Merge "Revert "fortify: allow diagnostics without run-time checks""
am: 2fead5fd89
Change-Id: Ic15e46a2e9cc1fb794350ad2996809a0f45e14d7
This commit is contained in:
commit
03d2fc3ce3
11 changed files with 100 additions and 145 deletions
|
@ -59,11 +59,11 @@ __BIONIC_FORTIFY_INLINE
|
||||||
int open(const char* const __pass_object_size pathname, int flags)
|
int open(const char* const __pass_object_size pathname, int flags)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__open_modes_useful(flags), "'open' " __open_too_few_args_error) {
|
__clang_error_if(__open_modes_useful(flags), "'open' " __open_too_few_args_error) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
return __open_2(pathname, flags);
|
return __open_2(pathname, flags);
|
||||||
#else
|
#else
|
||||||
return __open_real(pathname, flags);
|
return __open_real(pathname, flags);
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
}
|
}
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
|
@ -83,11 +83,11 @@ __BIONIC_FORTIFY_INLINE
|
||||||
int openat(int dirfd, const char* const __pass_object_size pathname, int flags)
|
int openat(int dirfd, const char* const __pass_object_size pathname, int flags)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__open_modes_useful(flags), "'openat' " __open_too_few_args_error) {
|
__clang_error_if(__open_modes_useful(flags), "'openat' " __open_too_few_args_error) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
return __openat_2(dirfd, pathname, flags);
|
return __openat_2(dirfd, pathname, flags);
|
||||||
#else
|
#else
|
||||||
return __openat_real(dirfd, pathname, flags);
|
return __openat_real(dirfd, pathname, flags);
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
}
|
}
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
|
@ -109,7 +109,7 @@ __BIONIC_FORTIFY_INLINE
|
||||||
int open64(const char* const __pass_object_size pathname, int flags)
|
int open64(const char* const __pass_object_size pathname, int flags)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__open_modes_useful(flags), "'open64' " __open_too_few_args_error) {
|
__clang_error_if(__open_modes_useful(flags), "'open64' " __open_too_few_args_error) {
|
||||||
return open(pathname, flags);
|
return __open_2(pathname, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
|
@ -117,7 +117,7 @@ int open64(const char* const __pass_object_size pathname, int flags, mode_t mode
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_warning_if(!__open_modes_useful(flags) && modes,
|
__clang_warning_if(!__open_modes_useful(flags) && modes,
|
||||||
"'open64' " __open_useless_modes_warning) {
|
"'open64' " __open_useless_modes_warning) {
|
||||||
return open(pathname, flags, modes);
|
return __open_real(pathname, flags, modes);
|
||||||
}
|
}
|
||||||
|
|
||||||
__BIONIC_ERROR_FUNCTION_VISIBILITY
|
__BIONIC_ERROR_FUNCTION_VISIBILITY
|
||||||
|
@ -129,7 +129,7 @@ __BIONIC_FORTIFY_INLINE
|
||||||
int openat64(int dirfd, const char* const __pass_object_size pathname, int flags)
|
int openat64(int dirfd, const char* const __pass_object_size pathname, int flags)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__open_modes_useful(flags), "'openat64' " __open_too_few_args_error) {
|
__clang_error_if(__open_modes_useful(flags), "'openat64' " __open_too_few_args_error) {
|
||||||
return openat(dirfd, pathname, flags);
|
return __openat_2(dirfd, pathname, flags);
|
||||||
}
|
}
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
|
@ -137,7 +137,7 @@ int openat64(int dirfd, const char* const __pass_object_size pathname, int flags
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_warning_if(!__open_modes_useful(flags) && modes,
|
__clang_warning_if(!__open_modes_useful(flags) && modes,
|
||||||
"'openat64' " __open_useless_modes_warning) {
|
"'openat64' " __open_useless_modes_warning) {
|
||||||
return openat(dirfd, pathname, flags, modes);
|
return __openat_real(dirfd, pathname, flags, modes);
|
||||||
}
|
}
|
||||||
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
||||||
|
|
||||||
|
|
|
@ -44,13 +44,13 @@ int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeo
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
|
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
|
||||||
"in call to 'poll', fd_count is larger than the given buffer") {
|
"in call to 'poll', fd_count is larger than the given buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
size_t bos_fds = __bos(fds);
|
size_t bos_fds = __bos(fds);
|
||||||
|
|
||||||
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
||||||
return __poll_chk(fds, fd_count, timeout, bos_fds);
|
return __poll_chk(fds, fd_count, timeout, bos_fds);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
||||||
return __call_bypassing_fortify(poll)(fds, fd_count, timeout);
|
return __call_bypassing_fortify(poll)(fds, fd_count, timeout);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -60,13 +60,13 @@ int ppoll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const st
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
|
