2016-02-26 05:33:47 +01:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2012 The Android Open Source Project
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* * Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in
|
|
|
|
* the documentation and/or other materials provided with the
|
|
|
|
* distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
|
|
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
|
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
|
|
|
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
|
|
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
|
|
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
/*
|
|
|
|
* Copyright (c) 1988 Regents of the University of California.
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* 1. Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* 2. Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in the
|
|
|
|
* documentation and/or other materials provided with the distribution.
|
|
|
|
* 3. Neither the name of the University nor the names of its contributors
|
|
|
|
* may be used to endorse or promote products derived from this software
|
|
|
|
* without specific prior written permission.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
|
|
|
|
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
|
|
|
|
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
|
|
|
|
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
|
|
|
|
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
|
|
|
|
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
|
|
|
|
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
|
|
|
|
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
|
|
|
|
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
|
|
|
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
|
|
|
|
#include <poll.h>
|
|
|
|
#include <stdarg.h>
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <stdio.h>
|
|
|
|
#include <stdlib.h>
|
|
|
|
#include <string.h>
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
#include <sys/select.h>
|
|
|
|
#include <sys/socket.h>
|
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <unistd.h>
|
|
|
|
|
|
|
|
#include "private/bionic_fortify.h"
|
|
|
|
|
|
|
|
//
|
2017-04-16 17:50:58 +02:00
|
|
|
// For more about FORTIFY see:
|
|
|
|
//
|
|
|
|
// https://android-developers.googleblog.com/2017/04/fortify-in-android.html
|
|
|
|
//
|
2016-02-26 05:33:47 +01:00
|
|
|
// http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
|
|
|
|
// http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
|
|
|
|
//
|
2017-04-16 17:50:58 +02:00
|
|
|
|
2017-12-04 23:16:38 +01:00
|
|
|
int __FD_ISSET_chk(int fd, const fd_set* set, size_t set_size) {
|
2016-02-26 05:33:47 +01:00
|
|
|
__check_fd_set("FD_ISSET", fd, set_size);
|
2018-04-13 22:52:10 +02:00
|
|
|
return __FD_ISSET(fd, set);
|
2016-02-26 05:33:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
void __FD_CLR_chk(int fd, fd_set* set, size_t set_size) {
|
|
|
|
__check_fd_set("FD_CLR", fd, set_size);
|
2018-04-13 22:52:10 +02:00
|
|
|
__FD_CLR(fd, set);
|
2016-02-26 05:33:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
void __FD_SET_chk(int fd, fd_set* set, size_t set_size) {
|
|
|
|
__check_fd_set("FD_SET", fd, set_size);
|
2018-04-13 22:52:10 +02:00
|
|
|
__FD_SET(fd, set);
|
2016-02-26 05:33:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
char* __fgets_chk(char* dst, int supplied_size, FILE* stream, size_t dst_len_from_compiler) {
|
|
|
|
__check_buffer_access("fgets", "write into", supplied_size, dst_len_from_compiler);
|
|
|
|
return fgets(dst, supplied_size, stream);
|
|
|
|
}
|
|
|
|
|
2017-08-01 17:28:46 +02:00
|
|
|
size_t __fread_chk(void* buf, size_t size, size_t count, FILE* stream, size_t buf_size) {
|
2016-02-26 05:33:47 +01:00
|
|
|
size_t total;
|
|
|
|
if (__predict_false(__size_mul_overflow(size, count, &total))) {
|
|
|
|
// overflow: trigger the error path in fread
|
|
|
|
return fread(buf, size, count, stream);
|
|
|
|
}
|
|
|
|
__check_buffer_access("fread", "write into", total, buf_size);
|
|
|
|
return fread(buf, size, count, stream);
|
|
|
|
}
|
|
|
|
|
2017-08-01 17:28:46 +02:00
|
|
|
size_t __fwrite_chk(const void* buf, size_t size, size_t count, FILE* stream, size_t buf_size) {
|
2016-02-26 05:33:47 +01:00
|
|
|
size_t total;
|
|
|
|
if (__predict_false(__size_mul_overflow(size, count, &total))) {
|
|
|
|
// overflow: trigger the error path in fwrite
|
|
|
|
return fwrite(buf, size, count, stream);
|
|
|
|
}
|
|
|
|
__check_buffer_access("fwrite", "read from", total, buf_size);
|
|
|
|
return fwrite(buf, size, count, stream);
|
|
|
|
}
|
|
|
|
|
|
|
|
extern char* __getcwd_chk(char* buf, size_t len, size_t actual_size) {
|
|
|
|
__check_buffer_access("getcwd", "write into", len, actual_size);
|
|
|
|
return getcwd(buf, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
void* __memchr_chk(const void* s, int c, size_t n, size_t actual_size) {
|
|
|
|
__check_buffer_access("memchr", "read from", n, actual_size);
|
libc: add const-correct string.h overloads
libcxx provides const-correct overloads for a few string.h functions.
