ssp: add Object Size Checking for stdio.h, part 1

The implementation is mostly from NetBSD, except for switching fgets to
pure inline, and the addition of fgets_unlocked, fread, and fread_unlocked
for parity with glibc.  The following functions are also guarded in glibc:
asprintf, dprintf, fprintf, printf, vasprintf, vdprintf, vfprintf, vprintf.

Signed-off-by: Yaakov Selkowitz <yselkowi@redhat.com>

newlib/libc/include/ssp/stdio.h

@@ -0,0 +1,101 @@
+/*	$NetBSD: stdio.h,v 1.5 2011/07/17 20:54:34 joerg Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#ifndef _SSP_STDIO_H_
+#define _SSP_STDIO_H_
+
+#include <ssp/ssp.h>
+
+__BEGIN_DECLS
+int __sprintf_chk(char *__restrict, int, size_t, const char *__restrict, ...)
+    __printflike(4, 5);
+int __vsprintf_chk(char *__restrict, int, size_t, const char *__restrict,
+    __va_list)
+    __printflike(4, 0);
+int __snprintf_chk(char *__restrict, size_t, int, size_t,
+    const char *__restrict, ...)
+    __printflike(5, 6);
+int __vsnprintf_chk(char *__restrict, size_t, int, size_t,
+     const char *__restrict, __va_list)
+    __printflike(5, 0);
+char *__gets_chk(char *, size_t);
+__END_DECLS
+
+#if __SSP_FORTIFY_LEVEL > 0
+
+
+#define sprintf(str, ...) \
+    __builtin___sprintf_chk(str, 0, __ssp_bos(str), __VA_ARGS__)
+
+#define vsprintf(str, fmt, ap) \
+    __builtin___vsprintf_chk(str, 0, __ssp_bos(str), fmt, ap)
+
+#define snprintf(str, len, ...) \
+    __builtin___snprintf_chk(str, len, 0, __ssp_bos(str), __VA_ARGS__)
+
+#define vsnprintf(str, len, fmt, ap) \
+    __builtin___vsnprintf_chk(str, len, 0, __ssp_bos(str), fmt, ap)
+
+#define gets(str) \
+    __gets_chk(str, __ssp_bos(str))
+
+__ssp_decl(char *, fgets, (char *__restrict __buf, int __len, FILE *__fp))
+{
+  if (__len > 0)
+    __ssp_check(__buf, (size_t)__len, __ssp_bos);
+  return __ssp_real_fgets(__buf, __len, __fp);
+}
+
+#if __GNU_VISIBLE
+__ssp_decl(char *, fgets_unlocked, (char *__restrict __buf, int __len, FILE *__fp))
+{
+  if (__len > 0)
+    __ssp_check(__buf, (size_t)__len, __ssp_bos);
+  return __ssp_real_fgets_unlocked(__buf, __len, __fp);
+}
+#endif /* __GNU_VISIBLE */
+
+__ssp_decl(size_t, fread, (void *__restrict __ptr, size_t __size, size_t __n, FILE *__restrict __fp))
+{
+  __ssp_check(__ptr, __size * __n, __ssp_bos0);
+  return __ssp_real_fread(__ptr, __size, __n, __fp);
+}
+
+#if __MISC_VISIBLE
+__ssp_decl(size_t, fread_unlocked, (void *__restrict __ptr, size_t __size, size_t __n, FILE *__restrict __fp))
+{
+  __ssp_check(__ptr, __size * __n, __ssp_bos0);
+  return __ssp_real_fread_unlocked(__ptr, __size, __n, __fp);
+}
+#endif /* __MISC_VISIBLE */
+
+#endif /* __SSP_FORTIFY_LEVEL > 0 */
+
+#endif /* _SSP_STDIO_H_ */

newlib/libc/include/stdio.h

@@ -796,4 +796,8 @@ _putchar_unlocked(int _c)
 