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
|
||||||
"in call to 'ppoll', fd_count is larger than the given buffer") {
|
"in call to 'ppoll', fd_count is larger than the given buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
size_t bos_fds = __bos(fds);
|
size_t bos_fds = __bos(fds);
|
||||||
|
|
||||||
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
||||||
return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds);
|
return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
||||||
return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask);
|
return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask);
|
||||||
}
|
}
|
||||||
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
||||||
|
@ -77,13 +77,11 @@ int ppoll64(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
|
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
|
||||||
"in call to 'ppoll64', fd_count is larger than the given buffer") {
|
"in call to 'ppoll64', fd_count is larger than the given buffer") {
|
||||||
#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
||||||
size_t bos_fds = __bos(fds);
|
size_t bos_fds = __bos(fds);
|
||||||
|
|
||||||
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
||||||
return __ppoll64_chk(fds, fd_count, timeout, mask, bos_fds);
|
return __ppoll64_chk(fds, fd_count, timeout, mask, bos_fds);
|
||||||
}
|
}
|
||||||
#endif
|
|
||||||
return __call_bypassing_fortify(ppoll64)(fds, fd_count, timeout, mask);
|
return __call_bypassing_fortify(ppoll64)(fds, fd_count, timeout, mask);
|
||||||
}
|
}
|
||||||
#endif /* __ANDROID_API__ >= __ANDROID_API_P__ */
|
#endif /* __ANDROID_API__ >= __ANDROID_API_P__ */
|
||||||
|
|
|
@ -42,13 +42,13 @@ ssize_t recvfrom(int fd, void* const buf __pass_object_size0, size_t len, int fl
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), len),
|
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), len),
|
||||||
"'recvfrom' called with size bigger than buffer") {
|
"'recvfrom' called with size bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_N__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge(bos, len)) {
|
if (!__bos_trivially_ge(bos, len)) {
|
||||||
return __recvfrom_chk(fd, buf, len, bos, flags, src_addr, addr_len);
|
return __recvfrom_chk(fd, buf, len, bos, flags, src_addr, addr_len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
||||||
return __call_bypassing_fortify(recvfrom)(fd, buf, len, flags, src_addr, addr_len);
|
return __call_bypassing_fortify(recvfrom)(fd, buf, len, flags, src_addr, addr_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -57,13 +57,13 @@ ssize_t sendto(int fd, const void* const buf __pass_object_size0, size_t len, in
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), len),
|
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), len),
|
||||||
"'sendto' called with size bigger than buffer") {
|
"'sendto' called with size bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_N_MR1__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge(bos, len)) {
|
if (!__bos_trivially_ge(bos, len)) {
|
||||||
return __sendto_chk(fd, buf, len, bos, flags, dest_addr, addr_len);
|
return __sendto_chk(fd, buf, len, bos, flags, dest_addr, addr_len);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N_MR1__ */
|
||||||
return __call_bypassing_fortify(sendto)(fd, buf, len, flags, dest_addr, addr_len);
|
return __call_bypassing_fortify(sendto)(fd, buf, len, flags, dest_addr, addr_len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -41,11 +41,11 @@ mode_t umask(mode_t mode)
|
||||||
__overloadable
|
__overloadable
|
||||||
__enable_if(1, "")
|
__enable_if(1, "")
|
||||||
__clang_error_if(mode & ~0777, "'umask' called with invalid mode") {
|
__clang_error_if(mode & ~0777, "'umask' called with invalid mode") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
|
||||||
return __umask_chk(mode);
|
return __umask_chk(mode);
|
||||||
#else
|
#else
|
||||||
return __umask_real(mode);
|
return __umask_real(mode);
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
|
||||||
}
|
}
|
||||||
|
|
||||||
#endif /* defined(__BIONIC_FORTIFY) */
|
#endif /* defined(__BIONIC_FORTIFY) */
|
||||||
|
|
|
@ -36,7 +36,7 @@ size_t __fwrite_chk(const void*, size_t, size_t, FILE*, size_t) __INTRODUCED_IN(
|
||||||
|
|
||||||
#if defined(__BIONIC_FORTIFY) && !defined(__BIONIC_NO_STDIO_FORTIFY)
|
#if defined(__BIONIC_FORTIFY) && !defined(__BIONIC_NO_STDIO_FORTIFY)
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
/* No diag -- clang diagnoses misuses of this on its own. */
|
/* No diag -- clang diagnoses misuses of this on its own. */
|
||||||
__BIONIC_FORTIFY_INLINE __printflike(3, 0)
|
__BIONIC_FORTIFY_INLINE __printflike(3, 0)
|
||||||
int vsnprintf(char* const __pass_object_size dest, size_t size, const char* format, va_list ap)
|
int vsnprintf(char* const __pass_object_size dest, size_t size, const char* format, va_list ap)
|
||||||
|
@ -48,7 +48,7 @@ __BIONIC_FORTIFY_INLINE __printflike(2, 0)
|
||||||
int vsprintf(char* const __pass_object_size dest, const char* format, va_list ap) __overloadable {
