Exclude routines from fortification
authorFrédéric Bérat <fberat@redhat.com>
Fri, 17 Mar 2023 09:17:28 +0000 (10:17 +0100)
committerFrédéric Bérat <fberat@redhat.com>
Wed, 5 Jul 2023 14:59:48 +0000 (16:59 +0200)
Since the _FORTIFY_SOURCE feature uses some routines of Glibc, they need to
be excluded from the fortification.

On top of that:
 - some tests explicitly verify that some level of fortification works
   appropriately, we therefore shouldn't modify the level set for them.
 - some objects need to be build with optimization disabled, which
   prevents _FORTIFY_SOURCE to be used for them.

Assembler files that implement architecture specific versions of the
fortified routines were not excluded from _FORTIFY_SOURCE as there is no
C header included that would impact their behavior.

Reviewed-by: Siddhesh Poyarekar <siddhesh@sourceware.org>
17 files changed:
debug/Makefile
io/Makefile
libio/Makefile
login/Makefile
misc/Makefile
posix/Makefile
rt/Makefile
setjmp/Makefile
socket/Makefile
stdio-common/Makefile
stdlib/Makefile
string/Makefile
sysdeps/ieee754/ldbl-128ibm-compat/Makefile
sysdeps/ieee754/ldbl-opt/Makefile
sysdeps/pthread/Makefile
sysdeps/unix/sysv/linux/Makefile
wcsmbs/Makefile

index 9d658e3002be073a3882b8c0467fb865b11c2748..434e52f7804e11428fe8bdaa8a07515e02547ba1 100644 (file)
@@ -171,13 +171,13 @@ CFLAGS-recvfrom_chk.c += -fexceptions -fasynchronous-unwind-tables
 # set up for us, so keep the CFLAGS/CPPFLAGS split logical as the order is:
 # <user CFLAGS> <test CFLAGS> <user CPPFLAGS> <test CPPFLAGS>
 CFLAGS-tst-longjmp_chk.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
 CFLAGS-tst-longjmp_chk2.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk2.c += -D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-longjmp_chk2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
 CFLAGS-tst-longjmp_chk3.c += -fexceptions -fasynchronous-unwind-tables
-CPPFLAGS-tst-longjmp_chk3.c += -D_FORTIFY_SOURCE=1
-CPPFLAGS-tst-realpath-chk.c += -D_FORTIFY_SOURCE=2
-CPPFLAGS-tst-chk-cancel.c += -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-longjmp_chk3.c += $(no-fortify-source),-D_FORTIFY_SOURCE=1
+CPPFLAGS-tst-realpath-chk.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-chk-cancel.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
 
 # _FORTIFY_SOURCE tests.
 # Auto-generate tests for _FORTIFY_SOURCE for different levels, compilers and
@@ -215,7 +215,7 @@ src-chk-nongnu = \#undef _GNU_SOURCE
 # cannot be disabled via pragmas, so require -Wno-error to be used.
 define gen-chk-test
 tests-$(1)-$(4)-chk += tst-fortify-$(1)-$(2)-$(3)-$(4)
-CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += -D_FORTIFY_SOURCE=$(3) -Wno-format \
+CFLAGS-tst-fortify-$(1)-$(2)-$(3)-$(4).$(1) += $(no-fortify-source),-D_FORTIFY_SOURCE=$(3) -Wno-format \
                                          -Wno-deprecated-declarations \
                                          -Wno-error
 $(eval $(call cflags-$(2),$(1),$(3),$(4)))
index d573064ecc7187110ec44815677fb2c9f3afd609..6ccc0e8691568546885d606d21b8b19dfb313949 100644 (file)
@@ -149,6 +149,22 @@ routines := \
   write \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  getcwd \
+  getwd \
+  open \
+  open64 \
+  openat \
+  openat64 \
+  poll \
+  ppoll \
+  read \
+  readlink \
+  readlinkat \
+  ttyname_r \
+  # routines_no_fortify
+
 others := \
  pwd \
  # others
index 2877fec484982d3abf8d9af5eef48e6c7575fc08..287ec11338f48c02225295a1f8b34cc34554a237 100644 (file)
@@ -53,6 +53,21 @@ routines     :=                                                            \
 
