sys-apps/systemd: backport -D_FORTIFY_SOURCE=3 patch

Notably not bothering to revbump for now because this manifests
during self-execution during build and FORTIFY_SOURCE=3 is only
available in GCC 12 which isn't even released yet, let alone
exposed or enabled by default in Gentoo.

It's far more likely that systemd 251 will be released (or
at least another RC for it) before we're even close to unleashing
FORTIFY_SOURCE=3 on Gentoo Hardened users by default.

Bug: https://github.com/systemd/systemd/issues/22801
Signed-off-by: Sam James <sam@gentoo.org>

2 files changed, 43 insertions, 0 deletions

diff --git a/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch b/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch
new file mode 100644
index 000000000000..ed9eb80f21fa
--- /dev/null
+++ b/sys-apps/systemd/files/250.4-fortify-source-3-malloc.patch
@@ -0,0 +1,42 @@
+https://github.com/systemd/systemd/commit/0bd292567a543d124cd303f7dd61169a209cae64
+
+From 0bd292567a543d124cd303f7dd61169a209cae64 Mon Sep 17 00:00:00 2001
+From: Martin Liska <mliska@suse.cz>
+Date: Thu, 31 Mar 2022 10:27:45 +0200
+Subject: [PATCH] Support -D_FORTIFY_SOURCE=3 by using
+ __builtin_dynamic_object_size.
+
+As explained in the issue, -D_FORTIFY_SOURCE=3 requires usage
+of __builtin_dynamic_object_size in MALLOC_SIZEOF_SAFE macro.
+
+Fixes: #22801
+--- a/src/basic/alloc-util.h
++++ b/src/basic/alloc-util.h
+@@ -174,13 +174,23 @@ void* greedy_realloc0(void **p, size_t need, size_t size);
+  * is compatible with _FORTIFY_SOURCES. If _FORTIFY_SOURCES is used many memory operations will take the
+  * object size as returned by __builtin_object_size() into account. Hence, let's return the smaller size of
+  * malloc_usable_size() and __builtin_object_size() here, so that we definitely operate in safe territory by
+- * both the compiler's and libc's standards. Note that __builtin_object_size() evaluates to SIZE_MAX if the
+- * size cannot be determined, hence the MIN() expression should be safe with dynamically sized memory,
+- * too. Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
++ * both the compiler's and libc's standards. Note that _FORTIFY_SOURCES=3 handles also dynamically allocated
++ * objects and thus it's safer using __builtin_dynamic_object_size if _FORTIFY_SOURCES=3 is used (#22801).
++ * Moreover, when NULL is passed malloc_usable_size() is documented to return zero, and
+  * __builtin_object_size() returns SIZE_MAX too, hence we also return a sensible value of 0 in this corner
+  * case. */
++
++#if defined __has_builtin
++#  if __has_builtin(__builtin_dynamic_object_size)
++#    define MALLOC_SIZEOF_SAFE(x) \
++        MIN(malloc_usable_size(x), __builtin_dynamic_object_size(x, 0))
++#  endif
++#endif
++
++#ifndef MALLOC_SIZEOF_SAFE
+ #define MALLOC_SIZEOF_SAFE(x) \
+         MIN(malloc_usable_size(x), __builtin_object_size(x, 0))
++#endif
+
+ /* Inspired by ELEMENTSOF() but operates on malloc()'ed memory areas: typesafely returns the number of items
+  * that fit into the specified memory block */
+
diff --git a/sys-apps/systemd/systemd-250.4-r1.ebuild b/sys-apps/systemd/systemd-250.4-r1.ebuild
index 0a50c49d2cc6..949d0d02e69c 100644
--- a/sys-apps/systemd/systemd-250.4-r1.ebuild
+++ b/sys-apps/systemd/systemd-250.4-r1.ebuild
@@ -244,6 +244,7 @@ src_prepare() {
 	# Add local patches here
 	PATCHES+=(
 		"${FILESDIR}/250.4-random-seed-hash.patch"
+		"${FILESDIR}/250.4-fortify-source-3-malloc.patch"
 	)
 
 	if ! use vanilla; then