From 689431017df02503b9cc75edc2ced04f343f2c9e Mon Sep 17 00:00:00 2001
From: r1viollet <erwan.viollet@datadoghq.com>
Date: Mon, 17 Jul 2023 10:50:27 +0200
Subject: [PATCH 1/7] Alpine 3.18.0

Upgrade base build image to 3.18.0
---
 app/base-env-alpine/Dockerfile | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

diff --git a/app/base-env-alpine/Dockerfile b/app/base-env-alpine/Dockerfile
index 0517c346e..e63ed9a1d 100644
--- a/app/base-env-alpine/Dockerfile
+++ b/app/base-env-alpine/Dockerfile
@@ -1,4 +1,4 @@
-FROM alpine:3.17.2
+FROM alpine:3.18.0
 ARG COMPILER="gcc"
 ENV CC=gcc
 ENV CXX=g++
@@ -56,11 +56,11 @@ SHELL ["/bin/bash", "-c"]
 # Provides the llvm-symbolizer (better debug information in case of sanitizer issue)
 ENV PATH="/usr/lib/llvm-${CLANG_VERSION}/bin/:$PATH"
 
-### Alpine has cmake 3.23
+### Alpine has newer cmake
 
 # Ninja build 1.10.2
-RUN VERSION="1.10.2" \
-  && SHA256="ce35865411f0490368a8fc383f29071de6690cbadc27704734978221f25e2bed" \
+RUN VERSION="1.11.1" \
+  && SHA256="31747ae633213f1eda3842686f83c2aa1412e0f5691d1c14dbbcc67fe7400cea" \
   && curl -LO https://github.com/ninja-build/ninja/archive/refs/tags/v${VERSION}.tar.gz \
   && (printf "${SHA256}  v${VERSION}.tar.gz" | sha256sum -c) \
   && tar xvfz v${VERSION}.tar.gz \
@@ -73,9 +73,9 @@ RUN VERSION="1.10.2" \
 ## Alpine has cppcheck 2.8.1-r0
 
 # C++ json library (used for test purpose)
-RUN VERSION="3.10.5" \
+RUN VERSION="3.11.2" \
   && curl -LO https://github.com/nlohmann/json/releases/download/v${VERSION}/json.tar.xz \
-  && SHA256="344be97b757a36c5b180f1c8162f6c5f6ebd760b117f6e64b77866e97b217280" \
+  && SHA256="8c4b26bf4b422252e13f332bc5e388ec0ab5c3443d24399acb675e68278d341f" \
   && (printf "${SHA256}  json.tar.xz" | sha256sum -c) \
   && tar xf json.tar.xz \
   && cd json \
@@ -86,9 +86,9 @@ RUN VERSION="3.10.5" \
   && rm -rf json json.tar.xz
 
 # Google benchmark
-RUN VERSION="1.6.1" \
+RUN VERSION="1.8.2" \
   && curl -LO "https://github.com/google/benchmark/archive/refs/tags/v${VERSION}.tar.gz" \
-  && SHA256="6132883bc8c9b0df5375b16ab520fac1a85dc9e4cf5be59480448ece74b278d4" \
+  && SHA256="2aab2980d0376137f969d92848fbb68216abb07633034534fc8c65cc4e7a0e93" \
   && (printf "${SHA256}  v${VERSION}.tar.gz" | sha256sum -c) \
   && tar xf v${VERSION}.tar.gz \
   && cd benchmark-${VERSION} \

From 66edab306a51df80057acfd17151d321ae7f5806 Mon Sep 17 00:00:00 2001
From: r1viollet <erwan.viollet@datadoghq.com>
Date: Mon, 17 Jul 2023 14:37:05 +0200
Subject: [PATCH 2/7] Ubuntu 23.04 upgrade

