This section contains implementation details of the GNU C Library and may not remain stable across releases.
_FORTIFY_SOURCE macro may be defined by users to control
hardening of calls into some functions in the GNU C Library. The definition
should be at the top of the source file before any headers are included
or at the pre-processor commandline using the
-D switch. The
hardening primarily focuses on accesses to buffers passed to the
functions but may also include checks for validity of other inputs to
_FORTIFY_SOURCE macro is defined, it enables code that
validates inputs passed to some functions in the GNU C Library to determine if
they are safe. If the compiler is unable to determine that the inputs
to the function call are safe, the call may be replaced by a call to its
hardened variant that does additional safety checks at runtime. Some
hardened variants need the size of the buffer to perform access
validation and this is provided by the
__builtin_dynamic_object_size builtin functions.
_FORTIFY_SOURCE also enables additional compile time diagnostics,
such as unchecked return values from some functions, to encourage
developers to add error checking for those functions.
At runtime, if any of those safety checks fail, the program will
terminate with a
_FORTIFY_SOURCE may be
defined to one of the following values:
__builtin_object_size compiler builtin function.
If the function returns
(size_t) -1, the function call is left
untouched. Additionally, this level also enables validation of flags to
%n only in read-only format strings.
__builtin_dynamic_object_size compiler builtin
function. If the function returns
(size_t) -1, the function call
is left untouched. Fortification at this level may have a impact on
program performance if the function call that is fortified is frequently
encountered and the size expression returned by
__builtin_dynamic_object_size is complex.
In general, the fortified variants of the function calls use the name of
the function with a
__ prefix and a
_chk suffix. There
are some exceptions, e.g. the
printf family of functions where,
depending on the architecture, one may also see fortified variants have
_chkieee128 suffix or the
__nldbl___ prefix to their
Another exception is the
open family of functions, where their
fortified replacements have the
__ prefix and a
FD_ISSET macros use the
__fdelt_chk function on fortification.
The following functions and macros are fortified in the GNU C Library: