Merge "fortify: use __builtin_constant_p for more short-circuits"
am: 30d4c6fb06
Change-Id: I1afdad78569cca684d5c825c31c2c835669f0418
This commit is contained in:
commit
576271755b
4 changed files with 32 additions and 25 deletions
|
@ -37,6 +37,10 @@ int __ppoll64_chk(struct pollfd*, nfds_t, const struct timespec*, const sigset64
|
||||||
#if defined(__BIONIC_FORTIFY)
|
#if defined(__BIONIC_FORTIFY)
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_M__
|
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||||
|
|
||||||
|
#define __bos_fd_count_trivially_safe(bos_val, fds, fd_count) \
|
||||||
|
__bos_dynamic_check_impl_and((bos_val), >=, (sizeof(*fds) * (fd_count)), \
|
||||||
|
(fd_count) <= __BIONIC_CAST(static_cast, nfds_t, -1) / sizeof(*fds))
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeout)
|
int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeout)
|
||||||
__overloadable
|
__overloadable
|
||||||
|
@ -44,7 +48,7 @@ int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeo
|
||||||
"in call to 'poll', fd_count is larger than the given buffer") {
|
"in call to 'poll', fd_count is larger than the given buffer") {
|
||||||
size_t bos_fds = __bos(fds);
|
size_t bos_fds = __bos(fds);
|
||||||
|
|
||||||
if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
||||||
return __call_bypassing_fortify(poll)(fds, fd_count, timeout);
|
return __call_bypassing_fortify(poll)(fds, fd_count, timeout);
|
||||||
}
|
}
|
||||||
return __poll_chk(fds, fd_count, timeout, bos_fds);
|
return __poll_chk(fds, fd_count, timeout, bos_fds);
|
||||||
|
@ -57,7 +61,7 @@ int ppoll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const st
|
||||||
"in call to 'ppoll', fd_count is larger than the given buffer") {
|
"in call to 'ppoll', fd_count is larger than the given buffer") {
|
||||||
size_t bos_fds = __bos(fds);
|
size_t bos_fds = __bos(fds);
|
||||||
|
|
||||||
if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
||||||
return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask);
|
return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask);
|
||||||
}
|
}
|
||||||
return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds);
|
return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds);
|
||||||
|
@ -71,12 +75,14 @@ int ppoll64(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const
|
||||||
"in call to 'ppoll64', fd_count is larger than the given buffer") {
|
"in call to 'ppoll64', fd_count is larger than the given buffer") {
|
||||||
size_t bos_fds = __bos(fds);
|
size_t bos_fds = __bos(fds);
|
||||||
|
|
||||||
if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
|
||||||
return __call_bypassing_fortify(ppoll64)(fds, fd_count, timeout, mask);
|
return __call_bypassing_fortify(ppoll64)(fds, fd_count, timeout, mask);
|
||||||
}
|
}
|
||||||
return __ppoll64_chk(fds, fd_count, timeout, mask, bos_fds);
|
return __ppoll64_chk(fds, fd_count, timeout, mask, bos_fds);
|
||||||
}
|
}
|
||||||
#endif
|
#endif
|
||||||
|
|
||||||
|
#undef __bos_fd_count_trivially_safe
|
||||||
|
|
||||||
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
|
||||||
#endif /* defined(__BIONIC_FORTIFY) */
|
#endif /* defined(__BIONIC_FORTIFY) */
|
||||||
|
|
|
@ -89,6 +89,10 @@ int sprintf(char* const __pass_object_size dest, const char* format, ...) __over
|
||||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_N__
|
#if __ANDROID_API__ >= __ANDROID_API_N__
|
||||||
|
#define __bos_trivially_not_lt_mul(bos_val, size, count) \
|
||||||
|
__bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
|
||||||
|
!__unsafe_check_mul_overflow(size, count))
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FILE* stream)
|
size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FILE* stream)
|
||||||
__overloadable
|
__overloadable
|
||||||
|
@ -98,7 +102,7 @@ size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FIL
|
||||||
"in call to 'fread', size * count is too large for the given buffer") {
|
"in call to 'fread', size * count is too large for the given buffer") {
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_trivially_not_lt_mul(bos, size, count)) {
|
||||||
return __call_bypassing_fortify(fread)(buf, size, count, stream);
|
return __call_bypassing_fortify(fread)(buf, size, count, stream);
|
||||||
}
|
}
|
||||||
return __fread_chk(buf, size, count, stream, bos);
|
return __fread_chk(buf, size, count, stream, bos);
|
||||||
|
@ -113,12 +117,13 @@ size_t fwrite(const void* const __pass_object_size0 buf, size_t size, size_t cou
|
||||||
"in call to 'fwrite', size * count is too large for the given buffer") {
|
"in call to 'fwrite', size * count is too large for the given buffer") {
|
||||||
size_t bos = __bos0(buf);
|
size_t bos = __bos0(buf);
|
||||||
|
|
||||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_trivially_not_lt_mul(bos, size, count)) {
|
||||||
return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
|
return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
|
||||||
}
|
}
|
||||||
|
|
||||||
return __fwrite_chk(buf, size, count, stream, bos);
