Commit graph

11 commits

Author SHA1 Message Date
Nick Kralevich
a641c18f0c libc: Rename fortify error functions.
__umask_error -> __umask_invalid_mode
__creat_error -> __creat_missing_mode
__too_many_args_error -> __creat_too_many_args

Change-Id: I4036f344a3a93628e70f2e948ad73cfed3a967ea
2013-06-18 13:07:18 -07:00
Nick Kralevich
16d1af167f libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.

This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:

* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)

It may be possible, in the future, to enable other functions. However,
I need to write unittests first.

For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.

I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.

I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.

Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-18 12:14:20 -07:00
Nick Kralevich
b24c0637d0 libc: Introduce __errordecl()
Define __errordecl and replace __attribute__((__error__("foo")))
with __errordecl. Make sure __errordecl is a no-op on clang, as it
generates a compile time warning.

Change-Id: Ifa1a2d3afd6881de9d479fc2adac6737871a2949
2013-06-18 12:13:52 -07:00
Elliott Hughes
890c8ed6ef Fix builds where _FORTIFY_SOURCE is off.
Also add a more intention-revealing guard so we don't have loads of
places checking whether our inlining macro is defined.

Change-Id: I168860cedcfc798b07a5145bc48a125700265e47
2013-03-22 10:58:55 -07:00
Nick Kralevich
829c089f83 disable _FORTIFY_SOURCE under clang
Clang and _FORTIFY_SOURCE are just plain incompatible with
each other.  First of all, clang doesn't understand the
__attribute__((gnu_inline)) header. Second of all,
Clang doesn't have support for __builtin_va_arg_pack()
and __builtin_va_arg_pack_len() (see
http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc)

Until we can resolve these issues, don't even try using
_FORTIFY_SOURCE under clang.

Change-Id: I81c2b8073bb3276fa9a4a6b93c427b641038356a
2012-08-29 12:47:41 -07:00
Nick Kralevich
a3e230d1fa FORTIFY_SOURCE: Add openat, fix bug
Add fortify_source support for openat(). This change requires that
an argument be supplied when using O_CREAT.

Fix unnecessary call to __open_2. If, at compile time, we know that
"flags" is constant and DOESN'T contain O_CREAT, the call to __open_2
is useless.

Change-Id: Ifcd29c4fb25e25656961d7552d672e161f0cfdbd
2012-07-09 12:30:40 -07:00
Nick Kralevich
8118f62a7d FORTIFY_SOURCE: add open() checks
Add a FORTIFY_SOURCE check which requires that you pass a
"mode" argument when calling open(..., O_CREAT). If a mode isn't
passed, then the file is created with "undefined" permissions.

Change-Id: I4427be4f9ce170c69da01af5b00fb05b03613a28
2012-06-26 15:19:12 -07:00
David 'Digit' Turner
00eea3f8a0 libc: add missing O_CLOEXEC from <fcntl.h>
Change-Id: Ie7ad57898e67800a9fe92bb52589d67ec30e1cd9
2010-09-27 17:33:40 +02:00
The Android Open Source Project
1dc9e472e1 auto import from //depot/cupcake/@135843 2009-03-03 19:28:35 -08:00
The Android Open Source Project
1767f908af auto import from //depot/cupcake/@135843 2009-03-03 18:28:13 -08:00
The Android Open Source Project
a27d2baa0c Initial Contribution 2008-10-21 07:00:00 -07:00