Reapply "[clang][ssaf][NFC] Rework how the Force linker anchors are defined and used" (#194693)
This reverts commit 582958c4337f539e650096c0257a322315298e1a.
Drop "const" from these anchor variables - like they are in clang-tidy
Turns out, MSVC likely doesn't conform with the C++ standard and makes
`const volatile` global variables have *internal* linkage - while they
should have *external* linkage.
https://eel.is/c++draft/basic.link#3.2
```
(3) The name of an entity that belongs to a namespace scope has internal linkage if it is the name of
(3.1) a variable, variable template, function, or function template that is explicitly declared static; or
(3.2) a non-template variable of non-volatile const-qualified type, unless
(3.2.1) it is declared in the purview of a module interface unit (outside the private-module-fragment, if any) or module partition, or
(3.2.2) it is explicitly declared extern, or
(3.2.3) it is inline, or
(3.2.4) it was previously declared and the prior declaration did not have internal linkage; or
[3 lines not shown]
fresh: fix CARGO_INSTALL_ARGS for workspace root
Upstream moved the Cargo workspace root to the repo root in 0.3.9.
CARGO_WRKSRC must stay at the root for correct Cargo.lock discovery,
but cargo install needs --path pointing at the installable crate,
not the virtual workspace manifest.
ipfilter: Fix NULL dereferences in ipf_checkicmp6matchingstate()
Add NULL checks for ic6 (the ICMPv6 header pointer from fin->fin_dp)
and oic (the inner ICMPv6 header from ofin.fin_dp after ipf_makefrip).
These pointers can be NULL when processing malformed ICMPv6 error
packets with extension headers.
Also fix the length validation: the original check (fin->fin_plen <
sizeof(ip6_t)) could never trigger because an earlier check already
ensures fin->fin_plen >= ICMP6ERR_MINPKTLEN (48). Replace with a proper
check that fin->fin_dlen contains at least ICMPERR_ICMPHLEN +
sizeof(ip6_t) bytes to ensure sufficient data exists for both the
ICMPv6 error header and the embedded IPv6 header.
PR: 288333
Pull Request: https://github.com/freebsd/freebsd-src/pull/2214
Signed-off-by: Teddy Engel <engel.teddy at gmail.com>
(cherry picked from commit c028080749c09e68c555155df0e9f681ba63c6ae)
ipfilter: Validate length before checksum
Validate the length of the packet listed in the mbuf is the same as
the calculated packet length. If not reject the packet and bump the
bad packet stat.
PR: 295198
Differential Revision: https://reviews.freebsd.org/D57095
(cherry picked from commit 8dfb0805fc31cd78940429ab0560dae7e8ab6536)
ipfilter: Add NULL check for fin_dp in ICMP packet handlers
Add NULL checks for fin->fin_dp in ipf_pr_icmp6() and ipf_pr_icmp()
before dereferencing. When processing packets with IPv6 extension
headers, ipf_pr_pullup() can succeed but fin->fin_dp may still be NULL
due to extension header processing leaving insufficient data for the
protocol header.
PR: 288333
Pull Request: https://github.com/freebsd/freebsd-src/pull/2214
Signed-off-by: Teddy Engel <engel.teddy at gmail.com>
(cherry picked from commit 68ed81631afa20c07883f7f60343f6da8397ee41)
ipfilter: Add NULL check for fin_m in ipf_pr_icmp6()
Add NULL check for fin->fin_m before calling M_LEN() in the ICMPv6
error handling code path. When ipf_checkicmp6matchingstate() calls
ipf_makefrip() with a synthesized fr_info_t that has fin_m set to
NULL, the subsequent call to ipf_pr_ipv6hdr() can reach ipf_pr_icmp6()
which would crash when trying to access the mbuf via M_LEN().
PR: 288333
Pull Request: https://github.com/freebsd/freebsd-src/pull/2214
Signed-off-by: Teddy Engel <engel.teddy at gmail.com>
(cherry picked from commit cdc40489a7a617b742e295cf9005b3569b45e823)
ipfilter: Fix NULL dereferences in ipf_checkicmp6matchingstate()
Add NULL checks for ic6 (the ICMPv6 header pointer from fin->fin_dp)
and oic (the inner ICMPv6 header from ofin.fin_dp after ipf_makefrip).
These pointers can be NULL when processing malformed ICMPv6 error
packets with extension headers.
