Move dlmalloc code to upstream-dlmalloc to make pulling upstream changes
easier.
Declare pvalloc and malloc_usable_size routines present in malloc.h but with
missing implementations. Remove other functions from malloc.h that have
no implementation nor use in Android.
Change-Id: Ia6472ec6cbebc9ad1ef99f4669de9d33fcc2efb4
Save thread id to *thread_out before new
thread is allowed to run else there's a
risk that the thread has finished and
been deleted when *thread_out is assigned.
Change-Id: I6b84c61a8df06840877d4ab036f26feace3192d8
These preprocessor tricks have caused trouble for -std=gnu99 and -ansi, and
both netbsd's libc and glibc seem to unconditionally define these types.
Change-Id: Ib8dffa341a8ca88f80d275ba2b7f93a4c910ee32
This header is used on bionic build and should be propagated into
sysroot on toolchain rebuild. Discussion re. this header is here:
http://gcc.gnu.org/ml/gcc-patches/2012-08/msg00936.html
It is available already in mips NDK platforms:
development/ndk/platforms/android-9/arch-mips/include/link.h
Change-Id: I39ff467cdac9f448e31c11ee3e14a6200e82ab57
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Added a missing call to _resolv_cache_query_failed for another fail
case where it was missing (it doesn't go through the error handling
under the "fail" label). This missing notification caused requests to
have to wait for timeout instead of beeing notified on some failed
requests.
Change-Id: I904d60269c59b926784e3a397d2a860329f55142
In previous commit: 2fd81ef7, .mk file has been modified to
configure MALLOC_ALIGNMENT dynamicly according to board config.
Add the missing macor protection here.
Change-Id: I703cca2ce0504ab3e11aab226b2c61fcc0c6afa1
Author: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Xiaokang Qin <xiaokang.qin@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
The original kernel header was submitted in this change:
commit 45b515c106161bb3b00d2c097504b9d44505f2d9
Author: Scott Anderson <saa@android.com>
Date: Wed Aug 15 14:52:27 2012 -0700
Add uhid original header.
This header was cherry-picked from the upstream series that ends
with patch adefb69b1b94df29ea2df05cd838c0e032b2c473.
Change-Id: If516e41b6b14754e7feebdf062461dd38a31900a
Signed-off-by: Scott Anderson <saa@android.com>
Change-Id: I088a0df4449df859835f8267d0d2e6cd4ed3c478
Signed-off-by: Scott Anderson <saa@android.com>
Add __bionic_clone function for x86, which will be
used for clone system call.
Change-Id: I889dc9bf4b7ebb4358476e17e6f3233e26491f4d
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Xiaokang Qin <xiaokang.qin@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 51414
Also make sure we get the whole of any copyright header, in case
there's text before the "Copyright" line.
Change-Id: Iabcc5e0931a39c0107b833539fec7c5a3d134592
Allow naming such as u1_system, u2_radio, u2_media.
Forward and reverse mapping for the above.
(cherry-pick of c60a0027b1ef3bc4929d2023e7083fbce12fafe7.)
Change-Id: I46eeb23fee4f57b2907640570504123d3ce99985
This should help prevent broken builds next time I'm messing with
assembler/compiler/linker flags...
Change-Id: I30f15a3ce3c3f3c60cad7bc59aaba9f42d792224
Add a GNU_STACK marker to crtend* files. This tells the linker
that these files do not require an executable stack.
When linking, a missing GNU_STACK marker in any .o file can prevent
the compiler from automatically marking the final executable as NX
safe (executable stack not required). In Android, we normally work
around this by adding -Wa,--noexecstack / -Wl,-z,noexecstack.
For files like crtend.S / crtend_so.S, which are included in every
executable / shared library, it's better to add the GNU_STACK note
directly to the assembly file. This allows the compiler to
automatically mark the final executable as NX safe without any
special command line options.
References: http://www.gentoo.org/proj/en/hardened/gnu-stack.xml
Change-Id: I07bd058f9f60ddd8b146e0fb36ba26ff84c0357d
This reverts commit 8793e7c7d2,
and fixes the build by building upstream NetBSD source as a
separate library that's then swallowed whole into libc_common.