These overloads use clang's enable_if attribute, so they're preferred
over our FORTIFY'ed equivalents.
This weakens _FORTIFY_SOURCE=2 when used with some of these functions,
since clang needs to see __pass_object_size in order to pass an accurate
result for __builtin_object_size(s, 1) at a callsite. Since those
functions don't have __pass_object_size on their params, clang can't do
that. This makes LLVM lower the __builtin_object_size calls, which means
we get the same result as __builtin_object_size(s, 0).
We have to provide all of the overloads in Bionic, since enable_if is
only used to disambiguate overloads with (otherwise) the same type. In
other words:
// overload 1
char *strchr(const char *, int s) __attribute__((enable_if(1, "")));
// overload 2
char *strchr(char *, int s);
void foo() {
char cs[1] = {};
strchr(static_cast<const char *>(cs), '\0'); // calls overload #1.
strchr(cs, '\0'); // calls overload #2.
}
Bug: 34747525
Test: m checkbuild on bullhead internal master + AOSP. vts -m
BionicUnitTests passes on both. Surprisingly, the only code that this
seems to break is contained in Bionic.
Change-Id: Ie406f42fb3d1c5bf940dc857889876fc39b57c90
2017-04-05 02:34:02 +02:00
|
|
|
return const_cast<void*>(memchr(s, c, n));
|
2016-02-26 05:33:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____memmove_chk (used directly by compiler, not in headers).
|
|
|
|
extern "C" void* __memmove_chk(void* dst, const void* src, size_t len, size_t dst_len) {
|
|
|
|
__check_buffer_access("memmove", "write into", len, dst_len);
|
|
|
|
return memmove(dst, src, len);
|
|
|
|
}
|
|
|
|
|
2016-03-01 23:45:58 +01:00
|
|
|
// memcpy is performance-critical enough that we have assembler __memcpy_chk implementations.
|
|
|
|
// This function is used to give better diagnostics than we can easily do from assembler.
|
|
|
|
extern "C" void* __memcpy_chk_fail(void* /*dst*/, const void* /*src*/, size_t count, size_t dst_len) {
|
|
|
|
__check_count("memcpy", "count", count);
|
|
|
|
__check_buffer_access("memcpy", "write into", count, dst_len);
|
|
|
|
abort(); // One of the above is supposed to have failed, otherwise we shouldn't have been called.
|
|
|
|
}
|
|
|
|
|
2016-02-26 05:33:47 +01:00
|
|
|
void* __memrchr_chk(const void* s, int c, size_t n, size_t actual_size) {
|
|
|
|
__check_buffer_access("memrchr", "read from", n, actual_size);
|
2017-08-23 23:34:03 +02:00
|
|
|
return memrchr(const_cast<void *>(s), c, n);
|
2016-02-26 05:33:47 +01:00
|
|
|
}
|
|
|
|
|
2016-03-01 20:22:42 +01:00
|
|
|
// memset is performance-critical enough that we have assembler __memset_chk implementations.
|
|
|
|
// This function is used to give better diagnostics than we can easily do from assembler.
|
|
|
|
extern "C" void* __memset_chk_fail(void* /*dst*/, int /*byte*/, size_t count, size_t dst_len) {
|
|
|
|
__check_count("memset", "count", count);
|
|
|
|
__check_buffer_access("memset", "write into", count, dst_len);
|
|
|
|
abort(); // One of the above is supposed to have failed, otherwise we shouldn't have been called.
