From: Siddhesh Poyarekar <siddhesh@sourceware.org>
Date: Mon, 3 Apr 2023 14:20:04 +0000 (-0400)
Subject: manual: Document __wur usage under _FORTIFY_SOURCE
X-Git-Tag: glibc-2.38~432
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac2a14343e81098c196cef5d67b52e440c05c230;p=thirdparty%2Fglibc.git

manual: Document __wur usage under _FORTIFY_SOURCE

The __warn_unused_result__ attribute is only enabled when fortification
is enabled.  Mention that in the document.  The rationale for this is
essentially to mitigate against CWE-252:

[1] https://cwe.mitre.org/data/definitions/252.html

Signed-off-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
Reviewed-by: Florian Weimer <fweimer@redhat.com>
---

diff --git a/manual/maint.texi b/manual/maint.texi
index 76d4a1a1476..a8441e20b62 100644
--- a/manual/maint.texi
+++ b/manual/maint.texi
@@ -207,6 +207,9 @@ hardened variant that does additional safety checks at runtime.  Some
 hardened variants need the size of the buffer to perform access
 validation and this is provided by the @code{__builtin_object_size} or
 the @code{__builtin_dynamic_object_size} builtin functions.
+@code{_FORTIFY_SOURCE} also enables additional compile time diagnostics,
+such as unchecked return values from some functions, to encourage
+developers to add error checking for those functions.
 
 At runtime, if any of those safety checks fail, the program will
 terminate with a @code{SIGABRT} signal.  @code{_FORTIFY_SOURCE} may be