Global, writable function pointers are low-hanging fruit for hijacking
control flow with an overflow from a global buffer or an arbitrary write
vulnerability. This moves the function pointer table into a dedicated
page and makes it read-only at runtime, similar to RELRO.
This increases the memory usage of the library by just under one page.
This could be avoided by having the linker load the vdso by replacing
weak symbols. It's not significant within the Zygote spawning model
though because it's read-only after early init.
Change-Id: Id7a49c96c1b15c2e1926528304b3c54a81e78caf
Sorry, I undertested my previous change and these guys somehow sneaked in.
This only affects SANITIZE_TARGET builds.
Change-Id: Id6986d89fa3d4965339f7b6fe973e9db73b380da
Setup a /system/bin/linker_asan as a symlink to "linker".
Read the linker name from PT_INTERP, and if it is linker_asan,
switch default library lookup paths to the ASan set, which
starts with the path to the instrumented libraries
(/data/lib), followed by /system/lib as a fallback.
This ensures that ASan binaries prefer ASan libraries, when
available. This approach is way better then RPATH/RUNPATH and even
better than LD_LIBRARY_PATH:
- RUNPATH is per-DSO, while default paths are global.
- LD_LIBRARY_PATH is overwritten by android_update_LD_LIBRARY_PATH.
- neither RUNPATH nor LD_LIBRARY_PATH appear in
android_get_LD_LIBRARY_PATH which is used to build java.lang.path.
Having ASan libraries in java.lang.path is a good thing.
Bug: 22355945
Change-Id: I1d2791fbf5740618f18f71a3ae3d873714669d3f
There is a deadlock if holding the hash table lock while trying to do
a backtrace. Change the code so that the hash table lock is only held
while actually modifying either g_hash_table, or while modifying an
entry from g_hash_table.
Bug: 22423683
(cherry picked from commit 9fee99b060)
Change-Id: I72173bfe6f824ceaceea625c24e7851b87467135
LP64 is immune because basename_r is hidden there, but on LP32 a basename_r
defined in the executable breaks basename because its call to basename_r
will resolve to that one rather than the one in libc.
Bug: http://b/22415484
Change-Id: Ied3ca7ad3fb0e744eb705fc924743f893b4ad490
Upstream clang has a new diagnostic, '-Wmismatched-new-delete' to
generate a warning (that becomes an error with -Werror) when delete is
used to deallocate pointers created with 'new[]'. This patch fixes
'delete's that trigger this warning/error.
Change-Id: Id7b6f6c2df3e860e576de55e2f61f3d2be3a3986
When there is arm assembler of this format:
ldmxx sp!, {..., lr} or pop {..., lr}
bx lr
It can be replaced with:
ldmxx sp!, {..., pc} or pop {..., pc}
Change-Id: Ic27048c52f90ac4360ad525daf0361a830dc22a3
When dlopen-ing a library, add the caller's DT_RUNPATH to the directory search
list. This fixes dlfcn.dt_runpath in bionic-unit-tests-glibc(32|64).
Bug: 21899363
Change-Id: Ife6a7e192939292cf4dc291b7e6b95945761cde3
libchrome uses __USE_XOPEN2K8 to decide whether futimens is
available. That's perhaps not the best idea, but there are other
cases where we defined the same feature macros as glibc to aid
portability.
Change-Id: Ie6e04cb181d88698d618e7dbd26cd347a6bf076c
In the serialized output from netd, the strings come first. Some code
assumes -- reasonably enough -- that it can do unaligned reads of pointers,
so we need to ensure alignment after all the strings.
(cherrypick of 65dd858239c4e32a5a1afbc14ac30dbcdd2a50a3.)
Bug: http://b/21192318
Change-Id: I456639127db9a2583f7f738e6b8103375d9387fd
1. Personality parameter should be unsigned int (not long)
2. Do not reset bits outside of PER_MASK when setting
personality value.
3. Set personality for static executables.
Bug: http://b/21900686
Change-Id: I4c7e34079cbd59b818ce221eed325c05b9bb2303
(cherry picked from commit f643eb38c3)
Changes affecting future time stamps
Morocco will suspend DST from 2015-06-14 03:00 through 2015-07-19 02:00,
not 06-13 and 07-18 as we had guessed. (Thanks to Milamber.)
Assume Cayman Islands will observe DST starting next year, using US rules.
Although it isn't guaranteed, it is the most likely.
Bug: 21836574
Change-Id: I6eda60c220d5c55d2aa0934544866ec0f1ce62ab
There is possibility of someone dlclosing a library
while dl_iterate_phdr in progress which can lead to
dl_iterate_phdr calling callback with invalid address
if it was unmapped by dlclose.
Bug: http://b/22047255
Change-Id: I3fc0d9fd2c51fb36fd34cb035f37271fa893a7be
(cherry picked from commit f7d5bf334d)
The NDK self-test issue64679-prctl failed to build because by default
clang3.6 builds in C11 mode, but the ifdef in the file 'uchar.h' hid the
required char16_t and char32_t declarations based on the GCC version,
which is declared as 4 by clang.
The ifdef is changed so that it is based on C version rather than a
compiler version. This way it is compatible with gcc 4, gcc 5 and clang
which are actually the only used toolchains.
See also: b.android.com/177609
Change-Id: I78c4bdc681c6f8a31b92dbe8ffe35e84ef2eda36
Signed-off-by: Egor Kochetov <egor.kochetov@intel.com>