 gen-as-const-headers += libio-macros.sym
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  fwprintf \
+  iofgets \
+  iofgets_u \
+  iofgetws \
+  iofgetws_u \
+  swprintf \
+  vasprintf \
+  vsnprintf \
+  vswprintf \
+  vwprintf \
+  wprintf \
+  # routines_no_fortify
+
 tests = tst_swprintf tst_wprintf tst_swscanf tst_wscanf tst_getwc tst_putwc   \
        tst_wprintf2 tst-widetext test-fmemopen tst-ext tst-ext2 \
        tst-fgetws tst-ungetwc1 tst-ungetwc2 tst-swscanf tst-sscanf           \
@@ -165,11 +180,15 @@ CFLAGS-iofgets_u.c += $(config-cflags-wno-ignored-attributes)
 CFLAGS-iofputs_u.c += $(config-cflags-wno-ignored-attributes)
 # XXX Do we need filedoalloc and wfiledoalloc?  Others?
 
+# Prevent fortification as these are built with -O0
+CFLAGS-tst-bz24051.c += $(no-fortify-source)
+CFLAGS-tst-bz24153.c += $(no-fortify-source)
+
 CFLAGS-tst_putwc.c += -DOBJPFX=\"$(objpfx)\"
 
 # These test cases intentionally use overlapping arguments
-CFLAGS-tst-sprintf-ub.c += -Wno-restrict
-CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict
+CFLAGS-tst-sprintf-ub.c += -Wno-restrict $(no-fortify-source)
+CFLAGS-tst-sprintf-chk-ub.c += -Wno-restrict $(no-fortify-source)
 
 LDFLAGS-tst-bz24228 = -Wl,--version-script=tst-bz24228.map
 
index 13b155d34474475fd9699aa8e80f2bea2214355f..74216cbcb24cf2d66e3ae7c3001181683882ebca 100644 (file)
@@ -66,6 +66,12 @@ include ../Rules
 CFLAGS-getpt.c += -fexceptions
 CFLAGS-getlogin_r.c += $(config-cflags-wno-ignored-attributes)
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  getlogin_r \
+  ptsname_r \
+  # routines_no_fortify
+
 ifeq (yesyes,$(have-fpie)$(build-shared))
 pt_chown-cflags += $(pie-ccflag)
 endif
index 84aa4cb0ad9ebde1351d88385f6e141a1b9c7909..36ba7a0bad983a4a0d2c341da7bd2d87b5785956 100644 (file)
@@ -205,6 +205,13 @@ routines := \
   writev \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  getdomain \
+  gethostname \
+  syslog \
+  # routines_no_fortify
+
 generated += \
   tst-allocate_once-mem.out \
   tst-allocate_once.mtrace \
index ad43cbdec671f6d7432e0883418ba7c917861af4..5113ee3b7470f28e8513b6ef30052df8f014cd9f 100644 (file)
@@ -183,6 +183,14 @@ routines := \
   wordexp \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  confstr \
+  getgroups \
+  pread \
+  pread64 \
+  # routines_no_fortify
+
 aux := \
   environ \
   init-posix \
@@ -604,6 +612,9 @@ bug-glob1-ARGS = "$(objpfx)"
 tst-execvp3-ARGS = --test-dir=$(objpfx)
 CFLAGS-tst-spawn3.c += -DOBJPFX=\"$(objpfx)\"
 
+# Test voluntarily overflows struct dirent
+CFLAGS-bug-glob2.c += $(no-fortify-source)
+
 $(objpfx)testcases.h: TESTS TESTS2C.sed
        LC_ALL=C sed -f TESTS2C.sed < $< > $@T
        mv $@T $@
index a97333dc0263b089cb42aaaea237d44acf9cef91..3d4a3f0eecc8fc815f58df13a81a64f72e1952e6 100644 (file)
@@ -100,6 +100,11 @@ CFLAGS-aio_suspend.c += -fexceptions
 CFLAGS-mq_timedreceive.c += -fexceptions -fasynchronous-unwind-tables
 CFLAGS-mq_timedsend.c += -fexceptions -fasynchronous-unwind-tables
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  mq_open \
+  # routines_no_fortify
+
 LDFLAGS-rt.so = -Wl,--enable-new-dtags,-z,nodelete
 
