platform_bionic/libc/private/bionic_fortify.h
Elliott Hughes b83d6747fa Improve FORTIFY failure diagnostics.
Our FORTIFY _chk functions' implementations were very repetitive and verbose
but not very helpful. We'd also screwed up and put the SSIZE_MAX checks where
they would never fire unless you actually had a buffer as large as half your
address space, which probably doesn't happen very often.

Factor out the duplication and take the opportunity to actually show details
like how big the overrun buffer was, or by how much it was overrun.

Also remove the obsolete FORTIFY event logging.

Also remove the unused __libc_fatal_no_abort.

This change doesn't improve the diagnostics from the optimized assembler
implementations.

Change-Id: I176a90701395404d50975b547a00bd2c654e1252
2016-02-26 22:06:17 -08:00

69 lines
2.8 KiB
C

/*
* Copyright (C) 2016 The Android Open Source Project
* All rights reserved.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* * Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* * Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
* the documentation and/or other materials provided with the
* distribution.
*
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#include "private/libc_logging.h"
#include <poll.h> // For struct pollfd.
#include <sys/select.h> // For struct fd_set.
//
// Common helpers.
//
static inline void __check_fd_set(const char* fn, int fd, size_t set_size) {
if (__predict_false(fd < 0)) {
__fortify_fatal("%s: file descriptor %d < 0", fn, fd);
}
if (__predict_false(fd >= FD_SETSIZE)) {
__fortify_fatal("%s: file descriptor %d >= FD_SETSIZE %zu", fn, fd, set_size);
}
if (__predict_false(set_size < sizeof(fd_set))) {
__fortify_fatal("%s: set size %zu is too small to be an fd_set", fn, set_size);
}
}
static inline void __check_pollfd_array(const char* fn, size_t fds_size, nfds_t fd_count) {
size_t pollfd_array_length = fds_size / sizeof(pollfd);
if (__predict_false(pollfd_array_length < fd_count)) {
__fortify_fatal("%s: %zu-element pollfd array too small for %u fds",
fn, pollfd_array_length, fd_count);
}
}
static inline void __check_count(const char* fn, const char* identifier, size_t value) {
if (__predict_false(value > SSIZE_MAX)) {
__fortify_fatal("%s: %s %zu > SSIZE_MAX", fn, identifier, value);
}
}
static inline void __check_buffer_access(const char* fn, const char* action,
size_t claim, size_t actual) {
if (__predict_false(claim > actual)) {
__fortify_fatal("%s: prevented %zu-byte %s %zu-byte buffer", fn, claim, action, actual);
}
}