FORTIFY_SOURCE: fortify strchr
Detect when strchr reads off the end of a buffer. Change-Id: I0e952eedcff5c36d646a9c3bc4e1337b959224f2
This commit is contained in:
parent
16c61f0885
commit
049e58369c
@ -224,6 +224,23 @@ size_t strlen(const char *s) {
|
||||
return __strlen_chk(s, bos);
|
||||
}
|
||||
|
||||
__purefunc extern char* __strchr_real(const char *, int)
|
||||
__asm__(__USER_LABEL_PREFIX__ "strchr");
|
||||
extern char* __strchr_chk(const char *, int, size_t);
|
||||
|
||||
__BIONIC_FORTIFY_INLINE
|
||||
char* strchr(const char *s, int c) {
|
||||
size_t bos = __builtin_object_size(s, 0);
|
||||
|
||||
// Compiler doesn't know destination size. Don't call __strchr_chk
|
||||
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
|
||||
return __strchr_real(s, c);
|
||||
}
|
||||
|
||||
return __strchr_chk(s, c, bos);
|
||||
}
|
||||
|
||||
|
||||
#endif /* defined(__BIONIC_FORTIFY_INLINE) */
|
||||
|
||||
__END_DECLS
|
||||
|
@ -29,6 +29,7 @@
|
||||
#define _ANDROID_BIONIC_LOGD_H
|
||||
|
||||
#include <stdarg.h>
|
||||
#include <stdint.h>
|
||||
|
||||
#define BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW 80100
|
||||
#define BIONIC_EVENT_STRCAT_BUFFER_OVERFLOW 80105
|
||||
|
@ -29,11 +29,17 @@
|
||||
*/
|
||||
|
||||
#include <string.h>
|
||||
#include <private/logd.h>
|
||||
|
||||
char *
|
||||
strchr(const char *p, int ch)
|
||||
__strchr_chk(const char *p, int ch, size_t s_len)
|
||||
{
|
||||
for (;; ++p) {
|
||||
for (;; ++p, s_len--) {
|
||||
if (s_len == 0) {
|
||||
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
|
||||
"*** FORTIFY_SOURCE strchr read beyond buffer ***\n");
|
||||
abort();
|
||||
}
|
||||
if (*p == (char) ch)
|
||||
return((char *)p);
|
||||
if (!*p)
|
||||
@ -41,3 +47,8 @@ strchr(const char *p, int ch)
|
||||
}
|
||||
/* NOTREACHED */
|
||||
}
|
||||
|
||||
char *
|
||||
strchr(const char *p, int ch) {
|
||||
return __strchr_chk(p, ch, (size_t) -1);
|
||||
}
|
||||
|
Loading…
x
Reference in New Issue
Block a user