generic-library/bionic
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

FORTIFY_SOURCE: strlen check.

Browse Source 
This test is designed to detect code such as:

int main() {
  char buf[10];
  memcpy(buf, "1234567890", sizeof(buf));
  size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
  printf("%d\n", len);
  return 0;
}

or anytime strlen reads beyond an object boundary. This should
help address memory leakage vulnerabilities and make other
unrelated vulnerabilities harder to exploit.

Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182
This commit is contained in:
Nick Kralevich
2012-07-13 11:27:06 -07:00
parent b2060b027c
commit 260bf8cfe0
3 changed files with 81 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
libc/Android.mk
View File

@@ -217,6 +217,7 @@ libc_common_src_files := \
string/__strcpy_chk.c \
string/__strlcat_chk.c \
string/__strlcpy_chk.c \
string/__strlen_chk.c \
string/__strncat_chk.c \
string/__strncpy_chk.c \
wchar/wcpcpy.c \