Ensure we can build with ubuntu 23.04
---
 app/base-env-alpine/Dockerfile |  2 +-
 app/base-env/Dockerfile        | 35 ++++++++++++----------------------
 2 files changed, 13 insertions(+), 24 deletions(-)

diff --git a/app/base-env-alpine/Dockerfile b/app/base-env-alpine/Dockerfile
index e63ed9a1d..1b7f4864c 100644
--- a/app/base-env-alpine/Dockerfile
+++ b/app/base-env-alpine/Dockerfile
@@ -58,7 +58,7 @@ ENV PATH="/usr/lib/llvm-${CLANG_VERSION}/bin/:$PATH"
 
 ### Alpine has newer cmake
 
-# Ninja build 1.10.2
+# Ninja build 1.11.1
 RUN VERSION="1.11.1" \
   && SHA256="31747ae633213f1eda3842686f83c2aa1412e0f5691d1c14dbbcc67fe7400cea" \
   && curl -LO https://github.com/ninja-build/ninja/archive/refs/tags/v${VERSION}.tar.gz \
diff --git a/app/base-env/Dockerfile b/app/base-env/Dockerfile
index bd7ea1979..100250038 100644
--- a/app/base-env/Dockerfile
+++ b/app/base-env/Dockerfile
@@ -7,6 +7,10 @@ FROM ubuntu:${UBUNTU_VERSION}.04 as base
 ARG UBUNTU_VERSION
 ENV OS_IDENTIFIER="UB${UBUNTU_VERSION}"
 
+FROM base AS base-23
+ENV GCC_VERSION=13
+ENV CLANG_VERSION=16
+
 FROM base AS base-22
 ENV GCC_VERSION=12
 ENV CLANG_VERSION=15
@@ -62,6 +66,7 @@ RUN apt-get update \
   ssh-client \
   subversion \
   unzip \
+  valgrind \
   wget \
   zlib1g-dev
 
@@ -91,11 +96,11 @@ RUN VERSION="3.22.2" \
   && tar --no-same-owner -C /usr/local --strip-components=1 -xf ${TAR_NAME} \
   && rm ${TAR_NAME}
 
-# Ninja build 1.10.2
-RUN VERSION="1.10.2" \
-  && SHA256="ce35865411f0490368a8fc383f29071de6690cbadc27704734978221f25e2bed" \
+# Ninja build 1.11.1
+RUN VERSION="1.11.1" \
+  && SHA256="31747ae633213f1eda3842686f83c2aa1412e0f5691d1c14dbbcc67fe7400cea" \
   && curl -LO https://github.com/ninja-build/ninja/archive/refs/tags/v${VERSION}.tar.gz \
-  && (printf "${SHA256} v${VERSION}.tar.gz" | sha256sum --check --strict --status) \
+  && (printf "${SHA256}  v${VERSION}.tar.gz" | sha256sum -c) \
   && tar xvfz v${VERSION}.tar.gz \
   && cd ninja-${VERSION} \
   && cmake -Bbuild-cmake \
@@ -146,36 +151,20 @@ RUN VERSION="3.10.5" \
 # Command line includes a change
 # - in python which is missing on ubuntu 20.04, use python 3 instead
 # - in options_test.cc to fix a clang build issue (fixed after 1.7.1)
-RUN VERSION="1.7.1" \
+RUN VERSION="1.8.2" \
   && curl -LO "https://github.com/google/benchmark/archive/refs/tags/v${VERSION}.tar.gz" \
-  && SHA256="6430e4092653380d9dc4ccb45a1e2dc9259d581f4866dc0759713126056bc1d7" \
+  && SHA256="2aab2980d0376137f969d92848fbb68216abb07633034534fc8c65cc4e7a0e93" \
   && (printf "${SHA256} v${VERSION}.tar.gz" | sha256sum --check --strict --status) \
   && tar xf v${VERSION}.tar.gz \
   && pushd benchmark-${VERSION} \
   && { command -v python > /dev/null || { ln -s /usr/bin/python3 python && export PATH=$PWD:$PATH; }; } \
-  && sed -i 's/^\s*size_t actual_iterations = 0;\s*$/  for (auto _ : state) {}/' ./test/options_test.cc \
-  && sed -i 's/^\s*for (auto _ : state) ++actual_iterations;\s*$//' ./test/options_test.cc \
   && cmake -DCMAKE_BUILD_TYPE=Release -DBENCHMARK_USE_BUNDLED_GTEST=OFF -GNinja -S . -B "build" \
   && cmake --build "build" --target install \
   && popd \
   && rm -rf benchmark-${VERSION} v${VERSION}.tar.gz
 
