scripts: Fix fortify checks if compiler does not support _FORTIFY_SOURCE=3

The 30379efad1 added _FORTIFY_SOURCE checks without check if compiler does support all used fortify levels. This patch fixes it by first checking at configure time the maximum support fortify level and using it instead of a pre-defined one. Checked on x86_64 with gcc 11, 12, and 13. Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org> Tested-by: Florian Weimer <fweimer@redhat.com>
2025-03-06 20:58:33 +01:00 · 2023-07-20 11:35:54 -03:00 · 2023-07-20 11:35:54 -03:00 · a3090c2c98
commit a3090c2c98
parent 6c85c5a177
5 changed files with 30 additions and 30 deletions
--- a/4
+++ b/4
@ -545,7 +545,7 @@ tests-special += $(objpfx)check-installed-headers-c.out
 libof-check-installed-headers-c := testsuite
 $(objpfx)check-installed-headers-c.out: \
    scripts/check-installed-headers.sh $(headers)
-	$(SHELL) $(..)scripts/check-installed-headers.sh c \
+	$(SHELL) $(..)scripts/check-installed-headers.sh c $(supported-fortify) \
 	  "$(CC) $(filter-out -std=%,$(CFLAGS)) -D_ISOMAC $(+includes)" \
 	  $(headers) > $@; \
 	$(evaluate-test)
@ -555,7 +555,7 @@ tests-special += $(objpfx)check-installed-headers-cxx.out
 libof-check-installed-headers-cxx := testsuite
 $(objpfx)check-installed-headers-cxx.out: \
    scripts/check-installed-headers.sh $(headers)
-	$(SHELL) $(..)scripts/check-installed-headers.sh c++ \
+	$(SHELL) $(..)scripts/check-installed-headers.sh c++ $(supported-fortify) \
 	  "$(CXX) $(filter-out -std=%,$(CXXFLAGS)) -D_ISOMAC $(+includes)" \
 	  $(headers) > $@; \
 	$(evaluate-test)
--- a/4
+++ b/4
@ -85,7 +85,7 @@ tests-special += $(objpfx)check-installed-headers-c.out
 libof-check-installed-headers-c := testsuite
 $(objpfx)check-installed-headers-c.out: \
    $(..)scripts/check-installed-headers.sh $(headers)
-	$(SHELL) $(..)scripts/check-installed-headers.sh c \
+	$(SHELL) $(..)scripts/check-installed-headers.sh c $(supported-fortify) \
 	  "$(CC) $(filter-out -std=%,$(CFLAGS)) -D_ISOMAC $(+includes)" \
 	  $(headers) > $@; \
 	$(evaluate-test)
@ -97,7 +97,7 @@ tests-special += $(objpfx)check-installed-headers-cxx.out
 libof-check-installed-headers-cxx := testsuite
 $(objpfx)check-installed-headers-cxx.out: \
    $(..)scripts/check-installed-headers.sh $(headers)
-	$(SHELL) $(..)scripts/check-installed-headers.sh c++ \
+	$(SHELL) $(..)scripts/check-installed-headers.sh c++ $(supported-fortify) \
 	  "$(CXX) $(filter-out -std=%,$(CXXFLAGS)) -D_ISOMAC $(+includes)" \
 	  $(headers) > $@; \
 	$(evaluate-test)
--- a/28
+++ b/28
@ -7610,9 +7610,9 @@ fi
 no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
 fortify_source="${no_fortify_source}"
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for __builtin_dynamic_object_size" >&5
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking for maximum supported _FORTIFY_SOURCE level" >&5
-printf %s "checking for __builtin_dynamic_object_size... " >&6; }
+printf %s "checking for maximum supported _FORTIFY_SOURCE level... " >&6; }
-if test ${libc_cv___builtin_dynamic_object_size+y}
+if test ${libc_cv_supported_fortify_source+y}
 then :
  printf %s "(cached) " >&6
 else $as_nop
@ -7630,30 +7630,24 @@ __builtin_dynamic_object_size("", 0)
 _ACEOF
 if ac_fn_c_try_link "$LINENO"
 then :
-  libc_cv___builtin_dynamic_object_size=yes
+  libc_cv_supported_fortify_source=3
         if test "$enable_fortify_source" = yes
 then :
  enable_fortify_source=3
 fi
 else $as_nop
-  libc_cv___builtin_dynamic_object_size=no
+  libc_cv_supported_fortify_source=2
         if test "$enable_fortify_source" = yes
 then :
  enable_fortify_source=2
 fi
 fi
 rm -f core conftest.err conftest.$ac_objext conftest.beam \
    conftest$ac_exeext conftest.$ac_ext
 fi
-{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv___builtin_dynamic_object_size" >&5
+{ printf "%s\n" "$as_me:${as_lineno-$LINENO}: result: $libc_cv_supported_fortify_source" >&5
-printf "%s\n" "$libc_cv___builtin_dynamic_object_size" >&6; }
