From 29ca3cb0bb878d1841f8b1f979740c21992cddef Mon Sep 17 00:00:00 2001 From: Michael Kerrisk Date: Thu, 26 Feb 2015 15:41:46 +0100 Subject: [PATCH] feature_test_macros.7: Update discussion of _FORTIFY_SOURCE Since the initial implementation a lot more checks were added. Describe all the checks would be too verbose (and would soon fall out of date as more checks are added). So instead, describe the kinds of checks that are done more generally. Also a few other minor edits to the text. Signed-off-by: Michael Kerrisk --- man7/feature_test_macros.7 | 27 ++++++++++++++++----------- 1 file changed, 16 insertions(+), 11 deletions(-) diff --git a/man7/feature_test_macros.7 b/man7/feature_test_macros.7 index 71aa1157a..bfe4ee7bc 100644 --- a/man7/feature_test_macros.7 +++ b/man7/feature_test_macros.7 @@ -448,14 +448,8 @@ provided for compatibility with some other implementations. .\" * Date: Tue, 21 Sep 2004 04:16:40 -0400 Defining this macro causes some lightweight checks to be performed to detect some buffer overflow errors when employing -various string and memory manipulation functions. -Not all buffer overflows are detected, just some common cases. - -In the current implementation, checks are added for -calls to +various string and memory manipulation functions (for example, .BR memcpy (3), -.BR mempcpy (3), -.BR memmove (3), .BR memset (3), .BR stpcpy (3), .BR strcpy (3), @@ -466,8 +460,17 @@ calls to .BR snprintf (3), .BR vsprintf (3), .BR vsnprintf (3), -and -.BR gets (3). +.BR gets (3), +and wide character variants thereof). +For some functions, argument consistency is checked; +for example, a check is made that +.BR open (2) +has been supplied with a +.I mode +argument when the specified flags include +.BR O_CREAT . +Not all problems are detected, just some common cases. +.\" Look for __USE_FORTIFY_LEVEL in the header files If .B _FORTIFY_SOURCE @@ -477,7 +480,7 @@ and above, checks that shouldn't change the behavior of conforming programs are performed. With .B _FORTIFY_SOURCE -set to 2 some more checking is added, but +set to 2, some more checking is added, but some conforming programs might fail. .\" For example, given the following code .\" int d; @@ -491,7 +494,9 @@ some conforming programs might fail. .\" *** %n in writable segment detected *** .\" Aborted (core dumped) .\" -Some of the checks can be performed at compile time, + +Some of the checks can be performed at compile time +(via macros logic implemented in header files), and result in compiler warnings; other checks take place at run time, and result in a run-time error if the check fails.