Change-Id: I6c9317d8c48b5ccaf85a7b185bc07fb31176ff97
There were two bugs in our implementation. Intel found one, but another
remainined, and tracking upstream is the way forward for functions where
we add no value.
Change-Id: Ida9bac0293fb2c4cbc942b1e0515ee0477c6538b
Remove the hand-collated ones, and switch to a script that pulls the
copyright headers out of every file and collects the unique ones.
Change-Id: Ied3b98b3f56241df97166c410ff81de4e0157c9d
Also make the errors more readable, since none of us seemed to know
what they actually meant. The new style is still as verbose as the
old, but that's probably necessary in the absence of chained exceptions
in C. Here's what you'd see if you try to boot after removing
libsurfaceflinger.so:
32267 32267 E AndroidRuntime: java.lang.UnsatisfiedLinkError: Cannot load library: (linker.c:1629, pid 32259) soinfo_link_image: could not load library "libsystem_server.so" needed by "libandroid_servers.so"; caused by (linker.c:1629, pid 32259) soinfo_link_image: could not load library "libsurfaceflinger.so" needed by "libsystem_server.so"; caused by (linker.c:709, pid 32259) load_library: library "libsurfaceflinger.so" not found
This patch also fixes almost all of the compiler warnings.
Change-Id: I64bb59aed6d4e039c15ea45be2367f319ef879f8
At this point, FORTIFY_SOURCE and clang are just plain incompatible.
Need to solve the underlying incompatibility first.
Change-Id: I3366477d19461e1ec93b1c30e0c7e8145b391b9b
Kernel allows to use 6 registers(exclude eax) to pass parameter.
But in syscall's implementation, it only uses five registers.
It will lead to error when 6 parameters passed.
Change-Id: I92d663194e6334c3847f0c0c257ca3b9dee0edef
Author: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Xiaokang Qin <xiaokang.qin@intel.com>
Signed-off-by: Beare, Bruce J <bruce.j.beare@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Author-tracking-BZ: 30838
Includes this change:
* australasia (Pacific/Fakaofo): Tokelau is UTC+13, not UTC+14.
(Thanks to Steffen Thorsen.)
Change-Id: I51bfab759f424b90daeb1960c6cfb2b55b78ff46
Recent clang compiler doesn't have gnu_inline working. When frameworks/rs
is compiled with clang instead of gcc, it no longer works. Will be fixed
by this patch.
Change-Id: I8b281a1305151909e18958b73914ea27343cb4cd
Use the system supplied error numbers when mapping error numbers to messages.
Change-Id: I520556fa3e2ff668fdc4eda36ad31491fbb48ea8
Signed-off-by: Chris Dearman <chris@mips.com>
Signed-off-by: Raghu Gandham <raghu@mips.com>
__cxa_finalize() modifies the access permissions of __atexit
global variable without acquiring _ATEXIT_LOCK(). Fix it prevent
any possible races.
Change-Id: I11939d0ebcbf6f360c14163222d40a449d96948e
This allows debugging tools to know they are working with Android
binaries and adapt accordingly.
Signed-off-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Signed-off-by: Michael Hope <michael.hope@linaro.org>
Change-Id: Ic906992fcad61c028bb765821637a3e1333bf52b
In particular this affects assert(3) and __cxa_pure_virtual, both of
which have managed to confuse people this week by apparently aborting
without reason. (Because stderr goes nowhere, normally.)
Bug: 6852995
Bug: 6840813
Change-Id: I7f5d17d5ddda439e217b7932096702dc013b9142
RETRY macro may retry command if result is -1. In this
case the command was "connect < 0" instead of just
connect. The comparison will not return -1 and thus
retry is never done. This is now corrected so that
interrupts will cause retry instead of fail.
(There was no other negative side effect of the bug.
The result code from RETRY was used in an if-statement
and it would be true for all negative connect results.
This was according to expectations.)
