fortify-headers: patch wchar.h's include behaviour

This commit is contained in:
Robert Scott 2023-08-29 21:50:40 +01:00 committed by Yureka
parent fc462da786
commit 36d3eb27cf
2 changed files with 45 additions and 0 deletions

View file

@ -15,6 +15,10 @@ stdenv.mkDerivation {
hash = "sha256-8A8JcKHIBgXpUuIP4zs3Q1yBs5jCGd5F3H2E8UN/S2g=";
};
patches = [
./wchar-imports-skip.patch
];
installPhase = ''
runHook preInstall

View file

@ -0,0 +1,41 @@
wchar.h: only include other headers if _FORTIFY_SOURCE is enabled
unexpectedly including other headers can cause problems with
sensitive/brittle code, particularly with alternative compilers
(clang) which are already operating on the margins of what's
supported/expected by some projects.
having a way to almost entirely short-circuit these headers (by
disabling _FORTIFY_SOURCE) is therefore important.
--- a/include/fortify/wchar.h
+++ b/include/fortify/wchar.h
@@ -20,21 +20,23 @@
#if !defined(__cplusplus) && !defined(__clang__)
__extension__
#endif
-#include_next <limits.h>
+#include_next <wchar.h>
+
+#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0
+
#if !defined(__cplusplus) && !defined(__clang__)
__extension__
#endif
-#include_next <stdlib.h>
+#include_next <limits.h>
#if !defined(__cplusplus) && !defined(__clang__)
__extension__
#endif
-#include_next <string.h>
+#include_next <stdlib.h>
#if !defined(__cplusplus) && !defined(__clang__)
__extension__
#endif
-#include_next <wchar.h>
+#include_next <string.h>
-#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0
#include "fortify-headers.h"
#ifdef __cplusplus