Revert "Support -D_FORTIFY_SOURCE=3 by using __builtin_dynamic_object…

…_size." This reverts commit 0bd2925. Unlike __builtin_object_size, __builtin_dynamic_object_size is called at runtime and it isn't guaranteed anywhere that it always works with every pointer passed to it. It currently works with gcc because it returns -1 most of the time (which means that malloc_usable_size is used more often than not) but with clang (and probably gcc in the foreseeable future) it's just not safe to assume that all pointers can be handled at runtime. Closes systemd#23619 and systemd#23150. Reopens systemd#22801
evverx · Jun 5, 2022 · ad6875e · ad6875e
1 parent 36cb69f
commit ad6875e
Showing 1 changed file with 3 additions and 13 deletions.
diff --git a/src/basic/alloc-util.h b/src/basic/alloc-util.h
@@ -174,23 +174,13 @@ void* greedy_realloc0(void **p, size_t need, size_t size);
  * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the
  * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of
  * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by
- * both the compiler's and libc's standards. Note that _FORTIFY_SOURCES=3 handles also dynamically allocated
- * objects and thus it's safer using __builtin_dynamic_object_size if _FORTIFY_SOURCES=3 is used (#22801).
- * Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
+ * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the
+ * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory,
+ * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
  * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner
  * case. */
-
-#if defined __has_builtin
-#  if __has_builtin(__builtin_dynamic_object_size)
-#    define MALLOC_SIZEOF_SAFE(x) \
-        MIN(malloc_usable_size(x), __builtin_dynamic_object_size(x, 0))
-#  endif
-#endif
-
-#ifndef MALLOC_SIZEOF_SAFE
 #define MALLOC_SIZEOF_SAFE(x) \
         MIN(malloc_usable_size(x), __builtin_object_size(x, 0))
-#endif
 
 /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items
  * that fit into the specified memory block */