2009-03-04 04:28:35 +01:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2008 The Android Open Source Project
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* * Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in
|
|
|
|
* the documentation and/or other materials provided with the
|
|
|
|
* distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
|
|
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
|
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
|
|
|
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
|
|
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
|
|
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
#ifndef _STRING_H_
|
|
|
|
#define _STRING_H_
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <malloc.h>
|
|
|
|
|
|
|
|
__BEGIN_DECLS
|
|
|
|
|
|
|
|
extern void* memccpy(void *, const void *, int, size_t);
|
2012-03-21 16:48:18 +01:00
|
|
|
extern void* memchr(const void *, int, size_t) __purefunc;
|
|
|
|
extern void* memrchr(const void *, int, size_t) __purefunc;
|
|
|
|
extern int memcmp(const void *, const void *, size_t) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern void* memcpy(void *, const void *, size_t);
|
|
|
|
extern void* memmove(void *, const void *, size_t);
|
|
|
|
extern void* memset(void *, int, size_t);
|
2012-03-21 16:48:18 +01:00
|
|
|
extern void* memmem(const void *, size_t, const void *, size_t) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern void memswap(void *, void *, size_t);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern char* index(const char *, int) __purefunc;
|
|
|
|
extern char* strchr(const char *, int) __purefunc;
|
|
|
|
extern char* strrchr(const char *, int) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern size_t strlen(const char *) __purefunc;
|
|
|
|
extern int strcmp(const char *, const char *) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern char* strcpy(char *, const char *);
|
|
|
|
extern char* strcat(char *, const char *);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern int strcasecmp(const char *, const char *) __purefunc;
|
|
|
|
extern int strncasecmp(const char *, const char *, size_t) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern char* strdup(const char *);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern char* strstr(const char *, const char *) __purefunc;
|
|
|
|
extern char* strcasestr(const char *haystack, const char *needle) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern char* strtok(char *, const char *);
|
|
|
|
extern char* strtok_r(char *, const char *, char**);
|
|
|
|
|
|
|
|
extern char* strerror(int);
|
|
|
|
extern int strerror_r(int errnum, char *buf, size_t n);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern size_t strnlen(const char *, size_t) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern char* strncat(char *, const char *, size_t);
|
|
|
|
extern char* strndup(const char *, size_t);
|
2012-03-21 16:48:18 +01:00
|
|
|
extern int strncmp(const char *, const char *, size_t) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern char* strncpy(char *, const char *, size_t);
|
|
|
|
|
|
|
|
extern size_t strlcat(char *, const char *, size_t);
|
|
|
|
extern size_t strlcpy(char *, const char *, size_t);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern size_t strcspn(const char *, const char *) __purefunc;
|
|
|
|
extern char* strpbrk(const char *, const char *) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern char* strsep(char **, const char *);
|
|
|
|
extern size_t strspn(const char *, const char *);
|
|
|
|
|
|
|
|
extern char* strsignal(int sig);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern int strcoll(const char *, const char *) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern size_t strxfrm(char *, const char *, size_t);
|
|
|
|
|
2013-03-22 18:58:55 +01:00
|
|
|
#if defined(__BIONIC_FORTIFY)
|
2012-06-05 00:20:25 +02:00
|
|
|
|
FORTIFY_SOURCE: enhanced memcpy protections.
Two changes:
1) Detect memory read overruns.
For example:
int main() {
char buf[10];
memcpy(buf, "abcde", sizeof(buf));
sprintf("%s\n", buf);
}
because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time. Other similar
bugs may be detected at runtime.
2) Detect overlapping buffers on memcpy()
It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:
char buf3[0x800];
char *first_half = &buf3[0x400];
char *second_half = &buf3[1];
memset(buf3, 0, sizeof(buf3));
memcpy(first_half, second_half, 0x400);
printf("1: %s\n", buf3);
We now detect this at compile and run time.
Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
2012-07-13 00:10:03 +02:00
|
|
|
extern void __memcpy_dest_size_error()
|
|
|
|
__attribute__((__error__("memcpy called with size bigger than destination")));
|
|
|
|
extern void __memcpy_src_size_error()
|
|
|
|
__attribute__((__error__("memcpy called with size bigger than source")));
|
|
|
|
|
2012-06-05 00:20:25 +02:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
FORTIFY_SOURCE: enhanced memcpy protections.
Two changes:
1) Detect memory read overruns.
For example:
int main() {
char buf[10];
memcpy(buf, "abcde", sizeof(buf));
sprintf("%s\n", buf);
}
because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time. Other similar
bugs may be detected at runtime.