|
|
|
|
}
|
|
|
|
|
2016-02-26 05:33:47 +01:00
|
|
|
int __poll_chk(pollfd* fds, nfds_t fd_count, int timeout, size_t fds_size) {
|
|
|
|
__check_pollfd_array("poll", fds_size, fd_count);
|
|
|
|
return poll(fds, fd_count, timeout);
|
|
|
|
}
|
|
|
|
|
|
|
|
int __ppoll_chk(pollfd* fds, nfds_t fd_count, const timespec* timeout,
|
|
|
|
const sigset_t* mask, size_t fds_size) {
|
|
|
|
__check_pollfd_array("ppoll", fds_size, fd_count);
|
|
|
|
return ppoll(fds, fd_count, timeout, mask);
|
|
|
|
}
|
|
|
|
|
2018-03-22 19:01:25 +01:00
|
|
|
int __ppoll64_chk(pollfd* fds, nfds_t fd_count, const timespec* timeout,
|
|
|
|
const sigset64_t* mask, size_t fds_size) {
|
|
|
|
__check_pollfd_array("ppoll64", fds_size, fd_count);
|
|
|
|
return ppoll64(fds, fd_count, timeout, mask);
|
|
|
|
}
|
|
|
|
|
2016-02-26 05:33:47 +01:00
|
|
|
ssize_t __pread64_chk(int fd, void* buf, size_t count, off64_t offset, size_t buf_size) {
|
|
|
|
__check_count("pread64", "count", count);
|
|
|
|
__check_buffer_access("pread64", "write into", count, buf_size);
|
|
|
|
return pread64(fd, buf, count, offset);
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __pread_chk(int fd, void* buf, size_t count, off_t offset, size_t buf_size) {
|
|
|
|
__check_count("pread", "count", count);
|
|
|
|
__check_buffer_access("pread", "write into", count, buf_size);
|
|
|
|
return pread(fd, buf, count, offset);
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __pwrite64_chk(int fd, const void* buf, size_t count, off64_t offset,
|
|
|
|
size_t buf_size) {
|
|
|
|
__check_count("pwrite64", "count", count);
|
|
|
|
__check_buffer_access("pwrite64", "read from", count, buf_size);
|
|
|
|
return pwrite64(fd, buf, count, offset);
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __pwrite_chk(int fd, const void* buf, size_t count, off_t offset,
|
|
|
|
size_t buf_size) {
|
|
|
|
__check_count("pwrite", "count", count);
|
|
|
|
__check_buffer_access("pwrite", "read from", count, buf_size);
|
|
|
|
return pwrite(fd, buf, count, offset);
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __read_chk(int fd, void* buf, size_t count, size_t buf_size) {
|
|
|
|
__check_count("read", "count", count);
|
|
|
|
__check_buffer_access("read", "write into", count, buf_size);
|
|
|
|
return read(fd, buf, count);
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __readlinkat_chk(int dirfd, const char* path, char* buf, size_t size, size_t buf_size) {
|
|
|
|
__check_count("readlinkat", "size", size);
|
|
|
|
__check_buffer_access("readlinkat", "write into", size, buf_size);
|
|
|
|
return readlinkat(dirfd, path, buf, size);
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __readlink_chk(const char* path, char* buf, size_t size, size_t buf_size) {
|
|
|
|
__check_count("readlink", "size", size);
|
|
|
|
__check_buffer_access("readlink", "write into", size, buf_size);
|
|
|
|
return readlink(path, buf, size);
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __recvfrom_chk(int socket, void* buf, size_t len, size_t buf_size,
|
2016-08-12 18:20:07 +02:00
|
|
|
int flags, sockaddr* src_addr, socklen_t* addrlen) {
|
2016-02-26 05:33:47 +01:00
|
|
|
__check_buffer_access("recvfrom", "write into", len, buf_size);
|
|
|
|
return recvfrom(socket, buf, len, flags, src_addr, addrlen);
|
2017-02-14 02:27:59 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __sendto_chk(int socket, const void* buf, size_t len, size_t buflen,
|
|
|
|
int flags, const struct sockaddr* dest_addr,
|
|
|
|
socklen_t addrlen) {
|
|
|
|
__check_buffer_access("sendto", "read from", len, buflen);
|
|
|
|
return sendto(socket, buf, len, flags, dest_addr, addrlen);
|
2016-02-26 05:33:47 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____stpcpy_chk (used directly by compiler, not in headers)..
