2009-03-04 04:28:35 +01:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2008 The Android Open Source Project
|
|
|
|
* All rights reserved.
|
|
|
|
*
|
|
|
|
* Redistribution and use in source and binary forms, with or without
|
|
|
|
* modification, are permitted provided that the following conditions
|
|
|
|
* are met:
|
|
|
|
* * Redistributions of source code must retain the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer.
|
|
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
|
|
* notice, this list of conditions and the following disclaimer in
|
|
|
|
* the documentation and/or other materials provided with the
|
|
|
|
* distribution.
|
|
|
|
*
|
|
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
|
|
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
|
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
|
|
|
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
|
|
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
|
|
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
|
|
* SUCH DAMAGE.
|
|
|
|
*/
|
|
|
|
#ifndef _STRING_H_
|
|
|
|
#define _STRING_H_
|
|
|
|
|
|
|
|
#include <sys/cdefs.h>
|
|
|
|
#include <stddef.h>
|
|
|
|
#include <malloc.h>
|
|
|
|
|
|
|
|
__BEGIN_DECLS
|
|
|
|
|
2013-05-07 19:00:21 +02:00
|
|
|
extern void* memccpy(void* __restrict, const void* __restrict, int, size_t);
|
2012-03-21 16:48:18 +01:00
|
|
|
extern void* memchr(const void *, int, size_t) __purefunc;
|
|
|
|
extern void* memrchr(const void *, int, size_t) __purefunc;
|
|
|
|
extern int memcmp(const void *, const void *, size_t) __purefunc;
|
2013-05-07 19:00:21 +02:00
|
|
|
extern void* memcpy(void* __restrict, const void* __restrict, size_t);
|
2009-03-04 04:28:35 +01:00
|
|
|
extern void* memmove(void *, const void *, size_t);
|
|
|
|
extern void* memset(void *, int, size_t);
|
2012-03-21 16:48:18 +01:00
|
|
|
extern void* memmem(const void *, size_t, const void *, size_t) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern char* strchr(const char *, int) __purefunc;
|
2013-07-26 14:50:11 +02:00
|
|
|
extern char* __strchr_chk(const char *, int, size_t);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern char* strrchr(const char *, int) __purefunc;
|
2014-02-25 03:00:43 +01:00
|
|
|
extern char* __strrchr_chk(const char *, int, size_t);
|
2009-03-04 04:28:35 +01:00
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern size_t strlen(const char *) __purefunc;
|
2013-05-31 01:48:53 +02:00
|
|
|
extern size_t __strlen_chk(const char *, size_t);
|
2012-03-21 16:48:18 +01:00
|
|
|
extern int strcmp(const char *, const char *) __purefunc;
|
2014-04-04 23:38:18 +02:00
|
|
|
extern char* stpcpy(char* __restrict, const char* __restrict);
|
2013-05-07 19:00:21 +02:00
|
|
|
extern char* strcpy(char* __restrict, const char* __restrict);
|
|
|
|
extern char* strcat(char* __restrict, const char* __restrict);
|
2009-03-04 04:28:35 +01:00
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern int strcasecmp(const char *, const char *) __purefunc;
|
|
|
|
extern int strncasecmp(const char *, const char *, size_t) __purefunc;
|
2009-03-04 04:28:35 +01:00
|
|
|
extern char* strdup(const char *);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern char* strstr(const char *, const char *) __purefunc;
|
|
|
|
extern char* strcasestr(const char *haystack, const char *needle) __purefunc;
|
2013-05-07 19:00:21 +02:00
|
|
|
extern char* strtok(char* __restrict, const char* __restrict);
|
|
|
|
extern char* strtok_r(char* __restrict, const char* __restrict, char** __restrict);
|
2009-03-04 04:28:35 +01:00
|
|
|
|
|
|
|
extern char* strerror(int);
|
|
|
|
extern int strerror_r(int errnum, char *buf, size_t n);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern size_t strnlen(const char *, size_t) __purefunc;
|
2013-05-07 19:00:21 +02:00
|
|
|
extern char* strncat(char* __restrict, const char* __restrict, size_t);
|
2009-03-04 04:28:35 +01:00
|
|
|
