Commit Graph

2506 Commits

Author SHA1 Message Date
Elliott Hughes
9dbd4c06fe am c27103d8: Merge "[MIPS] Use an aligned address to provoke SIGSEGV in abort()"
* commit 'c27103d84c124d40f3f4cff46d7cfa74342e0585':
  [MIPS] Use an aligned address to provoke SIGSEGV in abort()
2012-07-24 18:03:22 -07:00
Elliott Hughes
860dc7e25d am c98e2365: Merge "Fix implementation of generic atomic operations"
* commit 'c98e2365cdd0c2330711118b689171df143f6399':
  Fix implementation of generic atomic operations
2012-07-24 18:03:12 -07:00
Elliott Hughes
c27103d84c Merge "[MIPS] Use an aligned address to provoke SIGSEGV in abort()" 2012-07-24 17:42:51 -07:00
Chris Dearman
00a66a6fe8 [MIPS] Use an aligned address to provoke SIGSEGV in abort()
Change-Id: I269c9ccc07058773fb0f9d70673673157ab38f6a
2012-07-24 17:42:06 -07:00
Elliott Hughes
c98e2365cd Merge "Fix implementation of generic atomic operations" 2012-07-24 17:21:47 -07:00
Chris Dearman
958dad705a Fix implementation of generic atomic operations
Change-Id: Ie1ea5aacc561e2d6d40125d2952ed0e9116b7b0d
2012-07-24 13:56:38 -07:00
Elliott Hughes
0b82e1bd77 am d33ce20e: am 344aca8c: Merge "[MIPS] Add atomic routines"
* commit 'd33ce20e6dfbe5be081867c9ace538022991bb10':
  [MIPS] Add atomic routines
2012-07-24 13:53:37 -07:00
Elliott Hughes
d33ce20e6d am 344aca8c: Merge "[MIPS] Add atomic routines"
* commit '344aca8ced2522074f799439e201226377d02dba':
  [MIPS] Add atomic routines
2012-07-24 13:51:10 -07:00
Elliott Hughes
344aca8ced Merge "[MIPS] Add atomic routines" 2012-07-24 13:41:06 -07:00
Raghu Gandham
f7fb9e1ef1 [MIPS] Add atomic routines
Change-Id: I2cb20ce44dd230d222b7fc1ede2e1e3dce6e692b
2012-07-24 10:30:22 -07:00
Elliott Hughes
7cfe2c5c07 am 5e2a2705: am b109e437: Merge "Upgrade to tzdata2012d."
* commit '5e2a2705f237130bc516b62ff1372e94ad508f12':
  Upgrade to tzdata2012d.
2012-07-23 19:04:50 -07:00
Elliott Hughes
5e2a2705f2 am b109e437: Merge "Upgrade to tzdata2012d."
* commit 'b109e437fcbc1cbe09fce8ce2abb6f951d5a0274':
  Upgrade to tzdata2012d.
2012-07-21 14:20:17 -07:00
Elliott Hughes
b109e437fc Merge "Upgrade to tzdata2012d." 2012-07-21 14:09:24 -07:00
Elliott Hughes
5d967e43d0 Upgrade to tzdata2012d.
This upgrade involved rewriting the script; the data has moved to ftp.iana.org,
where it's slightly less convenient to access, so it's time to use something
that can talk FTP...

As for tzdata2012d, it's just updating Morocco for this weekend's changes, now
they've been decided at the last minute (as usual).

Change-Id: I772df57a6e09b3bf3d9541bfc08930d6f18633b4
2012-07-20 16:53:32 -07:00
Elliott Hughes
acda32c8f2 am a94c708a: am 654b1501: Merge "Update time.h for CLOCK_BOOTTIME."
* commit 'a94c708a15713535c0ece63ffc43d016eccfebe1':
  Update time.h for CLOCK_BOOTTIME.
2012-07-20 10:00:47 -07:00
Naseer Ahmed
2730674ca9 bionic: Update MDP and rotator headers
Change-Id: I585e07b004dfa6b5113050211ca67e4c057f5531
2012-07-20 08:54:32 -07:00
Elliott Hughes
a94c708a15 am 654b1501: Merge "Update time.h for CLOCK_BOOTTIME."
* commit '654b1501f7a936034d07f579c3d4a15d1319dac2':
  Update time.h for CLOCK_BOOTTIME.
2012-07-19 17:37:33 -07:00
Elliott Hughes
654b1501f7 Merge "Update time.h for CLOCK_BOOTTIME." 2012-07-19 17:18:37 -07:00
Nick Pelly
0351955a68 Update time.h for CLOCK_BOOTTIME.
(cherry-pick of 8958a38329)

