search

OpenPrinting / libcups

OpenPrinting CUPS Library Sources
https://openprinting.github.io/cups/cups3.html
Apache License 2.0
28 stars 15 forks source link

configure: Raise FORTIFY_SOURCE level to 3 #51

Closed zdohnal closed 1 year ago

zdohnal commented 1 year ago

The present GCC supports level 3 for some time, try using it.

michaelrsweet commented 1 year ago

Let's see where CUPS 2.x issue 642 goes before we adopt this here.

Info about what level 3 does is here

FWIW, there is a cost of using this (both code size and execution time), which we should also look at.

michaelrsweet commented 1 year ago

"make test" times in the "cups" directory (so not the ippeveprinter tests) with level 2 on Ubuntu 22.04 LTS running in multipass on my M1 Max MacBook Pro:

real    2m12.010s
user    0m33.490s
sys 1m38.464s

real    2m12.199s
user    0m32.787s
sys 1m39.230s

real    2m12.827s
user    0m33.158s
sys 1m39.640s

Level 3, same system:

real    2m13.126s
user    0m33.086s
sys 1m39.852s

real    27m56.760s
user    0m32.334s
sys 1m39.600s

real    2m12.798s
user    0m32.338s
sys 1m40.285s

So it doesn't look like there is any measurable overhead for using level 3. (there is that one odd real time for the second level 3 run, but I know I didn't wait 27 minutes so ??? User and system times are pretty much the same across the board.

michaelrsweet commented 1 year ago

Sizes of the level 2 object files is 5198576 bytes:

-rw-rw-r-- 1 ubuntu ubuntu   26752 Mar 24 07:56 array.o
-rw-rw-r-- 1 ubuntu ubuntu   54056 Mar 24 07:56 auth.o
-rw-rw-r-- 1 ubuntu ubuntu   60632 Mar 24 07:56 debug.o
-rw-rw-r-- 1 ubuntu ubuntu   49912 Mar 24 07:56 dest-job.o
-rw-rw-r-- 1 ubuntu ubuntu   54528 Mar 24 07:56 dest-localization.o
-rw-rw-r-- 1 ubuntu ubuntu  121824 Mar 24 07:56 dest-options.o
-rw-rw-r-- 1 ubuntu ubuntu  151424 Mar 24 07:56 dest.o
-rw-rw-r-- 1 ubuntu ubuntu   14336 Mar 24 07:56 dir.o
-rw-rw-r-- 1 ubuntu ubuntu   71192 Mar 24 07:56 dnssd.o
-rw-rw-r-- 1 ubuntu ubuntu   59368 Mar 24 07:56 encode.o
-rw-rw-r-- 1 ubuntu ubuntu   73592 Mar 24 07:56 file.o
-rw-rw-r-- 1 ubuntu ubuntu   18400 Mar 24 07:56 form.o
-rw-rw-r-- 1 ubuntu ubuntu   51984 Mar 24 07:56 fuzzipp.o
-rw-rw-r-- 1 ubuntu ubuntu   34776 Mar 24 07:56 getputfile.o
-rw-rw-r-- 1 ubuntu ubuntu   46360 Mar 24 07:56 globals.o
-rw-rw-r-- 1 ubuntu ubuntu   15000 Mar 24 07:56 hash.o
-rw-rw-r-- 1 ubuntu ubuntu   49712 Mar 24 07:56 http-addr.o
-rw-rw-r-- 1 ubuntu ubuntu   53488 Mar 24 07:56 http-addrlist.o
-rw-rw-r-- 1 ubuntu ubuntu   98448 Mar 24 07:56 http-support.o
-rw-rw-r-- 1 ubuntu ubuntu  158568 Mar 24 07:56 http.o
-rw-rw-r-- 1 ubuntu ubuntu   91160 Mar 24 07:56 ipp-file.o
-rw-rw-r-- 1 ubuntu ubuntu  170032 Mar 24 07:56 ipp-support.o
-rw-rw-r-- 1 ubuntu ubuntu   57992 Dec  7  2021 ipp-vars.o
-rw-rw-r-- 1 ubuntu ubuntu  187496 Mar 24 07:56 ipp.o
-rw-rw-r-- 1 ubuntu ubuntu   44912 Mar 24 07:56 json.o
-rw-rw-r-- 1 ubuntu ubuntu   70408 Mar 24 07:56 langprintf.o
-rw-rw-r-- 1 ubuntu ubuntu 1699984 Mar 24 07:56 language.o
-rw-rw-r-- 1 ubuntu ubuntu   13456 Mar 24 07:56 md5.o
-rw-rw-r-- 1 ubuntu ubuntu   29848 Mar 24 07:56 notify.o
-rw-rw-r-- 1 ubuntu ubuntu   19432 Mar 24 07:56 options.o
-rw-rw-r-- 1 ubuntu ubuntu  101128 Mar 24 07:56 pwg-media.o
-rw-rw-r-- 1 ubuntu ubuntu   13128 Mar 24 07:56 rand.o
-rw-rw-r-- 1 ubuntu ubuntu   33680 Mar 24 07:56 raster-error.o
-rw-rw-r-- 1 ubuntu ubuntu   68176 Mar 24 07:56 raster-stream.o
-rw-rw-r-- 1 ubuntu ubuntu   25264 Dec  7  2021 raster-stubs.o
-rw-rw-r-- 1 ubuntu ubuntu   27000 Mar 24 07:56 rasterbench.o
-rw-rw-r-- 1 ubuntu ubuntu   81352 Mar 24 07:56 request.o
-rw-rw-r-- 1 ubuntu ubuntu   33864 Mar 24 07:56 string.o
-rw-rw-r-- 1 ubuntu ubuntu   10840 Mar 24 07:56 tempfile.o
-rw-rw-r-- 1 ubuntu ubuntu   36832 Mar 24 07:56 testarray.o
-rw-rw-r-- 1 ubuntu ubuntu   77160 Mar 24 07:56 testclient.o
-rw-rw-r-- 1 ubuntu ubuntu   26400 Mar 24 07:56 testcreds.o
-rw-rw-r-- 1 ubuntu ubuntu   75144 Mar 24 07:56 testcups.o
-rw-rw-r-- 1 ubuntu ubuntu   60008 Mar 24 07:56 testdest.o
-rw-rw-r-- 1 ubuntu ubuntu   37520 Mar 24 07:56 testdnssd.o
-rw-rw-r-- 1 ubuntu ubuntu   42304 Mar 24 07:56 testfile.o
-rw-rw-r-- 1 ubuntu ubuntu   25920 Mar 24 07:56 testform.o
-rw-rw-r-- 1 ubuntu ubuntu   21104 Mar 24 07:56 testgetdests.o
-rw-rw-r-- 1 ubuntu ubuntu   78416 Mar 24 07:56 testhttp.o
-rw-rw-r-- 1 ubuntu ubuntu   37456 Mar 24 07:56 testi18n.o
-rw-rw-r-- 1 ubuntu ubuntu   64544 Mar 24 07:56 testipp.o
-rw-rw-r-- 1 ubuntu ubuntu   27688 Mar 24 07:56 testjson.o
-rw-rw-r-- 1 ubuntu ubuntu   45472 Mar 24 07:56 testoptions.o
-rw-rw-r-- 1 ubuntu ubuntu   49616 Mar 24 07:56 testraster.o
-rw-rw-r-- 1 ubuntu ubuntu   93144 Mar 24 07:56 testtestpage.o
-rw-rw-r-- 1 ubuntu ubuntu   25000 Mar 24 07:56 testthreads.o
-rw-rw-r-- 1 ubuntu ubuntu   19296 Mar 24 07:56 thread.o
-rw-rw-r-- 1 ubuntu ubuntu  110216 Mar 24 07:56 tls.o
-rw-rw-r-- 1 ubuntu ubuntu   51376 Mar 24 07:56 tlscheck.o
-rw-rw-r-- 1 ubuntu ubuntu   29064 Mar 24 07:56 transcode.o
-rw-rw-r-- 1 ubuntu ubuntu   65200 Mar 24 07:56 usersys.o
-rw-rw-r-- 1 ubuntu ubuntu   56192 Mar 24 07:56 util.o