-# Valgrind with dwarf 5 support
-RUN VERSION="3.21.0" \
-    && curl -LO "https://sourceware.org/pub/valgrind/valgrind-${VERSION}.tar.bz2" \
-    && SHA1="817d769743d278b5d07526e85115082054e9bf9c" \
-    && (printf "${SHA1} valgrind-${VERSION}.tar.bz2" | sha1sum --check --strict --status) \
-    && tar xvf valgrind-${VERSION}.tar.bz2 \
-    && pushd valgrind-${VERSION} \
-    && ./configure --prefix /usr/local \
-    && make -j 4 \
-    && make install \
-    && valgrind --version \
-    && popd \
-    && rm -Rf valgrind-${VERSION} valgrind-${VERSION}.tar.bz2
-
 # Install cmake_format
-RUN pip3 install cmake_format
+RUN pip3  install --break-system-packages cmake-format
 
 # A specific user is required to get access to perf event ressources.
 # This enables unit testing using perf-event ressources

From 211043cedba967a78072e182278e38c7fc236c08 Mon Sep 17 00:00:00 2001
From: r1viollet <erwan.viollet@datadoghq.com>
Date: Tue, 18 Jul 2023 09:48:46 +0200
Subject: [PATCH 3/7] GCC 13 compatibility

Minor compilation fixes for gcc13
---
 app/base-env/Dockerfile            | 6 +++++-
 include/lib/allocation_tracker.hpp | 2 +-
 include/lib/saveregisters.hpp      | 4 +++-
 include/span.hpp                   | 2 +-
 include/tempfile.hpp               | 7 +++----
 src/ddprof_cpumask.cc              | 1 +
 src/exe/main.cc                    | 4 ++--
 src/lib/savecontext.cc             | 7 ++++---
 src/tempfile.cc                    | 7 +++----
 9 files changed, 23 insertions(+), 17 deletions(-)

diff --git a/app/base-env/Dockerfile b/app/base-env/Dockerfile
index 100250038..fb3ad31b2 100644
--- a/app/base-env/Dockerfile
+++ b/app/base-env/Dockerfile
@@ -164,7 +164,11 @@ RUN VERSION="1.8.2" \
   && rm -rf benchmark-${VERSION} v${VERSION}.tar.gz
 
 # Install cmake_format
-RUN pip3  install --break-system-packages cmake-format
+RUN if [ "$UBUNTU_VERSION" -eq 23 ]; then \
+        pip3 install --break-system-packages cmake-format; \
+    else \
+        pip3 install cmake-format; \
+    fi
 
 # A specific user is required to get access to perf event ressources.
 # This enables unit testing using perf-event ressources
diff --git a/include/lib/allocation_tracker.hpp b/include/lib/allocation_tracker.hpp
index 567dab62e..4ced70a99 100644
--- a/include/lib/allocation_tracker.hpp
+++ b/include/lib/allocation_tracker.hpp
@@ -26,7 +26,7 @@ struct TrackerThreadLocalState {
   int64_t remaining_bytes; // remaining allocation bytes until next sample
   bool remaining_bytes_initialized; // false if remaining_bytes is not
                                     // initialized
-  ddprof::span<const byte> stack_bounds;
+  ddprof::span<const std::byte> stack_bounds;
   pid_t tid; // cache of tid
 
   bool reentry_guard; // prevent reentry in AllocationTracker (eg. when
diff --git a/include/lib/saveregisters.hpp b/include/lib/saveregisters.hpp
index 0f0f747c5..5e0f05924 100644
--- a/include/lib/saveregisters.hpp
+++ b/include/lib/saveregisters.hpp
@@ -27,10 +27,12 @@ WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.  */
 #include "perf_archmap.hpp"
 #include "span.hpp"
 
