Hi Sam, On 10/13/22 23:06, Sam James wrote:
Reference: https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source Reference: https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level Signed-off-by: Sam James <sam@xxxxxxxxxx>
Patch applied. Cheers, Alex
--- man7/feature_test_macros.7 | 14 ++++++++++++++ 1 file changed, 14 insertions(+) diff --git a/man7/feature_test_macros.7 b/man7/feature_test_macros.7 index cdd962f7f..f057c1c87 100644 --- a/man7/feature_test_macros.7 +++ b/man7/feature_test_macros.7 @@ -634,9 +634,23 @@ and result in compiler warnings; other checks take place at run time, and result in a run-time error if the check fails. .IP +With +.B _FORTIFY_SOURCE +set to 3, additional checking is added to intercept some function +calls used with an argument of variable size where the compiler can +deduce an upper bound for its value. +For example, a program where malloc's size argument is variable +can now be fortified.
I reflowed this text a little bit (rationale: semantic newlines), and also formatted malloc(3).
The mention to malloc(3) was useful, IMO :)
+.IP Use of this macro requires compiler support, available with .BR gcc (1) since version 4.0. +.IP +For use of +.B _FORTIFY_SOURCE +set to 3, then +.BR gcc (1) +version 12.0 or later is required.
And reworded this a bit.
.SS Default definitions, implicit definitions, and combining definitions If no feature test macros are explicitly defined, then the following feature test macros are defined by default:
-- <http://www.alejandro-colomar.es/>
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