Level 3 sizes also total 5198576 bytes:

-rw-rw-r-- 1 ubuntu ubuntu   26752 Mar 24 08:10 array.o
-rw-rw-r-- 1 ubuntu ubuntu   54056 Mar 24 08:10 auth.o
-rw-rw-r-- 1 ubuntu ubuntu   60632 Mar 24 08:10 debug.o
-rw-rw-r-- 1 ubuntu ubuntu   49912 Mar 24 08:10 dest-job.o
-rw-rw-r-- 1 ubuntu ubuntu   54528 Mar 24 08:10 dest-localization.o
-rw-rw-r-- 1 ubuntu ubuntu  121824 Mar 24 08:10 dest-options.o
-rw-rw-r-- 1 ubuntu ubuntu  151424 Mar 24 08:10 dest.o
-rw-rw-r-- 1 ubuntu ubuntu   14336 Mar 24 08:10 dir.o
-rw-rw-r-- 1 ubuntu ubuntu   71192 Mar 24 08:10 dnssd.o
-rw-rw-r-- 1 ubuntu ubuntu   59368 Mar 24 08:10 encode.o
-rw-rw-r-- 1 ubuntu ubuntu   73592 Mar 24 08:10 file.o
-rw-rw-r-- 1 ubuntu ubuntu   18400 Mar 24 08:10 form.o
-rw-rw-r-- 1 ubuntu ubuntu   51984 Mar 24 08:10 fuzzipp.o
-rw-rw-r-- 1 ubuntu ubuntu   34776 Mar 24 08:10 getputfile.o
-rw-rw-r-- 1 ubuntu ubuntu   46360 Mar 24 08:10 globals.o
-rw-rw-r-- 1 ubuntu ubuntu   15000 Mar 24 08:10 hash.o
-rw-rw-r-- 1 ubuntu ubuntu   49712 Mar 24 08:10 http-addr.o
-rw-rw-r-- 1 ubuntu ubuntu   53488 Mar 24 08:10 http-addrlist.o
-rw-rw-r-- 1 ubuntu ubuntu   98448 Mar 24 08:10 http-support.o
-rw-rw-r-- 1 ubuntu ubuntu  158568 Mar 24 08:10 http.o
-rw-rw-r-- 1 ubuntu ubuntu   91160 Mar 24 08:10 ipp-file.o
-rw-rw-r-- 1 ubuntu ubuntu  170032 Mar 24 08:10 ipp-support.o
-rw-rw-r-- 1 ubuntu ubuntu   57992 Dec  7  2021 ipp-vars.o
-rw-rw-r-- 1 ubuntu ubuntu  187496 Mar 24 08:10 ipp.o
-rw-rw-r-- 1 ubuntu ubuntu   44912 Mar 24 08:10 json.o
-rw-rw-r-- 1 ubuntu ubuntu   70408 Mar 24 08:10 langprintf.o
-rw-rw-r-- 1 ubuntu ubuntu 1699984 Mar 24 08:10 language.o
-rw-rw-r-- 1 ubuntu ubuntu   13456 Mar 24 08:10 md5.o
-rw-rw-r-- 1 ubuntu ubuntu   29848 Mar 24 08:10 notify.o
-rw-rw-r-- 1 ubuntu ubuntu   19432 Mar 24 08:10 options.o
-rw-rw-r-- 1 ubuntu ubuntu  101128 Mar 24 08:10 pwg-media.o
-rw-rw-r-- 1 ubuntu ubuntu   13128 Mar 24 08:10 rand.o
-rw-rw-r-- 1 ubuntu ubuntu   33680 Mar 24 08:10 raster-error.o
-rw-rw-r-- 1 ubuntu ubuntu   68176 Mar 24 08:10 raster-stream.o
-rw-rw-r-- 1 ubuntu ubuntu   25264 Dec  7  2021 raster-stubs.o
-rw-rw-r-- 1 ubuntu ubuntu   27000 Mar 24 08:10 rasterbench.o
