commit 8c0ec114c58a76efcc1c195a03a36675b0967e39
author George Burgess IV <gbiv@google.com> Thu Jun 06 17:23:32 2019 -0700
committer George Burgess IV <gbiv@google.com> Thu Jun 13 23:26:02 2019 -0700
tree 4af082b223bc257266533c0bee0a6ceb4a68b2cf
parent 2356c93d391c1948b3abb7602da3d97bd8b289f2

fortify: fix up a few diagnostics; add __wur to realpath

As it says on the box.

Since realpath isn't a function definition, any attributes it provides
here just add to the "regular" realpath.

__wur is being added to realpath because it returns NULL on failure, and
the contents of the input buffer are undefined in that case. A blueline
checkbuild showed 0 complaints about this new __wur, so it seems
harmless to add.

Bug: 131861088
Test: mma
Change-Id: If5f47e0e290d86df69c0888711e29775c390fca4

libc/include/bits/fortify/stdlib.h

diff --git a/libc/include/bits/fortify/stdlib.h b/libc/include/bits/fortify/stdlib.h
index 0bb3d0d..623be58 100644
--- a/libc/include/bits/fortify/stdlib.h
+++ b/libc/include/bits/fortify/stdlib.h
@@ -36,10 +36,11 @@
 #define __PATH_MAX 4096
 
 char* realpath(const char* path, char* resolved)
+        __clang_error_if(!path, "'realpath': NULL path is never correct; flipped arguments?")
         __clang_error_if(__bos_unevaluated_lt(__bos(resolved), __PATH_MAX),
                          "'realpath' output parameter must be NULL or a pointer to a buffer "
-                         "with >= PATH_MAX bytes")
-        __clang_error_if(!path, "'realpath': NULL path is never correct; flipped arguments?");
+                         "with >= PATH_MAX bytes");
+
 /* No need for a definition; the only issues we can catch are at compile-time. */
 
 #undef __PATH_MAX

libc/include/stdlib.h

diff --git a/libc/include/stdlib.h b/libc/include/stdlib.h
index d5b8619..b66e3c6 100644
--- a/libc/include/stdlib.h
+++ b/libc/include/stdlib.h
@@ -90,7 +90,7 @@
 long atol(const char* __s) __attribute_pure__;
 long long atoll(const char* __s) __attribute_pure__;
 
-char* realpath(const char* __path, char* __resolved);
+__wur char* realpath(const char* __path, char* __resolved);
 int system(const char* __command);
 
 void* bsearch(const void* __key, const void* __base, size_t __nmemb, size_t __size, int (*__comparator)(const void* __lhs, const void* __rhs));

tests/clang_fortify_tests.cpp

diff --git a/tests/clang_fortify_tests.cpp b/tests/clang_fortify_tests.cpp
index 4c4e510..8b90df4 100644
--- a/tests/clang_fortify_tests.cpp
+++ b/tests/clang_fortify_tests.cpp
@@ -391,20 +391,17 @@
 
 static void testStdlib() {
   char path_buffer[PATH_MAX - 1];
-#if 0
-  // expected-error@+2{{ignoring return value of function}}
-#endif
+  // expected-warning@+2{{ignoring return value of function}}
   // expected-error@+1{{must be NULL or a pointer to a buffer with >= PATH_MAX bytes}}
   realpath("/", path_buffer);
-#if 0
-    // expected-error@+1{{ignoring return value of function}}
-#endif
+  // expected-warning@+1{{ignoring return value of function}}
   realpath("/", nullptr);
 
-  // FIXME: This should complain about flipped arguments, instead of objectsize.
-  // expected-error@+1{{must be NULL or a pointer to a buffer with >= PATH_MAX bytes}}
+  // expected-warning@+2{{ignoring return value of function}}
+  // expected-error@+1{{flipped arguments?}}
   realpath(nullptr, path_buffer);
 
+  // expected-warning@+2{{ignoring return value of function}}
   // expected-error@+1{{flipped arguments?}}
   realpath(nullptr, nullptr);
 }