of the new builtin is to also give sizes unknown at compile time.  NetBSD trunk currently uses LLVM 10.0git, which does have the feature.

NetBSD has its own implementation of the stuff in ssp, but its headers have not yet been updated to use the new thing. This affects downstream projects such as newlib and Cygwin, which use the NetBSD ssp.
>How-To-Repeat:
grep for __builtin_dynamic_object_size.
>Fix:
In the part that defines __SSP_FORTIFY_LEVEL, write instead:

```
#if !defined(__cplusplus)
# if _FORTIFY_SOURCE > 0 && !defined(__lint__) && \
     (__OPTIMIZE__ > 0 || defined(__clang__)) && __GNUC_PREREQ__(4, 1)
#  if _FORTIFY_SOURCE > 2 && __has_builtin(__builtin_dynamic_object_size)
#   define __SSP_FORTIFY_LEVEL 3
#  elif _FORTIFY_SOURCE > 1
#   define __SSP_FORTIFY_LEVEL 2
#  else
#   define __SSP_FORTIFY_LEVEL 1
#  endif
# else
#  define __SSP_FORTIFY_LEVEL 0
# endif
#else
# define __SSP_FORTIFY_LEVEL 0
#endif
```

In the part that defines __ssp_bos{,0}, write instead:

```
#if __SSP_FORTIFY_LEVEL > 2
# define __ssp_bos(ptr) __builtin_dynamic_object_size(ptr, 1)
# define __ssp_bos0(ptr) __builtin_dynamic_object_size(ptr, 0)
#else
# define __ssp_bos(ptr) __builtin_object_size(ptr, __SSP_FORTIFY_LEVEL > 1)
# define __ssp_bos0(ptr) __builtin_object_size(ptr, 0)
#endif
```

>Audit-Trail:
From: Mingye Wang <arthur200126@gmail.com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: lib/57288
Date: Fri, 24 Mar 2023 22:42:49 +0800

 --000000000000e9d84b05f7a668df
 Content-Type: text/plain; charset="UTF-8"

 Ouch, pretend that I wrote >= on the subject line. I should also mention
 that I lobbed an analogous bug at GCC at
 https://gcc.gnu.org/bugzilla/show_bug.cgi?id=109270 -- they have a libssp
 independent of glibc.

 Apple libc *should* also get a report, but they don't make reports
 externally-available, so no links there. Filed #275008996 at Android
 because they also have a libc with this thing.

 --000000000000e9d84b05f7a668df
 Content-Type: text/html; charset="UTF-8"
 Content-Transfer-Encoding: quoted-printable

 <div dir=3D"ltr">Ouch, pretend that I wrote &gt;=3D on the subject line. I =
 should also mention that I lobbed an analogous bug at GCC at=C2=A0<div dir=
 =3D"auto"><a href=3D"https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109270"=
  target=3D"_blank">https://gcc.gnu.org/bugzilla/show_bug.cgi?id=3D109270</a=
 > -- they have a libssp independent of glibc.</div><div dir=3D"auto"><br></=
 div><div dir=3D"auto">Apple libc *should* also get a report, but they don&#=
 39;t make reports externally-available, so no links there. Filed #275008996=
  at Android because they also have a libc with this thing.</div><div dir=3D=
 "auto"></div>
 </div>

 --000000000000e9d84b05f7a668df--

From: Mingye Wang <arthur200126@gmail.com>
To: gnats-bugs@netbsd.org
Cc: 
Subject: Re: lib/57288
Date: Sat, 25 Mar 2023 14:10:37 +0800

 Huh, __has_builtin may be too recent (GCC 10) to stuff into these
 headers. I am afraid that some hard version check is in order. Or you
 could just...

 #if defined(__clang__) || __GNUC__ >= 10
 #define __has_fancy_builtin(x) __has_builtin(x)
 #else
 #define __has_fancy_builtin(x) 0
 #endif

 Well, it's "fancy" because it would be very wrong if applied to the
 usual things from before GCC 10. Nah it's a terrible idea.

From: "Christos Zoulas" <christos@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/57288 CVS commit: src/include/ssp
Date: Wed, 29 Mar 2023 09:37:10 -0400

 Module Name:	src
 Committed By:	christos
 Date:		Wed Mar 29 13:37:10 UTC 2023

 Modified Files:
 	src/include/ssp: ssp.h

 Log Message:
 PR/57288: Mingye Wang: <ssp/ssp.h>: Use __builtin_dynamic_object_size
 for LLVM > 9 and GCC > 12, introducing _SSP_FORTIFY_LEVEL == 3


 To generate a diff of this commit:
 cvs rdiff -u -r1.13 -r1.14 src/include/ssp/ssp.h

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.47 2022/09/11 19:34:41 kim Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2023 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.