+#include <cstdint>
+
 #if defined(__x86_64__)
 
 DDPROF_NOINLINE __attribute__((naked)) void
-    save_registers(ddprof::span<uint64_t, PERF_REGS_COUNT>);
+    save_registers(ddprof::span<std::uint64_t, PERF_REGS_COUNT>);
 
 #elif defined(__aarch64__)
 
diff --git a/include/span.hpp b/include/span.hpp
index c7c223f91..00abf9e04 100644
--- a/include/span.hpp
+++ b/include/span.hpp
@@ -5,7 +5,7 @@
 
 #pragma once
 
-#if __cpp_lib_span
+#if __cplusplus >= 202002L
 
 #  include <span>
 
diff --git a/include/tempfile.hpp b/include/tempfile.hpp
index 3df1a58c6..f44a474fe 100644
--- a/include/tempfile.hpp
+++ b/include/tempfile.hpp
@@ -14,10 +14,9 @@
 
 namespace ddprof {
 DDRes get_or_create_temp_file(std::string_view prefix,
-                              ddprof::span<const std::byte> data, mode_t mode,
+                              span<const std::byte> data, mode_t mode,
                               std::string &path);
 
-DDRes create_temp_file(std::string_view prefix,
-                       ddprof::span<const std::byte> data, mode_t mode,
-                       std::string &path);
+DDRes create_temp_file(std::string_view prefix, span<const std::byte> data,
+                       mode_t mode, std::string &path);
 } // namespace ddprof
diff --git a/src/ddprof_cpumask.cc b/src/ddprof_cpumask.cc
index f6860f341..fbaa327ac 100644
--- a/src/ddprof_cpumask.cc
+++ b/src/ddprof_cpumask.cc
@@ -5,6 +5,7 @@
 
 #include "ddprof_cpumask.hpp"
 
+#include <cstdint>
 #include <dirent.h>
 #include <sys/sysinfo.h>
 #include <sys/types.h>
diff --git a/src/exe/main.cc b/src/exe/main.cc
index 2a0709af8..4933a4267 100644
--- a/src/exe/main.cc
+++ b/src/exe/main.cc
@@ -127,11 +127,11 @@ static DDRes get_library_path(TempFileHolder &libdd_profiling_path,
   }
 
   if (profiling_path.empty()) {
-    DDRES_CHECK_FWD(get_or_create_temp_file(
+    DDRES_CHECK_FWD(ddprof::get_or_create_temp_file(
         k_libdd_profiling_embedded_name,
         ddprof::as_bytes(ddprof::span{_binary_libdd_profiling_embedded_so_start,
                                       _binary_libdd_profiling_embedded_so_end}),
-        0644, profiling_path));
+        mode_t(0644), profiling_path));
     libdd_profiling_path = TempFileHolder{profiling_path, false};
   } else {
     libdd_profiling_path = TempFileHolder{profiling_path, false};
diff --git a/src/lib/savecontext.cc b/src/lib/savecontext.cc
index 748a7be49..e1b90ff08 100644
--- a/src/lib/savecontext.cc
+++ b/src/lib/savecontext.cc
@@ -40,13 +40,14 @@ DDPROF_NOINLINE ddprof::span<const std::byte> retrieve_stack_bounds() {
 static DDPROF_NO_SANITIZER_ADDRESS size_t
 save_stack(ddprof::span<const std::byte> stack_bounds,
            const std::byte *stack_ptr, ddprof::span<std::byte> buffer) {
+  const std::byte *stack_ptr_end = (stack_bounds.data() + stack_bounds.size());
   // Safety check to ensure we are not in a fiber using a different stack
-  if (!(stack_ptr >= stack_bounds.begin() && stack_ptr < stack_bounds.end())) {
+  if (!(stack_ptr >= stack_bounds.data() && stack_ptr < stack_ptr_end)) {
     return 0;
   }
   // take the min of current stack size and requested stack sample size~
-  int64_t saved_stack_size = std::min(static_cast<intptr_t>(buffer.size()),
-                                      stack_bounds.end() - stack_ptr);
+  int64_t saved_stack_size =
+      std::min(static_cast<intptr_t>(buffer.size()), stack_ptr_end - stack_ptr);
 
