Merge "libc fortify: error on realpath(NULL, foo)" am: 6beab08440

am: 87fcfefe26

Change-Id: I289b496e80533d3fe45781f9b86d000e25c5dfbd

libc/include/bits/fortify/stdlib.h

@@ -40,7 +40,8 @@
 #if defined(__clang__)
 char* realpath(const char* path, char* resolved)
         __clang_error_if(__bos(resolved) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
-                         __bos(resolved) < __PATH_MAX, __realpath_buf_too_small_str);
+                         __bos(resolved) < __PATH_MAX, __realpath_buf_too_small_str)
+        __clang_error_if(!path, "'realpath': NULL path is never correct; flipped arguments?");
 /* No need for a definition; the only issues we can catch are at compile-time. */
 
 #else /* defined(__clang__) */

tests/fortify_compilation_test.cpp

@@ -376,6 +376,7 @@ void test_realpath() {
   // This is fine.
   realpath(".", NULL);
 
-  // FIXME: But we should warn on this.
-  realpath(NULL, buf);
+  char bigbuf[PATH_MAX];
+  // CLANG: error: 'realpath': NULL path is never correct; flipped arguments?
+  realpath(NULL, bigbuf);
 }

tests/stdlib_test.cpp

@@ -184,7 +184,9 @@ TEST(stdlib, posix_memalign_overflow) {
 
 TEST(stdlib, realpath__NULL_filename) {
   errno = 0;
-  char* p = realpath(NULL, NULL);
+  // Work around the compile-time error generated by FORTIFY here.
+  const char* path = NULL;
+  char* p = realpath(path, NULL);
   ASSERT_TRUE(p == NULL);
   ASSERT_EQ(EINVAL, errno);
 }