This bug will happen when these circumstances are met:
- Destination address & 0x7 == 1, strlen of src is 11, 12, 13.
- Destination address & 0x7 == 2, strlen of src is 10, 11, 12.
- Destination address & 0x7 == 3, strlen of src is 9, 10, 11.
- Destination address & 0x7 == 4, strlen of src is 8, 9, 10.
In these cases, the dest alignment code does a ldr which reads 4 bytes,
and it will read past the end of the source. In most cases, this is
probably benign, but if this crosses into a new page it could cause a
crash.
Fix the labels in the cortex-a9 strcat.
Modify the overread test to vary the dst alignment to expost this bug.
Also, shrink the strcat/strlcat overread cases since the dst alignment
variation increases the runtime too much.
Bug: 24345899
Change-Id: Ib34a559bfcebd89861985b29cae6c1e47b5b5855
Unfortunately --exclude-libs (now passed globally) clobbers our
version script, so we have to prevent the build system from using this
flag.
Bug: http://b/24166967
Change-Id: I33c766d399c418fdc17983c8c0a56608d463201e
Until we implement full support for passwd/group files, add a simple
way to use the new OEM UID/GID range (5000-5999).
oem_XXX -> 5000 + XXX iff 0 <= XXX < 1000.
Bug: 23225475
Change-Id: If48b88135d5df538313414f747d6c4c63bf0a103
In particular, we don't need to record the peculiarities of every
version of GCC ever shipped. It just makes this file harder to follow.
Change-Id: Ie9035d78eae86b4aed9dff3576c6f54e268aaced
The comment about "other stuff" referred to pre-uapi headers. Everything
in the current <linux/udp.h> should be exposed to userspace. The only
problem is that BSD and Linux use different names for the members of
struct udphdr. We can move the Linux udphdr out of the way and use an
anonymous union to get the best of both worlds. (Though unfortunately
this means that code that includes <linux/udp.h> directly instead of
using <netinet/udp.h> now won't have any definition of struct udphdr.
We've taken the stance in the past that you shouldn't include a linux/
header if there's a standard equivalent --- you should rely on us
transitively including it for you.)
Change-Id: Ie625892441b0edd8df3b76d3fcf2cbe299077bc4
MIPS and the rest of the world only disagree on the first two SOCK_*
constants, so restructure the #ifdef accordingly.
As a deliberate side effect, this fixes SOCK_DCCP being missing on
non-MIPS platforms.
Change-Id: I2267008f1121a7eebe1ed9097afab6e612bce7f0
Signed-off-by: Greg Hackmann <ghackmann@google.com>
Linux's scsi headers are a mix of userspace-facing and kernel-facing
declarations that can't be directly used by userspace. The glibc
maintainers manually copy-and-pasted these definitions into their own
scsi headers and haven't substantially updated them in 15 years. musl
has a similar set of definitions in its scsi headers.
This change generates the scsi headers from external/kernel-headers,
using the updated generation script so that the single modified scsi.h
takes the place of the non-modified one.
Change-Id: Ic14d155aa534b0edc1ee686d61113ce5cdf0e6af
This changes the scripts so that if some kernel files exists
in external/kernel-headers/modified, that they will be preferred
over the same files found in original. This is to support the case
where the kernel headers cannot be taken without some small modifications.
Included with this change, is a general cleanup of the python scripts.
This also modifies the generate uapi headers script to indicate if the
source of the modified headers has changed.
Change-Id: Id13523b244ced52a2ecd9f1399c43996dd8296fa
Reuse the top bits of _JB_SIGFLAG field previously used to store a
boolean to store a cookie that's validated by [sig]longjmp to make it
harder to use as a ROP gadget. Additionally, encrypt saved registers
with the cookie so that an attacker can't modify a register's value to
a specific value without knowing the cookie.
Bug: http://b/23942752
Change-Id: Id0eb8d06916e89d5d776bfcaa9458f8826717ba3
For previous way to get the stack using the [stack] string from
/proc/self/task/<pid>/maps is not enough. On x86/x86_64, if an
alternative signal stack is used while a task switch happens,
the [stack] indicator may no longer be correct.
Instead, stack_start from /proc/self/stat which is always inside
the main stack, is used to find the main stack in /proc/self/maps.
Change-Id: Ieb010e71518b57560d541cd3b3563e5aa9660750
Signed-off-by: Nitzan Mor-sarid <nitzan.mor-sarid@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_socket.h.html
> CMSG_DATA(cmsg)
> If the argument is a pointer to a cmsghdr structure, this macro
> shall return an unsigned character pointer to the data array
> associated with the cmsghdr structure.
Change-Id: I3f89ba19cbca4e6727abc65a2bbcd59267892ba8