|
|
|
|
extern "C" char* __stpcpy_chk(char* dst, const char* src, size_t dst_len) {
|
|
|
|
// TODO: optimize so we don't scan src twice.
|
|
|
|
size_t src_len = strlen(src) + 1;
|
|
|
|
__check_buffer_access("stpcpy", "write into", src_len, dst_len);
|
|
|
|
return stpcpy(dst, src);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____stpncpy_chk (used directly by compiler, not in headers).
|
2017-08-01 17:28:46 +02:00
|
|
|
extern "C" char* __stpncpy_chk(char* dst, const char* src, size_t len, size_t dst_len) {
|
2016-02-26 05:33:47 +01:00
|
|
|
__check_buffer_access("stpncpy", "write into", len, dst_len);
|
|
|
|
return stpncpy(dst, src, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
// This is a variant of __stpncpy_chk, but it also checks to make
|
|
|
|
// sure we don't read beyond the end of "src". The code for this is
|
|
|
|
// based on the original version of stpncpy, but modified to check
|
2019-08-09 03:47:22 +02:00
|
|
|
// how much we read from "src" during the copy operation.
|
2017-08-01 17:28:46 +02:00
|
|
|
char* __stpncpy_chk2(char* dst, const char* src, size_t n, size_t dst_len, size_t src_len) {
|
2016-02-26 05:33:47 +01:00
|
|
|
__check_buffer_access("stpncpy", "write into", n, dst_len);
|
|
|
|
if (n != 0) {
|
|
|
|
char* d = dst;
|
|
|
|
const char* s = src;
|
|
|
|
|
|
|
|
do {
|
2019-08-09 03:47:22 +02:00
|
|
|
size_t s_copy_len = static_cast<size_t>(s - src);
|
|
|
|
if (__predict_false(s_copy_len >= src_len)) {
|
|
|
|
__fortify_fatal("stpncpy: detected read past end of %zu-byte buffer", src_len);
|
|
|
|
}
|
|
|
|
|
2016-02-26 05:33:47 +01:00
|
|
|
if ((*d++ = *s++) == 0) {
|
|
|
|
// NUL pad the remaining n-1 bytes.
|
|
|
|
while (--n != 0) {
|
|
|
|
*d++ = 0;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} while (--n != 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
return dst;
|
|
|
|
}
|
|
|
|
|
2016-05-26 02:01:31 +02:00
|
|
|
// strcat is performance-critical enough that we have assembler __strcat_chk implementations.
|
|
|
|
// This function is used to give better diagnostics than we can easily do from assembler.
|
|
|
|
extern "C" void __strcat_chk_fail(size_t dst_buf_size) {
|
|
|
|
__fortify_fatal("strcat: prevented write past end of %zu-byte buffer", dst_buf_size);
|
|
|
|
}
|
|
|
|
|
2016-02-26 05:33:47 +01:00
|
|
|
char* __strchr_chk(const char* p, int ch, size_t s_len) {
|
|
|
|
for (;; ++p, s_len--) {
|
|
|
|
if (__predict_false(s_len == 0)) {
|
|
|
|
__fortify_fatal("strchr: prevented read past end of buffer");
|
|
|
|
}
|
|
|
|
if (*p == static_cast<char>(ch)) {
|
|
|
|
return const_cast<char*>(p);
|
|
|
|
}
|
|
|
|
if (*p == '\0') {
|
2018-08-03 02:31:13 +02:00
|
|
|
return nullptr;
|
2016-02-26 05:33:47 +01:00
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
2016-05-27 01:38:34 +02:00
|
|
|
// strcpy is performance-critical enough that we have assembler __strcpy_chk implementations.