-rw-rw-r-- 1 ubuntu ubuntu   81352 Mar 24 08:10 request.o
-rw-rw-r-- 1 ubuntu ubuntu   33864 Mar 24 08:10 string.o
-rw-rw-r-- 1 ubuntu ubuntu   10840 Mar 24 08:10 tempfile.o
-rw-rw-r-- 1 ubuntu ubuntu   36832 Mar 24 08:10 testarray.o
-rw-rw-r-- 1 ubuntu ubuntu   77160 Mar 24 08:10 testclient.o
-rw-rw-r-- 1 ubuntu ubuntu   26400 Mar 24 08:10 testcreds.o
-rw-rw-r-- 1 ubuntu ubuntu   75144 Mar 24 08:10 testcups.o
-rw-rw-r-- 1 ubuntu ubuntu   60008 Mar 24 08:10 testdest.o
-rw-rw-r-- 1 ubuntu ubuntu   37520 Mar 24 08:10 testdnssd.o
-rw-rw-r-- 1 ubuntu ubuntu   42304 Mar 24 08:10 testfile.o
-rw-rw-r-- 1 ubuntu ubuntu   25920 Mar 24 08:10 testform.o
-rw-rw-r-- 1 ubuntu ubuntu   21104 Mar 24 08:10 testgetdests.o
-rw-rw-r-- 1 ubuntu ubuntu   78416 Mar 24 08:10 testhttp.o
-rw-rw-r-- 1 ubuntu ubuntu   37456 Mar 24 08:10 testi18n.o
-rw-rw-r-- 1 ubuntu ubuntu   64544 Mar 24 08:10 testipp.o
-rw-rw-r-- 1 ubuntu ubuntu   27688 Mar 24 08:10 testjson.o
-rw-rw-r-- 1 ubuntu ubuntu   45472 Mar 24 08:10 testoptions.o
-rw-rw-r-- 1 ubuntu ubuntu   49616 Mar 24 08:10 testraster.o
-rw-rw-r-- 1 ubuntu ubuntu   93144 Mar 24 08:10 testtestpage.o
-rw-rw-r-- 1 ubuntu ubuntu   25000 Mar 24 08:10 testthreads.o
-rw-rw-r-- 1 ubuntu ubuntu   19296 Mar 24 08:10 thread.o
-rw-rw-r-- 1 ubuntu ubuntu  110216 Mar 24 08:10 tls.o
-rw-rw-r-- 1 ubuntu ubuntu   51376 Mar 24 08:10 tlscheck.o
-rw-rw-r-- 1 ubuntu ubuntu   29064 Mar 24 08:10 transcode.o
-rw-rw-r-- 1 ubuntu ubuntu   65200 Mar 24 08:10 usersys.o
-rw-rw-r-- 1 ubuntu ubuntu   56192 Mar 24 08:10 util.o

So either the GCC in Ubuntu 22.04 LTS (11.3.0) doesn't actually support _FORTIFY_SOURCE=3 or there is no added overhead (which is inconsistent with the documentation...)

michaelrsweet commented 1 year ago

[master 1e317aacc] Update fortify level to 3 (Issue #51)

zdohnal commented 1 year ago

Hi Mike,

I'll add the statistics from Fedora 38 regarding _FORTIFY_SOURCE=3, but as fas as I can tell it works here - I have a detected buffer overflow in pappl due the new level (reproduceable if pappl is built with _FORTIFY_SOURCE=3 and you start lprint) - I'll send the PR right away (we subtract a higher pointer from a lower one).