Commit graph

19 commits

Author SHA1 Message Date
Elliott Hughes
a8cd731c2b Remove historical cruft.
We're definitely on a new enough clang now...

Change-Id: I7ec4ad0e78872edbde05a31574dd78f219bb115c
2024-05-01 22:43:31 +00:00
zijunzhao
5a918d922b Nullability check for stdlib module.
Bugs: b/245972273
Test: None

Change-Id: Ib33a5359a924c21888f268158c4d7f824740dd55
2022-12-02 21:00:02 +00:00
Chih-Hung Hsieh
9935aa7a27 Add/allow clang-14 warnings.
* -Wstatic-in-inline found in
  libm/upstream-freebsd/lib/msun/src/s_lround.c

Test: mm in bionic/tests
Bug: 201432564
Bug: 202752322
Change-Id: I4d506fa539ab0de939d85924a5fd9a61644e4fb0
2021-10-11 12:37:56 -07:00
Elliott Hughes
141b917018 Switch to libbase SilentDeathTest.
Bug: http://b/184955378
Test: treehugger
Change-Id: Ie0849224074da92203340a741a86a24a4a3702c2
2021-04-12 10:01:20 -07:00
Elliott Hughes
61d0706507 Use death tests correctly.
The existing attempt at a death test wrapper wasn't functional (because
the tests were TEST rather than TEST_F), and the code in that class
doesn't work anyway. Since I don't understand the intent behind the
failing dup2() calls, I've just removed this and replaced it with
BionicDeathTest which we do need to suppress all the debuggerd work
which caused this bug to be filed.

Bug: http://b/180605583
Test: treehugger
Change-Id: I7717f7ae2620452656cf07db299774dadef55766
2021-02-18 17:17:27 -08:00
Elliott Hughes
cfd8f581fa Cleanup for #inclusivefixit.
The comment and pragma for GCC genuinely don't seem to be needed for
Clang.

Clarify the comment about the two ways in which clang_fortify_tests.cpp
is used.

Test: treehugger
Change-Id: Icb48a5848c005104ab2d2456da3978bbaf7e158c
2020-07-23 13:41:53 -07:00
Yabin Cui
ae1745d375 Fix foritfy test for clang update.
When doing checkbuild for make_fortify_compile_test.mk:
bionic/tests/clang_fortify_tests.cpp
error: 'error' diagnostics seen but not expected:
  Line 171: 'mempcpy' will always overflow; destination buffer has size 8, but size argument is 9
1 error generated.

Bug: 149839606
Test: run checkbuild.
Change-Id: I97371600f6183b5cee8c2a6b976f5bf33e1f781d
2020-04-17 19:07:36 +00:00
George Burgess IV
8a4414ef9c fortify: remove pragma diagnostic error from tests
This was necessary because we weren't doing -Werror=fortify-source
everywhere. As of I2715ea411ef067f801534dab4d306fef5431f290, we should
be doing this.

Bug: 131861088
Test: mma
Change-Id: I00d499938ae24c3870760470576d6be603fbecd1
2019-09-19 15:23:45 -07:00
George Burgess IV
36926f4ca8 fortify: account for new clang diagnostics
Clang recently grew its own diagnostics for memcpy and such. These are
generally higher-quality than what we can do with diagnose_if, since
clang is happy to include e.g., sizes of things per-callsite. Move to
those instead where applicable.

Bug: 131861088, 123644155
Test: blueline internal-master checkbuild; treehugger
Change-Id: I701f5a8b247ba2948ca47fdc60ff5198b564c03e
2019-09-16 12:48:04 -07:00
Yi Kong
bf67ea5426 Adapt tests due to the new Clang fortify-source warning
https://reviews.llvm.org/D58797 added several new compile time
_FORTIFY_SOURCE diagnostics. This broke clang_fortify_tests:

FAILED: out/target/product/walleye/obj/STATIC_LIBRARIES/bionic-compile-time-tests2-clang++_intermediates/clang_fortify_tests.o
error: 'warning' diagnostics seen but not expected:
  Line 159: 'memcpy' will always overflow; destination buffer has size 8, but size argument is 9
  Line 161: 'memmove' will always overflow; destination buffer has size 8, but size argument is 9
  Line 165: 'memset' will always overflow; destination buffer has size 8, but size argument is 9
  Line 183: 'strncpy' size argument is too large; destination buffer has size 8, but size argument is 9
  Line 185: 'stpncpy' size argument is too large; destination buffer has size 8, but size argument is 9
  Line 189: 'strncat' size argument is too large; destination buffer has size 8, but size argument is 9
  Line 227: 'strncpy' size argument is too large; destination buffer has size 4, but size argument is 5
  Line 232: 'stpncpy' size argument is too large; destination buffer has size 4, but size argument is 5
  Line 242: 'strncat' size argument is too large; destination buffer has size 4, but size argument is 5
  Line 490: 'snprintf' size argument is too large; destination buffer has size 8, but size argument is 9
  Line 495: 'vsnprintf' size argument is too large; destination buffer has size 8, but size argument is 9
error: 'note' diagnostics seen but not expected:
  File bionic/libc/include/bits/fortify/fcntl.h Line 50: 'open' has been explicitly marked unavailable here
  File bionic/libc/include/bits/fortify/fcntl.h Line 102: 'open64' has been explicitly marked unavailable here
  File bionic/libc/include/bits/fortify/fcntl.h Line 75: 'openat' has been explicitly marked unavailable here
  File bionic/libc/include/bits/fortify/fcntl.h Line 121: 'openat64' has been explicitly marked unavailable here
  File bionic/libc/include/bits/fortify/stdio.h Line 68: 'sprintf' has been explicitly marked unavailable here
16 errors generated.