   if (saved_stack_size <= 0) {
     return 0;
diff --git a/src/tempfile.cc b/src/tempfile.cc
index fe2d28fca..27b670a8e 100644
--- a/src/tempfile.cc
+++ b/src/tempfile.cc
@@ -18,7 +18,7 @@
 namespace ddprof {
 
 DDRes get_or_create_temp_file(std::string_view prefix,
-                              ddprof::span<const std::byte> data, mode_t mode,
+                              span<const std::byte> data, mode_t mode,
                               std::string &path) {
   unsigned char digest[20];
   char str_digest[41];
@@ -45,9 +45,8 @@ DDRes get_or_create_temp_file(std::string_view prefix,
   return {};
 }
 
-DDRes create_temp_file(std::string_view prefix,
-                       ddprof::span<const std::byte> data, mode_t mode,
-                       std::string &path) {
+DDRes create_temp_file(std::string_view prefix, span<const std::byte> data,
+                       mode_t mode, std::string &path) {
   std::error_code ec;
   auto template_str =
       std::string{std::filesystem::temp_directory_path(ec) / prefix} +

From b5a150d41fe2e38440528043041d39db1ac10ca4 Mon Sep 17 00:00:00 2001
From: r1viollet <erwan.viollet@datadoghq.com>
Date: Tue, 18 Jul 2023 10:05:29 +0200
Subject: [PATCH 4/7] Minor compilation fixes

---
 CppCheckSuppressions.txt | 3 ---
 src/exe/main.cc          | 3 +--
 2 files changed, 1 insertion(+), 5 deletions(-)

diff --git a/CppCheckSuppressions.txt b/CppCheckSuppressions.txt
index 3b12198ba..6d92aadf2 100644
--- a/CppCheckSuppressions.txt
+++ b/CppCheckSuppressions.txt
@@ -5,8 +5,5 @@
 // config of cpp checks needs more includes
 missingInclude
 
-// Ignore warnings from third parties
-*:*/third_party/*
-
 // Ignore Lex and Yacc defects
 *:*/event_parser/*
diff --git a/src/exe/main.cc b/src/exe/main.cc
index 4933a4267..81305f2d8 100644
--- a/src/exe/main.cc
+++ b/src/exe/main.cc
@@ -139,7 +139,7 @@ static DDRes get_library_path(TempFileHolder &libdd_profiling_path,
 
 #ifdef DDPROF_USE_LOADER
   if (loader_path.empty()) {
-    DDRES_CHECK_FWD(get_or_create_temp_file(
+    DDRES_CHECK_FWD(ddprof::get_or_create_temp_file(
         k_libdd_loader_name,
         ddprof::as_bytes(ddprof::span{_binary_libdd_loader_so_start,
                                       _binary_libdd_loader_so_end}),
@@ -151,7 +151,6 @@ static DDRes get_library_path(TempFileHolder &libdd_profiling_path,
 #else
   (void)libdd_loader_path;
 #endif
-
   return {};
 }
 

