In the next version of Linux glibc, SIGSTKSZ is defined at runtime if source is built with _GNU_SOURCE. On LibreSSL-portable, this is set to bring in asprintf/vasprintf, which causes the explicit_bzero test to fail to compile since the size of SIGSTKSZ is no longer known at compile time. This adjusts the test to treat SIGSTKSZ as a runtime variable.
See http://patches-tcwg.linaro.org/patch/48127/ and https://github.com/libressl-portable/portable/issues/653 for the LibreSSL build failure report on Fedora Rawhide. ok? Index: explicit_bzero.c =================================================================== RCS file: /cvs/src/regress/lib/libc/explicit_bzero/explicit_bzero.c,v retrieving revision 1.6 diff -u -p -u -p -r1.6 explicit_bzero.c --- explicit_bzero.c 11 Jul 2014 01:10:35 -0000 1.6 +++ explicit_bzero.c 23 Mar 2021 01:32:21 -0000 @@ -18,6 +18,7 @@ #include <assert.h> #include <errno.h> #include <signal.h> +#include <stdlib.h> #include <string.h> #include <unistd.h> @@ -36,16 +37,20 @@ enum { SECRETBYTES = SECRETCOUNT * sizeof(secret) }; -static char altstack[SIGSTKSZ + SECRETBYTES]; +static char *altstack; +#define ALTSTACK_SIZE (SIGSTKSZ + SECRETBYTES) static void setup_stack(void) { + altstack = malloc(ALTSTACK_SIZE); + const stack_t sigstk = { .ss_sp = altstack, - .ss_size = sizeof(altstack), + .ss_size = ALTSTACK_SIZE }; + ASSERT_NE(NULL, altstack); ASSERT_EQ(0, sigaltstack(&sigstk, NULL)); } @@ -129,7 +134,7 @@ test_without_bzero() char buf[SECRETBYTES]; assert_on_stack(); populate_secret(buf, sizeof(buf)); - char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf)); + char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf)); ASSERT_NE(NULL, res); return (res); } @@ -140,7 +145,7 @@ test_with_bzero() char buf[SECRETBYTES]; assert_on_stack(); populate_secret(buf, sizeof(buf)); - char *res = memmem(altstack, sizeof(altstack), buf, sizeof(buf)); + char *res = memmem(altstack, ALTSTACK_SIZE, buf, sizeof(buf)); ASSERT_NE(NULL, res); explicit_bzero(buf, sizeof(buf)); return (res); @@ -183,14 +188,14 @@ main() * on the stack. This sanity checks that call_on_stack() and * populate_secret() work as intended. */ - memset(altstack, 0, sizeof(altstack)); + memset(altstack, 0, ALTSTACK_SIZE); call_on_stack(do_test_without_bzero); /* * Now test with a call to explicit_bzero() and check that we * *don't* find any instances of the secret data. */ - memset(altstack, 0, sizeof(altstack)); + memset(altstack, 0, ALTSTACK_SIZE); call_on_stack(do_test_with_bzero); return (0);