extern char* strndup(const char *, size_t);
|
2012-03-21 16:48:18 +01:00
|
|
|
extern int strncmp(const char *, const char *, size_t) __purefunc;
|
2014-04-04 23:38:18 +02:00
|
|
|
extern char* stpncpy(char* __restrict, const char* __restrict, size_t);
|
2013-05-07 19:00:21 +02:00
|
|
|
extern char* strncpy(char* __restrict, const char* __restrict, size_t);
|
2009-03-04 04:28:35 +01:00
|
|
|
|
2013-05-07 19:00:21 +02:00
|
|
|
extern size_t strlcat(char* __restrict, const char* __restrict, size_t);
|
|
|
|
extern size_t strlcpy(char* __restrict, const char* __restrict, size_t);
|
2009-03-04 04:28:35 +01:00
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern size_t strcspn(const char *, const char *) __purefunc;
|
|
|
|
extern char* strpbrk(const char *, const char *) __purefunc;
|
2013-05-07 19:00:21 +02:00
|
|
|
extern char* strsep(char** __restrict, const char* __restrict);
|
2009-03-04 04:28:35 +01:00
|
|
|
extern size_t strspn(const char *, const char *);
|
|
|
|
|
|
|
|
extern char* strsignal(int sig);
|
|
|
|
|
2012-03-21 16:48:18 +01:00
|
|
|
extern int strcoll(const char *, const char *) __purefunc;
|
2013-05-07 19:00:21 +02:00
|
|
|
extern size_t strxfrm(char* __restrict, const char* __restrict, size_t);
|
2009-03-04 04:28:35 +01:00
|
|
|
|
2013-03-22 18:58:55 +01:00
|
|
|
#if defined(__BIONIC_FORTIFY)
|
2012-06-05 00:20:25 +02:00
|
|
|
|
2014-04-04 23:38:18 +02:00
|
|
|
__errordecl(__memcpy_dest_size_error, "memcpy: prevented write past end of buffer");
|
|
|
|
__errordecl(__memcpy_src_size_error, "memcpy: prevented read past end of buffer");
|
FORTIFY_SOURCE: enhanced memcpy protections.
Two changes:
1) Detect memory read overruns.
For example:
int main() {
char buf[10];
memcpy(buf, "abcde", sizeof(buf));
sprintf("%s\n", buf);
}
because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time. Other similar
bugs may be detected at runtime.
2) Detect overlapping buffers on memcpy()
It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:
char buf3[0x800];
char *first_half = &buf3[0x400];
char *second_half = &buf3[1];
memset(buf3, 0, sizeof(buf3));
memcpy(first_half, second_half, 0x400);
printf("1: %s\n", buf3);
We now detect this at compile and run time.
Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
2012-07-13 00:10:03 +02:00
|
|
|
|
2012-06-05 00:20:25 +02:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
void* memcpy(void* __restrict dest, const void* __restrict src, size_t copy_amount) {
|
FORTIFY_SOURCE: enhanced memcpy protections.
Two changes:
1) Detect memory read overruns.
For example:
int main() {
char buf[10];
memcpy(buf, "abcde", sizeof(buf));
sprintf("%s\n", buf);
}
because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time. Other similar
bugs may be detected at runtime.
2) Detect overlapping buffers on memcpy()
It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:
char buf3[0x800];
char *first_half = &buf3[0x400];
char *second_half = &buf3[1];
memset(buf3, 0, sizeof(buf3));
memcpy(first_half, second_half, 0x400);
printf("1: %s\n", buf3);
We now detect this at compile and run time.
Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
2012-07-13 00:10:03 +02:00
|
|
|
char *d = (char *) dest;
|
|
|
|
const char *s = (const char *) src;
|
2013-08-28 22:22:52 +02:00
|
|
|
size_t s_len = __bos0(s);
|
|
|
|
size_t d_len = __bos0(d);
|
FORTIFY_SOURCE: enhanced memcpy protections.
Two changes:
1) Detect memory read overruns.
For example:
int main() {
char buf[10];
memcpy(buf, "abcde", sizeof(buf));
sprintf("%s\n", buf);
}
because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time. Other similar
bugs may be detected at runtime.
2) Detect overlapping buffers on memcpy()
It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:
char buf3[0x800];
char *first_half = &buf3[0x400];
char *second_half = &buf3[1];
memset(buf3, 0, sizeof(buf3));
memcpy(first_half, second_half, 0x400);
printf("1: %s\n", buf3);
We now detect this at compile and run time.
Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
2012-07-13 00:10:03 +02:00
|
|
|
|
|
|
|
if (__builtin_constant_p(copy_amount) && (copy_amount > d_len)) {
|
|
|
|
__memcpy_dest_size_error();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (__builtin_constant_p(copy_amount) && (copy_amount > s_len)) {
|
|
|
|
__memcpy_src_size_error();
|
|
|
|
}
|
|
|
|
|
2012-07-14 02:49:10 +02:00
|
|
|
return __builtin___memcpy_chk(dest, src, copy_amount, d_len);
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
void* memmove(void *dest, const void *src, size_t len) {
|
2013-08-28 22:22:52 +02:00
|
|
|
return __builtin___memmove_chk(dest, src, len, __bos0(dest));
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
2014-04-04 23:38:18 +02:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char* stpcpy(char* __restrict dest, const char* __restrict src) {
|
|
|
|
return __builtin___stpcpy_chk(dest, src, __bos(dest));
|
|
|
|
}
|
|
|
|
|
2012-06-05 00:20:25 +02:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
char* strcpy(char* __restrict dest, const char* __restrict src) {
|
2013-04-30 20:31:35 +02:00
|
|
|
return __builtin___strcpy_chk(dest, src, __bos(dest));
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
2014-04-04 23:38:18 +02:00
|
|
|
__errordecl(__stpncpy_error, "stpncpy: prevented write past end of buffer");
|
|
|
|
extern char* __stpncpy_chk2(char* __restrict, const char* __restrict, size_t, size_t, size_t);
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char* stpncpy(char* __restrict dest, const char* __restrict src, size_t n) {
|
|
|
|
size_t bos_dest = __bos(dest);
|
|
|
|
size_t bos_src = __bos(src);
|
|
|
|
if (__builtin_constant_p(n) && (n > bos_dest)) {
|
|
|
|
__stpncpy_error();
|
|
|
|
}
|
|
|
|
|
|
|
|
if (bos_src == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
|
|
|
return __builtin___stpncpy_chk(dest, src, n, bos_dest);
|
|
|
|
}
|
|
|
|
|
|
|
|
if (__builtin_constant_p(n) && (n <= bos_src)) {
|
|
|
|
return __builtin___stpncpy_chk(dest, src, n, bos_dest);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t slen = __builtin_strlen(src);
|
|
|
|
if (__builtin_constant_p(slen)) {
|
|
|
|
return __builtin___stpncpy_chk(dest, src, n, bos_dest);
|
|
|
|
}
|
|
|
|
|
|
|
|
return __stpncpy_chk2(dest, src, n, bos_dest, bos_src);
|
|
|
|
}
|
|
|
|
|
|
|
|
__errordecl(__strncpy_error, "strncpy: prevented write past end of buffer");
|
2013-08-28 19:47:43 +02:00
|
|
|
extern char* __strncpy_chk2(char* __restrict, const char* __restrict, size_t, size_t, size_t);
|
2013-04-29 23:07:06 +02:00
|
|
|
|
2012-06-05 00:20:25 +02:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
char* strncpy(char* __restrict dest, const char* __restrict src, size_t n) {
|
2013-08-28 19:47:43 +02:00
|
|
|
size_t bos_dest = __bos(dest);
|
|
|
|
size_t bos_src = __bos(src);
|
|
|
|
if (__builtin_constant_p(n) && (n > bos_dest)) {
|
2013-04-29 23:07:06 +02:00
|
|
|
__strncpy_error();
|
|
|
|
}
|
2013-08-28 19:47:43 +02:00
|
|
|
|
|
|
|
if (bos_src == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
|
|
|
return __builtin___strncpy_chk(dest, src, n, bos_dest);
|
|
|
|
}
|
|
|
|
|
2013-09-27 22:21:24 +02:00
|
|
|
if (__builtin_constant_p(n) && (n <= bos_src)) {
|
|
|
|
return __builtin___strncpy_chk(dest, src, n, bos_dest);
|
|
|
|
}
|
|
|
|
|
2013-08-28 19:47:43 +02:00
|
|
|
size_t slen = __builtin_strlen(src);
|
|
|
|
if (__builtin_constant_p(slen)) {
|
|
|
|
return __builtin___strncpy_chk(dest, src, n, bos_dest);
|
|
|
|
}
|
|
|
|
|
|
|
|
return __strncpy_chk2(dest, src, n, bos_dest, bos_src);
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
char* strcat(char* __restrict dest, const char* __restrict src) {
|
2013-04-30 20:31:35 +02:00
|
|
|
return __builtin___strcat_chk(dest, src, __bos(dest));
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
2013-05-07 19:00:21 +02:00