From db0d63494419e4a51e968d53f9b08434c810c7cb Mon Sep 17 00:00:00 2001
From: r1viollet <erwan.viollet@datadoghq.com>
Date: Wed, 19 Jul 2023 09:35:04 +0200
Subject: [PATCH 5/7] gcc 13 compilation fix

Attempt a change on fortify value
---
 include/sha1.h  |  6 +++---
 src/sha1.c      | 40 ++++++++++++++++++++++++++++------------
 src/tempfile.cc |  2 +-
 3 files changed, 32 insertions(+), 16 deletions(-)

diff --git a/include/sha1.h b/include/sha1.h
index 46dfb6f61..5f0a1a2ce 100644
--- a/include/sha1.h
+++ b/include/sha1.h
@@ -27,12 +27,12 @@ void SHA1Update(SHA1_CTX *context, const unsigned char *data, uint32_t len);
 
 void SHA1Final(unsigned char digest[20], SHA1_CTX *context);
 
-void SHA1(unsigned char digest[20], const char *str, int len);
+void SHA1(char *hash_out, const char *str, uint32_t len);
 
-void SHA1StrDigest(const unsigned char digest[20], char str_digest[41]);
+void SHA1StrDigest(const char digest[20], char str_digest[41]);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#endif /* SHA1_H */
\ No newline at end of file
+#endif /* SHA1_H */
diff --git a/src/sha1.c b/src/sha1.c
index d282631cc..67b574c51 100644
--- a/src/sha1.c
+++ b/src/sha1.c
@@ -4,17 +4,28 @@ By Steve Reid <steve@edmweb.com>
 100% Public Domain
 
 Test Vectors (from FIPS PUB 180-1)
-"abc"
-  A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
-"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
-  84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
-A million repetitions of "a"
-  34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
-*/
+        "abc"
+    A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+    84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+    A million repetitions of "a"
+    34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+    */
 
 /* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
 /* #define SHA1HANDSOFF * Copies data before messing with it. */
 
+// gcc 13 and lto seem to fail when compiling sha1. This is related to the
+// fortify feature.
+/// usr/include/fortify/stdio.h:73:28: error: inlining failed in call to
+/// 'always_inline' 'vsnprintf': function body can be overwritten at link time
+//   73 | _FORTIFY_FN(vsnprintf) int vsnprintf(char * _FORTIFY_POS0 __s, size_t
+//   __n,
+//      |                            ^
+#pragma push_macro("_FORTIFY_SOURCE")
+#undef _FORTIFY_SOURCE
+#define _FORTIFY_SOURCE 1
+
 #define SHA1HANDSOFF
 
 #include <stdio.h>
@@ -65,7 +76,8 @@ A million repetitions of "a"
 void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) {
   uint32_t a, b, c, d, e;
 
-  typedef struct {
+  typedef union {
+    unsigned char c[64];
     uint32_t l[16];
   } CHAR64LONG16;
 
@@ -174,6 +186,8 @@ void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) {
   state[2] += c;
   state[3] += d;
   state[4] += e;
+  /* Wipe variables */
+  a = b = c = d = e = 0;
 #ifdef SHA1HANDSOFF
   memset(block, '\0', sizeof(block));
 #endif
@@ -263,18 +277,20 @@ void SHA1Final(unsigned char digest[20], SHA1_CTX *context) {
   memset(&finalcount, '\0', sizeof(finalcount));
 }
 
-void SHA1(unsigned char digest[20], const char *str, int len) {
+void SHA1(char *hash_out, const char *str, uint32_t len) {
   SHA1_CTX ctx;
   unsigned int ii;
 
   SHA1Init(&ctx);
   for (ii = 0; ii < len; ii += 1)
     SHA1Update(&ctx, (const unsigned char *)str + ii, 1);
-  SHA1Final(digest, &ctx);
+  SHA1Final((unsigned char *)hash_out, &ctx);
 }
 