2) Detect overlapping buffers on memcpy()
It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:
char buf3[0x800];
char *first_half = &buf3[0x400];
char *second_half = &buf3[1];
memset(buf3, 0, sizeof(buf3));
memcpy(first_half, second_half, 0x400);
printf("1: %s\n", buf3);
We now detect this at compile and run time.
Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
2012-07-13 00:10:03 +02:00
|
|
|
void *memcpy (void *dest, const void *src, size_t copy_amount) {
|
|
|
|
char *d = (char *) dest;
|
|
|
|
const char *s = (const char *) src;
|
|
|
|
size_t s_len = __builtin_object_size(s, 0);
|
|
|
|
size_t d_len = __builtin_object_size(d, 0);
|
|
|
|
|
|
|
|
if (__builtin_constant_p(copy_amount) && (copy_amount > d_len)) {
|
|
|
|
__memcpy_dest_size_error();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (__builtin_constant_p(copy_amount) && (copy_amount > s_len)) {
|
|
|
|
__memcpy_src_size_error();
|
|
|
|
}
|
|
|
|
|
2012-07-14 02:49:10 +02:00
|
|
|
return __builtin___memcpy_chk(dest, src, copy_amount, d_len);
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
void *memmove (void *dest, const void *src, size_t len) {
|
2012-06-07 23:01:26 +02:00
|
|
|
return __builtin___memmove_chk(dest, src, len, __builtin_object_size (dest, 0));
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char *strcpy(char *dest, const char *src) {
|
2012-06-07 23:01:26 +02:00
|
|
|
return __builtin___strcpy_chk(dest, src, __builtin_object_size (dest, 0));
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char *strncpy(char *dest, const char *src, size_t n) {
|
|
|
|
return __builtin___strncpy_chk(dest, src, n, __builtin_object_size (dest, 0));
|
|
|
|
}
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char *strcat(char *dest, const char *src) {
|
2012-06-07 23:01:26 +02:00
|
|
|
return __builtin___strcat_chk(dest, src, __builtin_object_size (dest, 0));
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char *strncat(char *dest, const char *src, size_t n) {
|
|
|
|
return __builtin___strncat_chk(dest, src, n, __builtin_object_size (dest, 0));
|
|
|
|
}
|
|
|
|
|
2012-06-07 23:01:26 +02:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
void *memset (void *s, int c, size_t n) {
|
|
|
|
return __builtin___memset_chk(s, c, n, __builtin_object_size (s, 0));
|
|
|
|
}
|
|
|
|
|
2012-06-27 01:05:19 +02:00
|
|
|
extern size_t __strlcpy_real(char *, const char *, size_t)
|
2012-06-14 01:57:27 +02:00
|
|
|
__asm__(__USER_LABEL_PREFIX__ "strlcpy");
|
|
|
|
extern void __strlcpy_error()
|
2012-06-27 01:05:19 +02:00
|
|
|
__attribute__((__error__("strlcpy called with size bigger than buffer")));
|
2012-06-14 01:57:27 +02:00
|
|
|
extern size_t __strlcpy_chk(char *, const char *, size_t, size_t);
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
size_t strlcpy(char *dest, const char *src, size_t size) {
|
|
|
|
size_t bos = __builtin_object_size(dest, 0);
|
|
|
|
|
|
|
|
// Compiler doesn't know destination size. Don't call __strlcpy_chk
|
2012-07-13 23:46:36 +02:00
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2012-06-27 01:05:19 +02:00
|
|
|
return __strlcpy_real(dest, src, size);
|
2012-06-14 01:57:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Compiler can prove, at compile time, that the passed in size
|
|
|
|
// is always <= the actual object size. Don't call __strlcpy_chk
|
|
|
|
if (__builtin_constant_p(size) && (size <= bos)) {
|
2012-06-27 01:05:19 +02:00
|
|
|
return __strlcpy_real(dest, src, size);
|
2012-06-14 01:57:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Compiler can prove, at compile time, that the passed in size
|
|
|
|
// is always > the actual object size. Force a compiler error.
