wareck
/
openwrt_lede


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197
							From e6683d001a95d7c3d4d992496f00f77e01fcd268 Mon Sep 17 00:00:00 2001
From: Hauke Mehrtens <hauke@hauke-m.de>
Date: Sun, 22 Nov 2015 15:04:23 +0100
Subject: [PATCH v2] Add format attribute to some function declarations

GCC and Clang are able to check the format arguments given to a
function and warn the user if there is a error in the format arguments
or if there is a potential uncontrolled format string security problem
in the code. GCC does this automatically for some functions like
printf(), but it is also possible to annotate other functions in a way
that it will check them too. This feature is used by glibc for many
functions. This patch adds the attribute to the some functions of musl
expect for these functions where gcc automatically adds it.

GCC automatically adds checks for these functions: printf, fprintf,
sprintf, scanf, fscanf, sscanf, strftime, vprintf, vfprintf and
vsprintf.

The documentation from gcc is here:
https://gcc.gnu.org/onlinedocs/gcc/Common-Function-Attributes.html

The documentation from Clang is here:
http://clang.llvm.org/docs/AttributeReference.html#format-gnu-format

Signed-off-by: Hauke Mehrtens <hauke@hauke-m.de>
---
 include/err.h      | 26 +++++++++++++++++---------
 include/monetary.h | 12 ++++++++++--
 include/stdio.h    | 29 ++++++++++++++++++++---------
 include/syslog.h   | 12 ++++++++++--
 4 files changed, 57 insertions(+), 22 deletions(-)

--- a/include/err.h
+++ b/include/err.h
@@ -8,15 +8,23 @@
 extern "C" {
 #endif
 
-void warn(const char *, ...);
-void vwarn(const char *, va_list);
-void warnx(const char *, ...);
-void vwarnx(const char *, va_list);
+#if __GNUC__ >= 3
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
+#else
+#define __fp(x, y)
+#endif
 
-_Noreturn void err(int, const char *, ...);
-_Noreturn void verr(int, const char *, va_list);
-_Noreturn void errx(int, const char *, ...);
-_Noreturn void verrx(int, const char *, va_list);
+void warn(const char *, ...) __fp(1, 2);
+void vwarn(const char *, va_list) __fp(1, 0);
+void warnx(const char *, ...) __fp(1, 2);
+void vwarnx(const char *, va_list) __fp(1, 0);
+
+_Noreturn void err(int, const char *, ...) __fp(2, 3);
+_Noreturn void verr(int, const char *, va_list) __fp(2, 0);
+_Noreturn void errx(int, const char *, ...) __fp(2, 3);
+_Noreturn void verrx(int, const char *, va_list) __fp(2, 0);
+
+#undef __fp
 
 #ifdef __cplusplus
 }
--- a/include/monetary.h
+++ b/include/monetary.h
@@ -13,8 +13,16 @@ extern "C" {
 
 #include <bits/alltypes.h>
 
-ssize_t strfmon(char *__restrict, size_t, const char *__restrict, ...);
-ssize_t strfmon_l(char *__restrict, size_t, locale_t, const char *__restrict, ...);
+#if __GNUC__ >= 3
+#define __fsfm(x, y) __attribute__ ((__format__ (__strfmon__, x, y)))
+#else
+#define __fsfm(x, y)
+#endif
+
+ssize_t strfmon(char *__restrict, size_t, const char *__restrict, ...) __fsfm(3, 4);
+ssize_t strfmon_l(char *__restrict, size_t, locale_t, const char *__restrict, ...) __fsfm(4, 5);
+
+#undef __fsfm
 
 #ifdef __cplusplus
 }
--- a/include/stdio.h
+++ b/include/stdio.h
@@ -21,6 +21,14 @@ extern "C" {
 
