diff --git a/libc/include/bits/fortify/string.h b/libc/include/bits/fortify/string.h index af93b9117..1e129868c 100644 --- a/libc/include/bits/fortify/string.h +++ b/libc/include/bits/fortify/string.h @@ -70,10 +70,10 @@ void* memmove(void* const dst __pass_object_size0, const void* src, size_t len) __BIONIC_FORTIFY_INLINE char* stpcpy(char* const dst __pass_object_size, const char* src) __overloadable - __clang_error_if(__bos_unevaluated_leq(__bos(dst), __builtin_strlen(src)), + __clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)), "'stpcpy' called with string bigger than buffer") { size_t bos_dst = __bos(dst); - if (__bos_trivially_not_leq(bos_dst, __builtin_strlen(src))) { + if (__bos_trivially_not_le(bos_dst, __builtin_strlen(src))) { return __builtin_stpcpy(dst, src); } return __builtin___stpcpy_chk(dst, src, bos_dst); @@ -84,10 +84,10 @@ char* stpcpy(char* const dst __pass_object_size, const char* src) __BIONIC_FORTIFY_INLINE char* strcpy(char* const dst __pass_object_size, const char* src) __overloadable - __clang_error_if(__bos_unevaluated_leq(__bos(dst), __builtin_strlen(src)), + __clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)), "'strcpy' called with string bigger than buffer") { size_t bos_dst = __bos(dst); - if (__bos_trivially_not_leq(bos_dst, __builtin_strlen(src))) { + if (__bos_trivially_not_le(bos_dst, __builtin_strlen(src))) { return __builtin_strcpy(dst, src); } return __builtin___strcpy_chk(dst, src, bos_dst); @@ -123,7 +123,7 @@ __BIONIC_FORTIFY_INLINE void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable { size_t bos = __bos(s); - if (__bos_trivially_geq(bos, n)) { + if (__bos_trivially_ge(bos, n)) { return __builtin_memchr(s, c, n); } @@ -134,7 +134,7 @@ __BIONIC_FORTIFY_INLINE void* __memrchr_fortify(const void* const __pass_object_size s, int c, size_t n) __overloadable { size_t bos = __bos(s); - if (__bos_trivially_geq(bos, n)) { + if (__bos_trivially_ge(bos, n)) { return __memrchr_real(s, c, n); } diff --git a/libc/include/bits/fortify/unistd.h b/libc/include/bits/fortify/unistd.h index 04c7495ae..543c3c748 100644 --- a/libc/include/bits/fortify/unistd.h +++ b/libc/include/bits/fortify/unistd.h @@ -66,6 +66,9 @@ ssize_t __readlinkat_chk(int dirfd, const char*, char*, size_t, size_t) __INTROD __clang_error_if(__bos_unevaluated_lt((objsize), (what)), \ "in call to '" #fn "', '" #what "' bytes overflows the given object") +#define __bos_trivially_not_lt_no_overflow(bos_val, index) \ + __bos_dynamic_check_impl_and((bos_val), >=, (index), (bos_val) <= SSIZE_MAX) + #if __ANDROID_API__ >= __ANDROID_API_N__ __BIONIC_FORTIFY_INLINE char* getcwd(char* const __pass_object_size buf, size_t size) @@ -73,7 +76,7 @@ char* getcwd(char* const __pass_object_size buf, size_t size) __error_if_overflows_objectsize(size, __bos(buf), getcwd) { size_t bos = __bos(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt(bos, size)) { return __call_bypassing_fortify(getcwd)(buf, size); } @@ -89,7 +92,7 @@ ssize_t pread(int fd, void* const __pass_object_size0 buf, size_t count, off_t o __error_if_overflows_objectsize(count, __bos0(buf), pread) { size_t bos = __bos0(buf); - if (count == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_no_overflow(bos, count)) { return __PREAD_PREFIX(real)(fd, buf, count, offset); } @@ -103,7 +106,7 @@ ssize_t pread64(int fd, void* const __pass_object_size0 buf, size_t count, off64 __error_if_overflows_objectsize(count, __bos0(buf), pread64) { size_t bos = __bos0(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_no_overflow(bos, count)) { return __pread64_real(fd, buf, count, offset); } @@ -119,7 +122,7 @@ ssize_t pwrite(int fd, const void* const __pass_object_size0 buf, size_t count, __error_if_overflows_objectsize(count, __bos0(buf), pwrite) { size_t bos = __bos0(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_no_overflow(bos, count)) { return __PWRITE_PREFIX(real)(fd, buf, count, offset); } @@ -133,7 +136,7 @@ ssize_t pwrite64(int fd, const void* const __pass_object_size0 buf, size_t count __error_if_overflows_objectsize(count, __bos0(buf), pwrite64) { size_t bos = __bos0(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_no_overflow(bos, count)) { return __pwrite64_real(fd, buf, count, offset); } @@ -149,7 +152,7 @@ ssize_t read(int fd, void* const __pass_object_size0 buf, size_t count) __error_if_overflows_objectsize(count, __bos0(buf), read) { size_t bos = __bos0(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_no_overflow(bos, count)) { return __call_bypassing_fortify(read)(fd, buf, count); } @@ -165,7 +168,7 @@ ssize_t write(int fd, const void* const __pass_object_size0 buf, size_t count) __error_if_overflows_objectsize(count, __bos0(buf), write) { size_t bos = __bos0(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_no_overflow(bos, count)) { return __call_bypassing_fortify(write)(fd, buf, count); } @@ -181,7 +184,7 @@ ssize_t readlink(const char* path, char* const __pass_object_size buf, size_t si __error_if_overflows_objectsize(size, __bos(buf), readlink) { size_t bos = __bos(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_no_overflow(bos, size)) { return __call_bypassing_fortify(readlink)(path, buf, size); } @@ -195,7 +198,7 @@ ssize_t readlinkat(int dirfd, const char* path, char* const __pass_object_size b __error_if_overflows_objectsize(size, __bos(buf), readlinkat) { size_t bos = __bos(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_no_overflow(bos, size)) { return __call_bypassing_fortify(readlinkat)(dirfd, path, buf, size); } @@ -203,6 +206,7 @@ ssize_t readlinkat(int dirfd, const char* path, char* const __pass_object_size b } #endif /* __ANDROID_API__ >= __ANDROID_API_M__ */ +#undef __bos_trivially_not_lt_no_overflow #undef __enable_if_no_overflow_ssizet #undef __error_if_overflows_objectsize #undef __error_if_overflows_ssizet diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h index 42bf451a1..dceb1165c 100644 --- a/libc/include/sys/cdefs.h +++ b/libc/include/sys/cdefs.h @@ -293,7 +293,7 @@ #define __bos_unevaluated_lt(bos_val, val) \ ((bos_val) != __BIONIC_FORTIFY_UNKNOWN_SIZE && (bos_val) < (val)) -#define __bos_unevaluated_leq(bos_val, val) \ +#define __bos_unevaluated_le(bos_val, val) \ ((bos_val) != __BIONIC_FORTIFY_UNKNOWN_SIZE && (bos_val) <= (val)) /* Intended for use in evaluated contexts. */ @@ -304,13 +304,13 @@ #define __bos_dynamic_check_impl(bos_val, op, index) \ __bos_dynamic_check_impl_and(bos_val, op, index, 1) -#define __bos_trivially_geq(bos_val, index) __bos_dynamic_check_impl((bos_val), >=, (index)) +#define __bos_trivially_ge(bos_val, index) __bos_dynamic_check_impl((bos_val), >=, (index)) #define __bos_trivially_gt(bos_val, index) __bos_dynamic_check_impl((bos_val), >, (index)) /* The names here are meant to match nicely with the __bos_unevaluated macros above. */ -#define __bos_trivially_not_lt __bos_trivially_geq -#define __bos_trivially_not_leq __bos_trivially_gt +#define __bos_trivially_not_lt __bos_trivially_ge +#define __bos_trivially_not_le __bos_trivially_gt #if defined(__BIONIC_FORTIFY) || defined(__BIONIC_DECLARE_FORTIFY_HELPERS)