Commit Graph

11 Commits

Author SHA1 Message Date
Nick Kralevich
cf870199d5 FORTIFY_SOURCE: strcat / strncat optimize
__strcat_chk and __strncat_chk are slightly inefficient,
because they end up traversing over the same memory region
two times.

This change optimizes __strcat_chk / __strncat_chk so they
only access the memory once. Although I haven't benchmarked these
changes, it should improve the performance of these functions.

__strlen_chk - expose this function, even if -D_FORTIFY_SOURCE
isn't defined. This is needed to compile libc itself without
-D_FORTIFY_SOURCE.

Change-Id: Id2c70dff55a276b47c59db27a03734d659f84b74
2013-05-31 09:07:46 -07:00
Nick Kralevich
4f40e511b0 libc: cleanup strchr
Move strchr to a .cpp file, and change to bionic directory.

Change-Id: I64ade7df326c0a9a714aca4caf5647b6833b1c97
2013-05-02 13:58:03 -07:00
Nick Kralevich
1aae9bd170 strncpy: implement _FORTIFY_SOURCE=2
Add support for fortify source level 2 to strncpy.
This will enable detection of more areas where strncpy
is used inappropriately. For example, this would have detected
bug 8727221.

Move the fortify_source tests out of string_test.cpp, and
put it into fortify1_test.cpp.

Create a new fortify2_test.cpp file, which copies all
the tests in fortify1_test.cpp, and adds fortify_source level
2 specific tests.

Change-Id: Ica0fba531cc7d0609e4f23b8176739b13f7f7a83
2013-04-29 15:22:10 -07:00
Nick Kralevich
a44e9afdd1 FORTIFY_SOURCE: optimize
Don't do the fortify_source checks if we can determine, at
compile time, that the provided operation is safe.

This avoids silliness like calling fortify source on things like:

  size_t len = strlen("asdf");
  printf("%d\n", len);

and allows the compiler to optimize this code to:

  printf("%d\n", 4);

Defer to gcc's builtin functions instead of pointing our code
to the libc implementation.

Change-Id: I5e1dcb61946461c4afaaaa983e39f07c7a0df0ae
2013-01-17 15:41:33 -08:00
Nick Kralevich
606058933c fix strerror_r test
e6e60065ff modified strerror_r to
treat errno as signed. However, the change to the test code
modified the "strerror" test, not the "strerror_r" test.

Make the same change for the strerror_r code.

Change-Id: Ia236a53df5745935e229a4446a74da8bed0cfd7b
2013-01-15 10:35:09 -08:00
Nick Kralevich
dcab1b2c76 Add stack canaries / strcpy tests.
Add a test to ensure that stack canaries are working
correctly. Since stack canaries aren't normally generated
on non-string functions, we have to enable stack-protector-all.

Add a test to ensure that an out of bounds strcpy generates
a runtime failure.

Change-Id: Id0d3e59fc4b9602da019e4d35c5c653e1a57fae4
2013-01-11 10:52:36 -08:00
Elliott Hughes
e6e60065ff glibc 2.15 treats errno as signed in strerror(3).
And the only reason I hadn't done that in bionic is because I wanted to behave
the same as glibc.

Change-Id: I2cf1bf0aac82a748cd6305a2cabbac0790058570
2013-01-10 16:01:59 -08:00
Anna Tikhonova
036154b0c2 Tests for string routines.
Change-Id: I24068a228f59df1c3b758c5b2026a09720490616
Signed-off-by: Anna Tikhonova <anna.tikhonova@intel.com>
2012-11-07 18:14:29 -08:00
Elliott Hughes
ad88a08631 Per-thread -fstack-protector guards for x86.
Based on a pair of patches from Intel:

  https://android-review.googlesource.com/#/c/43909/
  https://android-review.googlesource.com/#/c/44903/

For x86, this patch supports _both_ the global that ARM/MIPS use
and the per-thread TLS entry (%gs:20) that GCC uses by default. This
lets us support binaries built with any x86 toolchain (right now,
the NDK is emitting x86 code that uses the global).

I've also extended the original tests to cover ARM/MIPS too, and
be a little more thorough for x86.

Change-Id: I02f279a80c6b626aecad449771dec91df235ad01
2012-10-25 12:04:03 -07:00
Elliott Hughes
5419b94747 Make dlerror(3) thread-safe.
I gave up trying to use the usual thread-local buffer idiom; calls to
calloc(3) and free(3) from any of the "dl" functions -- which live in
the dynamic linker -- end up resolving to the dynamic linker's stubs.
I tried to work around that, but was just making things more complicated.
This alternative costs us a well-known TLS slot (instead of the
dynamically-allocated TLS slot we'd have used otherwise, so no difference
there), plus an extra buffer inside every pthread_internal_t.

Bug: 5404023
Change-Id: Ie9614edd05b6d1eeaf7bf9172792d616c6361767
2012-10-16 17:58:17 -07:00
Irina Tirdea
b5f053b5a7 Make strerror(3) and strsignal(3) thread-safe, and add psignal(3) and psiginfo(3).
Change-Id: I426109db25e907980d6cb3a7a695796e45783b78
2012-09-13 15:18:21 -07:00