|
|
|
|
// This function is used to give better diagnostics than we can easily do from assembler.
|
|
|
|
extern "C" void __strcpy_chk_fail(size_t dst_buf_size) {
|
|
|
|
__fortify_fatal("strcpy: prevented write past end of %zu-byte buffer", dst_buf_size);
|
|
|
|
}
|
|
|
|
|
2016-02-26 05:33:47 +01:00
|
|
|
size_t __strlcat_chk(char* dst, const char* src,
|
|
|
|
size_t supplied_size, size_t dst_len_from_compiler) {
|
|
|
|
__check_buffer_access("strlcat", "write into", supplied_size, dst_len_from_compiler);
|
|
|
|
return strlcat(dst, src, supplied_size);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t __strlcpy_chk(char* dst, const char* src,
|
|
|
|
size_t supplied_size, size_t dst_len_from_compiler) {
|
|
|
|
__check_buffer_access("strlcpy", "write into", supplied_size, dst_len_from_compiler);
|
|
|
|
return strlcpy(dst, src, supplied_size);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t __strlen_chk(const char* s, size_t s_len) {
|
|
|
|
// TODO: "prevented" here would be a lie because this strlen can run off the end.
|
|
|
|
// strlen is too important to be expensive, so we wanted to be able to call the optimized
|
|
|
|
// implementation, but I think we need to implement optimized assembler __strlen_chk routines.
|
|
|
|
size_t ret = strlen(s);
|
|
|
|
if (__predict_false(ret >= s_len)) {
|
|
|
|
__fortify_fatal("strlen: detected read past end of buffer");
|
|
|
|
}
|
|
|
|
return ret;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____strncat_chk (used directly by compiler, not in headers).
|
2017-08-01 17:28:46 +02:00
|
|
|
extern "C" char* __strncat_chk(char* dst, const char* src, size_t len, size_t dst_buf_size) {
|
2016-02-26 05:33:47 +01:00
|
|
|
if (len == 0) {
|
|
|
|
return dst;
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t dst_len = __strlen_chk(dst, dst_buf_size);
|
|
|
|
char* d = dst + dst_len;
|
|
|
|
dst_buf_size -= dst_len;
|
|
|
|
|
|
|
|
while (*src != '\0') {
|
|
|
|
*d++ = *src++;
|
|
|
|
len--; dst_buf_size--;
|
|
|
|
|
|
|
|
if (__predict_false(dst_buf_size == 0)) {
|
|
|
|
__fortify_fatal("strncat: prevented write past end of buffer");
|
|
|
|
}
|
|
|
|
|
|
|
|
if (len == 0) {
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
*d = '\0';
|
|
|
|
return dst;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____strncpy_chk (used directly by compiler, not in headers).
|
2017-08-01 17:28:46 +02:00
|
|
|
extern "C" char* __strncpy_chk(char* dst, const char* src, size_t len, size_t dst_len) {
|
2016-02-26 05:33:47 +01:00
|
|
|
__check_buffer_access("strncpy", "write into", len, dst_len);
|
|
|
|
return strncpy(dst, src, len);
|
|
|
|
}
|
|
|
|
|
|
|
|
// This is a variant of __strncpy_chk, but it also checks to make
|
|
|
|
// sure we don't read beyond the end of "src". The code for this is
|
|
|
|
// based on the original version of strncpy, but modified to check
|
2019-08-09 03:47:22 +02:00
|
|
|
// how much we read from "src" during the copy operation.
|
2017-08-01 17:28:46 +02:00
|
|
|
char* __strncpy_chk2(char* dst, const char* src, size_t n, size_t dst_len, size_t src_len) {
|
2016-02-26 05:33:47 +01:00
|
|
|
__check_buffer_access("strncpy", "write into", n, dst_len);
|
|
|
|
if (n != 0) {
|
|
|
|
char* d = dst;
|
|
|
|
const char* s = src;
|
|
|
|
|
|
|
|
do {
|
2019-08-09 03:47:22 +02:00
|
|
|
size_t s_copy_len = static_cast<size_t>(s - src);
|
|
|
|
if (__predict_false(s_copy_len >= src_len)) {
|
|
|
|
__fortify_fatal("strncpy: detected read past end of %zu-byte buffer", src_len);
|
|
|
|
}
|
|
|
|
|
2016-02-26 05:33:47 +01:00
|
|
|
if ((*d++ = *s++) == 0) {
|
|
|
|
// NUL pad the remaining n-1 bytes.