 $(objpfx)librt.so: $(shared-thread-library)
index e5733a8c52a2da8f040cae23ed560745c7c0dcf7..363fb6673cd32a654bde1fb5ca8f10e029532fa8 100644 (file)
@@ -38,4 +38,13 @@ gen-as-const-headers += jmp_buf-macros.sym
 
 include ../Rules
 
+# This test messes the stack on purpose, which triggers longjump fortify
+# failure
+CFLAGS-bug269-setjmp.c += $(no-fortify-source)
+
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  longjmp \
+  # routines_no_fortify
+
 $(objpfx)tst-setjmp-fp: $(libm)
index d9b0b4af647266f9df799a8d8b2986a8692e7ab6..08f20118cdde769769d40dd06dbdce54e3b7395c 100644 (file)
@@ -60,6 +60,12 @@ routines := \
   socketpair \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  recv \
+  recvfrom \
+  # routines_no_fortify
+
 tests := \
   tst-accept4 \
   tst-cmsg_cloexec \
index 8871ec76689134f10178d260336dfa7c5ef24e1f..fe304b83733b28421abd4344e71a131e7ec85c38 100644 (file)
@@ -117,6 +117,19 @@ routines := \
   wprintf_function_invoke \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  asprintf \
+  dprintf \
+  fprintf \
+  printf \
+  snprintf \
+  sprintf \
+  vfprintf \
+  vfwprintf \
+  vprintf \
+  # routines_no_fortify
+
 aux := \
   errlist \
   errlist-data \
@@ -461,7 +474,7 @@ CFLAGS-tst-gets.c += -Wno-deprecated-declarations
 
 # BZ #11319 was first fixed for regular vdprintf, then reopened because
 # the fortified version had the same bug.
-CFLAGS-tst-bz11319-fortify2.c += -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
+CFLAGS-tst-bz11319-fortify2.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
 
 CFLAGS-tst-memstream-string.c += -fno-builtin-fprintf
 
index 0975f55ee62c3e6d6689acf2a0c103c68413bc73..25e42a77e7fdc034081cce01851a3f199659cc63 100644 (file)
@@ -145,6 +145,13 @@ routines := \
   xpg_basename \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  mbstowcs \
+  wcstombs \
+  wctomb \
+  # routines_no_fortify
+
 aux = \
   grouping \
   groupingwc \
index d3106d10a93650620032494129b5e39817235e92..8cdfd5b000623ac5858770c47ecc463748282bf5 100644 (file)
@@ -118,6 +118,23 @@ routines := \
   xpg-strerror \
 # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  explicit_bzero \
+  memcpy \
+  memmove \
+  mempcpy \
+  memset \
+  stpcpy \
+  stpncpy \
+  strcat \
+  strcpy \
+  strlcat \
+  strlcpy \
+  strncat \
+  strncpy \
+  # routines_no_fortify
+
 tests := \
   bug-envz1 \
   bug-strcoll1 \
index 42cca25a097be6b4d2134e0cb498aed79774f822..34273a5f5841373f336f9d96ea8355ec61635df4 100644 (file)
@@ -88,13 +88,19 @@ tests-internal += test-wprintf-ieee128 test-wprintf-ibm128
 CFLAGS-test-wprintf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
 CFLAGS-test-wprintf-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-obstack-ieee128 test-obstack-ibm128
-CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-obstack-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+                                $(no-fortify-source)
+CFLAGS-test-obstack-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+                               $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-obstack-chk-ieee128 test-obstack-chk-ibm128
-CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-obstack-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+                                    $(no-fortify-source)
+CFLAGS-test-obstack-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+                                   $(no-fortify-source)
 