Change-Id: Ie8de6b32fa81566db53ad7e9fd4b197f4cede628
2012-07-19 17:10:14 -07:00
Nick Pelly
8958a38329 Update time.h for CLOCK_BOOTTIME.
Change-Id: Iafbc6a2f57587feb68526e4eab67452aa0db5311
2012-07-19 16:33:58 -07:00
The Android Open Source Project
6591be6c52 Reconcile with jb-mr0-release
Change-Id: I5e181b92fbcc4b3d312396124a149f1c5224e55b
2012-07-19 08:35:39 -07:00
Ajay Dudani
3e210abf7d Adding msm_dsps.h header
Change-Id: I7736a3a895b9c81d5184f7c97ac0ed5aeb138d25
2012-07-19 07:26:26 -07:00
The Android Automerger
59fae8abaf merge in jb-release history after reset to jb-dev 2012-07-18 23:04:34 -07:00
Nick Kralevich
f6ee33cee7 Merge "linker: Fix LD_PRELOADS for calling constructors" 2012-07-18 14:02:22 -07:00
Elliott Hughes
3fd5e91e58 Merge "bionic: Report linker relocation address to gdb" 2012-07-16 11:38:23 -07:00
Elliott Hughes
05f03b8875 Merge "linker: cleanup of undefined state handling, which is really dead code" 2012-07-16 10:08:17 -07:00
Robin Burchell
8211bc6325 linker: cleanup of undefined state handling, which is really dead code
Given that _elf_lookup (and thus, _do_lookup) cannot possibly return an
undefined symbol (due to the check for SHN_UNDEF in _elf_lookup), there's
no need for spurious checks for SHN_UNDEF on its return value.

Conflicts:

	linker/linker.c

Change-Id: Ic73cf439924b45f72d4d9ba3f64a888c96cbbd9b
2012-07-16 10:03:35 -07:00
Elliott Hughes
decb531ce2 Merge "linker: Use SHN_UNDEF instead of describing what it is trying to do." 2012-07-16 10:00:38 -07:00
Robin Burchell
439fa8ea8c linker: Use SHN_UNDEF instead of describing what it is trying to do. 2012-07-16 09:51:17 -07:00
Elliott Hughes
8d7355ac2f Merge "Use std=gnu99 for the dynamic linker as well as libc." 2012-07-16 09:45:27 -07:00
Elliott Hughes
856512ea9c Use std=gnu99 for the dynamic linker as well as libc.
Change-Id: I76dd78576c5af6eb6282555f069647b6260edc31
2012-07-16 09:43:14 -07:00
Elliott Hughes
fabddfe833 Merge "limits.h: Include page.h when relying on PAGE_SIZE" 2012-07-16 09:39:24 -07:00
Nick Kralevich
b0f0d4276d Merge "FORTIFY_SOURCE: revert memcpy changes." 2012-07-16 08:24:32 -07:00
Ryan V. Bissell
bb5c30a3ee bionic: Report linker relocation address to gdb
GDB needs the runtime linker's base address in order to
locate the latter's ".text" and ".plt" sections, for the
purpose of detecting solib trampolines.  It also can
potentially use this to calculate the relocated address
of rtld_db_dlactivity.

Bug: http://code.google.com/p/android/issues/detail?id=34856
Change-Id: I63d3e7ae4e20a684ceb25967f2241e7d58dd685d
Signed-off-by: Ryan V. Bissell <ryan@bissell.org>
2012-07-16 02:16:18 -05:00
Kito Cheng
326e85eca6 linker: Fix LD_PRELOADS for calling constructors
Change-Id: I1eae77a4c59e8a5acc009127d271455bb6fc01b6
2012-07-15 00:49:34 +08:00
Nick Kralevich
c37fc1ab6a FORTIFY_SOURCE: revert memcpy changes.
Performance regressions.  Hopefully this is a temporary
rollback.

Bug: 6821003
Change-Id: I84abbb89e1739d506b583f2f1668f31534127764
2012-07-13 17:58:37 -07:00
Nick Kralevich
e1d909f71e Merge "FORTIFY_SOURCE: introduce __BIONIC_FORTIFY_UNKNOWN_SIZE macro" 2012-07-13 15:06:56 -07:00
Nick Kralevich
147b0690a9 Merge "FORTIFY_SOURCE: strlen check." 2012-07-13 15:06:41 -07:00
Nick Kralevich
ad7f966281 Merge "FORTIFY_SOURCE: restore __memcpy_chk()" 2012-07-13 14:52:26 -07:00
Nick Kralevich
9b6cc223a3 FORTIFY_SOURCE: introduce __BIONIC_FORTIFY_UNKNOWN_SIZE macro
Replace all occurances of "(size_t) -1" with a
__BIONIC_FORTIFY_UNKNOWN_SIZE macro.