 #include <bits/alltypes.h>
 
+#if __GNUC__ >= 3
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
+#define __fs(x, y) __attribute__ ((__format__ (__scanf__, x, y)))
+#else
+#define __fp(x, y)
+#define __fs(x, y)
+#endif
+
 #ifdef __cplusplus
 #define NULL 0L
 #else
@@ -102,19 +110,19 @@ int puts(const char *);
 int printf(const char *__restrict, ...);
 int fprintf(FILE *__restrict, const char *__restrict, ...);
 int sprintf(char *__restrict, const char *__restrict, ...);
-int snprintf(char *__restrict, size_t, const char *__restrict, ...);
+int snprintf(char *__restrict, size_t, const char *__restrict, ...) __fp(3, 4);
 
 int vprintf(const char *__restrict, __isoc_va_list);
 int vfprintf(FILE *__restrict, const char *__restrict, __isoc_va_list);
 int vsprintf(char *__restrict, const char *__restrict, __isoc_va_list);
-int vsnprintf(char *__restrict, size_t, const char *__restrict, __isoc_va_list);
+int vsnprintf(char *__restrict, size_t, const char *__restrict, __isoc_va_list) __fp(3, 0);
 
 int scanf(const char *__restrict, ...);
 int fscanf(FILE *__restrict, const char *__restrict, ...);
 int sscanf(const char *__restrict, const char *__restrict, ...);
-int vscanf(const char *__restrict, __isoc_va_list);
-int vfscanf(FILE *__restrict, const char *__restrict, __isoc_va_list);
-int vsscanf(const char *__restrict, const char *__restrict, __isoc_va_list);
+int vscanf(const char *__restrict, __isoc_va_list) __fs(1, 0);
+int vfscanf(FILE *__restrict, const char *__restrict, __isoc_va_list) __fs(2, 0);
+int vsscanf(const char *__restrict, const char *__restrict, __isoc_va_list) __fs(2, 0);
 
 void perror(const char *);
 
@@ -135,8 +143,8 @@ int pclose(FILE *);
 int fileno(FILE *);
 int fseeko(FILE *, off_t, int);
 off_t ftello(FILE *);
-int dprintf(int, const char *__restrict, ...);
-int vdprintf(int, const char *__restrict, __isoc_va_list);
+int dprintf(int, const char *__restrict, ...) __fp(2, 3);
+int vdprintf(int, const char *__restrict, __isoc_va_list) __fp(2, 0);
 void flockfile(FILE *);
 int ftrylockfile(FILE *);
 void funlockfile(FILE *);
@@ -175,8 +183,8 @@ int fileno_unlocked(FILE *);
 int getw(FILE *);
 int putw(int, FILE *);
 char *fgetln(FILE *, size_t *);
-int asprintf(char **, const char *, ...);
-int vasprintf(char **, const char *, __isoc_va_list);
+int asprintf(char **, const char *, ...) __fp(2, 3);
+int vasprintf(char **, const char *, __isoc_va_list) __fp(2, 0);
 #endif
 
 #ifdef _GNU_SOURCE
@@ -184,6 +192,9 @@ char *fgets_unlocked(char *, int, FILE *
 int fputs_unlocked(const char *, FILE *);
 #endif
 
+#undef __fp
+#undef __fs
+
 #if defined(_LARGEFILE64_SOURCE) || defined(_GNU_SOURCE)
 #define tmpfile64 tmpfile
 #define fopen64 fopen
--- a/include/syslog.h
+++ b/include/syslog.h
@@ -56,16 +56,22 @@ extern "C" {
 #define LOG_NOWAIT 0x10
 #define LOG_PERROR 0x20
 
+#if __GNUC__ >= 3
+#define __fp(x, y) __attribute__ ((__format__ (__printf__, x, y)))
+#else
+#define __fp(x, y)
+#endif
+
 void closelog (void);
 void openlog (const char *, int, int);
 int setlogmask (int);
-void syslog (int, const char *, ...);
+void syslog (int, const char *, ...) __fp(2, 3);
 
 #if defined(_GNU_SOURCE) || defined(_BSD_SOURCE)
 #define _PATH_LOG "/dev/log"
 #define __NEED_va_list
 #include <bits/alltypes.h>
-void vsyslog (int, const char *, va_list);
+void vsyslog (int, const char *, va_list) __fp(2, 0);
 #if defined(SYSLOG_NAMES)
 #define	INTERNAL_NOPRI 0x10
 #define	INTERNAL_MARK (LOG_NFACILITIES<<3)
@@ -93,6 +99,8 @@ typedef struct {
 #endif
 #endif
 
+#undef __fp
+
 #ifdef __cplusplus
 }
 #endif