95c6cd753f
Historically we've made a few mistakes where they haven't matched the right number. And most non-Googlers are much more familiar with the numbers, so it seems to make sense to rely more on them. Especially in header files, which we actually expect real people to have to read from time to time. Test: treehugger Change-Id: I0d4a97454ee108de1d32f21df285315c5488d886
218 lines
8.4 KiB
C
218 lines
8.4 KiB
C
/*
|
|
* Copyright (C) 2017 The Android Open Source Project
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
|
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
#ifndef _UNISTD_H_
|
|
#error "Never include this file directly; instead, include <unistd.h>"
|
|
#endif
|
|
|
|
char* __getcwd_chk(char*, size_t, size_t) __INTRODUCED_IN(24);
|
|
|
|
ssize_t __pread_chk(int, void*, size_t, off_t, size_t) __INTRODUCED_IN(23);
|
|
ssize_t __pread_real(int, void*, size_t, off_t) __RENAME(pread);
|
|
|
|
ssize_t __pread64_chk(int, void*, size_t, off64_t, size_t) __INTRODUCED_IN(23);
|
|
ssize_t __pread64_real(int, void*, size_t, off64_t) __RENAME(pread64);
|
|
|
|
ssize_t __pwrite_chk(int, const void*, size_t, off_t, size_t) __INTRODUCED_IN(24);
|
|
ssize_t __pwrite_real(int, const void*, size_t, off_t) __RENAME(pwrite);
|
|
|
|
ssize_t __pwrite64_chk(int, const void*, size_t, off64_t, size_t) __INTRODUCED_IN(24);
|
|
ssize_t __pwrite64_real(int, const void*, size_t, off64_t) __RENAME(pwrite64);
|
|
|
|
ssize_t __read_chk(int, void*, size_t, size_t) __INTRODUCED_IN(21);
|
|
ssize_t __write_chk(int, const void*, size_t, size_t) __INTRODUCED_IN(24);
|
|
ssize_t __readlink_chk(const char*, char*, size_t, size_t) __INTRODUCED_IN(23);
|
|
ssize_t __readlinkat_chk(int dirfd, const char*, char*, size_t, size_t) __INTRODUCED_IN(23);
|
|
|
|
#if defined(__BIONIC_FORTIFY)
|
|
|
|
#if defined(__USE_FILE_OFFSET64)
|
|
#define __PREAD_PREFIX(x) __pread64_ ## x
|
|
#define __PWRITE_PREFIX(x) __pwrite64_ ## x
|
|
#else
|
|
#define __PREAD_PREFIX(x) __pread_ ## x
|
|
#define __PWRITE_PREFIX(x) __pwrite_ ## x
|
|
#endif
|
|
|
|
#define __error_if_overflows_ssizet(what, fn) \
|
|
__clang_error_if((what) > SSIZE_MAX, "in call to '" #fn "', '" #what "' must be <= SSIZE_MAX")
|
|
|
|
#define __error_if_overflows_objectsize(what, objsize, fn) \
|
|
__clang_error_if(__bos_unevaluated_lt((objsize), (what)), \
|
|
"in call to '" #fn "', '" #what "' bytes overflows the given object")
|
|
|
|
#define __bos_trivially_ge_no_overflow(bos_val, index) \
|
|
((__bos_dynamic_check_impl_and((bos_val), >=, (index), (bos_val) <= SSIZE_MAX) && \
|
|
__builtin_constant_p(index) && (index) <= SSIZE_MAX))
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
char* getcwd(char* const __pass_object_size buf, size_t size)
|
|
__overloadable
|
|
__error_if_overflows_objectsize(size, __bos(buf), getcwd) {
|
|
#if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos(buf);
|
|
|
|
if (!__bos_trivially_ge(bos, size)) {
|
|
return __getcwd_chk(buf, size, bos);
|
|
}
|
|
#endif
|
|
return __call_bypassing_fortify(getcwd)(buf, size);
|
|
}
|
|
|
|
#if !defined(__USE_FILE_OFFSET64)
|
|
__BIONIC_FORTIFY_INLINE
|
|
ssize_t pread(int fd, void* const __pass_object_size0 buf, size_t count, off_t offset)
|
|
__overloadable
|
|
__error_if_overflows_ssizet(count, pread)
|
|
__error_if_overflows_objectsize(count, __bos0(buf), pread) {
|
|
#if __ANDROID_API__ >= 23 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos0(buf);
|
|
|
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
|
return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos);
|
|
}
|
|
#endif
|
|
return __PREAD_PREFIX(real)(fd, buf, count, offset);
|
|
}
|
|
#endif /* !defined(__USE_FILE_OFFSET64) */
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
ssize_t pread64(int fd, void* const __pass_object_size0 buf, size_t count, off64_t offset)
|
|
__overloadable
|
|
__error_if_overflows_ssizet(count, pread64)
|
|
__error_if_overflows_objectsize(count, __bos0(buf), pread64) {
|
|
