glibc.git/debug/Makefile, branch master Unnamed repository; edit this file 'description' to name the repository. Implement C23 memset_explicit (bug 32378) 2025-10-01T15:14:09+00:00 Joseph Myers josmyers@redhat.com 2025-10-01T15:14:09+00:00 0f201f4a817e39c01c502f523d4ea3c91f242767 Add the C23 memset_explicit function to glibc. Everything here is closely based on the approach taken for explicit_bzero. This includes the bits that relate to internal uses of explicit_bzero within glibc (although we don't currently have any such internal uses of memset_explicit), and also includes the nonnull attribute (when we move to nonnull_if_nonzero for various functions following C2y, this function should be included in that change). The function is declared both for __USE_MISC and for __GLIBC_USE (ISOC23) (so by default not just for compilers defaulting to C23 mode). Tested for x86_64 and x86. 
Add the C23 memset_explicit function to glibc.  Everything here is
closely based on the approach taken for explicit_bzero.  This includes
the bits that relate to internal uses of explicit_bzero within glibc
(although we don't currently have any such internal uses of
memset_explicit), and also includes the nonnull attribute (when we
move to nonnull_if_nonzero for various functions following C2y, this
function should be included in that change).

The function is declared both for __USE_MISC and for __GLIBC_USE (ISOC23)
(so by default not just for compilers defaulting to C23 mode).

Tested for x86_64 and x86.
debug: Only run sframe tests if run-built-tests is enabled 2025-07-25T17:03:23+00:00 Adhemerval Zanella adhemerval.zanella@linaro.org 2025-07-25T17:03:23+00:00 9e1951ae887a63a5af4d135fbfc751adb641cf6b 






Disable SFrame support by default
2025-07-24T18:51:58+00:00

Adhemerval Zanella
adhemerval.zanella@linaro.org

2025-07-22T15:55:50+00:00

20528165bda5286f8c5c2d20200699a354eb9a0a

And add extra checks to enable for binutils 2.45 and if the architecture
explicitly enables it.  When SFrame is disabled, all the related code
is also not enabled for backtrace() and _dl_find_object(), so SFrame
backtracking is not used even if the binary has the SFrame segment.

This patch also adds some other related fixes:

  * Fixed an issue with AC_CHECK_PROG_VER, where the READELF_SFRAME
    usage prevented specifying a different readelf through READELF
    environment variable at configure time.

  * Add an extra arch-specific internal definition,
    libc_cv_support_sframe, to disable --enable-sframe on architectures
    that have binutils but not glibc support (s390x).

  * Renamed the tests without the .sframe segment and move the
    tst-backtrace1 from pthread to debug.

  * Use the built compiler strip to remove the .sframe segment,
    instead of the system one (which might not support SFrame).

Checked on x86_64-linux-gnu and aarch64-linux-gnu.

Reviewed-by: Sam James <sam@gentoo.org>





And add extra checks to enable for binutils 2.45 and if the architecture
explicitly enables it.  When SFrame is disabled, all the related code
is also not enabled for backtrace() and _dl_find_object(), so SFrame
backtracking is not used even if the binary has the SFrame segment.

This patch also adds some other related fixes:

  * Fixed an issue with AC_CHECK_PROG_VER, where the READELF_SFRAME
    usage prevented specifying a different readelf through READELF
    environment variable at configure time.

  * Add an extra arch-specific internal definition,
    libc_cv_support_sframe, to disable --enable-sframe on architectures
    that have binutils but not glibc support (s390x).

  * Renamed the tests without the .sframe segment and move the
    tst-backtrace1 from pthread to debug.

  * Use the built compiler strip to remove the .sframe segment,
    instead of the system one (which might not support SFrame).

Checked on x86_64-linux-gnu and aarch64-linux-gnu.

Reviewed-by: Sam James <sam@gentoo.org>







debug: Link tst-sprintf-fortify-rdonly-static with -Wl,-z,relro [BZ 33183]
2025-07-24T14:53:35+00:00

John David Anglin
danglin@gcc.gnu.org

2025-07-24T14:53:35+00:00

d21c8ba4795044ae863e832d0683ba10fec01c7c

This test requires relro_format be placed in the PT_GNU_RELRO segment.
The ELF linker enables -z relro support by default on all Linux targets
except FRV, HPPA, IA64 and MIPS. On these targets, we need to explicitly
link with -z relro to place relro_format in the PT_GNU_RELRO segment.

Signed-off-by: John David Anglin <dave.anglin@bell.net>





This test requires relro_format be placed in the PT_GNU_RELRO segment.
The ELF linker enables -z relro support by default on all Linux targets
except FRV, HPPA, IA64 and MIPS. On these targets, we need to explicitly
link with -z relro to place relro_format in the PT_GNU_RELRO segment.

Signed-off-by: John David Anglin <dave.anglin@bell.net>







elf: Initialize GLRO (dl_read_only_area) after static dlopen (bug 33139)
2025-07-18T17:58:59+00:00

Florian Weimer
fweimer@redhat.com

2025-07-18T17:58:59+00:00

01196393c257c59f63e0e14fa1bfe8d2a699bf2d

The _dl_read_only_area function in the uninitialized ld.so after
static dlopen is not able to find anything.  Instead, we need to
redirect to the code from the statically linked main program.

Fixes commit d60fffe28a46b2a41fc308c1804ff02375d27408 ("debug:
Improve '%n' fortify detection (BZ 30932)").

Reviewed-by: Adhemerval Zanella Netto  <adhemerval.zanella@linaro.org>





The _dl_read_only_area function in the uninitialized ld.so after
static dlopen is not able to find anything.  Instead, we need to
redirect to the code from the statically linked main program.

