* catch errors
@ 2007-08-28 21:52 Ulrich Drepper
0 siblings, 0 replies; only message in thread
From: Ulrich Drepper @ 2007-08-28 21:52 UTC (permalink / raw)
To: SE-Linux
[-- Attachment #1.1: Type: text/plain, Size: 375 bytes --]
Given the buffer overflow which has been fixed recently I think it's
worthwhile adding to debug features. It's using the same technology as
glibc's _FORTIFY_SOURCE functionality. I would unconditionally define
DEBUG, in most cases the compiler can figure out there is no problem.
--
➧ Ulrich Drepper ➧ Red Hat, Inc. ➧ 444 Castro St ➧ Mountain View, CA ❖
[-- Attachment #1.2: d-libsepol-chk --]
[-- Type: text/plain, Size: 771 bytes --]
diff -durp libsepol-2.0.7/src/private.h libsepol-2.0.7-chk/src/private.h
--- libsepol-2.0.7/src/private.h 2007-08-28 14:43:36.000000000 -0700
+++ libsepol-2.0.7-chk/src/private.h 2007-08-28 14:47:26.000000000 -0700
@@ -45,3 +45,13 @@ extern struct policydb_compat_info *poli
extern int next_entry(void *buf, struct policy_file *fp, size_t bytes) hidden;
extern size_t put_entry(const void *ptr, size_t size, size_t n,
struct policy_file *fp) hidden;
+
+#ifdef DEBUG
+# if __GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR >= 1)
+# define next_entry(buf, fp, bytes) \
+ ({ size_t _bytes = bytes; \
+ __builtin_object_size (buf, 0) != (size_t) -1 && sizeof (buf) < _bytes \
+ ? (abort (), -1) \
+ : next_entry (buf, fp, _bytes); })
+# endif
+#endif
[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 189 bytes --]
^ permalink raw reply [flat|nested] only message in thread
only message in thread, other threads:[~2007-08-29 16:45 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2007-08-28 21:52 catch errors Ulrich Drepper
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.