#if __ANDROID_API__ >= 23 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos0(buf);
|
|
|
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
|
return __pread64_chk(fd, buf, count, offset, bos);
|
|
}
|
|
#endif
|
|
return __pread64_real(fd, buf, count, offset);
|
|
}
|
|
|
|
#if !defined(__USE_FILE_OFFSET64)
|
|
__BIONIC_FORTIFY_INLINE
|
|
ssize_t pwrite(int fd, const void* const __pass_object_size0 buf, size_t count, off_t offset)
|
|
__overloadable
|
|
__error_if_overflows_ssizet(count, pwrite)
|
|
__error_if_overflows_objectsize(count, __bos0(buf), pwrite) {
|
|
#if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos0(buf);
|
|
|
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
|
return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos);
|
|
}
|
|
#endif
|
|
return __PWRITE_PREFIX(real)(fd, buf, count, offset);
|
|
}
|
|
#endif /* !defined(__USE_FILE_OFFSET64) */
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
ssize_t pwrite64(int fd, const void* const __pass_object_size0 buf, size_t count, off64_t offset)
|
|
__overloadable
|
|
__error_if_overflows_ssizet(count, pwrite64)
|
|
__error_if_overflows_objectsize(count, __bos0(buf), pwrite64) {
|
|
#if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos0(buf);
|
|
|
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
|
return __pwrite64_chk(fd, buf, count, offset, bos);
|
|
}
|
|
#endif
|
|
return __pwrite64_real(fd, buf, count, offset);
|
|
}
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
ssize_t read(int fd, void* const __pass_object_size0 buf, size_t count)
|
|
__overloadable
|
|
__error_if_overflows_ssizet(count, read)
|
|
__error_if_overflows_objectsize(count, __bos0(buf), read) {
|
|
#if __ANDROID_API__ >= 21 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos0(buf);
|
|
|
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
|
return __read_chk(fd, buf, count, bos);
|
|
}
|
|
#endif
|
|
return __call_bypassing_fortify(read)(fd, buf, count);
|
|
}
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
ssize_t write(int fd, const void* const __pass_object_size0 buf, size_t count)
|
|
__overloadable
|
|
__error_if_overflows_ssizet(count, write)
|
|
__error_if_overflows_objectsize(count, __bos0(buf), write) {
|
|
#if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos0(buf);
|
|
|
|
if (!__bos_trivially_ge_no_overflow(bos, count)) {
|
|
return __write_chk(fd, buf, count, bos);
|
|
}
|
|
#endif
|
|
return __call_bypassing_fortify(write)(fd, buf, count);
|
|
}
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
ssize_t readlink(const char* path, char* const __pass_object_size buf, size_t size)
|
|
__overloadable
|
|
__error_if_overflows_ssizet(size, readlink)
|
|
__error_if_overflows_objectsize(size, __bos(buf), readlink) {
|
|
#if __ANDROID_API__ >= 23 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos(buf);
|
|
|
|
if (!__bos_trivially_ge_no_overflow(bos, size)) {
|
|
return __readlink_chk(path, buf, size, bos);
|
|
}
|
|
#endif
|
|
return __call_bypassing_fortify(readlink)(path, buf, size);
|
|
}
|
|
|
|
#if __ANDROID_API__ >= 21
|
|
__BIONIC_FORTIFY_INLINE
|
|
ssize_t readlinkat(int dirfd, const char* path, char* const __pass_object_size buf, size_t size)
|
|
__overloadable
|
|
__error_if_overflows_ssizet(size, readlinkat)
|
|
__error_if_overflows_objectsize(size, __bos(buf), readlinkat) {
|
|
#if __ANDROID_API__ >= 23 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
|
|
size_t bos = __bos(buf);
|
|
|
|
if (!__bos_trivially_ge_no_overflow(bos, size)) {
|
|
return __readlinkat_chk(dirfd, path, buf, size, bos);
|
|
}
|
|
#endif
|
|
return __call_bypassing_fortify(readlinkat)(dirfd, path, buf, size);
|
|
}
|
|
#endif /* __ANDROID_API__ >= 21 */
|
|
|
|
#undef __bos_trivially_ge_no_overflow
|
|
#undef __enable_if_no_overflow_ssizet
|
|
#undef __error_if_overflows_objectsize
|
|
#undef __error_if_overflows_ssizet
|
|
#undef __PREAD_PREFIX
|
|
#undef __PWRITE_PREFIX
|
|
#endif /* defined(__BIONIC_FORTIFY) */
|