|
|
|
char *strncat(char* __restrict dest, const char* __restrict src, size_t n) {
|
2013-04-30 20:31:35 +02:00
|
|
|
return __builtin___strncat_chk(dest, src, n, __bos(dest));
|
2012-06-05 00:20:25 +02:00
|
|
|
}
|
|
|
|
|
2012-06-07 23:01:26 +02:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
void* memset(void *s, int c, size_t n) {
|
2013-08-28 22:22:52 +02:00
|
|
|
return __builtin___memset_chk(s, c, n, __bos0(s));
|
2012-06-07 23:01:26 +02:00
|
|
|
}
|
|
|
|
|
2013-05-07 19:00:21 +02:00
|
|
|
extern size_t __strlcpy_real(char* __restrict, const char* __restrict, size_t)
|
2012-06-14 01:57:27 +02:00
|
|
|
__asm__(__USER_LABEL_PREFIX__ "strlcpy");
|
2014-04-04 23:38:18 +02:00
|
|
|
__errordecl(__strlcpy_error, "strlcpy: prevented write past end of buffer");
|
2012-06-14 01:57:27 +02:00
|
|
|
extern size_t __strlcpy_chk(char *, const char *, size_t, size_t);
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
2013-05-07 19:00:21 +02:00
|
|
|
size_t strlcpy(char* __restrict dest, const char* __restrict src, size_t size) {
|
2013-04-30 20:31:35 +02:00
|
|
|
size_t bos = __bos(dest);
|
2012-06-14 01:57:27 +02:00
|
|
|
|
2013-06-20 21:17:44 +02:00
|
|
|
#if !defined(__clang__)
|
2012-06-14 01:57:27 +02:00
|
|
|
// Compiler doesn't know destination size. Don't call __strlcpy_chk
|
2012-07-13 23:46:36 +02:00
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2012-06-27 01:05:19 +02:00
|
|
|
return __strlcpy_real(dest, src, size);
|
2012-06-14 01:57:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Compiler can prove, at compile time, that the passed in size
|
|
|
|
// is always <= the actual object size. Don't call __strlcpy_chk
|
|
|
|
if (__builtin_constant_p(size) && (size <= bos)) {
|
2012-06-27 01:05:19 +02:00
|
|
|
return __strlcpy_real(dest, src, size);
|
2012-06-14 01:57:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Compiler can prove, at compile time, that the passed in size
|
|
|
|
// is always > the actual object size. Force a compiler error.
|
|
|
|
if (__builtin_constant_p(size) && (size > bos)) {
|
|
|
|
__strlcpy_error();
|
|
|
|
}
|
2013-06-20 21:17:44 +02:00
|
|
|
#endif /* !defined(__clang__) */
|
2012-06-14 01:57:27 +02:00
|
|
|
|
|
|
|
return __strlcpy_chk(dest, src, size, bos);
|
|
|
|
}
|
|
|
|
|
2013-05-07 19:00:21 +02:00
|
|
|
extern size_t __strlcat_real(char* __restrict, const char* __restrict, size_t)
|
2012-06-14 01:57:27 +02:00
|
|
|
__asm__(__USER_LABEL_PREFIX__ "strlcat");
|
2014-04-04 23:38:18 +02:00
|
|
|
__errordecl(__strlcat_error, "strlcat: prevented write past end of buffer");
|
2013-05-07 19:00:21 +02:00
|
|
|
extern size_t __strlcat_chk(char* __restrict, const char* __restrict, size_t, size_t);
|
2012-06-14 01:57:27 +02:00
|
|
|
|
|
|
|
|
|
|
|
__BIONIC_FORTIFY_INLINE
|
2013-05-07 19:00:21 +02:00
|
|
|
size_t strlcat(char* __restrict dest, const char* __restrict src, size_t size) {
|
2013-04-30 20:31:35 +02:00
|
|
|
size_t bos = __bos(dest);
|
2012-06-14 01:57:27 +02:00
|
|
|
|
2013-06-29 17:15:25 +02:00
|
|
|
#if !defined(__clang__)
|
2012-06-14 01:57:27 +02:00
|
|
|
// Compiler doesn't know destination size. Don't call __strlcat_chk
|
2012-07-13 23:46:36 +02:00
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2012-06-27 01:05:19 +02:00
|
|
|
return __strlcat_real(dest, src, size);
|
2012-06-14 01:57:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Compiler can prove, at compile time, that the passed in size
|
|
|
|
// is always <= the actual object size. Don't call __strlcat_chk
|
|
|
|
if (__builtin_constant_p(size) && (size <= bos)) {
|
2012-06-27 01:05:19 +02:00
|
|
|
return __strlcat_real(dest, src, size);
|
2012-06-14 01:57:27 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// Compiler can prove, at compile time, that the passed in size
|
|
|
|
// is always > the actual object size. Force a compiler error.