Bug: 131328001
Bug: 138701853
Test: Build with r365631 toolchain
Change-Id: I103ecb7b3abcf4b5cfc4f36ccab69e03d0976275
2019-08-05 11:48:47 -07:00
George Burgess IV
261b7f4867 fortify: replace bzero/bcmp defines
__builtin_*_chk will emit warnings when things are trivially broken.
Emitting errors instead is probably better (and we can be a bit smarter
about how we emit code for trivially safe cases.)

Bug: 131861088
Test: checkbuild + bionic-unit-tests on blueline
Change-Id: I33957ad419922d0760304758ecb9bc8ad33e0b64
2019-06-20 13:05:23 -07:00
George Burgess IV
849c0b9f51 fortify: add __mempcpy_chk
Bug: 131861088
Test: mma + bionic-unit-tests on blueline
Change-Id: I02f8f87d5db0ba5fecec410da32f6ffa2c98ef57
2019-06-13 23:29:37 -07:00
George Burgess IV
74519e7aa5 fortify: fix overflow checks in unistd
We should only be calling _real versions of the functions that use this
if the input size is verifiably <= SSIZE_MAX. Otherwise, just fall
through to _chk and let that handle it.

Bug: 131861088
Test: mma && bionic-unit-tests
Change-Id: Iba04e486ef91ea1b3539ab6df6260429264e66b4
2019-06-13 23:26:02 -07:00
George Burgess IV
26d25a22e2 fortify: add even more warnings
Bug: 131861088
Test: mma
Change-Id: I557309b3e25b54321ee1fe0207f18b6e840bf76e
2019-06-13 23:26:02 -07:00
George Burgess IV
8c0ec114c5 fortify: fix up a few diagnostics; add __wur to realpath
As it says on the box.

Since realpath isn't a function definition, any attributes it provides
here just add to the "regular" realpath.

__wur is being added to realpath because it returns NULL on failure, and
the contents of the input buffer are undefined in that case. A blueline
checkbuild showed 0 complaints about this new __wur, so it seems
harmless to add.

Bug: 131861088
Test: mma
Change-Id: If5f47e0e290d86df69c0888711e29775c390fca4
2019-06-13 23:26:02 -07:00
George Burgess IV
2356c93d39 fortify: add bit checking for open(at)?64 functions
This also adds _2-variants for these functions, for extra glorious
checking

Bug: 131861088
Test: mma
Change-Id: I80475ff4bb220c0c47894e9532426f53412f176f
2019-06-13 23:26:02 -07:00
George Burgess IV
77f99aaf58 fortify: add diagnostics for str* functions
This CL allows us to diagnose string functions that get an explicit size
passed into them, and string functions that are trivially misused.

Bug: 131861088
Test: mma
Change-Id: I894aec99420a75c6474cfd7d5010f0cf2f10ab21
2019-06-13 23:26:02 -07:00
George Burgess IV
06bb4ce8de fortify: fix tests on x86_64
My declval hack failed on x86_64 with:

```
substitution failure [with T = __va_list_tag [1]]: function cannot
return array type '__va_list_tag [1]'
```

...Because the type of va_list is compiler magic, it's fine for it to be
whatever the compiler wants it to be. Thankfully, pointers to arrays can
be returned, so let's use those instead.

Bug: 135210098
Test: mma on aosp_blueline-eng and aosp_x86_64-eng; the latter was
      failing before this patch.

Change-Id: Iefd57c0f8e823653fd70633fb6ee75cfc0022430
2019-06-13 15:18:16 -07:00
George Burgess IV
9a2741010a fortify: import tests from Chrome OS
Chrome OS has a fairly extensive FORTIFY test suite for both
compile-time and run-time diagnostics. It covers tons of edge cases, and
conveniently centralizes diagnostic and death testing.

A fair amount of it has been ifdef'ed out, since Bionic doesn't yet
diagnose (or crash on) some of these things. The intent is to explicitly
declare defeat on the things we don't care to FORTIFY, and slowly fix
the rest in easier-to-digest CLs.

Once that's done, we might be able to look into retiring some of the
FORTIFY testing that we don't share with the CrOS folks.

Bug: 131861088
Test: mma + bionic-unit-tests on blueline

Change-Id: I16734ea0769e03cf658ef10532d64f28fdb36a89
2019-06-10 12:46:49 -07:00