Change-Id: Ie206b39878e9befea4e3be9a4061ee39eb232d80
Move the stackpointer so a captured signal does not corrupt
stack variables needed for __thread_entry.
Change-Id: I3e1e7b94a6d7cd3a07081f849043262743aa8064
The factory file (and Factory time zone) was meant as a way to say
"not configured" that would give a clear error when running date(1).
For us it would just look like UTC, so it is of no value.
Bug: 2997381
Change-Id: I1a4b85dce97d1d9370b22ba79e8fe5dafff56541
This upgrade involved rewriting the script; the data has moved to ftp.iana.org,
where it's slightly less convenient to access, so it's time to use something
that can talk FTP...
As for tzdata2012d, it's just updating Morocco for this weekend's changes, now
they've been decided at the last minute (as usual).
Change-Id: I772df57a6e09b3bf3d9541bfc08930d6f18633b4
This test is designed to detect code such as:
int main() {
char buf[10];
memcpy(buf, "1234567890", sizeof(buf));
size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
printf("%d\n", len);
return 0;
}
or anytime strlen reads beyond an object boundary. This should
help address memory leakage vulnerabilities and make other
unrelated vulnerabilities harder to exploit.
Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182
In our previous FORTIFY_SOURCE change, we started using a custom
inline for memcpy(), rather than using GCC's __builtin_memcpy_chk().
This allowed us to delete our copy of __memcpy_chk(), and replace it
by __memcpy_chk2().
Apparently GCC uses __memcpy_chk() outside of __builtin_memcpy_chk().
Specifically, __memcpy_chk() is used by __builtin__memMOVE_chk() under
certain optimization levels.
Keep the old __memcpy_chk() function around, and have it call into
__memcpy_chk2().
Change-Id: I2453930b24b8a492a3b6ed860e18d92a6b762b80
Added va_end() for copied variable arguments lists
in __vfprintf() and __find_arguments().
This is by C standard.
Important for systems which pass arguments in registers.
Change-Id: I7ac42beaa6645bfe856c18132253352dae29ea37
Two changes:
1) Detect memory read overruns.
For example:
int main() {
char buf[10];
memcpy(buf, "abcde", sizeof(buf));
sprintf("%s\n", buf);
}
because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time. Other similar
bugs may be detected at runtime.
2) Detect overlapping buffers on memcpy()
It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:
char buf3[0x800];
char *first_half = &buf3[0x400];
char *second_half = &buf3[1];
memset(buf3, 0, sizeof(buf3));
memcpy(first_half, second_half, 0x400);
printf("1: %s\n", buf3);
We now detect this at compile and run time.
Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
memmove() unconditionally calls memcpy() if "dst" < "src". For
example, in the code below, memmove() would end up calling memcpy(),
even though the regions of memory overlap.
int main() {
char buf3[0x800];
char *dst = &buf3[1];
char *src = &buf3[0x400];
memset(buf3, 0, sizeof(buf3));
memmove(dst, src, 0x400);
printf("1: %s\n", buf3);
return 0;
}
Calling memcpy() on overlaping regions only works if you assume
that memcpy() copies from start to finish. On some architectures,
it's more efficient to call memcpy() from finish to start.
This is also triggering a failure in some of my code.
More reading:
* http://lwn.net/Articles/414467/
* https://bugzilla.redhat.com/show_bug.cgi?id=638477#c31 (comment 31)
Change-Id: I65a51ae3a52dd4af335fe5c278056b8c2cbd8948
libc's stack protector initialization routine (__guard_setup)
is in bionic/ssp.c. This code deliberately modifies the stack
canary. This code should never be compiled with -fstack-protector-all
otherwise it will crash (mismatched canary value).
Force bionic/ssp.c to be compiled with -fno-stack-protector
Change-Id: Ib95a5736e4bafe1a460d6b4e522ca660b417d8d6
limits.h relies on PAGE_SIZE being defined without actually including
page.h. Make sure this is included to avoid compilation failures.
