include: de-macro __ssp_overlap(), improve semantics and checking
AcceptedPublic
Actions

Authored by kevans on Jul 9 2024, 7:51 PM.

Details

Reviewers

markj
kib

Group Reviewers

Klara

Summary

Switch away from pointer arithmetic to provide more obvious semantics
for checking overlap on pointer ranges. This lets us remove some casts
that need not exist and removes some possible fragility in its use.

While we're here, check for overflow just in case; sometimes we use a
caller-supplied size if __builtin_object_size(3) can't deduce the buffer
size, and we should fail the check if the size is nonsensical for the
provided buffers.

Diff Detail

Repository

rG FreeBSD src repository

Lint

Lint Skipped

Unit

Tests Skipped

Build Status

Buildable 58596
Build 55484: arc lint + arc unit

Event Timeline

kevans created this revision.Jul 9 2024, 7:51 PM

Herald added a subscriber: imp. · View Herald TranscriptJul 9 2024, 7:51 PM

kevans requested review of this revision.Jul 9 2024, 7:51 PM

Harbormaster completed remote builds in B58596: Diff 140743.Jul 9 2024, 7:51 PM

kevans added a parent revision: D45686: include: ssp: fortify <sys/socket.h>.Jul 9 2024, 7:51 PM

kevans mentioned this in D45682: include: ssp: fortify <wchar.h>.

markj added inline comments.Jul 11 2024, 7:05 PM

include/ssp/ssp.h
101	The `right <= left` condition is redundant, at this point we must have right < left.
include/ssp/wchar.h
34	Extra ws after `#define`
35	Do we need to check that `len * sizeof(wchar_t)` doesn't overflow?

Address review commentary, remove redundant bits and ad an overflow check to
__ssp_wchar_overlap (and make it an inline function as well, instead of a macro).

Harbormaster completed remote builds in B58618: Diff 140804.Jul 11 2024, 7:38 PM

markj accepted this revision as: markj.Jul 11 2024, 8:39 PM

This revision is now accepted and ready to land.Jul 11 2024, 8:39 PM