fortify(string): emit diagnostics regardless of API level
Bug: 141267932 Test: m checkbuild on internal-master Change-Id: I7dc10b56b667f8f2f2cd360b008d834af92a72e4
This commit is contained in:
George Burgess IV
parent
9349b9e51b
commit
fd1ff4b2c8
1 changed files with 47 additions and 38 deletions
|
|
@ -77,33 +77,34 @@ void* mempcpy(void* const dst __pass_object_size0, const void* src, size_t copy_
|
|||
return __builtin___mempcpy_chk(dst, src, copy_amount, bos_dst);
|
||||
}
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_R__ */
|
||||
#endif
|
||||
#endif /* __USE_GNU */
|
||||
|
||||
#if __ANDROID_API__ >= __ANDROID_API_L__
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
char* stpcpy(char* const dst __pass_object_size, const char* src)
|
||||
__overloadable
|
||||
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
||||
"'stpcpy' called with string bigger than buffer") {
|
||||
#if __ANDROID_API__ >= __ANDROID_API_L__
|
||||
size_t bos_dst = __bos(dst);
|
||||
if (__bos_trivially_not_le(bos_dst, __builtin_strlen(src))) {
|
||||
return __builtin_stpcpy(dst, src);
|
||||
if (!__bos_trivially_gt(bos_dst, __builtin_strlen(src))) {
|
||||
return __builtin___stpcpy_chk(dst, src, bos_dst);
|
||||
}
|
||||
return __builtin___stpcpy_chk(dst, src, bos_dst);
|
||||
}
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
||||
return __builtin_stpcpy(dst, src);
|
||||
}
|
||||
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
char* strcpy(char* const dst __pass_object_size, const char* src)
|
||||
__overloadable
|
||||
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
||||
"'strcpy' called with string bigger than buffer") {
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
size_t bos_dst = __bos(dst);
|
||||
if (__bos_trivially_not_le(bos_dst, __builtin_strlen(src))) {
|
||||
return __builtin_strcpy(dst, src);
|
||||
if (!__bos_trivially_gt(bos_dst, __builtin_strlen(src))) {
|
||||
return __builtin___strcpy_chk(dst, src, bos_dst);
|
||||
}
|
||||
return __builtin___strcpy_chk(dst, src, bos_dst);
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||
return __builtin_strcpy(dst, src);
|
||||
}
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
|
|
@ -111,27 +112,34 @@ char* strcat(char* const dst __pass_object_size, const char* src)
|
|||
__overloadable
|
||||
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
|
||||
"'strcat' called with string bigger than buffer") {
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
return __builtin___strcat_chk(dst, src, __bos(dst));
|
||||
#else
|
||||
return __builtin_strcat(dst, src);
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||
}
|
||||
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
/* No diag -- clang diagnoses misuses of this on its own. */
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
char* strncat(char* const dst __pass_object_size, const char* src, size_t n) __overloadable {
|
||||
return __builtin___strncat_chk(dst, src, n, __bos(dst));
|
||||
}
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||
|
||||
/* No diag -- clang diagnoses misuses of this on its own. */
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
void* memset(void* const s __pass_object_size0, int c, size_t n) __overloadable
|
||||
/* If you're a user who wants this warning to go away: use `(&memset)(foo, bar, baz)`. */
|
||||
__clang_warning_if(c && !n, "'memset' will set 0 bytes; maybe the arguments got flipped?") {
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
size_t bos = __bos0(s);
|
||||
if (__bos_trivially_not_lt(bos, n)) {
|
||||
return __builtin_memset(s, c, n);
|
||||
if (!__bos_trivially_ge(bos, n)) {
|
||||
return __builtin___memset_chk(s, c, n, bos);
|
||||
}
|
||||
return __builtin___memset_chk(s, c, n, bos);
|
||||
}
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||
return __builtin_memset(s, c, n);
|
||||
}
|
||||
|
||||
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
|
|
@ -189,19 +197,19 @@ char* strncpy(char* const dst __pass_object_size, const char* const src __pass_o
|
|||
}
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
|
||||
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
size_t strlcpy(char* const dst __pass_object_size, const char* src, size_t size)
|
||||
__overloadable
|
||||
__clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
|
||||
"'strlcpy' called with size bigger than buffer") {
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
size_t bos = __bos(dst);
|
||||
|
||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __call_bypassing_fortify(strlcpy)(dst, src, size);
|
||||
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __strlcpy_chk(dst, src, size, bos);
|
||||
}
|
||||
|
||||
return __strlcpy_chk(dst, src, size, bos);
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||
return __call_bypassing_fortify(strlcpy)(dst, src, size);
|
||||
}
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
|
|
@ -209,50 +217,51 @@ size_t strlcat(char* const dst __pass_object_size, const char* src, size_t size)
|
|||
__overloadable
|
||||
__clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
|
||||
"'strlcat' called with size bigger than buffer") {
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
size_t bos = __bos(dst);
|
||||
|
||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __call_bypassing_fortify(strlcat)(dst, src, size);
|
||||
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __strlcat_chk(dst, src, size, bos);
|
||||
}
|
||||
|
||||
return __strlcat_chk(dst, src, size, bos);
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||
return __call_bypassing_fortify(strlcat)(dst, src, size);
|
||||
}
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
size_t strlen(const char* const s __pass_object_size0) __overloadable {
|
||||
size_t bos = __bos0(s);
|
||||
|
||||
if (__bos_trivially_gt(bos, __builtin_strlen(s))) {
|
||||
return __builtin_strlen(s);
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
|
||||
if (!__bos_trivially_gt(bos, __builtin_strlen(s))) {
|
||||
return __strlen_chk(s, bos);
|
||||
}
|
||||
|
||||
return __strlen_chk(s, bos);
|
||||
}
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
|
||||
return __builtin_strlen(s);
|
||||
}
|
||||
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
char* strchr(const char* const s __pass_object_size, int c) __overloadable {
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
|
||||
size_t bos = __bos(s);
|
||||
|
||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __builtin_strchr(s, c);
|
||||
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __strchr_chk(s, c, bos);
|
||||
}
|
||||
|
||||
return __strchr_chk(s, c, bos);
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
|
||||
return __builtin_strchr(s, c);
|
||||
}
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
char* strrchr(const char* const s __pass_object_size, int c) __overloadable {
|
||||
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
|
||||
size_t bos = __bos(s);
|
||||
|
||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __builtin_strrchr(s, c);
|
||||
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __strrchr_chk(s, c, bos);
|
||||
}
|
||||
|
||||
return __strrchr_chk(s, c, bos);
|
||||
}
|
||||
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
|
||||
return __builtin_strrchr(s, c);
|
||||
}
|
||||
|
||||
#if __ANDROID_API__ >= __ANDROID_API_M__
|
||||
#if defined(__cplusplus)
|
||||
|
|
|
|||
Loading…
Reference in a new issue