Reuse the top bits of _JB_SIGFLAG field previously used to store a
boolean to store a cookie that's validated by [sig]longjmp to make it
harder to use as a ROP gadget. Additionally, encrypt saved registers
with the cookie so that an attacker can't modify a register's value to
a specific value without knowing the cookie.
Bug: http://b/23942752
Change-Id: Id0eb8d06916e89d5d776bfcaa9458f8826717ba3
For previous way to get the stack using the [stack] string from
/proc/self/task/<pid>/maps is not enough. On x86/x86_64, if an
alternative signal stack is used while a task switch happens,
the [stack] indicator may no longer be correct.
Instead, stack_start from /proc/self/stat which is always inside
the main stack, is used to find the main stack in /proc/self/maps.
Change-Id: Ieb010e71518b57560d541cd3b3563e5aa9660750
Signed-off-by: Nitzan Mor-sarid <nitzan.mor-sarid@intel.com>
Signed-off-by: Mingwei Shi <mingwei.shi@intel.com>
Allocations larger than PTRDIFF_MAX can be successfully created on
32-bit with a 3:1 split, or in 32-bit processes running on 64-bit.
Allowing these allocations to succeed is dangerous, as it introduces
overflows for `end - start` and isn't compatible with APIs (mis)using
ssize_t to report either the size or an error. POSIX is guilty of this,
as are many other Android APIs. LLVM even considers the `ptr + size`
case to be undefined, as all pointer arithmetic compiles down to signed
operations and overflow is treated as undefined for standard C pointer
arithmetic (GNU C `void *` arithmetic works differently).
This also prevents dlmalloc from allocating > PTRDIFF_MAX as it doesn't
merge mappings like jemalloc. A similar check will need to be added in
jemalloc's code path for huge allocations.
The musl libc implementation also performs this sanity check.
Change-Id: I5f849543f94a39719f5d27b00cef3079bb5933e9
http://pubs.opengroup.org/onlinepubs/9699919799/basedefs/sys_socket.h.html
> CMSG_DATA(cmsg)
> If the argument is a pointer to a cmsghdr structure, this macro
> shall return an unsigned character pointer to the data array
> associated with the cmsghdr structure.
Change-Id: I3f89ba19cbca4e6727abc65a2bbcd59267892ba8
Make unistd.h usable from all platform versions.
Also name all function parameters for Android Studio.
Bug: http://b/21952040
Change-Id: Ia1777fd4a6d4e37f25cc402c28fb78c003e481e3
The debug malloc code unconditionally closes stdin/stdout/stderr,
which means that other atexit functions cannot use them. Only
close these if there is a debug malloc final function to call.
This doesn't appear to be a problem on most normal applications or the
atexit_exit bionic unit test would be failing. However, if you
enable stat dumping in jemalloc, nothing prints. Most likely trying
to add an atexit function from within libc is causing that atexit
to run after the debug malloc atexit function.
Change-Id: I963720d4ccaaa511e44af07a7461f17eb3f84e8e
bionic is built without _FILE_OFFSET_BITS=64, so internally regoff_t
was 32-bit on LP32, but code compiled with _FILE_OFFSET_BITS would
expect rm_so and rm_eo in struct regmatch_t to be 64-bit, leading to
confusion.
Bug: http://b/23566443
Change-Id: Iae92fa545104068e4f64ce1977f5ec616859638c
Changes affecting future time stamps
North Korea switches to +0830 on 2015-08-15. (Thanks to Steffen Thorsen.)
The abbreviation remains "KST". (Thanks to Robert Elz.)
Uruguay no longer observes DST. (Thanks to Steffen Thorsen
and Pablo Camargo.)
Changes affecting past and future time stamps
Moldova starts and ends DST at 00:00 UTC, not at 01:00 UTC.
(Thanks to Roman Tudos.)
Bug: 23480367
Change-Id: I6a46b79be3a547d4af5f3f7ca1452640ed764e1c
The scripts affect files in external/icu, bionic
and the generated files affect libcore. The files must
be updated together so there is no "obvious" home.
OEM developers seem to want to update ICU
themselves and have been asking how. Moving the
scripts to external/icu and splitting the ICU generation
code into a sub-script they can run makes some sense.
Bug: 23419215
Change-Id: Ia26fa526fd2b560a79f36d327a10e262a85db752
Reports of devices not booting with a build range including
this patch. Reverting while I investigate.
This reverts commit 96dd2b6e85e03ca9ab2600c2031490c22d5626ad.
Bug: 23470962
Change-Id: I056f1d8668f52d31412868975f2143249fc7e8f0
These are just based on the read/pread{,64} implementations with the
function calls and error messages adjusted as appropriate. The only
difference is that the buffer parameters are const.
Change-Id: Ida1597a903807f583f230d74bcedffdb7b24fcf6
The ip values being reported are always pointing at the next
instruction to execute, not the currently executing instruction.
Change the ip address to point at the currently executing instruction.
This fixes a problem where the next instruction is not actually
part of the same function, so if an addr2line is used, it reports
the wrong value.
This does not modify the ip for mips.
Bug: 22565486
Change-Id: Ie0df4c9727f62ce06948b9a2b0e4b7956eb6e752
Add an optimized memset that is ~20% faster for cortex-a7 and
cortex-a53.
Add a 32 bit optimized cortex-a53 memcpy that is about ~20% faster
on cached data.
Fix the cortex-a15 __str{cat,cpy}_chk.S, memcpy_base.S to remove
the phony functions, since they aren't needed any more. Then add
a direct include of these for cortex-a53.
Verified the new functions by stepping through all of the major
paths and verifying the backtrace is still correct.
Bug: 22696180
Change-Id: Iec92a3f82d51243cca76c9aff9f35d920ff865ae