commit 36926f4ca8183375e96c81db879a6f185ef92dff
author George Burgess IV <gbiv@google.com> Sun Sep 15 16:57:00 2019 -0700
committer George Burgess IV <gbiv@google.com> Mon Sep 16 12:48:04 2019 -0700
tree 2b22fd43d22e35b49298fbea3216e63c0aeaf371
parent 1ffee0cfc1e3a7fddf4cbe633694be91e72265a1

fortify: account for new clang diagnostics

Clang recently grew its own diagnostics for memcpy and such. These are
generally higher-quality than what we can do with diagnose_if, since
clang is happy to include e.g., sizes of things per-callsite. Move to
those instead where applicable.

Bug: 131861088, 123644155
Test: blueline internal-master checkbuild; treehugger
Change-Id: I701f5a8b247ba2948ca47fdc60ff5198b564c03e

tests/clang_fortify_tests.cpp

diff --git a/tests/clang_fortify_tests.cpp b/tests/clang_fortify_tests.cpp
index 6923302..2838ab2 100644
--- a/tests/clang_fortify_tests.cpp
+++ b/tests/clang_fortify_tests.cpp
@@ -35,12 +35,14 @@
 //
 // Similarly, there are a few overload tricks we have to emit errors. Ignore any notes from those.
 // expected-note@* 0+{{candidate function}}
-
-// FIXME(b/138701943): Silence warnings produced by -Wfortify-source since they're expected.
-// expected-warning@* 0+{{will always overflow}}
-// expected-warning@* 0+{{size argument is too large}}
+//
+// And finally, all explicitly-unavailable-here complaints from headers are
+// uninteresting
 // expected-note@* 0+{{has been explicitly marked unavailable here}}
 
+// Note that some of these diags come from clang itself, while others come from
+// `diagnose_if`s sprinkled throughout Bionic.
+
 #ifndef _FORTIFY_SOURCE
 #error "_FORTIFY_SOURCE must be defined"
 #endif
@@ -60,12 +62,14 @@
 #define __clang_error_if(...)
 #undef __clang_warning_if
 #define __clang_warning_if(...)
+#pragma clang diagnostic ignored "-Wfortify-source"
 
 // SOMETIMES_CONST allows clang to emit eager diagnostics when we're doing compilation tests, but
 // blocks them otherwise. This is needed for diagnostics emitted with __enable_if.
 #define SOMETIMES_CONST volatile
 #else
 #define SOMETIMES_CONST const
+#pragma clang diagnostic error "-Wfortify-source"
 #endif
 
 #include <err.h>
@@ -160,13 +164,13 @@
 
   {
     char large_buffer[sizeof(small_buffer) + 1] = {};
-    // expected-error@+1{{size bigger than buffer}}
+    // expected-error@+1{{will always overflow}}
     EXPECT_FORTIFY_DEATH(memcpy(small_buffer, large_buffer, sizeof(large_buffer)));
-    // expected-error@+1{{size bigger than buffer}}
+    // expected-error@+1{{will always overflow}}
     EXPECT_FORTIFY_DEATH(memmove(small_buffer, large_buffer, sizeof(large_buffer)));
     // expected-error@+1{{size bigger than buffer}}
     EXPECT_FORTIFY_DEATH(mempcpy(small_buffer, large_buffer, sizeof(large_buffer)));
-    // expected-error@+1{{size bigger than buffer}}
+    // expected-error@+1{{will always overflow}}
     EXPECT_FORTIFY_DEATH(memset(small_buffer, 0, sizeof(large_buffer)));
     // expected-warning@+1{{arguments got flipped?}}
     EXPECT_NO_DEATH(memset(small_buffer, sizeof(small_buffer), 0));
@@ -184,13 +188,13 @@
     EXPECT_FORTIFY_DEATH(strcpy(small_buffer, large_string));
     // expected-error@+1{{string bigger than buffer}}
     EXPECT_FORTIFY_DEATH(stpcpy(small_buffer, large_string));
-    // expected-error@+1{{size bigger than buffer}}
+    // expected-error@+1{{size argument is too large}}
     EXPECT_FORTIFY_DEATH(strncpy(small_buffer, large_string, sizeof(large_string)));
-    // expected-error@+1{{size bigger than buffer}}
+    // expected-error@+1{{size argument is too large}}
     EXPECT_FORTIFY_DEATH(stpncpy(small_buffer, large_string, sizeof(large_string)));
     // expected-error@+1{{string bigger than buffer}}
     EXPECT_FORTIFY_DEATH(strcat(small_buffer, large_string));
-    // expected-error@+1{{size bigger than buffer}}
+    // expected-error@+1{{size argument is too large}}
     EXPECT_FORTIFY_DEATH(strncat(small_buffer, large_string, sizeof(large_string)));
     // expected-error@+1{{size bigger than buffer}}
     EXPECT_FORTIFY_DEATH(strlcpy(small_buffer, large_string, sizeof(large_string)));
@@ -227,12 +231,12 @@
     EXPECT_FORTIFY_DEATH_STRUCT(stpcpy(split.tiny_buffer, small_string));
 
 #if _FORTIFY_SOURCE > 1
-    // expected-error@+2{{size bigger than buffer}}
+    // expected-error@+2{{size argument is too large}}
 #endif
     EXPECT_FORTIFY_DEATH_STRUCT(strncpy(split.tiny_buffer, small_string, sizeof(small_string)));
 
 #if _FORTIFY_SOURCE > 1
-    // expected-error@+2{{size bigger than buffer}}
+    // expected-error@+2{{size argument is too large}}
 #endif
     EXPECT_FORTIFY_DEATH_STRUCT(stpncpy(split.tiny_buffer, small_string, sizeof(small_string)));
 
@@ -242,7 +246,7 @@
     EXPECT_FORTIFY_DEATH_STRUCT(strcat(split.tiny_buffer, small_string));
 
 #if _FORTIFY_SOURCE > 1
-    // expected-error@+2{{size bigger than buffer}}
+    // expected-error@+2{{size argument is too large}}
 #endif
     EXPECT_FORTIFY_DEATH_STRUCT(strncat(split.tiny_buffer, small_string, sizeof(small_string)));
 
@@ -491,11 +495,11 @@
 FORTIFY_TEST(stdio) {
   char small_buffer[8] = {};
   {
-    // expected-error@+1{{size is larger than the destination buffer}}
+    // expected-error@+1{{size argument is too large}}
     EXPECT_FORTIFY_DEATH(snprintf(small_buffer, sizeof(small_buffer) + 1, ""));
 
     va_list va;
-    // expected-error@+2{{size is larger than the destination buffer}}
+    // expected-error@+2{{size argument is too large}}
     // expected-warning@+1{{format string is empty}}
     EXPECT_FORTIFY_DEATH(vsnprintf(small_buffer, sizeof(small_buffer) + 1, "", va));