fortify: fix up a few diagnostics; add __wur to realpath

As it says on the box. Since realpath isn't a function definition, any attributes it provides here just add to the "regular" realpath. __wur is being added to realpath because it returns NULL on failure, and the contents of the input buffer are undefined in that case. A blueline checkbuild showed 0 complaints about this new __wur, so it seems harmless to add. Bug: 131861088 Test: mma Change-Id: If5f47e0e290d86df69c0888711e29775c390fca4
2019-06-06 17:23:32 -07:00 · 2019-06-06 17:23:32 -07:00 · 8c0ec114c5
commit 8c0ec114c5
parent 2356c93d39
3 changed files with 9 additions and 11 deletions
--- a/libc/include/bits/fortify/stdlib.h
+++ b/libc/include/bits/fortify/stdlib.h
@ -36,10 +36,11 @@
 #define __PATH_MAX 4096

 char* realpath(const char* path, char* resolved)
+        __clang_error_if(!path, "'realpath': NULL path is never correct; flipped arguments?")
        __clang_error_if(__bos_unevaluated_lt(__bos(resolved), __PATH_MAX),
                         "'realpath' output parameter must be NULL or a pointer to a buffer "
-                         "with >= PATH_MAX bytes")
-        __clang_error_if(!path, "'realpath': NULL path is never correct; flipped arguments?");
+                         "with >= PATH_MAX bytes");
+
 /* No need for a definition; the only issues we can catch are at compile-time. */

 #undef __PATH_MAX
--- a/libc/include/stdlib.h
+++ b/libc/include/stdlib.h
@ -90,7 +90,7 @@ int atoi(const char* __s) __attribute_pure__;
 long atol(const char* __s) __attribute_pure__;
 long long atoll(const char* __s) __attribute_pure__;

-char* realpath(const char* __path, char* __resolved);
+__wur char* realpath(const char* __path, char* __resolved);
 int system(const char* __command);

 void* bsearch(const void* __key, const void* __base, size_t __nmemb, size_t __size, int (*__comparator)(const void* __lhs, const void* __rhs));
--- a/tests/clang_fortify_tests.cpp
+++ b/tests/clang_fortify_tests.cpp
@ -391,20 +391,17 @@ static void testFormatStrings() {

 static void testStdlib() {
  char path_buffer[PATH_MAX - 1];
-#if 0
-  // expected-error@+2{{ignoring return value of function}}
-#endif
+  // expected-warning@+2{{ignoring return value of function}}
  // expected-error@+1{{must be NULL or a pointer to a buffer with >= PATH_MAX bytes}}
  realpath("/", path_buffer);
-#if 0
-    // expected-error@+1{{ignoring return value of function}}
-#endif
+  // expected-warning@+1{{ignoring return value of function}}
  realpath("/", nullptr);

-  // FIXME: This should complain about flipped arguments, instead of objectsize.
-  // expected-error@+1{{must be NULL or a pointer to a buffer with >= PATH_MAX bytes}}
+  // expected-warning@+2{{ignoring return value of function}}
+  // expected-error@+1{{flipped arguments?}}
  realpath(nullptr, path_buffer);

+  // expected-warning@+2{{ignoring return value of function}}
  // expected-error@+1{{flipped arguments?}}
  realpath(nullptr, nullptr);
 }