|
int vsprintf(char* const __pass_object_size dest, const char* format, va_list ap) __overloadable {
|
||||||
return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
|
return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
|
|
||||||
__BIONIC_ERROR_FUNCTION_VISIBILITY
|
__BIONIC_ERROR_FUNCTION_VISIBILITY
|
||||||
int sprintf(char* dest, const char* format)
|
int sprintf(char* dest, const char* format)
|
||||||
|
@ -57,7 +57,7 @@ int sprintf(char* dest, const char* format)
|
||||||
"format string will always overflow destination buffer")
|
"format string will always overflow destination buffer")
|
||||||
__errorattr("format string will always overflow destination buffer");
|
__errorattr("format string will always overflow destination buffer");
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
__BIONIC_FORTIFY_VARIADIC __printflike(2, 3)
|
__BIONIC_FORTIFY_VARIADIC __printflike(2, 3)
|
||||||
int sprintf(char* const __pass_object_size dest, const char* format, ...) __overloadable {
|
int sprintf(char* const __pass_object_size dest, const char* format, ...) __overloadable {
|
||||||
va_list va;
|
va_list va;
|
||||||
|
@ -77,7 +77,7 @@ int snprintf(char* const __pass_object_size dest, size_t size, const char* forma
|
||||||
va_end(va);
|
va_end(va);
|
||||||
return result;
|
return result;
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
|
|
||||||
#define __bos_trivially_ge_mul(bos_val, size, count) \
|
#define __bos_trivially_ge_mul(bos_val, size, count) \
|
||||||
__bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
|
__bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
|
||||||
|
@ -90,13 +90,13 @@ size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FIL
|
||||||
"in call to 'fread', size * count overflows")
|
"in call to 'fread', size * count overflows")
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
|
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
|
||||||
"in call to 'fread', size * count is too large for the given buffer") {
|
"in call to 'fread', size * count is too large for the given buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_N__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_mul(bos, size, count)) {
|
if (!__bos_trivially_ge_mul(bos, size, count)) {
|
||||||
return __fread_chk(buf, size, count, stream, bos);
|
return __fread_chk(buf, size, count, stream, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
||||||
return __call_bypassing_fortify(fread)(buf, size, count, stream);
|
return __call_bypassing_fortify(fread)(buf, size, count, stream);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -107,13 +107,13 @@ size_t fwrite(const void* const __pass_object_size0 buf, size_t size, size_t cou
|
||||||
"in call to 'fwrite', size * count overflows")
|
"in call to 'fwrite', size * count overflows")
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
|
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
|
||||||
"in call to 'fwrite', size * count is too large for the given buffer") {
|
"in call to 'fwrite', size * count is too large for the given buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_N__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_mul(bos, size, count)) {
|
if (!__bos_trivially_ge_mul(bos, size, count)) {
|
||||||
return __fwrite_chk(buf, size, count, stream, bos);
|
return __fwrite_chk(buf, size, count, stream, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
||||||
return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
|
return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
|
||||||
}
|
}
|
||||||
#undef __bos_trivially_ge_mul
|
#undef __bos_trivially_ge_mul
|
||||||
|
@ -124,13 +124,13 @@ char* fgets(char* const __pass_object_size dest, int size, FILE* stream)
|
||||||
__clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
|
__clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
|
__clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
|
||||||
"in call to 'fgets', size is larger than the destination buffer") {
|
"in call to 'fgets', size is larger than the destination buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
size_t bos = __bos(dest);
|
size_t bos = __bos(dest);
|
||||||
|
|
||||||
if (!__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
|
if (!__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
|
||||||
return __fgets_chk(dest, size, stream, bos);
|
return __fgets_chk(dest, size, stream, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
return __call_bypassing_fortify(fgets)(dest, size, stream);
|
return __call_bypassing_fortify(fgets)(dest, size, stream);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -40,7 +40,7 @@ size_t __strlcat_chk(char*, const char*, size_t, size_t) __INTRODUCED_IN(17);
|
||||||
#if defined(__BIONIC_FORTIFY)
|
#if defined(__BIONIC_FORTIFY)
|
||||||
extern void* __memrchr_real(const void*, int, size_t) __RENAME(memrchr);
|
extern void* __memrchr_real(const void*, int, size_t) __RENAME(memrchr);
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