Change-Id: I0b188f6cf31417d2dbef0e1bd759de3f9782873a
2012-07-13 14:49:33 -07:00
Nick Kralevich
260bf8cfe0 FORTIFY_SOURCE: strlen check.
This test is designed to detect code such as:

int main() {
  char buf[10];
  memcpy(buf, "1234567890", sizeof(buf));
  size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
  printf("%d\n", len);
  return 0;
}

or anytime strlen reads beyond an object boundary. This should
help address memory leakage vulnerabilities and make other
unrelated vulnerabilities harder to exploit.

Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182
2012-07-13 13:49:59 -07:00
Nick Kralevich
b2060b027c FORTIFY_SOURCE: restore __memcpy_chk()
In our previous FORTIFY_SOURCE change, we started using a custom
inline for memcpy(), rather than using GCC's __builtin_memcpy_chk().
This allowed us to delete our copy of __memcpy_chk(), and replace it
by __memcpy_chk2().

Apparently GCC uses __memcpy_chk() outside of __builtin_memcpy_chk().
Specifically, __memcpy_chk() is used by __builtin__memMOVE_chk() under
certain optimization levels.

Keep the old __memcpy_chk() function around, and have it call into
__memcpy_chk2().

Change-Id: I2453930b24b8a492a3b6ed860e18d92a6b762b80
2012-07-13 13:49:45 -07:00
Nick Kralevich
88bfc28ac4 Merge "FORTIFY_SOURCE: enhanced memcpy protections." 2012-07-13 07:57:58 -07:00
Yaroslav Miroshnychenko
c7dcd67d56 Add missing va_end() to prevent stack corruptions
Added va_end() for copied variable arguments lists
in __vfprintf() and __find_arguments().
This is by C standard.
Important for systems which pass arguments in registers.

Change-Id: I7ac42beaa6645bfe856c18132253352dae29ea37
2012-07-13 09:37:57 +02:00
Nick Kralevich
f3913b5b68 FORTIFY_SOURCE: enhanced memcpy protections.
Two changes:

1) Detect memory read overruns.

For example:

int main() {
  char buf[10];
  memcpy(buf, "abcde", sizeof(buf));
  sprintf("%s\n", buf);
}

because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time.  Other similar
bugs may be detected at runtime.

2) Detect overlapping buffers on memcpy()

It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:

  char buf3[0x800];
  char *first_half  = &buf3[0x400];
  char *second_half = &buf3[1];
  memset(buf3, 0, sizeof(buf3));
  memcpy(first_half, second_half, 0x400);
  printf("1: %s\n", buf3);

We now detect this at compile and run time.

Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
2012-07-12 15:38:15 -07:00
Nick Kralevich
86a4fca0b4 Merge "memmove: Don't call memcpy if regions overlap" 2012-07-12 10:06:28 -07:00
The Android Automerger
e13338429f merge in jb-mr0-release history after reset to jb-dev 2012-07-11 23:11:59 -07:00
Nick Kralevich
e64259e860 memmove: Don't call memcpy if regions overlap
memmove() unconditionally calls memcpy() if "dst" < "src". For
example, in the code below, memmove() would end up calling memcpy(),
even though the regions of memory overlap.

int main() {
  char buf3[0x800];
  char *dst  = &buf3[1];
  char *src = &buf3[0x400];
  memset(buf3, 0, sizeof(buf3));
  memmove(dst, src, 0x400);
  printf("1: %s\n", buf3);
  return 0;
}

Calling memcpy() on overlaping regions only works if you assume
that memcpy() copies from start to finish. On some architectures,
it's more efficient to call memcpy() from finish to start.

This is also triggering a failure in some of my code.

More reading:
* http://lwn.net/Articles/414467/
* https://bugzilla.redhat.com/show_bug.cgi?id=638477#c31 (comment 31)

Change-Id: I65a51ae3a52dd4af335fe5c278056b8c2cbd8948
2012-07-11 17:46:03 -07:00
Nick Kralevich
6334c662ca Don't use -fstack-protector on ssp.c
libc's stack protector initialization routine (__guard_setup)
is in bionic/ssp.c. This code deliberately modifies the stack
canary.  This code should never be compiled with -fstack-protector-all
otherwise it will crash (mismatched canary value).

Force bionic/ssp.c to be compiled with -fno-stack-protector

Change-Id: Ib95a5736e4bafe1a460d6b4e522ca660b417d8d6
2012-07-10 10:51:41 -07:00
Arun Raghavan
6331db3fd2 limits.h: Include page.h when relying on PAGE_SIZE
limits.h relies on PAGE_SIZE being defined without actually including
page.h. Make sure this is included to avoid compilation failures.

Signed-off-by: Arun Raghavan <arun.raghavan@collabora.co.uk>
2012-07-10 10:36:37 +05:30