 tests-internal += test-scanf-ieee128 test-scanf-ibm128
 CFLAGS-test-scanf-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi -std=c89 -D_GNU_SOURCE
@@ -216,25 +222,37 @@ ldbl-extra-routines += asprintf_chk \
                       obstack_chk \
                       vobstack_chk
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-printf-chk-ieee128 test-printf-chk-ibm128
-CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-printf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+                                   $(no-fortify-source)
+CFLAGS-test-printf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+                                  $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-printf-chk-redir-ieee128 test-printf-chk-redir-ibm128
 CFLAGS-test-printf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
-                                         -Wno-psabi -Wno-unused-result
+                                         -Wno-psabi -Wno-unused-result \
+                                         $(no-fortify-source)
 CFLAGS-test-printf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
-                                        -Wno-unused-result
+                                        -Wno-unused-result \
+                                        $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-wprintf-chk-ieee128 test-wprintf-chk-ibm128
-CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-wprintf-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+                                    $(no-fortify-source)
+CFLAGS-test-wprintf-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+                                   $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-internal += test-wprintf-chk-redir-ieee128 test-wprintf-chk-redir-ibm128
 CFLAGS-test-wprintf-chk-redir-ieee128.c += -mfloat128 -mabi=ieeelongdouble \
-                                          -Wno-psabi -Wno-unused-result
+                                          -Wno-psabi -Wno-unused-result \
+                                          $(no-fortify-source)
 CFLAGS-test-wprintf-chk-redir-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
-                                         -Wno-unused-result
+                                         -Wno-unused-result \
+                                         $(no-fortify-source)
 endif
 
 ifeq ($(subdir),argp)
@@ -281,13 +299,19 @@ CFLAGS-tst-ieee128-error.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
 CFLAGS-tst-ieee128-efgcvt.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
 CFLAGS-tst-ieee128-errorfptr.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-container += test-syslog-ieee128 test-syslog-ibm128
-CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-syslog-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+                               $(no-fortify-source)
+CFLAGS-test-syslog-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+                              $(no-fortify-source)
 
+# The following tests are setting _FORTIFY_SOURCE internally
 tests-container += test-syslog-chk-ieee128 test-syslog-chk-ibm128
-CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi
-CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi
+CFLAGS-test-syslog-chk-ieee128.c += -mfloat128 -mabi=ieeelongdouble -Wno-psabi \
+                                   $(no-fortify-source)
+CFLAGS-test-syslog-chk-ibm128.c += -mabi=ibmlongdouble -Wno-psabi \
+                                  $(no-fortify-source)
 endif
 
 ifeq ($(subdir),stdlib)
@@ -395,6 +419,31 @@ endif
 # Add IEEE binary128 files as make targets.
 routines += $(foreach r,$(ldbl-extra-routines),ieee128-$(r))
 
+routines_no_fortify += \
+  ieee128-asprintf \
+  ieee128-dprintf \
+  ieee128-fprintf \
+  ieee128-fwprintf \
+  ieee128-obstack \
+  ieee128-printf \
+  ieee128-snprintf \
+  ieee128-sprintf \
+  ieee128-swprintf \
+  ieee128-syslog \
+  ieee128-vasprintf \
+  ieee128-vdprintf \
+  ieee128-vfprintf \
+  ieee128-vfwprintf \
+  ieee128-vobstack \
+  ieee128-vprintf \
+  ieee128-vsnprintf \
+  ieee128-vsprintf \
+  ieee128-vswprintf \
+  ieee128-vsyslog \
+  ieee128-vwprintf \
+  ieee128-wprintf \
+  # routines_no_fortify
+
 # On powerpc64le, the routines responsible for converting between long
 # double and string (e.g.: printf, scanf, strtold, strfroml) default to
 # IBM long double mode.  When support for TS 18661-3 was added, several
index 22e778ad0e8918f56bea8f50bca73dc2b52de02c..0ed1cd2cae2d8b4a941dcc954e8b4905e622fec9 100644 (file)
@@ -269,3 +269,32 @@ CFLAGS-tst-nldbl-wscanf-binary-gnu89.c += -mlong-double-64 -std=gnu89 \
                                          -DOBJPFX=\"$(objpfx)\"
 