/* No diag -- clang diagnoses misuses of this on its own. */
|
/* No diag -- clang diagnoses misuses of this on its own. */
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
void* memcpy(void* const dst __pass_object_size0, const void* src, size_t copy_amount)
|
void* memcpy(void* const dst __pass_object_size0, const void* src, size_t copy_amount)
|
||||||
|
@ -61,7 +61,7 @@ void* memmove(void* const dst __pass_object_size0, const void* src, size_t len)
|
||||||
}
|
}
|
||||||
return __builtin___memmove_chk(dst, src, len, bos_dst);
|
return __builtin___memmove_chk(dst, src, len, bos_dst);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
|
|
||||||
#if defined(__USE_GNU)
|
#if defined(__USE_GNU)
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_R__
|
#if __ANDROID_API__ >= __ANDROID_API_R__
|
||||||
|
@ -70,13 +70,11 @@ void* mempcpy(void* const dst __pass_object_size0, const void* src, size_t copy_
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos0(dst), copy_amount),
|
__clang_error_if(__bos_unevaluated_lt(__bos0(dst), copy_amount),
|
||||||
"'mempcpy' called with size bigger than buffer") {
|
"'mempcpy' called with size bigger than buffer") {
|
||||||
#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
||||||
size_t bos_dst = __bos0(dst);
|
size_t bos_dst = __bos0(dst);
|
||||||
if (!__bos_trivially_ge(bos_dst, copy_amount)) {
|
if (__bos_trivially_ge(bos_dst, copy_amount)) {
|
||||||
return __builtin___mempcpy_chk(dst, src, copy_amount, bos_dst);
|
return __builtin_mempcpy(dst, src, copy_amount);
|
||||||
}
|
}
|
||||||
#endif
|
return __builtin___mempcpy_chk(dst, src, copy_amount, bos_dst);
|
||||||
return __builtin_mempcpy(dst, src, copy_amount);
|
|
||||||
}
|
}
|
||||||
#endif /* __ANDROID_API__ >= __ANDROID_API_R__ */
|
#endif /* __ANDROID_API__ >= __ANDROID_API_R__ */
|
||||||
#endif /* __USE_GNU */
|
#endif /* __USE_GNU */
|
||||||
|
@ -86,12 +84,12 @@ char* stpcpy(char* const dst __pass_object_size, const char* src)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
||||||
"'stpcpy' called with string bigger than buffer") {
|
"'stpcpy' called with string bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_L__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_L__
|
||||||
size_t bos_dst = __bos(dst);
|
size_t bos_dst = __bos(dst);
|
||||||
if (!__bos_trivially_gt(bos_dst, __builtin_strlen(src))) {
|
if (!__bos_trivially_gt(bos_dst, __builtin_strlen(src))) {
|
||||||
return __builtin___stpcpy_chk(dst, src, bos_dst);
|
return __builtin___stpcpy_chk(dst, src, bos_dst);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
||||||
return __builtin_stpcpy(dst, src);
|
return __builtin_stpcpy(dst, src);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -100,12 +98,12 @@ char* strcpy(char* const dst __pass_object_size, const char* src)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
||||||
"'strcpy' called with string bigger than buffer") {
|
"'strcpy' called with string bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
size_t bos_dst = __bos(dst);
|
size_t bos_dst = __bos(dst);
|
||||||
if (!__bos_trivially_gt(bos_dst, __builtin_strlen(src))) {
|
if (!__bos_trivially_gt(bos_dst, __builtin_strlen(src))) {
|
||||||
return __builtin___strcpy_chk(dst, src, bos_dst);
|
return __builtin___strcpy_chk(dst, src, bos_dst);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
return __builtin_strcpy(dst, src);
|
return __builtin_strcpy(dst, src);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -114,36 +112,36 @@ char* strcat(char* const dst __pass_object_size, const char* src)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
||||||
"'strcat' called with string bigger than buffer") {
|
"'strcat' called with string bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
return __builtin___strcat_chk(dst, src, __bos(dst));
|
return __builtin___strcat_chk(dst, src, __bos(dst));
|
||||||
#else
|
#else
|
||||||
return __builtin_strcat(dst, src);
|
return __builtin_strcat(dst, src);
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
}
|
}
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
/* No diag -- clang diagnoses misuses of this on its own. */
|
/* No diag -- clang diagnoses misuses of this on its own. */
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
char* strncat(char* const dst __pass_object_size, const char* src, size_t n) __overloadable {
|
char* strncat(char* const dst __pass_object_size, const char* src, size_t n) __overloadable {
|
||||||
return __builtin___strncat_chk(dst, src, n, __bos(dst));
|
return __builtin___strncat_chk(dst, src, n, __bos(dst));
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
|
|
||||||
/* No diag -- clang diagnoses misuses of this on its own. */
|
/* No diag -- clang diagnoses misuses of this on its own. */
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
void* memset(void* const s __pass_object_size0, int c, size_t n) __overloadable
|
void* memset(void* const s __pass_object_size0, int c, size_t n) __overloadable
|
||||||