Also fix the length validation: the original check (fin->fin_plen <
sizeof(ip6_t)) could never trigger because an earlier check already
ensures fin->fin_plen >= ICMP6ERR_MINPKTLEN (48). Replace with a proper
check that fin->fin_dlen contains at least ICMPERR_ICMPHLEN +
sizeof(ip6_t) bytes to ensure sufficient data exists for both the
ICMPv6 error header and the embedded IPv6 header.
PR: 288333
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/2214
Signed-off-by: Teddy Engel <engel.teddy at gmail.com>
(cherry picked from commit c028080749c09e68c555155df0e9f681ba63c6ae)
ipfilter: Validate length before checksum
Validate the length of the packet listed in the mbuf is the same as
the calculated packet length. If not reject the packet and bump the
bad packet stat.
PR: 295198
Differential Revision: https://reviews.freebsd.org/D57095
(cherry picked from commit 8dfb0805fc31cd78940429ab0560dae7e8ab6536)
ipfilter: Add NULL check for fin_m in ipf_pr_icmp6()
Add NULL check for fin->fin_m before calling M_LEN() in the ICMPv6
error handling code path. When ipf_checkicmp6matchingstate() calls
ipf_makefrip() with a synthesized fr_info_t that has fin_m set to
NULL, the subsequent call to ipf_pr_ipv6hdr() can reach ipf_pr_icmp6()
which would crash when trying to access the mbuf via M_LEN().
PR: 288333
MFC after: 1 week
Pull Request: https://github.com/freebsd/freebsd-src/pull/2214
Signed-off-by: Teddy Engel <engel.teddy at gmail.com>
(cherry picked from commit cdc40489a7a617b742e295cf9005b3569b45e823)
ipfilter: Add NULL check for fin_dp in ICMP packet handlers
Add NULL checks for fin->fin_dp in ipf_pr_icmp6() and ipf_pr_icmp()
before dereferencing. When processing packets with IPv6 extension
headers, ipf_pr_pullup() can succeed but fin->fin_dp may still be NULL
due to extension header processing leaving insufficient data for the
protocol header.
PR: 288333
Pull Request: https://github.com/freebsd/freebsd-src/pull/2214
Signed-off-by: Teddy Engel <engel.teddy at gmail.com>
(cherry picked from commit 68ed81631afa20c07883f7f60343f6da8397ee41)
[PowerPC] Drop invalid range metadata when lowering i64 load to fp in INT_TO_FP (#198705)
When lowering an i64 load in LowerINT_TO_FP, we were forwarding the
original !range metadata to a new f64 load. This is invalid because the
metadata no longer matches the value type/semantics, and can trigger
assertions when lowering i64 to fp (double or float) conversions.
This patch fixes this by passing a nullptr for the Ranges operand when
calling getLoad() and adds extra test cases to cover signed/unsigned i64
to f32/f64 conversions and to ensure they do not assert when the !range
metadata is present.
The assertion this patch attempts to fix is:
```
Assertion failed: (!MMO->getRanges() || (mdconst::extract<ConstantInt>(MMO->getRanges()->getOperand(0)) ->getBitWidth() == MemVT.getScalarSizeInBits() && MemVT.isInteger())) && "Range metadata and load type must match!"
```
This assert was originally seen when building Rust on AIX.
[clang] fix finding class template instantiation pattern for member specializations
Stop treating the member which a member specialization specializes as the pattern of
the former.
Split off from https://github.com/llvm/llvm-project/pull/199528
workflows/issue-release-workflow: Fix bug when specifying multiple commits (#199973)
All commits after the first one were being dropped in comments like
/cherry-pick <commit> <commit> ...
This was introduced by: 21df17aaaec2dd9dafd641c5dbfd96446c27921b
fresh: update to 0.3.9
- Bump version from 0.3.8 to 0.3.9
- Update CARGO_WRKSRC from crates/fresh-editor to workspace root
(upstream moved Cargo.lock to repo root in this release)
- Regenerate distinfo checksums
libarchive: Force GNU iconv compatibility on FreeBSD
When libarchive is compiled with FreeBSD's native iconv instead of
libiconv, as happens with libarchive in the base system, we need to
configure iconv(3) to handle invalid sequences by returning -1, as
iconv_strncat_in_locale() assumes GNU iconv semantics.
This corresponds to upstream PR 3056.
PR: 294577
MFC after: 1 week
