| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <20250111165844.6d95600f@pumpkin> Date: Sat, 11 Jan 2025 16:58:44 +0000 From: David Laight <david.laight.linux@...il.com> To: Vincent Mailhol <mailhol.vincent@...adoo.fr> Cc: Kees Cook <kees@...nel.org>, Nathan Chancellor <nathan@...nel.org>, Nick Desaulniers <ndesaulniers@...gle.com>, Bill Wendling <morbo@...gle.com>, Justin Stitt <justinstitt@...gle.com>, David Laight <david.laight@...lab.com>, linux-hardening@...r.kernel.org, linux-kernel@...r.kernel.org, llvm@...ts.linux.dev Subject: Re: [PATCH] fortify: turn strlen() into an inline function using __builtin_constant_p() On Sat, 11 Jan 2025 23:40:41 +0900 Vincent Mailhol <mailhol.vincent@...adoo.fr> wrote: > On Thu. 9 Jan 2025 at 16:52, Vincent Mailhol <mailhol.vincent@...adoo.fr> wrote: ... > Actually, I did more investigation and it is working for some strange > reasons. Whenever the argument of a function named strlen() is a > compile time constant, the compiler (both GCC and clang) will replace > it with the string length on the argument, even if strlen() is > programmed to return something else: > > https://godbolt.org/z/nK4b3fnM7 > > So it is only working because the compiler uses its builtin strlen() > instead of the function we provided. It depends on whether -ffreestanding is set. If not set gcc/clang assume a lot of the basic libc functions have their expected behaviour. David
Powered by blists - more mailing lists