/* If you're a user who wants this warning to go away: use `(&memset)(foo, bar, baz)`. */
|
/* If you're a user who wants this warning to go away: use `(&memset)(foo, bar, baz)`. */
|
||||||
__clang_warning_if(c && !n, "'memset' will set 0 bytes; maybe the arguments got flipped?") {
|
__clang_warning_if(c && !n, "'memset' will set 0 bytes; maybe the arguments got flipped?") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
size_t bos = __bos0(s);
|
size_t bos = __bos0(s);
|
||||||
if (!__bos_trivially_ge(bos, n)) {
|
if (!__bos_trivially_ge(bos, n)) {
|
||||||
return __builtin___memset_chk(s, c, n, bos);
|
return __builtin___memset_chk(s, c, n, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
return __builtin_memset(s, c, n);
|
return __builtin_memset(s, c, n);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable {
|
void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable {
|
||||||
size_t bos = __bos(s);
|
size_t bos = __bos(s);
|
||||||
|
@ -165,9 +163,9 @@ void* __memrchr_fortify(const void* const __pass_object_size s, int c, size_t n)
|
||||||
|
|
||||||
return __memrchr_chk(s, c, n, bos);
|
return __memrchr_chk(s, c, n, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_L__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_L__
|
||||||
/* No diag -- clang diagnoses misuses of this on its own. */
|
/* No diag -- clang diagnoses misuses of this on its own. */
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
char* stpncpy(char* const dst __pass_object_size, const char* const src __pass_object_size, size_t n)
|
char* stpncpy(char* const dst __pass_object_size, const char* const src __pass_object_size, size_t n)
|
||||||
|
@ -197,20 +195,20 @@ char* strncpy(char* const dst __pass_object_size, const char* const src __pass_o
|
||||||
|
|
||||||
return __strncpy_chk2(dst, src, n, bos_dst, bos_src);
|
return __strncpy_chk2(dst, src, n, bos_dst, bos_src);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
size_t strlcpy(char* const dst __pass_object_size, const char* src, size_t size)
|
size_t strlcpy(char* const dst __pass_object_size, const char* src, size_t size)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
|
__clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
|
||||||
"'strlcpy' called with size bigger than buffer") {
|
"'strlcpy' called with size bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
size_t bos = __bos(dst);
|
size_t bos = __bos(dst);
|
||||||
|
|
||||||
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||||
return __strlcpy_chk(dst, src, size, bos);
|
return __strlcpy_chk(dst, src, size, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
return __call_bypassing_fortify(strlcpy)(dst, src, size);
|
return __call_bypassing_fortify(strlcpy)(dst, src, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -219,13 +217,13 @@ size_t strlcat(char* const dst __pass_object_size, const char* src, size_t size)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
|
__clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
|
||||||
"'strlcat' called with size bigger than buffer") {
|
"'strlcat' called with size bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
size_t bos = __bos(dst);
|
size_t bos = __bos(dst);
|
||||||
|
|
||||||
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||||
return __strlcat_chk(dst, src, size, bos);
|
return __strlcat_chk(dst, src, size, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
return __call_bypassing_fortify(strlcat)(dst, src, size);
|
return __call_bypassing_fortify(strlcat)(dst, src, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -233,39 +231,39 @@ __BIONIC_FORTIFY_INLINE
|
||||||
size_t strlen(const char* const s __pass_object_size0) __overloadable {
|
size_t strlen(const char* const s __pass_object_size0) __overloadable {
|
||||||
size_t bos = __bos0(s);
|
size_t bos = __bos0(s);
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
if (!__bos_trivially_gt(bos, __builtin_strlen(s))) {
|
if (!__bos_trivially_gt(bos, __builtin_strlen(s))) {
|
||||||
return __strlen_chk(s, bos);
|
return __strlen_chk(s, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
return __builtin_strlen(s);
|
return __builtin_strlen(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
char* strchr(const char* const s __pass_object_size, int c) __overloadable {
|
char* strchr(const char* const s __pass_object_size, int c) __overloadable {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
|
||||||
size_t bos = __bos(s);
|
size_t bos = __bos(s);
|
||||||
|
|
||||||
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||||
return __strchr_chk(s, c, bos);
|
return __strchr_chk(s, c, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
|
||||||
return __builtin_strchr(s, c);
|
return __builtin_strchr(s, c);
|
||||||
}
|
}
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
char* strrchr(const char* const s __pass_object_size, int c) __overloadable {
|
char* strrchr(const char* const s __pass_object_size, int c) __overloadable {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
|
||||||
size_t bos = __bos(s);