-void SHA1StrDigest(const unsigned char digest[20], char str_digest[41]) {
+void SHA1StrDigest(const char digest[20], char str_digest[41]) {
   for (int i = 0; i < 20; ++i) {
     sprintf(str_digest + 2 * i, "%02x", digest[i]);
   }
-}
\ No newline at end of file
+}
+
+#pragma pop_macro("_FORTIFY_SOURCE")
diff --git a/src/tempfile.cc b/src/tempfile.cc
index 27b670a8e..7ac6ad3e7 100644
--- a/src/tempfile.cc
+++ b/src/tempfile.cc
@@ -20,7 +20,7 @@ namespace ddprof {
 DDRes get_or_create_temp_file(std::string_view prefix,
                               span<const std::byte> data, mode_t mode,
                               std::string &path) {
-  unsigned char digest[20];
+  char digest[20];
   char str_digest[41];
   SHA1(digest, reinterpret_cast<const char *>(data.data()), data.size());
   SHA1StrDigest(digest, str_digest);

From 89a2d8492d1c275aae1413e273b6528d107cb106 Mon Sep 17 00:00:00 2001
From: r1viollet <erwan.viollet@datadoghq.com>
Date: Fri, 21 Jul 2023 10:43:27 +0200
Subject: [PATCH 6/7] Revert "gcc 13 compilation fix"

This reverts commit db0d63494419e4a51e968d53f9b08434c810c7cb.
---
 include/sha1.h  |  6 +++---
 src/sha1.c      | 40 ++++++++++++----------------------------
 src/tempfile.cc |  2 +-
 3 files changed, 16 insertions(+), 32 deletions(-)

diff --git a/include/sha1.h b/include/sha1.h
index 5f0a1a2ce..46dfb6f61 100644
--- a/include/sha1.h
+++ b/include/sha1.h
@@ -27,12 +27,12 @@ void SHA1Update(SHA1_CTX *context, const unsigned char *data, uint32_t len);
 
 void SHA1Final(unsigned char digest[20], SHA1_CTX *context);
 
-void SHA1(char *hash_out, const char *str, uint32_t len);
+void SHA1(unsigned char digest[20], const char *str, int len);
 
-void SHA1StrDigest(const char digest[20], char str_digest[41]);
+void SHA1StrDigest(const unsigned char digest[20], char str_digest[41]);
 
 #if defined(__cplusplus)
 }
 #endif
 
-#endif /* SHA1_H */
+#endif /* SHA1_H */
\ No newline at end of file
diff --git a/src/sha1.c b/src/sha1.c
index 67b574c51..d282631cc 100644
--- a/src/sha1.c
+++ b/src/sha1.c
@@ -4,28 +4,17 @@ By Steve Reid <steve@edmweb.com>
 100% Public Domain
 
 Test Vectors (from FIPS PUB 180-1)
-        "abc"
-    A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
-    "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
-    84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
-    A million repetitions of "a"
-    34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
-    */
+"abc"
+  A9993E36 4706816A BA3E2571 7850C26C 9CD0D89D
+"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
+  84983E44 1C3BD26E BAAE4AA1 F95129E5 E54670F1
+A million repetitions of "a"
+  34AA973C D4C4DAA4 F61EEB2B DBAD2731 6534016F
+*/
 
 /* #define LITTLE_ENDIAN * This should be #define'd already, if true. */
 /* #define SHA1HANDSOFF * Copies data before messing with it. */
 
-// gcc 13 and lto seem to fail when compiling sha1. This is related to the
-// fortify feature.
-/// usr/include/fortify/stdio.h:73:28: error: inlining failed in call to
-/// 'always_inline' 'vsnprintf': function body can be overwritten at link time
-//   73 | _FORTIFY_FN(vsnprintf) int vsnprintf(char * _FORTIFY_POS0 __s, size_t
-//   __n,
-//      |                            ^
-#pragma push_macro("_FORTIFY_SOURCE")
-#undef _FORTIFY_SOURCE
-#define _FORTIFY_SOURCE 1
-
 #define SHA1HANDSOFF
 