|
|
|
|
while (--n != 0) {
|
|
|
|
*d++ = 0;
|
|
|
|
}
|
|
|
|
break;
|
|
|
|
}
|
|
|
|
} while (--n != 0);
|
|
|
|
}
|
|
|
|
|
|
|
|
return dst;
|
|
|
|
}
|
|
|
|
|
|
|
|
char* __strrchr_chk(const char* p, int ch, size_t s_len) {
|
2018-08-03 02:31:13 +02:00
|
|
|
for (const char* save = nullptr;; ++p, s_len--) {
|
2016-02-26 05:33:47 +01:00
|
|
|
if (s_len == 0) {
|
|
|
|
__fortify_fatal("strrchr: prevented read past end of buffer");
|
|
|
|
}
|
|
|
|
if (*p == static_cast<char>(ch)) {
|
|
|
|
save = p;
|
|
|
|
}
|
|
|
|
if (!*p) {
|
|
|
|
return const_cast<char*>(save);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
mode_t __umask_chk(mode_t mode) {
|
|
|
|
if (__predict_false((mode & 0777) != mode)) {
|
|
|
|
__fortify_fatal("umask: called with invalid mask %o", mode);
|
|
|
|
}
|
|
|
|
|
|
|
|
return umask(mode);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____vsnprintf_chk (used directly by compiler, not in headers).
|
|
|
|
extern "C" int __vsnprintf_chk(char* dst, size_t supplied_size, int /*flags*/,
|
|
|
|
size_t dst_len_from_compiler, const char* format, va_list va) {
|
|
|
|
__check_buffer_access("vsnprintf", "write into", supplied_size, dst_len_from_compiler);
|
|
|
|
return vsnprintf(dst, supplied_size, format, va);
|
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____snprintf_chk (used directly by compiler, not in headers).
|
|
|
|
extern "C" int __snprintf_chk(char* dst, size_t supplied_size, int flags,
|
|
|
|
size_t dst_len_from_compiler, const char* format, ...) {
|
|
|
|
va_list va;
|
|
|
|
va_start(va, format);
|
|
|
|
int result = __vsnprintf_chk(dst, supplied_size, flags, dst_len_from_compiler, format, va);
|
|
|
|
va_end(va);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____vsprintf_chk (used directly by compiler, not in headers).
|
|
|
|
extern "C" int __vsprintf_chk(char* dst, int /*flags*/,
|
|
|
|
size_t dst_len_from_compiler, const char* format, va_list va) {
|
2016-08-10 20:07:54 +02:00
|
|
|
// The compiler uses SIZE_MAX to mean "no idea", but our vsnprintf rejects sizes that large.
|
|
|
|
int result = vsnprintf(dst,
|
|
|
|
dst_len_from_compiler == SIZE_MAX ? SSIZE_MAX : dst_len_from_compiler,
|
|
|
|
format, va);
|
|
|
|
|
|
|
|
// Try to catch failures after the fact...
|
2016-02-26 05:33:47 +01:00
|
|
|
__check_buffer_access("vsprintf", "write into", result + 1, dst_len_from_compiler);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Runtime implementation of __builtin____sprintf_chk (used directly by compiler, not in headers).