|
size_t bos = __bos(s);
|
||||||
|
|
||||||
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||||
return __strrchr_chk(s, c, bos);
|
return __strrchr_chk(s, c, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
|
||||||
return __builtin_strrchr(s, c);
|
return __builtin_strrchr(s, c);
|
||||||
}
|
}
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
#if defined(__cplusplus)
|
#if defined(__cplusplus)
|
||||||
extern "C++" {
|
extern "C++" {
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
|
|
|
@ -33,13 +33,13 @@ void __bionic_bcopy(const void *src, void* const dst __pass_object_size0, size_t
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos0(dst), len),
|
__clang_error_if(__bos_unevaluated_lt(__bos0(dst), len),
|
||||||
"'bcopy' called with size bigger than buffer") {
|
"'bcopy' called with size bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
size_t bos = __bos0(dst);
|
size_t bos = __bos0(dst);
|
||||||
if (!__bos_trivially_ge(bos, len)) {
|
if (!__bos_trivially_ge(bos, len)) {
|
||||||
__builtin___memmove_chk(dst, src, len, bos);
|
__builtin___memmove_chk(dst, src, len, bos);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
__builtin_memmove(dst, src, len);
|
__builtin_memmove(dst, src, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -48,13 +48,13 @@ void __bionic_bzero(void* const b __pass_object_size0, size_t len)
|
||||||
__overloadable
|
__overloadable
|
||||||
__clang_error_if(__bos_unevaluated_lt(__bos0(b), len),
|
__clang_error_if(__bos_unevaluated_lt(__bos0(b), len),
|
||||||
"'bzero' called with size bigger than buffer") {
|
"'bzero' called with size bigger than buffer") {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
size_t bos = __bos0(b);
|
size_t bos = __bos0(b);
|
||||||
if (!__bos_trivially_ge(bos, len)) {
|
if (!__bos_trivially_ge(bos, len)) {
|
||||||
__builtin___memset_chk(b, 0, len, bos);
|
__builtin___memset_chk(b, 0, len, bos);
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
__builtin_memset(b, 0, len);
|
__builtin_memset(b, 0, len);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -73,13 +73,13 @@ __BIONIC_FORTIFY_INLINE
|
||||||
char* getcwd(char* const __pass_object_size buf, size_t size)
|
char* getcwd(char* const __pass_object_size buf, size_t size)
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_objectsize(size, __bos(buf), getcwd) {
|
__error_if_overflows_objectsize(size, __bos(buf), getcwd) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_N__
|
||||||
size_t bos = __bos(buf);
|
size_t bos = __bos(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge(bos, size)) {
|
if (!__bos_trivially_ge(bos, size)) {
|
||||||
return __getcwd_chk(buf, size, bos);
|
return __getcwd_chk(buf, size, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
||||||
return __call_bypassing_fortify(getcwd)(buf, size);
|
return __call_bypassing_fortify(getcwd)(buf, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -89,13 +89,13 @@ ssize_t pread(int fd, void* const __pass_object_size0 buf, size_t count, off_t o
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_ssizet(count, pread)
|
__error_if_overflows_ssizet(count, pread)
|
||||||
__error_if_overflows_objectsize(count, __bos0(buf), pread) {
|
__error_if_overflows_objectsize(count, __bos0(buf), pread) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
||||||
return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos);
|
return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
||||||
return __PREAD_PREFIX(real)(fd, buf, count, offset);
|
return __PREAD_PREFIX(real)(fd, buf, count, offset);
|
||||||
}
|
}
|
||||||
#endif /* !defined(__USE_FILE_OFFSET64) */
|
#endif /* !defined(__USE_FILE_OFFSET64) */
|
||||||
|
@ -105,13 +105,13 @@ ssize_t pread64(int fd, void* const __pass_object_size0 buf, size_t count, off64
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_ssizet(count, pread64)
|
__error_if_overflows_ssizet(count, pread64)
|
||||||
__error_if_overflows_objectsize(count, __bos0(buf), pread64) {
|
__error_if_overflows_objectsize(count, __bos0(buf), pread64) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
||||||
return __pread64_chk(fd, buf, count, offset, bos);
|
return __pread64_chk(fd, buf, count, offset, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
||||||
return __pread64_real(fd, buf, count, offset);
|
return __pread64_real(fd, buf, count, offset);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -121,13 +121,13 @@ ssize_t pwrite(int fd, const void* const __pass_object_size0 buf, size_t count,
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_ssizet(count, pwrite)
|
__error_if_overflows_ssizet(count, pwrite)
|
||||||
__error_if_overflows_objectsize(count, __bos0(buf), pwrite) {
|
__error_if_overflows_objectsize(count, __bos0(buf), pwrite) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_N__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
||||||
return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos);
|
return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
||||||
