FORTIFY_SOURCE: fortify strchr

Detect when strchr reads off the end of a buffer. Change-Id: I0e952eedcff5c36d646a9c3bc4e1337b959224f2
2012-11-30 15:15:58 -08:00
parent 16c61f0885
commit 049e58369c
3 changed files with 31 additions and 2 deletions
--- a/libc/string/strchr.c
+++ b/libc/string/strchr.c
@@ -29,11 +29,17 @@
 */

 #include <string.h>
+#include <private/logd.h>

 char *
-strchr(const char *p, int ch)
+__strchr_chk(const char *p, int ch, size_t s_len)
 {
-	for (;; ++p) {
+	for (;; ++p, s_len--) {
+		if (s_len == 0) {
+			__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
+				"*** FORTIFY_SOURCE strchr read beyond buffer ***\n");
+			abort();
+		}
 		if (*p == (char) ch)
 			return((char *)p);
 		if (!*p)
@@ -41,3 +47,8 @@ strchr(const char *p, int ch)
 	}
 	/* NOTREACHED */
 }
+
+char *
+strchr(const char *p, int ch) {
+    return __strchr_chk(p, ch, (size_t) -1);
+}