This reverts commit 1946856b1f.
This goes back to the original scheme of PROT_NONEing a page within
libc. Allocating a new page didn't fail safe for cases where these
functions are called from the dynamic linker.
Bug: http://b/22568628
Change-Id: I3e7241c8b54c27ea4a898bc952375c1e9ae38c80
Global, writable function pointers are low-hanging fruit for hijacking
control flow with an overflow from a global buffer or an arbitrary write
vulnerability. This moves the function pointer table into a dedicated
page and makes it read-only at runtime, similar to RELRO.
This increases the memory usage of the library by just under one page.
This could be avoided by having the linker load the vdso by replacing
weak symbols. It's not significant within the Zygote spawning model
though because it's read-only after early init.
Change-Id: Id7a49c96c1b15c2e1926528304b3c54a81e78caf
If a map has a non-zero vaddr then it needs to be added to the
computed relative offset.
Bug: 22532054
Change-Id: If55015165d25ecc4b530f674b481c8c7ef760a23
Sorry, I undertested my previous change and these guys somehow sneaked in.
This only affects SANITIZE_TARGET builds.
Change-Id: Id6986d89fa3d4965339f7b6fe973e9db73b380da
Setup a /system/bin/linker_asan as a symlink to "linker".
Read the linker name from PT_INTERP, and if it is linker_asan,
switch default library lookup paths to the ASan set, which
starts with the path to the instrumented libraries
(/data/lib), followed by /system/lib as a fallback.
This ensures that ASan binaries prefer ASan libraries, when
available. This approach is way better then RPATH/RUNPATH and even
better than LD_LIBRARY_PATH:
- RUNPATH is per-DSO, while default paths are global.
- LD_LIBRARY_PATH is overwritten by android_update_LD_LIBRARY_PATH.
- neither RUNPATH nor LD_LIBRARY_PATH appear in
android_get_LD_LIBRARY_PATH which is used to build java.lang.path.
Having ASan libraries in java.lang.path is a good thing.
Bug: 22355945
Change-Id: I1d2791fbf5740618f18f71a3ae3d873714669d3f
There is a deadlock if holding the hash table lock while trying to do
a backtrace. Change the code so that the hash table lock is only held
while actually modifying either g_hash_table, or while modifying an
entry from g_hash_table.
Bug: 22423683
(cherry picked from commit 9fee99b060)
Change-Id: I72173bfe6f824ceaceea625c24e7851b87467135
LP64 is immune because basename_r is hidden there, but on LP32 a basename_r
defined in the executable breaks basename because its call to basename_r
will resolve to that one rather than the one in libc.
Bug: http://b/22415484
Change-Id: Ied3ca7ad3fb0e744eb705fc924743f893b4ad490
Upstream clang has a new diagnostic, '-Wmismatched-new-delete' to
generate a warning (that becomes an error with -Werror) when delete is
used to deallocate pointers created with 'new[]'. This patch fixes
'delete's that trigger this warning/error.
Change-Id: Id7b6f6c2df3e860e576de55e2f61f3d2be3a3986
When there is arm assembler of this format:
ldmxx sp!, {..., lr} or pop {..., lr}
bx lr
It can be replaced with:
ldmxx sp!, {..., pc} or pop {..., pc}
Change-Id: Ic27048c52f90ac4360ad525daf0361a830dc22a3
When dlopen-ing a library, add the caller's DT_RUNPATH to the directory search
list. This fixes dlfcn.dt_runpath in bionic-unit-tests-glibc(32|64).
Bug: 21899363
Change-Id: Ife6a7e192939292cf4dc291b7e6b95945761cde3
libchrome uses __USE_XOPEN2K8 to decide whether futimens is
available. That's perhaps not the best idea, but there are other
cases where we defined the same feature macros as glibc to aid
portability.
Change-Id: Ie6e04cb181d88698d618e7dbd26cd347a6bf076c
In the serialized output from netd, the strings come first. Some code
assumes -- reasonably enough -- that it can do unaligned reads of pointers,
so we need to ensure alignment after all the strings.
(cherrypick of 65dd858239c4e32a5a1afbc14ac30dbcdd2a50a3.)
Bug: http://b/21192318
Change-Id: I456639127db9a2583f7f738e6b8103375d9387fd
