Add support for fortify source level 2 to strncpy.
This will enable detection of more areas where strncpy
is used inappropriately. For example, this would have detected
bug 8727221.
Move the fortify_source tests out of string_test.cpp, and
put it into fortify1_test.cpp.
Create a new fortify2_test.cpp file, which copies all
the tests in fortify1_test.cpp, and adds fortify_source level
2 specific tests.
Change-Id: Ica0fba531cc7d0609e4f23b8176739b13f7f7a83
- eventfd.cpp and eventfd.s will output to the same file when building libc.a
out/target/product/*/obj/STATIC_LIBRARIES/libc_intermediates/WHOLE/libc_common_objs/eventfd.o
- And then `eventfd` will undefined when statically linked to libc.
Also add a unit test.
Change-Id: Ib310ade3256712ca617a90539e8eb07459c98505
We only need one logging API, and I prefer the one that does no
allocation and is thus safe to use in any context.
Also use O_CLOEXEC when opening the /dev/log files.
Move everything logging-related into one header file.
Change-Id: Ic1e3ea8e9b910dc29df351bff6c0aa4db26fbb58
In the old code, the index was a file to itself, so it made sense to
read until you hit the end of the file. In the new code, the index is
followed by hundreds of KiB of data, so we need to just search the
index.
Bug: 8368791
Change-Id: Icf5f8b5516cf3a93679fa849c9f6cd1cb100e0f1
Normally, the C library implicitly caches your timezone by virtue
of the fact that the prehistoric API assumes a single timezone for
the entire process.
The unfortunate mktime_tz and localtime_tz extensions work around
this, but represent timezones as strings to their callers, so code
that makes heavy use of these needs a cache to be able to perform
acceptably until it can hopefully one day be rewritten to use
java.util.Calendar or icu4c.
Bug: 8270865
Change-Id: I92e3964e86dc33ceac925f819cc5e26ff4203f50
This gets us back to using vfork now our ARM vfork assembler stub is
fixed, and adds the missing thread safety for the 'pidlist'.
Bug: 5335385
Change-Id: Ib08bfa65b2cb9fa695717aae629ea14816bf988d
This is actually a slightly newer upstream version than the one I
originally pulled. Hopefully now it's in upstream-freebsd it will
be easier to track upstream, though I still need to sit down and
write the necessary scripts at some point.
Bug: 5110679
Change-Id: I87e563f0f95aa8e68b45578e2a8f448bbf827a33
We could special-case raise(3) in non-threaded programs, but the more
conservative course is to make pthread_kill(3) work in signal handlers
at the cost of a race shared by other C libraries.
Change-Id: I59fb23d03bdabf403435e731704b33acdf3e0234
after change 32822 was rejected, this is the more light-weight
version of the fix: libc/include/sys/types.h already - via
libc/kernel/common/linux/posix_types.h - includes a definition
of __kernel_ssize_t from libc/kernel/arch-*/asm/posix_types.h
which is architecture-specific, toolchain-agnostic and also
gets rid of the gcc -Wformat warning (which it issues correctly,
since this i̲s̲ indeed a bug in bionic)
Change-Id: Ie4503ab16628bc25815a836d07556f665e9795c7
imgtec pointed out that pthread_kill(3) was broken, but most of the
other functions that ought to return ESRCH for invalid/exited threads
were equally broken.
Change-Id: I96347f6195549aee0c72dc39063e6c5d06d2e01f
Fix the pthread_setname_np test to take into account that emulator kernels are
so old that they don't support setting the name of other threads.
The CLONE_DETACHED thread is obsolete since 2.5 kernels.
Rename kernel_id to tid.
Fix the signature of __pthread_clone.
Clean up the clone and pthread_setname_np implementations slightly.
Change-Id: I16c2ff8845b67530544bbda9aa6618058603066d
Now __stack_chk_fail calls abort(3) directly, we terminate with
SIGSEGV rather than SIGABRT. (Because of the workaround for the
debuggerd lossage in the abort(3) implementation, which was the
motivation for switching __stack_chk_fail over to abort(3).)