Signed-off-by: Arun Raghavan <arun.raghavan@collabora.co.uk>
Add fortify_source support for openat(). This change requires that
an argument be supplied when using O_CREAT.
Fix unnecessary call to __open_2. If, at compile time, we know that
"flags" is constant and DOESN'T contain O_CREAT, the call to __open_2
is useless.
Change-Id: Ifcd29c4fb25e25656961d7552d672e161f0cfdbd
Prefix private functions with underscores, to prevent name
conflicts.
Use __error__ instead of error, since occasionally programs will
create their own "#define error ...".
Change-Id: I7bb171df58aec5627e61896032a140db547fd95d
Add a FORTIFY_SOURCE check which requires that you pass a
"mode" argument when calling open(..., O_CREAT). If a mode isn't
passed, then the file is created with "undefined" permissions.
Change-Id: I4427be4f9ce170c69da01af5b00fb05b03613a28
Update headers for MSM MDP, MSM KGSL and MSM
rotator to match the version in the Linux
3.4 kernel baseline
Change-Id: I37052486be8c8862e65cac1f6934368ecc055a76
Add strlcpy / strlcat support to FORTIFY_SOURCE. This allows
us to do consistency checks on to ensure we don't overflow buffers
when the compiler is able to tell us the size of the buffer we're
dealing with.
Unlike previous changes, this change DOES NOT use the compiler's
builtin support. Instead, we do everything the compiler would
normally do.
Change-Id: I47c099a911382452eafd711f8e9bfe7c2d0a0d22
According to
http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
realloc should NOT be marked with __attribute__((malloc)). Quoting:
realloc-like functions do not have this property as the memory
pointed to does not have undefined content.
For reference, __mallocfunc is defined in sys/cdefs.h as:
#define __mallocfunc __attribute__((malloc))
Change-Id: I56083542ba92e4608dd7c55fb5596a138eb50cc9
sprintf FORTIFY_SOURCE protections are not available
on clang.
Also add various __attribute__s to stdio functions.
Change-Id: I936d1f9e55fe53a68885c4524b7b59e68fed218d
Pull in an updated version of filter.h / prctl.h / seccomp.h
from the linux kernel. Pulled from upstream kernel at
94fa83c424321189ca24fb6cb4c0d224cdedc72d
This file was generated using the following command:
cd bionic/libc/kernel/
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/seccomp.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/filter.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/prctl.h
Change-Id: I1ca996541d05b0d5927ab828a6ce49c09877ea01
Add _FORTIFY_SOURCE support for snprintf, vsnprintf
At this time, we opt out of these protections for clang, as clang
does not implement __builtin_va_arg_pack().
http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc
Change-Id: I73ebe5ec8dad1dca8898a76d6afb693a25f75375
Fix runtime error when snprintf() FORTIFY_SOURCE protections are
applied. The size passed to snprintf() is larger than the tmp
buffer size, which results in a runtime assertion failure.
Even though the size passed to snprintf is larger than the buffer,
there's no danger of overwriting the buffer because of the format
string passed to snprintf.
Change-Id: I35f0217d25f3b9c6d04c5a76c3238759c235545a
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.
Reported to AOSP by Jun-ya Kato.
(cherry-pick of 5056f1fad1187cd67729bb04ba72397d78256f03.)
Change-Id: Ic67f674d2221497c8166994812bb5fc7f0831066
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.
Reported to AOSP by Jun-ya Kato.
Change-Id: I111f9887f3812469b411b9cf5124d9dd624f19f7
Ensure that strcat / strncat check for integer overflows
when computing the length of the resulting string.
Change-Id: Ib806ad33a0d3b50876f384bc17787a28f0dddc37
I've basically just copied the relevant bits out of liblog and
EventLog.cpp. While this will let us do the uid logging we want
to address the concerns in 245c07027f78565858dd489eb0d94c3d48743e9d
it doesn't give us much else.
Change-Id: Icac6ff20bc0a3ade5927f6f76fedffe1ae6f8522
Add _FORTIFY_SOURCE support for the following functions:
* memset
* bzero
Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it
can be used from multiple header files.
Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7