 endif
+
+routines_no_fortify += \
+  nldbl-asprintf \
+  nldbl-dprintf \
+  nldbl-fprintf \
+  nldbl-fwprintf \
+  nldbl-obstack_printf \
+  nldbl-obstack_vprintf \
+  nldbl-printf \
+  nldbl-snprintf \
+  nldbl-sprintf \
+  nldbl-swprintf \
+  nldbl-syslog \
+  nldbl-vasprintf \
+  nldbl-vdprintf \
+  nldbl-vfprintf \
+  nldbl-vfwprintf \
+  nldbl-vprintf \
+  nldbl-vsnprintf \
+  nldbl-vsprintf \
+  nldbl-vswprintf \
+  nldbl-vsyslog \
+  nldbl-vwprintf \
+  nldbl-wprintf \
+  # routines_no_fortify
+
+# We can't rely on Makeconfig here for whatever reason
+CFLAGS-.oS += $(call elide-fortify-source,.oS,$(routines_no_fortify))
+CFLAGS-.oS += $(call elide-fortify-source,_chk.oS,$(routines_no_fortify))
index 32cf4eb119c09676c9e6399a98994403b2dd4769..31028406d5838fd9dad8f32def144f1d8e539767 100644 (file)
@@ -304,6 +304,10 @@ tests-nolibpthread += \
 CFLAGS-tst-cleanup2.c += -fno-builtin
 CFLAGS-tst-cleanupx2.c += -fno-builtin
 
+# Disable fortification due to sprintf(NULL,...)
+CFLAGS-tst-cleanup2.c += $(no-fortify-source)
+CFLAGS-tst-cleanupx2.c += $(no-fortify-source)
+
 tests += \
   tst-cancelx2 \
   tst-cancelx3 \
index 23a84cf225344013b5fe84a9d36571eab1670947..be801e3be484983acb98163bb9c6a3b149f2e15c 100644 (file)
@@ -120,6 +120,9 @@ CFLAGS-sync_file_range.c = -fexceptions -fasynchronous-unwind-tables
 CFLAGS-pselect32.c = -fexceptions -fasynchronous-unwind-tables
 CFLAGS-tst-writev.c += "-DARTIFICIAL_LIMIT=(0x80000000-sysconf(_SC_PAGESIZE))"
 
+# The test triggers FORTIFY abortion due to purposely wrong parameters
+CFLAGS-test-errno-linux.c += $(no-fortify-source)
+
 sysdep_headers += \
   bits/a.out.h \
   bits/epoll.h \
index 22192985e1284facdd6ce2b5ec5ae4d0f1e2301a..d25a2214f8e4f4e9dbf971907f668fefb33e59c2 100644 (file)
@@ -121,6 +121,27 @@ routines := \
   wmemset \
   # routines
 
+# Exclude fortified routines from being built with _FORTIFY_SOURCE
+routines_no_fortify += \
+  mbsnrtowcs \
+  mbsrtowcs \
+  wcpcpy \
+  wcpncpy \
+  wcrtomb \
+  wcscat \
+  wcscpy \
+  wcslcat \
+  wcslcpy \
+  wcsncat \
+  wcsncpy \
+  wcsnrtombs \
+  wcsrtombs \
+  wmemcpy \
+  wmemmove \
+  wmempcpy \
+  wmemset \
+  # routines_no_fortify
+
 tests := \
   test-c8rtomb \
   test-char-types \
@@ -231,7 +252,7 @@ CFLAGS-wcstod_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
 CFLAGS-wcstold_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
 CFLAGS-wcstof128_l.c += $(strtox-CFLAGS)
 CFLAGS-wcstof_l.c += $(strtox-CFLAGS) $(config-cflags-wno-ignored-attributes)
-CPPFLAGS-tst-wchar-h.c += -D_FORTIFY_SOURCE=2
+CPPFLAGS-tst-wchar-h.c += $(no-fortify-source),-D_FORTIFY_SOURCE=2
 
 CFLAGS-wcschr.c += $(config-cflags-wno-ignored-attributes)
 CFLAGS-wmemchr.c += $(config-cflags-wno-ignored-attributes)