Fixes commit d60fffe28a46b2a41fc308c1804ff02375d27408 ("debug:
Improve '%n' fortify detection (BZ 30932)").

Reviewed-by: Adhemerval Zanella Netto  <adhemerval.zanella@linaro.org>







debug: Do not link tst-sprintf-fortify-rdonly against the dlopen module
2025-07-18T17:58:56+00:00

Florian Weimer
fweimer@redhat.com

2025-07-18T17:58:56+00:00

3a9c1497e320d77b2453ee88d7d6b40e162e85d4

The test intends to load tst-sprintf-fortify-rdonly-dlopen.so via
dlopen, and directly linking against it prevents that.

Reviewed-by: Adhemerval Zanella Netto  <adhemerval.zanella@linaro.org>





The test intends to load tst-sprintf-fortify-rdonly-dlopen.so via
dlopen, and directly linking against it prevents that.

Reviewed-by: Adhemerval Zanella Netto  <adhemerval.zanella@linaro.org>







SFrame: Add tests that uses DWARF backtracer
2025-07-14T09:58:00+00:00

Claudiu Zissulescu
claudiu.zissulescu-ianculescu@oracle.com

2025-07-14T09:43:31+00:00

e85dbd8604aedf4f3a30c6c9c2f0efc18183f270

When SFrame is enabled, we need to tests DW backtracer as well. Do
this by executing the same backtrace tests with .sframe section
stripped.

Signed-off-by: Claudiu Zissulescu <claudiu.zissulescu-ianculescu@oracle.com>
Reviewed-by: DJ Delorie <dj@redhat.com>





When SFrame is enabled, we need to tests DW backtracer as well. Do
this by executing the same backtrace tests with .sframe section
stripped.

Signed-off-by: Claudiu Zissulescu <claudiu.zissulescu-ianculescu@oracle.com>
Reviewed-by: DJ Delorie <dj@redhat.com>







Add _FORTIFY_SOURCE support for inet_pton
2025-03-24T18:43:03+00:00

Aaron Merey
amerey@redhat.com

2025-03-20T17:13:33+00:00

e3a6e85d67f1a48dec3e2557a83d6ce1544a58cb

Add function __inet_pton_chk which calls __chk_fail when the size of
argument dst is too small.   inet_pton is redirected to __inet_pton_chk
or __inet_pton_warn when _FORTIFY_SOURCE is > 0.

Also add tests to debug/tst-fortify.c, update the abilist with
__inet_pton_chk and mention inet_pton fortification in maint.texi.

Co-authored-by: Frédéric Bérat <fberat@redhat.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>





Add function __inet_pton_chk which calls __chk_fail when the size of
argument dst is too small.   inet_pton is redirected to __inet_pton_chk
or __inet_pton_warn when _FORTIFY_SOURCE is > 0.

Also add tests to debug/tst-fortify.c, update the abilist with
__inet_pton_chk and mention inet_pton fortification in maint.texi.

Co-authored-by: Frédéric Bérat <fberat@redhat.com>
Reviewed-by: Florian Weimer <fweimer@redhat.com>







debug: Improve '%n' fortify detection (BZ 30932)
2025-03-21T18:46:48+00:00

Adhemerval Zanella
adhemerval.zanella@linaro.org

2025-03-14T19:09:57+00:00

ed6a68bac7cd056abda9008019c71b167f0362dc

The 7bb8045ec0 path made the '%n' fortify check ignore EMFILE errors
while trying to open /proc/self/maps, and this added a security
issue where EMFILE can be attacker-controlled thus making it
ineffective for some cases.

The EMFILE failure is reinstated but with a different error
message.  Also, to improve the false positive of the hardening for
the cases where no new files can be opened, the
_dl_readonly_area now uses  _dl_find_object to check if the
memory area is within a writable ELF segment.  The procfs method is
still used as fallback.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Arjun Shankar <arjun@redhat.com>





The 7bb8045ec0 path made the '%n' fortify check ignore EMFILE errors
while trying to open /proc/self/maps, and this added a security
issue where EMFILE can be attacker-controlled thus making it
ineffective for some cases.

The EMFILE failure is reinstated but with a different error
message.  Also, to improve the false positive of the hardening for
the cases where no new files can be opened, the
_dl_readonly_area now uses  _dl_find_object to check if the
memory area is within a writable ELF segment.  The procfs method is
still used as fallback.

Checked on x86_64-linux-gnu and i686-linux-gnu.
Reviewed-by: Arjun Shankar <arjun@redhat.com>







Add _FORTIFY_SOURCE support for inet_ntop
2025-03-21T08:35:42+00:00

Frédéric Bérat
fberat@redhat.com

2025-03-07T17:16:30+00:00

090dfa40a5e46f7c0e4d6e8369bcbbd51267625f

- Create the __inet_ntop_chk routine that verifies that the builtin size
of the destination buffer is at least as big as the size given by the
user.
- Redirect calls from inet_ntop to __inet_ntop_chk or __inet_ntop_warn
- Update the abilist for this new routine
- Update the manual to mention the new fortification

Reviewed-by: Florian Weimer <fweimer@redhat.com>





- Create the __inet_ntop_chk routine that verifies that the builtin size
of the destination buffer is at least as big as the size given by the
user.
- Redirect calls from inet_ntop to __inet_ntop_chk or __inet_ntop_warn
- Update the abilist for this new routine
- Update the manual to mention the new fortification

Reviewed-by: Florian Weimer <fweimer@redhat.com>