strncpy: implement _FORTIFY_SOURCE=2

Add support for fortify source level 2 to strncpy. This will enable detection of more areas where strncpy is used inappropriately. For example, this would have detected bug 8727221. Move the fortify_source tests out of string_test.cpp, and put it into fortify1_test.cpp. Create a new fortify2_test.cpp file, which copies all the tests in fortify1_test.cpp, and adds fortify_source level 2 specific tests. Change-Id: Ica0fba531cc7d0609e4f23b8176739b13f7f7a83
2013-04-29 14:07:06 -07:00
parent c6dc62f09c
commit 1aae9bd170
6 changed files with 137 additions and 34 deletions
--- a/libc/include/string.h
+++ b/libc/include/string.h
@@ -119,9 +119,16 @@ char *strcpy(char *dest, const char *src) {
    return __builtin___strcpy_chk(dest, src, __builtin_object_size (dest, 0));
 }

+extern void __strncpy_error()
+    __attribute__((__error__("strncpy called with size bigger than buffer")));
+
 __BIONIC_FORTIFY_INLINE
 char *strncpy(char *dest, const char *src, size_t n) {
-    return __builtin___strncpy_chk(dest, src, n, __builtin_object_size (dest, 0));
+    size_t bos = __bos(dest);
+    if (__builtin_constant_p(n) && (n > bos)) {
+        __strncpy_error();
+    }
+    return __builtin___strncpy_chk(dest, src, n, bos);
 }

 __BIONIC_FORTIFY_INLINE
--- a/libc/include/sys/cdefs.h
+++ b/libc/include/sys/cdefs.h
@@ -517,6 +517,12 @@

 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 && defined(__OPTIMIZE__) && __OPTIMIZE__ > 0 && !defined(__clang__)
 #define __BIONIC_FORTIFY 1
+#if _FORTIFY_SOURCE == 2
+#define __bos(s) __builtin_object_size((s), 1);
+#else
+#define __bos(s) __builtin_object_size((s), 0);
+#endif
+
 #define __BIONIC_FORTIFY_INLINE \
    extern inline \
    __attribute__ ((always_inline)) \