return __PWRITE_PREFIX(real)(fd, buf, count, offset);
|
return __PWRITE_PREFIX(real)(fd, buf, count, offset);
|
||||||
}
|
}
|
||||||
#endif /* !defined(__USE_FILE_OFFSET64) */
|
#endif /* !defined(__USE_FILE_OFFSET64) */
|
||||||
|
@ -137,13 +137,13 @@ ssize_t pwrite64(int fd, const void* const __pass_object_size0 buf, size_t count
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_ssizet(count, pwrite64)
|
__error_if_overflows_ssizet(count, pwrite64)
|
||||||
__error_if_overflows_objectsize(count, __bos0(buf), pwrite64) {
|
__error_if_overflows_objectsize(count, __bos0(buf), pwrite64) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_N__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
||||||
return __pwrite64_chk(fd, buf, count, offset, bos);
|
return __pwrite64_chk(fd, buf, count, offset, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
||||||
return __pwrite64_real(fd, buf, count, offset);
|
return __pwrite64_real(fd, buf, count, offset);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -152,13 +152,13 @@ ssize_t read(int fd, void* const __pass_object_size0 buf, size_t count)
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_ssizet(count, read)
|
__error_if_overflows_ssizet(count, read)
|
||||||
__error_if_overflows_objectsize(count, __bos0(buf), read) {
|
__error_if_overflows_objectsize(count, __bos0(buf), read) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_L__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_L__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
||||||
return __read_chk(fd, buf, count, bos);
|
return __read_chk(fd, buf, count, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
||||||
return __call_bypassing_fortify(read)(fd, buf, count);
|
return __call_bypassing_fortify(read)(fd, buf, count);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -167,13 +167,13 @@ ssize_t write(int fd, const void* const __pass_object_size0 buf, size_t count)
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_ssizet(count, write)
|
__error_if_overflows_ssizet(count, write)
|
||||||
__error_if_overflows_objectsize(count, __bos0(buf), write) {
|
__error_if_overflows_objectsize(count, __bos0(buf), write) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_N__
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
||||||
return __write_chk(fd, buf, count, bos);
|
return __write_chk(fd, buf, count, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
||||||
return __call_bypassing_fortify(write)(fd, buf, count);
|
return __call_bypassing_fortify(write)(fd, buf, count);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -182,13 +182,13 @@ ssize_t readlink(const char* path, char* const __pass_object_size buf, size_t si
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_ssizet(size, readlink)
|
__error_if_overflows_ssizet(size, readlink)
|
||||||
__error_if_overflows_objectsize(size, __bos(buf), readlink) {
|
__error_if_overflows_objectsize(size, __bos(buf), readlink) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
size_t bos = __bos(buf);
|
size_t bos = __bos(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_no_overflow(bos, size)) {
|
if (!__bos_trivially_ge_no_overflow(bos, size)) {
|
||||||
return __readlink_chk(path, buf, size, bos);
|
return __readlink_chk(path, buf, size, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
||||||
return __call_bypassing_fortify(readlink)(path, buf, size);
|
return __call_bypassing_fortify(readlink)(path, buf, size);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -198,13 +198,13 @@ ssize_t readlinkat(int dirfd, const char* path, char* const __pass_object_size b
|
||||||
__overloadable
|
__overloadable
|
||||||
__error_if_overflows_ssizet(size, readlinkat)
|
__error_if_overflows_ssizet(size, readlinkat)
|
||||||
__error_if_overflows_objectsize(size, __bos(buf), readlinkat) {
|
__error_if_overflows_objectsize(size, __bos(buf), readlinkat) {
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
size_t bos = __bos(buf);
|
size_t bos = __bos(buf);
|
||||||
|
|
||||||
if (!__bos_trivially_ge_no_overflow(bos, size)) {
|
if (!__bos_trivially_ge_no_overflow(bos, size)) {
|
||||||
return __readlinkat_chk(dirfd, path, buf, size, bos);
|
return __readlinkat_chk(dirfd, path, buf, size, bos);
|
||||||
}
|
}
|
||||||
#endif
|
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
||||||
return __call_bypassing_fortify(readlinkat)(dirfd, path, buf, size);
|
return __call_bypassing_fortify(readlinkat)(dirfd, path, buf, size);
|
||||||
}
|
}
|
||||||
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
||||||
|
|
|
@ -237,15 +237,14 @@
|
||||||
#define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
|
#define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
|
||||||
|
|
||||||
#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
|
#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
|
||||||
/* FORTIFY can interfere with pattern-matching of clang-tidy/the static analyzer. */
|
/*
|
||||||
# if !defined(__clang_analyzer__)
|
* FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors.
