This bug will happen when these circumstances are met:
- Destination address & 0x7 == 1, strlen of src is 11, 12, 13.
- Destination address & 0x7 == 2, strlen of src is 10, 11, 12.
- Destination address & 0x7 == 3, strlen of src is 9, 10, 11.
- Destination address & 0x7 == 4, strlen of src is 8, 9, 10.
In these cases, the dest alignment code does a ldr which reads 4 bytes,
and it will read past the end of the source. In most cases, this is
probably benign, but if this crosses into a new page it could cause a
crash.
Fix the labels in the cortex-a9 strcat.
Modify the overread test to vary the dst alignment to expost this bug.
Also, shrink the strcat/strlcat overread cases since the dst alignment
variation increases the runtime too much.
Bug: 24345899
Change-Id: Ib34a559bfcebd89861985b29cae6c1e47b5b5855
Until we implement full support for passwd/group files, add a simple
way to use the new OEM UID/GID range (5000-5999).
oem_XXX -> 5000 + XXX iff 0 <= XXX < 1000.
Bug: 23225475
Change-Id: If48b88135d5df538313414f747d6c4c63bf0a103
The comment about "other stuff" referred to pre-uapi headers. Everything
in the current <linux/udp.h> should be exposed to userspace. The only
problem is that BSD and Linux use different names for the members of
struct udphdr. We can move the Linux udphdr out of the way and use an
anonymous union to get the best of both worlds. (Though unfortunately
this means that code that includes <linux/udp.h> directly instead of
using <netinet/udp.h> now won't have any definition of struct udphdr.
We've taken the stance in the past that you shouldn't include a linux/
header if there's a standard equivalent --- you should rely on us
transitively including it for you.)
Change-Id: Ie625892441b0edd8df3b76d3fcf2cbe299077bc4
Reuse the top bits of _JB_SIGFLAG field previously used to store a
boolean to store a cookie that's validated by [sig]longjmp to make it
harder to use as a ROP gadget. Additionally, encrypt saved registers
with the cookie so that an attacker can't modify a register's value to
a specific value without knowing the cookie.
Bug: http://b/23942752
Change-Id: Id0eb8d06916e89d5d776bfcaa9458f8826717ba3
For previous way to get the stack using the [stack] string from
/proc/self/task/<pid>/maps is not enough. On x86/x86_64, if an
alternative signal stack is used while a task switch happens,
the [stack] indicator may no longer be correct.
Instead, stack_start from /proc/self/stat which is always inside
the main stack, is used to find the main stack in /proc/self/maps.
Change-Id: Ieb010e71518b57560d541cd3b3563e5aa9660750
Signed-off-by: Nitzan Mor-sarid <nitzan.mor-sarid@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
Don't pass the parent load's dlextinfo to dependent loads, since this
causes the linker to try to load the dependencies using the same
addresses/relro/fds/etc as the main library, which is never going to
work. This was how it worked before ae69a95 which broke this.
Bug: http://b/23742664
Bug: http://b/20948231
Bug: http://b/20841817
Change-Id: I340ebae1127666d5c6c6f9c6521b89fb93f15bdd
bionic is built without _FILE_OFFSET_BITS=64, so internally regoff_t
was 32-bit on LP32, but code compiled with _FILE_OFFSET_BITS would
expect rm_so and rm_eo in struct regmatch_t to be 64-bit, leading to
confusion.
Bug: http://b/23566443
Change-Id: Iae92fa545104068e4f64ce1977f5ec616859638c
These are just based on the read/pread{,64} implementations with the
function calls and error messages adjusted as appropriate. The only
difference is that the buffer parameters are const.
Change-Id: Ida1597a903807f583f230d74bcedffdb7b24fcf6
This test should pass with gcc and fail with clang,
until clang/llvm supports emutls or Android linker supports
ELF TLS models.
BUG: 21082792
Change-Id: Id8c97da52c68ec230c7d26af703f6ed32d53a4fe
A __size_mul_overflow utility is used to take advantage of the checked
overflow intrinsics in Clang and GCC (>= 5). The fallback for older
compilers is the optimized but less than ideal overflow checking pattern
used in OpenBSD.
Change-Id: Ibb0d4fd9b5acb67983e6a9f46844c2fd444f7e69
Now we have split CXX_WRAPPER from TARGET_CXX and CXX_BARE isn't needed
any more.
Bug: 22612634
Change-Id: I52c78b0d1b325910e875a786d17f780731778b4b
(cherry-pick from commit 9d11a7087c)
Upstream clang has a new diagnostic, '-Wmismatched-new-delete' to
generate a warning (that becomes an error with -Werror) when delete is
used to deallocate pointers created with 'new[]'. This patch fixes
'delete's that trigger this warning/error.
Change-Id: Id7b6f6c2df3e860e576de55e2f61f3d2be3a3986
When dlopen-ing a library, add the caller's DT_RUNPATH to the directory search
list. This fixes dlfcn.dt_runpath in bionic-unit-tests-glibc(32|64).
Bug: 21899363
Change-Id: Ife6a7e192939292cf4dc291b7e6b95945761cde3
1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
personality value.
3. Set personality for static executables.
Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
(cherry picked from commit f643eb38c3)
Clang/llvm x86_64 configuration of long double is still
incompatible with gcc.
https://llvm.org/bugs/show_bug.cgi?id=23897
BUG: 21899249
Change-Id: I47fd6d0ce2daa84ae0035e7885a4d90e4c3056f7
