[PATCH v2] feature_test_macros.7: document -D_FORTIFY_SOURCE=3

[PATCH v2] feature_test_macros.7: document -D_FORTIFY_SOURCE=3

[Sam James]

Reference: https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source
Reference: https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level
Signed-off-by: Sam James <sam@gentoo.org>
---
 man7/feature_test_macros.7 | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/man7/feature_test_macros.7 b/man7/feature_test_macros.7
index cdd962f7f..f057c1c87 100644
--- a/man7/feature_test_macros.7
+++ b/man7/feature_test_macros.7
@@ -634,9 +634,23 @@ and result in compiler warnings;
 other checks take place at run time,
 and result in a run-time error if the check fails.
 .IP
+With
+.B _FORTIFY_SOURCE
+set to 3, additional checking is added to intercept some function
+calls used with an argument of variable size where the compiler can
+deduce an upper bound for its value.
+For example, a program where malloc's size argument is variable
+can now be fortified.
+.IP
 Use of this macro requires compiler support, available with
 .BR gcc (1)
 since version 4.0.
+.IP
+For use of
+.B _FORTIFY_SOURCE
+set to 3, then
+.BR gcc (1)
+version 12.0 or later is required.
 .SS Default definitions, implicit definitions, and combining definitions
 If no feature test macros are explicitly defined,
 then the following feature test macros are defined by default:
-- 
2.38.0

Re: [PATCH v2] feature_test_macros.7: document -D_FORTIFY_SOURCE=3

[Alejandro Colomar]

[-- Attachment #1.1: Type: text/plain, Size: 1765 bytes --]

Hi Sam,

On 10/13/22 23:06, Sam James wrote:
> Reference: https://developers.redhat.com/blog/2021/04/16/broadening-compiler-checks-for-buffer-overflows-in-_fortify_source
> Reference: https://developers.redhat.com/articles/2022/09/17/gccs-new-fortification-level
> Signed-off-by: Sam James <sam@gentoo.org>

Patch applied.

Cheers,

Alex

> ---
>   man7/feature_test_macros.7 | 14 ++++++++++++++
>   1 file changed, 14 insertions(+)
> 
> diff --git a/man7/feature_test_macros.7 b/man7/feature_test_macros.7
> index cdd962f7f..f057c1c87 100644
> --- a/man7/feature_test_macros.7
> +++ b/man7/feature_test_macros.7
> @@ -634,9 +634,23 @@ and result in compiler warnings;
>   other checks take place at run time,
>   and result in a run-time error if the check fails.
>   .IP
> +With
> +.B _FORTIFY_SOURCE
> +set to 3, additional checking is added to intercept some function
> +calls used with an argument of variable size where the compiler can
> +deduce an upper bound for its value.
> +For example, a program where malloc's size argument is variable
> +can now be fortified.

I reflowed this text a little bit (rationale: semantic newlines), and 
also formatted malloc(3).

The mention to malloc(3) was useful, IMO :)

> +.IP
>   Use of this macro requires compiler support, available with
>   .BR gcc (1)
>   since version 4.0.
> +.IP
> +For use of
> +.B _FORTIFY_SOURCE
> +set to 3, then
> +.BR gcc (1)
> +version 12.0 or later is required.

And reworded this a bit.

>   .SS Default definitions, implicit definitions, and combining definitions
>   If no feature test macros are explicitly defined,
>   then the following feature test macros are defined by default:

-- 
<http://www.alejandro-colomar.es/>

[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 833 bytes --]