|
|
|
|
if (__builtin_constant_p(size) && (size > bos)) {
|
|
|
|
__strlcat_error();
|
|
|
|
}
|
2013-06-29 17:15:25 +02:00
|
|
|
#endif /* !defined(__clang__) */
|
2012-06-14 01:57:27 +02:00
|
|
|
|
|
|
|
return __strlcat_chk(dest, src, size, bos);
|
|
|
|
}
|
|
|
|
|
2012-07-13 20:27:06 +02:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
size_t strlen(const char *s) {
|
2013-04-30 20:31:35 +02:00
|
|
|
size_t bos = __bos(s);
|
2012-07-13 23:46:36 +02:00
|
|
|
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
#if !defined(__clang__)
|
2012-07-13 23:46:36 +02:00
|
|
|
// Compiler doesn't know destination size. Don't call __strlen_chk
|
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2013-01-18 00:41:33 +01:00
|
|
|
return __builtin_strlen(s);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t slen = __builtin_strlen(s);
|
|
|
|
if (__builtin_constant_p(slen)) {
|
|
|
|
return slen;
|
2012-07-13 20:27:06 +02:00
|
|
|
}
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
#endif /* !defined(__clang__) */
|
2012-07-13 23:46:36 +02:00
|
|
|
|
2012-07-13 20:27:06 +02:00
|
|
|
return __strlen_chk(s, bos);
|
|
|
|
}
|
2012-06-14 01:57:27 +02:00
|
|
|
|
2012-12-01 00:15:58 +01:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char* strchr(const char *s, int c) {
|
2013-04-30 20:31:35 +02:00
|
|
|
size_t bos = __bos(s);
|
2012-12-01 00:15:58 +01:00
|
|
|
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
#if !defined(__clang__)
|
2012-12-01 00:15:58 +01:00
|
|
|
// Compiler doesn't know destination size. Don't call __strchr_chk
|
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2013-01-18 00:41:33 +01:00
|
|
|
return __builtin_strchr(s, c);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t slen = __builtin_strlen(s);
|
|
|
|
if (__builtin_constant_p(slen) && (slen < bos)) {
|
|
|
|
return __builtin_strchr(s, c);
|
2012-12-01 00:15:58 +01:00
|
|
|
}
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
#endif /* !defined(__clang__) */
|
2012-12-01 00:15:58 +01:00
|
|
|
|
|
|
|
return __strchr_chk(s, c, bos);
|
|
|
|
}
|
|
|
|
|
2012-12-03 19:36:13 +01:00
|
|
|
__BIONIC_FORTIFY_INLINE
|
|
|
|
char* strrchr(const char *s, int c) {
|
2013-04-30 23:19:23 +02:00
|
|
|
size_t bos = __bos(s);
|
2012-12-03 19:36:13 +01:00
|
|
|
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
#if !defined(__clang__)
|
2012-12-03 19:36:13 +01:00
|
|
|
// Compiler doesn't know destination size. Don't call __strrchr_chk
|
|
|
|
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
2013-01-18 00:41:33 +01:00
|
|
|
return __builtin_strrchr(s, c);
|
|
|
|
}
|
|
|
|
|
|
|
|
size_t slen = __builtin_strlen(s);
|
|
|
|
if (__builtin_constant_p(slen) && (slen < bos)) {
|
|
|
|
return __builtin_strrchr(s, c);
|
2012-12-03 19:36:13 +01:00
|
|
|
}
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
#endif /* !defined(__clang__) */
|
2012-12-03 19:36:13 +01:00
|
|
|
|
|
|
|
return __strrchr_chk(s, c, bos);
|
|
|
|
}
|
|
|
|
|
2012-12-01 00:15:58 +01:00
|
|
|
|
2013-03-22 18:58:55 +01:00
|
|
|
#endif /* defined(__BIONIC_FORTIFY) */
|
2012-06-05 00:20:25 +02:00
|
|
|
|
2009-03-04 04:28:35 +01:00
|
|
|
__END_DECLS
|
|
|
|
|
|
|
|
#endif /* _STRING_H_ */
|