+printf "%s\n" "$libc_cv_supported_fortify_source" >&6; }
 case $enable_fortify_source in #(
  yes) :
    libc_cv_fortify_source=yes enable_fortify_source=$libc_cv_supported_fortify_source ;; #(
  1|2) :
    libc_cv_fortify_source=yes ;; #(
  3) :
-    if test "$libc_cv___builtin_dynamic_object_size" = yes
+    if test $libc_cv_supported_fortify_source = 3
 then :
  libc_cv_fortify_source=yes
 else $as_nop
@ -7673,6 +7667,8 @@ fi
 config_vars="$config_vars
 supported-fortify = $libc_cv_supported_fortify_source"
 { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether the assembler requires one version per symbol" >&5
 printf %s "checking whether the assembler requires one version per symbol... " >&6; }
--- a/configure.ac
+++ b/configure.ac
@ -1578,17 +1578,17 @@ dnl support it
 no_fortify_source="-Wp,-U_FORTIFY_SOURCE"
 fortify_source="${no_fortify_source}"
-AC_CACHE_CHECK([for __builtin_dynamic_object_size], [libc_cv___builtin_dynamic_object_size], [
+AC_CACHE_CHECK([for maximum supported _FORTIFY_SOURCE level],
 	       [libc_cv_supported_fortify_source], [
    AC_LINK_IFELSE([AC_LANG_PROGRAM([], [__builtin_dynamic_object_size("", 0)])],
-        [libc_cv___builtin_dynamic_object_size=yes
+        [libc_cv_supported_fortify_source=3],
-         AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=3])],
+        [libc_cv_supported_fortify_source=2])
        [libc_cv___builtin_dynamic_object_size=no
         AS_IF([test "$enable_fortify_source" = yes], [enable_fortify_source=2])])
 ])
 AS_CASE([$enable_fortify_source],
        [yes], [libc_cv_fortify_source=yes enable_fortify_source=$libc_cv_supported_fortify_source],
        [1|2], [libc_cv_fortify_source=yes],
-        [3], [AS_IF([test "$libc_cv___builtin_dynamic_object_size" = yes],
+        [3], [AS_IF([test $libc_cv_supported_fortify_source = 3],
                    [libc_cv_fortify_source=yes],
                    [AC_MSG_ERROR([Compiler doesn't provide necessary support for _FORTIFY_SOURCE=3])])],
        [libc_cv_fortify_source=no])
@ -1601,6 +1601,7 @@ AC_SUBST(enable_fortify_source)
 AC_SUBST(libc_cv_fortify_source)
 AC_SUBST(no_fortify_source)
 AC_SUBST(fortify_source)
 LIBC_CONFIG_VAR([supported-fortify], [$libc_cv_supported_fortify_source])
 dnl Starting with binutils 2.35, GAS can attach multiple symbol versions
 dnl to one symbol (PR 23840).
--- a/scripts/check-installed-headers.sh
+++ b/scripts/check-installed-headers.sh
@ -29,11 +29,12 @@ cxx_modes="-std=c++98 -std=gnu++98 -std=c++11 -std=gnu++11"
 # These are probably the most commonly used three.
 lib_modes="-D_DEFAULT_SOURCE=1 -D_GNU_SOURCE=1 -D_XOPEN_SOURCE=700"
-# Also check for fortify modes, since it might be enabled as default.
+# Also check for fortify modes, since it might be enabled as default.  The
-fortify_modes="1 2 3"
+# maximum value to be checked is define by maximum_fortify argument.
 fortify_modes=""
 if [ $# -lt 3 ]; then
-    echo "usage: $0 c|c++ \"compile command\" header header header..." >&2
+    echo "usage: $0 c|c++ maximum_fortify \"compile command\" header header header..." >&2
    exit 2
 fi
 case "$1" in
@ -50,6 +51,8 @@ case "$1" in
        exit 2;;
 esac
 shift
 fortify_modes=$(seq -s' ' 1 $1)
 shift
 cc_cmd="$1"
 shift
 trap "rm -f '$cih_test_c'" 0
@ -104,7 +107,6 @@ EOF
    for lang_mode in "" $lang_modes; do
        for lib_mode in "" $lib_modes; do
            for fortify_mode in "" $fortify_modes; do
                echo :::: $lang_mode $lib_mode $fortify_mode
                if [ -z "$lib_mode" ]; then
                    expanded_lib_mode='/* default library mode */'
                else
@ -114,6 +116,7 @@ EOF
                if [ ! -z $fortify_mode ]; then
                    fortify_mode="#define _FORTIFY_SOURCE $fortify_mode"
                fi
                echo :::: $lang_mode $lib_mode $fortify_mode
                cat >"$cih_test_c" <<EOF
 /* These macros may have been defined on the command line.  They are
   inappropriate for this test.  */