|
||||||
|
* Additionally, the static analyzer/clang-tidy try to pattern match some
|
||||||
|
* standard library functions, and FORTIFY sometimes interferes with this. So,
|
||||||
|
* we turn FORTIFY off in both cases.
|
||||||
|
*/
|
||||||
|
# if !__has_feature(address_sanitizer) && !defined(__clang_analyzer__)
|
||||||
# define __BIONIC_FORTIFY 1
|
# define __BIONIC_FORTIFY 1
|
||||||
/* ASAN has interceptors that FORTIFY's _chk functions can break. */
|
|
||||||
# if __has_feature(address_sanitizer)
|
|
||||||
# define __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED 0
|
|
||||||
# else
|
|
||||||
# define __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED 1
|
|
||||||
# endif
|
|
||||||
# endif
|
# endif
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
|
|
@ -312,20 +312,26 @@ cc_defaults {
|
||||||
},
|
},
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensures that FORTIFY checks aren't run when ASAN is on.
|
// If building this fails, then we have both FORTIFY and ASAN enabled, which
|
||||||
cc_test {
|
// isn't desirable. (Ideally, we'd emit FORTIFY diagnostics even with ASAN
|
||||||
name: "bionic-fortify-runtime-asan-test",
|
// enabled, but that's not a reality today.) This is meant to be otherwise
|
||||||
|
// unused.
|
||||||
|
cc_test_library {
|
||||||
|
name: "fortify_disabled_for_asan",
|
||||||
defaults: [
|
defaults: [
|
||||||
"bionic_clang_fortify_tests_w_flags",
|
"bionic_clang_fortify_tests_w_flags",
|
||||||
],
|
],
|
||||||
cflags: [
|
cflags: [
|
||||||
"-Werror",
|
"-Werror",
|
||||||
"-D_FORTIFY_SOURCE=2",
|
"-D_FORTIFY_SOURCE=2",
|
||||||
|
// "sanitize: address" doesn't work on platforms where libasan isn't
|
||||||
|
// enabled. Since the intent is just to build this, we can get away with
|
||||||
|
// passing this flag on its own.
|
||||||
|
"-fsanitize=address",
|
||||||
],
|
],
|
||||||
sanitize: {
|
// Ignore that we don't have ASAN symbols linked in.
|
||||||
address: true,
|
allow_undefined_symbols: true,
|
||||||
},
|
srcs: ["clang_fortify_tests.cpp"],
|
||||||
srcs: ["clang_fortify_asan.cpp"],
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Ensure we don't use FORTIFY'ed functions with the static analyzer/clang-tidy:
|
// Ensure we don't use FORTIFY'ed functions with the static analyzer/clang-tidy:
|
||||||
|
|
|
@ -1,46 +0,0 @@
|
||||||
/*
|
|
||||||
* Copyright (C) 2019 The Android Open Source Project
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
*/
|
|
||||||
|
|
||||||
/*
|
|
||||||
* This test ensures that ensures that FORTIFY's run-time bits aren't enabled with ASAN on. Most
|
|
||||||
* ways of getting FORTIFY to break turn into UB unless you get creative. Rather than remaking the
|
|
||||||
* entire FORTIFY test-suite with this added constraint, we pick a function with well-defined
|
|
||||||
* behavior when a FORTIFY check would fail (umask), and hope that the success of that is indicative
|
|
||||||
* of the rest working.
|
|
||||||
*/
|
|
||||||
|
|
||||||
#ifndef __clang__
|
|
||||||
#error "Non-clang isn't supported"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#ifndef _FORTIFY_SOURCE
|
|
||||||
#error "_FORTIFY_SOURCE must be defined"
|
|
||||||
#endif
|
|
||||||
|
|
||||||
#include <sys/cdefs.h>
|
|
||||||
|
|
||||||
#if defined(__BIONIC__) && __has_feature(address_sanitizer)
|
|
||||||
#include <sys/stat.h>
|
|
||||||
#include <gtest/gtest.h>
|
|
||||||
|
|
||||||
TEST(ClangFortifyASAN, NoRuntimeChecksAreEnabled) {
|
|
||||||
volatile mode_t unknown = 01000;
|
|
||||||
mode_t previous = umask(unknown);
|
|
||||||
|
|
||||||
// Not necessary, but polite.
|
|
||||||
umask(previous);
|
|
||||||
}
|
|
||||||
#endif
|
|
Loading…
Reference in a new issue