|
return __fwrite_chk(buf, size, count, stream, bos);
|
||||||
}
|
}
|
||||||
|
#undef __bos_trivially_not_lt_mul
|
||||||
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
|
||||||
|
|
||||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||||
|
@ -130,7 +135,7 @@ char* fgets(char* const __pass_object_size dest, int size, FILE* stream)
|
||||||
"in call to 'fgets', size is larger than the destination buffer") {
|
"in call to 'fgets', size is larger than the destination buffer") {
|
||||||
size_t bos = __bos(dest);
|
size_t bos = __bos(dest);
|
||||||
|
|
||||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
|
||||||
return __call_bypassing_fortify(fgets)(dest, size, stream);
|
return __call_bypassing_fortify(fgets)(dest, size, stream);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -123,7 +123,7 @@ __BIONIC_FORTIFY_INLINE
|
||||||
void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable {
|
void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable {
|
||||||
size_t bos = __bos(s);
|
size_t bos = __bos(s);
|
||||||
|
|
||||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_trivially_geq(bos, n)) {
|
||||||
return __builtin_memchr(s, c, n);
|
return __builtin_memchr(s, c, n);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -134,7 +134,7 @@ __BIONIC_FORTIFY_INLINE
|
||||||
void* __memrchr_fortify(const void* const __pass_object_size s, int c, size_t n) __overloadable {
|
void* __memrchr_fortify(const void* const __pass_object_size s, int c, size_t n) __overloadable {
|
||||||
size_t bos = __bos(s);
|
size_t bos = __bos(s);
|
||||||
|
|
||||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_trivially_geq(bos, n)) {
|
||||||
return __memrchr_real(s, c, n);
|
return __memrchr_real(s, c, n);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -195,24 +195,11 @@ size_t strlcat(char* const dst __pass_object_size, const char* src, size_t size)
|
||||||
return __strlcat_chk(dst, src, size, bos);
|
return __strlcat_chk(dst, src, size, bos);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
|
||||||
* If we can evaluate the size of s at compile-time, just call __builtin_strlen
|
|
||||||
* on it directly. This makes it way easier for compilers to fold things like
|
|
||||||
* strlen("Foo") into a constant, as users would expect. -1ULL is chosen simply
|
|
||||||
* because it's large.
|
|
||||||
*/
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
|
||||||
size_t strlen(const char* const s __pass_object_size)
|
|
||||||
__overloadable __enable_if(__builtin_strlen(s) != -1ULL,
|
|
||||||
"enabled if s is a known good string.") {
|
|
||||||
return __builtin_strlen(s);
|
|
||||||
}
|
|
||||||
|
|
||||||
__BIONIC_FORTIFY_INLINE
|
__BIONIC_FORTIFY_INLINE
|
||||||
size_t strlen(const char* const s __pass_object_size0) __overloadable {
|
size_t strlen(const char* const s __pass_object_size0) __overloadable {
|
||||||
size_t bos = __bos0(s);
|
size_t bos = __bos0(s);
|
||||||
|
|
||||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
if (__bos_trivially_gt(bos, __builtin_strlen(s))) {
|
||||||
return __builtin_strlen(s);
|
return __builtin_strlen(s);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -297,12 +297,21 @@
|
||||||
((bos_val) != __BIONIC_FORTIFY_UNKNOWN_SIZE && (bos_val) <= (val))
|
((bos_val) != __BIONIC_FORTIFY_UNKNOWN_SIZE && (bos_val) <= (val))
|
||||||
|
|
||||||
/* Intended for use in evaluated contexts. */
|
/* Intended for use in evaluated contexts. */
|
||||||
|
#define __bos_dynamic_check_impl_and(bos_val, op, index, cond) \
|
||||||
|
(bos_val == __BIONIC_FORTIFY_UNKNOWN_SIZE || \
|
||||||
|
(__builtin_constant_p(index) && bos_val op index && (cond)))
|
||||||
|
|
||||||
#define __bos_dynamic_check_impl(bos_val, op, index) \
|
#define __bos_dynamic_check_impl(bos_val, op, index) \
|
||||||
(bos_val == __BIONIC_FORTIFY_UNKNOWN_SIZE || (__builtin_constant_p(index) && bos_val op index))
|
__bos_dynamic_check_impl_and(bos_val, op, index, 1)
|
||||||
|
|
||||||
|
#define __bos_trivially_geq(bos_val, index) __bos_dynamic_check_impl((bos_val), >=, (index))
|
||||||
|
|
||||||
|
#define __bos_trivially_gt(bos_val, index) __bos_dynamic_check_impl((bos_val), >, (index))
|
||||||
|
|
||||||
/* The names here are meant to match nicely with the __bos_unevaluated macros above. */
|
/* The names here are meant to match nicely with the __bos_unevaluated macros above. */
|
||||||
#define __bos_trivially_not_lt(bos_val, index) __bos_dynamic_check_impl((bos_val), >=, (index))
|
#define __bos_trivially_not_lt __bos_trivially_geq
|
||||||
#define __bos_trivially_not_leq(bos_val, index) __bos_dynamic_check_impl((bos_val), >, (index))
|
#define __bos_trivially_not_leq __bos_trivially_gt
|
||||||
|
|
||||||
|
|
||||||
#if defined(__BIONIC_FORTIFY) || defined(__BIONIC_DECLARE_FORTIFY_HELPERS)
|
#if defined(__BIONIC_FORTIFY) || defined(__BIONIC_DECLARE_FORTIFY_HELPERS)
|
||||||
# define __BIONIC_INCLUDE_FORTIFY_HEADERS 1
|
# define __BIONIC_INCLUDE_FORTIFY_HEADERS 1
|
||||||
|
|
Loading…
Reference in a new issue