 _END_STD_C
 
+#if __SSP_FORTIFY_LEVEL > 0
+#include <ssp/stdio.h>
+#endif
+
 #endif /* _STDIO_H_ */

newlib/libc/ssp/gets_chk.c

@@ -0,0 +1,78 @@
+/*	$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: gets_chk.c,v 1.7 2013/10/04 20:49:16 christos Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <string.h>
+#include <limits.h>
+#include <stdlib.h>
+#include <ssp/stdio.h>
+
+extern char *__gets(char *);
+#undef gets
+#ifdef __NEWLIB__
+#define __gets gets
+#endif
+
+char *
+__gets_chk(char * __restrict buf, size_t slen)
+{
+	char *abuf;
+	size_t len;
+
+	if (slen >= (size_t)INT_MAX)
+		return __gets(buf);
+
+	if ((abuf = malloc(slen + 1)) == NULL)
+		return __gets(buf);
+
+	if (fgets(abuf, (int)(slen + 1), stdin) == NULL) {
+		free(abuf);
+		return NULL;
+	}
+
+	len = strlen(abuf);
+	if (len > 0 && abuf[len - 1] == '\n')
+		--len;
+
+	if (len >= slen)
+		__chk_fail();
+
+	(void)memcpy(buf, abuf, len);
+
+	buf[len] = '\0';
+	free(abuf);
+	return buf;
+}

newlib/libc/ssp/snprintf_chk.c

@@ -0,0 +1,59 @@
+/*	$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: snprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ssp/stdio.h>
+
+#undef vsnprintf
+
+/*ARGSUSED*/
+int
+__snprintf_chk(char * __restrict buf, size_t len, int flags, size_t slen,
+    const char * __restrict fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	if (len > slen)
+		__chk_fail();
+
+	va_start(ap, fmt);
+	rv = vsnprintf(buf, len, fmt, ap);
+	va_end(ap);
+
+	return rv;
+}

newlib/libc/ssp/sprintf_chk.c

@@ -0,0 +1,63 @@
+/*	$NetBSD: sprintf_chk.c,v 1.6 2009/02/05 05:40:36 lukem Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: sprintf_chk.c,v 1.6 2009/02/05 05:40:36 lukem Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <ssp/stdio.h>
+
+#undef vsnprintf
+#undef vsprintf
+
+int
+/*ARGSUSED*/
+__sprintf_chk(char * __restrict buf, int flags, size_t slen,
+    const char * __restrict fmt, ...)
+{
+	va_list ap;
+	int rv;
+
+	va_start(ap, fmt);
+	if (slen > (size_t)INT_MAX)
+		rv = vsprintf(buf, fmt, ap);
+	else {
+		if ((rv = vsnprintf(buf, slen, fmt, ap)) >= 0 && (size_t)rv >= slen)
+			__chk_fail();
+	}
+	va_end(ap);
+
+	return rv;
+}

newlib/libc/ssp/vsnprintf_chk.c

@@ -0,0 +1,51 @@
+/*	$NetBSD: vsnprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: vsnprintf_chk.c,v 1.5 2008/04/28 20:23:00 martin Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <stdarg.h>
+#include <ssp/stdio.h>
+
+#undef vsnprintf
+
+int
+__vsnprintf_chk(char * __restrict buf, size_t len, int flags, size_t slen,
+    const char * __restrict fmt, va_list ap)
+{
+	if (len > slen)
+		__chk_fail();
+
+	return vsnprintf(buf, len, fmt, ap);
+}

newlib/libc/ssp/vsprintf_chk.c

@@ -0,0 +1,60 @@
+/*	$NetBSD: vsprintf_chk.c,v 1.6 2009/02/05 05:39:38 lukem Exp $	*/
+
+/*-
+ * Copyright (c) 2006 The NetBSD Foundation, Inc.
+ * All rights reserved.
+ *
+ * This code is derived from software contributed to The NetBSD Foundation
+ * by Christos Zoulas.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
+ * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
+ * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
+ * PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
+ * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
+ * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
+ * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
+ * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
+ * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
+ * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
+ * POSSIBILITY OF SUCH DAMAGE.
+ */
+#include <sys/cdefs.h>
+__RCSID("$NetBSD: vsprintf_chk.c,v 1.6 2009/02/05 05:39:38 lukem Exp $");
+
+/*LINTLIBRARY*/
+
+#include <ssp/ssp.h>
+#include <stdio.h>
+#include <limits.h>
+#include <stdarg.h>
+#include <ssp/stdio.h>
+
+#undef vsprintf
+#undef vsnprintf
+
+/*ARGSUSED*/
+int
+__vsprintf_chk(char * __restrict buf, int flags, size_t slen,
+    const char * __restrict fmt, va_list ap)
+{
+	int rv;
+
+	if (slen > (size_t)INT_MAX)
+		rv = vsprintf(buf, fmt, ap);
+	else {
+		if ((rv = vsnprintf(buf, slen, fmt, ap)) >= 0 && (size_t)rv >= slen)
+			__chk_fail();
+	}
+
+	return rv;
+}