The allocation size in chk_malloc(), leak_malloc(), and leak_memalign()
functions may be rounded up to a small value, leading to buffer overflows.
The code only runs in debugging mode.
This patch complements commit 6f04a0f4 (CVE-2009-0607).
Change-Id: Id899bcd2bcd2ea2205e5753c433390710032dc83
Signed-off-by: Xi Wang <xi.wang@gmail.com>
ARM Cortex A8 use 64 bytes and ARM Cortex A9 use 32 bytes cache line
size.
The following patch:
Adds code to adjust memcpy cache line size to match A9 cache line
size.
Adds a flag to select between 32 bytes and 64 bytes cache line
size.
Copyright (C) ST-Ericsson SA 2010
Modified neon implementation to fit Cortex A9 cache line size
Author: Henrik Smiding henrik.smiding@stericsson.com for
ST-Ericsson.
Change-Id: I8a55946bfb074e6ec0a14805ed65f73fcd0984a3
Signed-off-by: Christian Bejram <christian.bejram@stericsson.com>
The posix_memalign(3) function is very similar to the traditional
memalign(3) function, but with better error reporting and a guarantee
that the memory it allocates can be freed. In bionic, memalign(3)
allocated memory can be freed, so posix_memalign(3) is just a wrapper
around memalign(3).
Change-Id: I62ee908aa5ba6b887d8446a00d8298d080a6a299
By default, Android no longer compiles code using it's custom
linker script /build/core/armelf.xsc. However, this causes
problems for libc. Certain programs linked using older versions
of GOLD expect libc.so to export __exidx_start and __exidx_end.
Removing the custom linker script causes libc.so not to export
those symbols.
For now, continue using the old linker script, until we can
figure out a better solution.
Change-Id: Iaf002afd63a58b848818da24e5a4525620dc4d74
In bionic/libc/SYSCALLS.TXT, the prototype of system call
clock_nanosleep is incorrect.
According to man page:
int clock_nanosleep(clockid_t clock_id, int flags,
const struct timespec *request,
struct timespec *remain);
Change-Id: Ic44c6db3d632293aa17998035554eacd664c2d57
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
In bionic/libc/SYSCALLS.TXT, the prototypes of system call
getresuid/getresgid are incorrect.
According to man page, they should be:
int getresuid(uid_t *ruid, uid_t *euid, uid_t *suid);
int getresgid(gid_t *rgid, gid_t *egid, gid_t *sgid);
Change-Id: I676098868bb05a9e1fe45419b234cf397626fdad
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
LTP: getcwd01 failed in LTP
Need to check getcwd parameters, otherwise it will lead to
posix test case to fail.
Change-Id: Ieb673b6dd4ca6481da81c5339dbf7ec0a463f263
Signed-off-by: Jin Wei <wei.a.jin@intel.com>
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
gensyscalls.py run from external/kernel-headers at commit
efab8f3e49f7f36ef0354b0996ecd5f3fa031e52
Change-Id: I959b64280e184655ef8c713aa79f9e23cb1f7df4
Since e19d702b8e33, dlsym and friends use recursive mutexes that
require the current thread id, which is not available before the libc
constructor. This prevents us from using dlsym() in .preinit_array.
This change moves TLS initialization from libc constructor to the earliest
possible point - immediately after linker itself is relocated. As a result,
pthread_internal_t for the initial thread is available from the start.
As a bonus, values stored in TLS in .preinit_array are not lost when libc is
initialized.
Change-Id: Iee5a710ee000173bff63e924adeb4a4c600c1e2d
The END macro was put too far down which made the linker complain about
it. Move up to the end of the code.
Change-Id: Ica71a9c6083b437d2213c7cefe34b0083c78f16b
Marking segments read-only was pushing the alignment of __on_dlclose by
2 bytes making it unaligned. This change makes sure the ARM code is
aligned to the 4 byte boundary.
Bug: 6313309
Change-Id: Ic2bf475e120dd61225ec19e5d8a9a8b1d0b7f081
This change fixes a segmentation fault in the libc unwinder when it goes
past __libc_init.
Unwind instructions for __libc_init direct it to grab the return address from
the stack frame. Without this change, the unwinder gets a wild address and
looks up further unwind instructions for the routine at that address. If it's
unlucky enough to hit an existing function, it will try to unwind it. Bad
things happen then.
With this change, the return address always points to the _start function,
which does not have unwind instructions associated with it. This stop the
unwind process.
__libc_init never returns, so this does not affect program execution, other
than adding 4 bytes on the main thread stack.
Change-Id: Id58612172e8825c8729cccd081541a13bff96bd0
From Change I526b5fce: Add NETLINK_IDLETIMER msg type and include the corresponding header file.
Change-Id: I24bffc11394c8664e4d7d7f439b0600545f07536
Signed-off-by: Ashish Sharma <ashishsharma@google.com>
From the release notes:
africa
Summer time changes for Morocco (to start late April 2012)
asia
Changes for 2012 for Gaza & the West Bank (Hebron) and Syria
northamerica
Haiti following US/Canada rules for 2012 (and we're assuming,
for now anyway, for the future).
Also include a change made internally to the 'generate' script as part of
the tzdata2011m update that apparently never made it to AOSP; the original
checkin comment for which was:
Update to tzdata2011m.
Fixes for Europe/Tiraspol (Moldova) and all four Ukrainian zones.
