diff options
| author | Xi Ruoyao <xry111@xry111.site> | 2023-09-25 19:53:26 +0800 |
|---|---|---|
| committer | Siddhesh Poyarekar <siddhesh@sourceware.org> | 2023-09-26 20:11:38 -0400 |
| commit | 64b1a44183a3094672ed304532bedb9acc707554 (patch) | |
| tree | 41131e52fd02f763e2ab83cb9967386f4c40a515 /libio/bits/stdio2-decl.h | |
| parent | 6b695e5c628734b9801fcf53149687cb4fe6926e (diff) | |
| download | glibc-64b1a44183a3094672ed304532bedb9acc707554.tar.xz glibc-64b1a44183a3094672ed304532bedb9acc707554.zip | |
libio: Add nonnull attribute for most FILE * arguments in stdio.h
During the review of a GCC analyzer test case, we found most stdio
functions accepting a FILE * argument expect it to be nonnull and just
segfault when the argument is NULL. Add nonnull attribute for them.
fflush and fflush_unlocked are well defined when __stream is NULL so
they are not touched.
For fputs, fgets, fread, fwrite, fprintf, vfprintf, and their unlocked
version, if __stream is empty but there is nothing to read or write,
they did not segfault. But the standard disallow __stream to be empty
here, so nonnull attribute is also added for them. Note that this may
blow up some old code already subtly broken.
Also add __nonnull for _chk variants and __fortify_function versions for
them.
Signed-off-by: Xi Ruoyao <xry111@xry111.site>
Reviewed-by: Alejandro Colomar <alx@kernel.org>
Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Diffstat (limited to 'libio/bits/stdio2-decl.h')
| -rw-r--r-- | libio/bits/stdio2-decl.h | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/libio/bits/stdio2-decl.h b/libio/bits/stdio2-decl.h index d7ef7283d6..3b60c72931 100644 --- a/libio/bits/stdio2-decl.h +++ b/libio/bits/stdio2-decl.h @@ -47,10 +47,12 @@ extern int __vsnprintf_chk (char *__restrict __s, size_t __n, int __flag, #if __USE_FORTIFY_LEVEL > 1 extern int __fprintf_chk (FILE *__restrict __stream, int __flag, - const char *__restrict __format, ...); + const char *__restrict __format, ...) + __nonnull ((1)); extern int __printf_chk (int __flag, const char *__restrict __format, ...); extern int __vfprintf_chk (FILE *__restrict __stream, int __flag, - const char *__restrict __format, __gnuc_va_list __ap); + const char *__restrict __format, + __gnuc_va_list __ap) __nonnull ((1)); extern int __vprintf_chk (int __flag, const char *__restrict __format, __gnuc_va_list __ap); @@ -103,7 +105,7 @@ extern char *__REDIRECT (__fgets_chk_warn, extern char *__fgets_chk (char *__restrict __s, size_t __size, int __n, FILE *__restrict __stream) - __wur __attr_access ((__write_only__, 1, 3)); + __wur __attr_access ((__write_only__, 1, 3)) __nonnull ((4)); extern size_t __REDIRECT (__fread_alias, (void *__restrict __ptr, size_t __size, @@ -119,7 +121,7 @@ extern size_t __REDIRECT (__fread_chk_warn, extern size_t __fread_chk (void *__restrict __ptr, size_t __ptrlen, size_t __size, size_t __n, - FILE *__restrict __stream) __wur; + FILE *__restrict __stream) __wur __nonnull ((5)); #ifdef __USE_GNU extern char *__REDIRECT_FORTIFY (__fgets_unlocked_alias, @@ -135,7 +137,7 @@ extern char *__REDIRECT (__fgets_unlocked_chk_warn, extern char *__fgets_unlocked_chk (char *__restrict __s, size_t __size, int __n, FILE *__restrict __stream) - __wur __attr_access ((__write_only__, 1, 3)); + __wur __attr_access ((__write_only__, 1, 3)) __nonnull ((4)); #endif #ifdef __USE_MISC @@ -154,7 +156,8 @@ extern size_t __REDIRECT (__fread_unlocked_chk_warn, extern size_t __fread_unlocked_chk (void *__restrict __ptr, size_t __ptrlen, size_t __size, size_t __n, - FILE *__restrict __stream) __wur; + FILE *__restrict __stream) + __wur __nonnull ((5)); #endif #endif /* bits/stdio2-decl.h. */ |