|
|
|
|
extern "C" int __sprintf_chk(char* dst, int flags, size_t dst_len_from_compiler,
|
|
|
|
const char* format, ...) {
|
|
|
|
va_list va;
|
|
|
|
va_start(va, format);
|
|
|
|
int result = __vsprintf_chk(dst, flags, dst_len_from_compiler, format, va);
|
|
|
|
va_end(va);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
|
|
|
ssize_t __write_chk(int fd, const void* buf, size_t count, size_t buf_size) {
|
|
|
|
__check_count("write", "count", count);
|
|
|
|
__check_buffer_access("write", "read from", count, buf_size);
|
|
|
|
return write(fd, buf, count);
|
|
|
|
}
|
2017-07-25 20:43:39 +02:00
|
|
|
|
2018-11-28 00:38:47 +01:00
|
|
|
#if defined(RENAME___STRCAT_CHK)
|
|
|
|
#define __STRCAT_CHK __strcat_chk_generic
|
|
|
|
#else
|
|
|
|
#define __STRCAT_CHK __strcat_chk
|
|
|
|
#endif // RENAME___STRCAT_CHK
|
|
|
|
|
2017-07-25 20:43:39 +02:00
|
|
|
// Runtime implementation of __builtin____strcat_chk (used directly by compiler, not in headers).
|
2018-11-28 00:38:47 +01:00
|
|
|
extern "C" char* __STRCAT_CHK(char* dst, const char* src, size_t dst_buf_size) {
|
2017-07-25 20:43:39 +02:00
|
|
|
char* save = dst;
|
|
|
|
size_t dst_len = __strlen_chk(dst, dst_buf_size);
|
|
|
|
|
|
|
|
dst += dst_len;
|
|
|
|
dst_buf_size -= dst_len;
|
|
|
|
|
|
|
|
while ((*dst++ = *src++) != '\0') {
|
|
|
|
dst_buf_size--;
|
|
|
|
if (__predict_false(dst_buf_size == 0)) {
|
|
|
|
__fortify_fatal("strcat: prevented write past end of %zu-byte buffer", dst_buf_size);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
return save;
|
|
|
|
}
|
|
|
|
|
2018-11-28 00:38:47 +01:00
|
|
|
#if defined(RENAME___STRCPY_CHK)
|
|
|
|
#define __STRCPY_CHK __strcpy_chk_generic
|
|
|
|
#else
|
|
|
|
#define __STRCPY_CHK __strcpy_chk
|
|
|
|
#endif // RENAME___STRCPY_CHK
|
|
|
|
|
2017-07-25 20:43:39 +02:00
|
|
|
// Runtime implementation of __builtin____strcpy_chk (used directly by compiler, not in headers).
|
2018-11-28 00:38:47 +01:00
|
|
|
extern "C" char* __STRCPY_CHK(char* dst, const char* src, size_t dst_len) {
|
2017-07-25 20:43:39 +02:00
|
|
|
// TODO: optimize so we don't scan src twice.
|
|
|
|
size_t src_len = strlen(src) + 1;
|
|
|
|
__check_buffer_access("strcpy", "write into", src_len, dst_len);
|
|
|
|
return strcpy(dst, src);
|
|
|
|
}
|
|
|
|
|
2023-03-20 09:24:41 +01:00
|
|
|
#if !defined(__arm__) && !defined(__aarch64__) && !defined(__riscv)
|
2017-07-25 20:43:39 +02:00
|
|
|
// Runtime implementation of __memcpy_chk (used directly by compiler, not in headers).
|
2023-03-20 09:24:41 +01:00
|
|
|
// arm32,arm64,riscv have assembler implementations, and don't need this C fallback.
|
2017-07-25 20:43:39 +02:00
|
|
|
extern "C" void* __memcpy_chk(void* dst, const void* src, size_t count, size_t dst_len) {
|
|
|
|
__check_count("memcpy", "count", count);
|
|
|
|
__check_buffer_access("memcpy", "write into", count, dst_len);
|
|
|
|
return memcpy(dst, src, count);
|
|
|
|
}
|
2022-11-16 22:07:56 +01:00
|
|
|
#endif
|
2019-06-11 01:22:09 +02:00
|
|
|
|
|
|
|
// Runtime implementation of __mempcpy_chk (used directly by compiler, not in headers).
|
|
|
|
extern "C" void* __mempcpy_chk(void* dst, const void* src, size_t count, size_t dst_len) {
|
|
|
|
__check_count("mempcpy", "count", count);
|
|
|
|
__check_buffer_access("mempcpy", "write into", count, dst_len);
|
|
|
|
return mempcpy(dst, src, count);
|
|
|
|
}
|