Also clarify the comment on the weird pthread death test, so it
doesn't get copied and pasted onto real death tests.
Change-Id: Ie832eaded61359c99e7a10db65e28f35e8f63eed
Some build servers are still out of date, so we're better off having
the known quanitity of the consistently out-of-date prebuilt host gcc.
Change-Id: Ib6308ae926ffa1ac5d95efbbf32052344c17a6b8
This reverts commit 6f94de3ca4
(Doesn't try to increase the number of TLS slots; that leads to
an inability to boot. Adds more tests.)
Change-Id: Ia7d25ba3995219ed6e686463dbba80c95cc831ca
MIPS and x86 appear to have been correct already.
(Also fix unit tests that ASSERT_EQ with errno so that the
arguments are in the retarded junit order.)
Bug: 3461078
Change-Id: I2418ea98927b56e15b4ba9cfec97f5e7094c6291
POSIX says pthread_create returns EAGAIN, not ENOMEM.
Also pull pthread_attr_t functions into their own file.
Also pull pthread_setname_np into its own file.
Also remove unnecessary #includes from pthread_key.cpp.
Also account for those pthread keys used internally by bionic,
so they don't count against the number of keys available to user
code. (They do with glibc, but glibc's limit is the much more
generous 1024.)
Also factor out the common errno-restoring idiom to reduce gotos.
Bug: 6702535
Change-Id: I555e66efffcf2c1b5a2873569e91489156efca42
This was originally motivated by noticing that we were setting the
wrong bits for the well-known tls entries. That was a harmless bug
because none of the well-known tls entries has a destructor, but
it's best not to leave land mines lying around.
Also add some missing POSIX constants, a new test, and fix
pthread_key_create's return value when we hit the limit.
Change-Id: Ife26ea2f4b40865308e8410ec803b20bcc3e0ed1
This brings us up to date with FreeBSD HEAD, fixes various bugs, unifies
the set of functions we support on ARM, MIPS, and x86, fixes "long double",
adds ISO C99 support, and adds basic unit tests.
It turns out that our "long double" functions have always been broken
for non-normal numbers. This patch fixes that by not using the upstream
implementations and just forwarding to the regular "double" implementation
instead (since "long double" on Android is just "double" anyway, which is
what BSD doesn't support).
All the tests pass on ARM, MIPS, and x86, plus glibc on x86-64.
Bug: 3169850
Bug: 8012787
Bug: https://code.google.com/p/android/issues/detail?id=6697
Change-Id: If0c343030959c24bfc50d4d21c9530052c581837
Don't do the fortify_source checks if we can determine, at
compile time, that the provided operation is safe.
This avoids silliness like calling fortify source on things like:
size_t len = strlen("asdf");
printf("%d\n", len);
and allows the compiler to optimize this code to:
printf("%d\n", 4);
Defer to gcc's builtin functions instead of pointing our code
to the libc implementation.
Change-Id: I5e1dcb61946461c4afaaaa983e39f07c7a0df0ae
The AT_RANDOM changes broke setuid / setgid executables
such as "ping". When the linker executes a setuid program,
it cleans the environment, removing any invalid environment
entries, and adding "NULL"s to the end of the environment
array for each removed variable. Later on, we try to determine
the location of the aux environment variable, and get tripped
up by these extra NULLs.
Reverting this patch will get setuid executables working again,
but getauxval() is still broken for setuid programs because of
this bug.
This reverts commit e3a49a8661.
Change-Id: I05c58a896b1fe32cfb5d95d43b096045cda0aa4a
Populate the stack canaries from the kernel supplied
AT_RANDOM value, which doesn't involve any system calls.
This is slightly faster (6 fewer syscalls) and avoids
unnecessarily reading /dev/urandom, which depletes entropy.
Bug: 7959813
Change-Id: If2b43100a2a9929666df3de56b6139fed969e0f1
e6e60065ff modified strerror_r to
treat errno as signed. However, the change to the test code
modified the "strerror" test, not the "strerror_r" test.
Make the same change for the strerror_r code.
Change-Id: Ia236a53df5745935e229a4446a74da8bed0cfd7b