Also show the MD5 of the downloaded data, for comparison against the MD5
given in the announcement mails. (There's a plan to move to proper signing,
but that's not implemented on their end yet.)
(I'm repeating the tzdata change for the convenience of anyone grepping the
log, since the 2012 tzdata releases also contain the 2011m changes; 2011m
is the only missing release I noticed.)
Change-Id: I9a2e530b3a8ea88e3375334a12376e3d8526f267
* commit 'ea76f4147825cc39d9aa91230cd863ed29f28e27':
[MIPS] Clean Kernel headers are generated by running libc/kernel/tools/update_all.py script. This patch ignores any changes to libc/kernel directory not related to MIPS architecture.
* commit '09ce7749d74733b28d4fa7a1d36457cb366cc5da':
[MIPS] Clean Kernel headers are generated by running libc/kernel/tools/update_all.py script. This patch ignores any changes to libc/kernel directory not related to MIPS architecture.
libc/kernel/tools/update_all.py script. This patch ignores
any changes to libc/kernel directory not related to MIPS
architecture.
Change-Id: I2c9e461dccb7c33eb4420be2db1a562f45137c8d
Signed-off-by: Raghu Gandham <raghu@mips.com>
Signed-off-by: Chris Dearman <chris@mips.com>
First commit:
Revert "Revert "am be741d47: am 2f460fbe: am 73b5cad9: Merge "bionic: Fix wrong kernel_id in pthread descriptor after fork()"""
This reverts commit 06823da2f0c8b4a4ce4c45113032f03df85c94b8.
Second commit:
bionic: fix atfork hanlder_mutex deadlock
This cherry-picks commit 34e89c232dd5645fe3b5f9b40856d8e3e4cae57a
After applying the kernel_id fix, the system refused to boot up and we
got following crash log:
I/DEBUG ( 113): pid: 618, tid: 618 >>> org.simalliance.openmobileapi.service:remote <<<
I/DEBUG ( 113): signal 16 (SIGSTKFLT), code -6 (?), fault addr --------
I/DEBUG ( 113): eax fffffe00 ebx b77de994 ecx 00000080 edx 00724002
I/DEBUG ( 113): esi 00000000 edi 00004000
I/DEBUG ( 113): xcs 00000073 xds 0000007b xes 0000007b xfs 00000000 xss 0000007b
I/DEBUG ( 113): eip b7761351 ebp bfdf3de8 esp bfdf3dc4 flags 00000202
I/DEBUG ( 113): #00 eip: 00015351 /system/lib/libc.so
I/DEBUG ( 113): #01 eip: 0000d13c /system/lib/libc.so (pthread_mutex_lock)
I/DEBUG ( 113): #02 eip: 00077b48 /system/lib/libc.so (__bionic_atfork_run_prepare)
I/DEBUG ( 113): #03 eip: 00052cdb /system/lib/libc.so (fork)
I/DEBUG ( 113): #04 eip: 0009ae91 /system/lib/libdvm.so (_Z18dvmOptimizeDexFileillPKcjjb)
I/DEBUG ( 113): #05 eip: 000819d6 /system/lib/libdvm.so (_Z14dvmJarFileOpenPKcS0_PP7JarFileb)
I/DEBUG ( 113): #06 eip: 000b175e /system/lib/libdvm.so (_ZL40Dalvik_dalvik_system_DexFile_openDexFilePKjP6JValue)
I/DEBUG ( 113): #07 eip: 0011fb94 /system/lib/libdvm.so
Root cause:
The atfork uses the mutex handler_mutex to protect the atfork_head. The
parent will call __bionic_atfork_run_prepare() to lock the handler_mutex,
and need both the parent and child to unlock their own copy of handler_mutex
after fork. At that time, the owner of hanlder_mutex is set as the parent.
If we apply the kernel_id fix, then the child's kernel_id will be set as
child's tid.
The handler_mutex is a recursive lock, and pthread_mutex_unlock(&hander_mutex)
will fail because the mutex owner is the parent, while the current tid
(__get_thread()->kernel_id) is child, not matched with the mutex owner.
At that time, the handler_mutex is left in lock state.If the child wants to
fork other process after than, then it will try to lock handler_mutex, and
then be deadlocked.
Fix:
Since the child has its own copy of vm space from the the parent, the
child space's handler_mutex should be reset to the initialized state.
Change-Id: I3907dd9a153418fb78862f2aa6d0302c375d9e27
Signed-off-by: Jack Ren <jack.ren@intel.com>
Signed-off-by: Chenyang Du <chenyang.du@intel.com>
Signed-off-by: Bruce Beare <bruce.j.beare@intel.com>
Change-Id: Ic8072f366a877443a60fe215f3c00b3df5a259c8
This patch fixes an issue where 64-bit hreaders are incorrectly included
in kernel headers. For example, file "libc/kernel/arch-x86/asm/io.h"
incorreclty includes "io_64.h" (missing, BTW) instead of "io_32.h".
The reason is because CONFIG_X86_32 isn't considered pre-defined in
"kernel_default_arch_macros" for x86, and clean_header.py doesn't
look at it at all anyway (ie. __i386__ is also ignored, but it's
okay since x86 cross compiler defines it back)
Fixed 2 tools/*py, README.TXT, and refreshed libc/kernel headers
Change-Id: Iac834cc8b3548f055d3f2a214af36072dd679fe8