|
|
|
|
if (__builtin_constant_p(size) && (size > bos)) {
|
|
|
|
__strlcpy_error();
|
|
|
|
}
|
|
|
|
|
|
|
|
return __strlcpy_chk(dest, src, size, bos);
|
|
|
|
}
|
|
|
|
|
2012-06-27 01:05:19 +02:00
|
|
|
extern size_t __strlcat_real(char *, const char *, size_t)
|
2012-06-14 01:57:27 +02:00
|
|
|
__asm__(__USER_LABEL_PREFIX__ "strlcat");
|
|
|
|
extern void __strlcat_error()
|
2012-06-27 01:05:19 +02:00
|
|
|
__attribute__((__error__("strlcat called with size bigger than buffer")));
|
2012-06-14 01:57:27 +02:00
|
|
|
extern size_t __strlcat_chk(char *, const char *, size_t, size_t);
|
|
|
|
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
size_t strlcat(char *dest, const char *src, size_t size) {
|
|
|
|
size_t bos = __builtin_object_size(dest, 0);
|
|
|
|
|
|
|
|
// Compiler doesn't know destination size. Don't call __strlcat_chk
|
2012-07-13 23:46:36 +02:00
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2012-06-27 01:05:19 +02:00
|
|
|
return __strlcat_real(dest, src, size);
|
2012-06-14 01:57:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Compiler can prove, at compile time, that the passed in size
|
|
|
|
// is always <= the actual object size. Don't call __strlcat_chk
|
|
|
|
if (__builtin_constant_p(size) && (size <= bos)) {
|
2012-06-27 01:05:19 +02:00
|
|
|
return __strlcat_real(dest, src, size);
|
2012-06-14 01:57:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Compiler can prove, at compile time, that the passed in size
|
|
|
|
// is always > the actual object size. Force a compiler error.
|
|
|
|
if (__builtin_constant_p(size) && (size > bos)) {
|
|
|
|
__strlcat_error();
|
|
|
|
}
|
|
|
|
|
|
|
|
return __strlcat_chk(dest, src, size, bos);
|
|
|
|
}
|
|
|
|
|
2012-07-13 20:27:06 +02:00
|
|
|
extern size_t __strlen_chk(const char *, size_t);
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
size_t strlen(const char *s) {
|
|
|
|
size_t bos = __builtin_object_size(s, 0);
|
2012-07-13 23:46:36 +02:00
|
|
|
|
|
|
|
// Compiler doesn't know destination size. Don't call __strlen_chk
|
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2013-01-18 00:41:33 +01:00
|
|
|
return __builtin_strlen(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t slen = __builtin_strlen(s);
|
|
|
|
if (__builtin_constant_p(slen)) {
|
|
|
|
return slen;
|
2012-07-13 20:27:06 +02:00
|
|
|
}
|
2012-07-13 23:46:36 +02:00
|
|
|
|
2012-07-13 20:27:06 +02:00
|
|
|
return __strlen_chk(s, bos);
|
|
|
|
}
|
2012-06-14 01:57:27 +02:00
|
|
|
|
2012-12-01 00:15:58 +01:00
|
|
|
extern char* __strchr_chk(const char *, int, size_t);
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char* strchr(const char *s, int c) {
|
|
|
|
size_t bos = __builtin_object_size(s, 0);
|
|
|
|
|
|
|
|
// Compiler doesn't know destination size. Don't call __strchr_chk
|
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2013-01-18 00:41:33 +01:00
|
|
|
return __builtin_strchr(s, c);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t slen = __builtin_strlen(s);
|
|
|
|
if (__builtin_constant_p(slen) && (slen < bos)) {
|
|
|
|
return __builtin_strchr(s, c);
|
2012-12-01 00:15:58 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return __strchr_chk(s, c, bos);
|
|
|
|
}
|
|
|
|
|
2012-12-03 19:36:13 +01:00
|
|
|
extern char* __strrchr_chk(const char *, int, size_t);
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char* strrchr(const char *s, int c) {
|
|
|
|
size_t bos = __builtin_object_size(s, 0);
|
|
|
|
|
|
|
|
// Compiler doesn't know destination size. Don't call __strrchr_chk
|
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2013-01-18 00:41:33 +01:00
|
|
|
return __builtin_strrchr(s, c);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t slen = __builtin_strlen(s);
|
|
|
|
if (__builtin_constant_p(slen) && (slen < bos)) {
|
|
|
|
return __builtin_strrchr(s, c);
|
2012-12-03 19:36:13 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
return __strrchr_chk(s, c, bos);
|
|
|
|
}
|
|
|
|
|
2012-12-01 00:15:58 +01:00
|
|
|
|
2013-03-22 18:58:55 +01:00
|
|
|
#endif /* defined(__BIONIC_FORTIFY) */
|
2012-06-05 00:20:25 +02:00
|
|
|
|
2009-03-04 04:28:35 +01:00
|
|
|
__END_DECLS
|
|
|
|
|
|
|
|
#endif /* _STRING_H_ */
|