 #include <stdio.h>
@@ -76,8 +65,7 @@ Test Vectors (from FIPS PUB 180-1)
 void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) {
   uint32_t a, b, c, d, e;
 
-  typedef union {
-    unsigned char c[64];
+  typedef struct {
     uint32_t l[16];
   } CHAR64LONG16;
 
@@ -186,8 +174,6 @@ void SHA1Transform(uint32_t state[5], const unsigned char buffer[64]) {
   state[2] += c;
   state[3] += d;
   state[4] += e;
-  /* Wipe variables */
-  a = b = c = d = e = 0;
 #ifdef SHA1HANDSOFF
   memset(block, '\0', sizeof(block));
 #endif
@@ -277,20 +263,18 @@ void SHA1Final(unsigned char digest[20], SHA1_CTX *context) {
   memset(&finalcount, '\0', sizeof(finalcount));
 }
 
-void SHA1(char *hash_out, const char *str, uint32_t len) {
+void SHA1(unsigned char digest[20], const char *str, int len) {
   SHA1_CTX ctx;
   unsigned int ii;
 
   SHA1Init(&ctx);
   for (ii = 0; ii < len; ii += 1)
     SHA1Update(&ctx, (const unsigned char *)str + ii, 1);
-  SHA1Final((unsigned char *)hash_out, &ctx);
+  SHA1Final(digest, &ctx);
 }
 
-void SHA1StrDigest(const char digest[20], char str_digest[41]) {
+void SHA1StrDigest(const unsigned char digest[20], char str_digest[41]) {
   for (int i = 0; i < 20; ++i) {
     sprintf(str_digest + 2 * i, "%02x", digest[i]);
   }
-}
-
-#pragma pop_macro("_FORTIFY_SOURCE")
+}
\ No newline at end of file
diff --git a/src/tempfile.cc b/src/tempfile.cc
index 7ac6ad3e7..27b670a8e 100644
--- a/src/tempfile.cc
+++ b/src/tempfile.cc
@@ -20,7 +20,7 @@ namespace ddprof {
 DDRes get_or_create_temp_file(std::string_view prefix,
                               span<const std::byte> data, mode_t mode,
                               std::string &path) {
-  char digest[20];
+  unsigned char digest[20];
   char str_digest[41];
   SHA1(digest, reinterpret_cast<const char *>(data.data()), data.size());
   SHA1StrDigest(digest, str_digest);

From d2b520d6beb1a3a9f9eab38dc81f5c98e9b82856 Mon Sep 17 00:00:00 2001
From: r1viollet <erwan.viollet@datadoghq.com>
Date: Sat, 22 Jul 2023 10:00:23 +0200
Subject: [PATCH 7/7] Fix for compilation issue with newer gcc

---
 src/ddprof_cli.cc | 7 +++++++
 1 file changed, 7 insertions(+)

diff --git a/src/ddprof_cli.cc b/src/ddprof_cli.cc
index 5a7056f98..2b0ca041a 100644
--- a/src/ddprof_cli.cc
+++ b/src/ddprof_cli.cc
@@ -3,6 +3,13 @@
 // developed at Datadog (https://www.datadoghq.com/). Copyright 2021-Present
 // Datadog, Inc.
 
+// gcc 13 issue - remove FORTIFY_SOURCE
+//clang-format off
+// /usr/include/fortify/stdio.h:73:28: error: inlining failed in call to 'always_inline' 'vsnprintf': function body can be overwritten at link time
+// 73 | _FORTIFY_FN(vsnprintf) int vsnprintf(char * _FORTIFY_POS0 __s, size_t __n,
+//clang-format on
+#undef _FORTIFY_SOURCE
+
 #include "ddprof_cli.hpp"
 
 #include "CLI/CLI11.hpp"