Commit Graph

29 Commits

Author SHA1 Message Date
Elliott Hughes
8d60cc6316 Use __inline__ for fortify.
libunwind has #define inline /* empty */ which breaks our fortified headers.
glibc uses __inline but our BSD-derived headers often override that. __inline__
is the third alternative understood by GCC that -- as far as I know -- neither
the C library itself nor third-party code tries to mess with.

Bug: 12871594
Change-Id: I6677e70ea531bb7d4c46021b43af760d4ad8ecf7
2014-02-03 15:41:57 -08:00
Elliott Hughes
c13fb75cea Move bionic over to GCC's 'warning' attribute.
This is a better solution than the old __warn_references because it's
a compile-time rather than link-time warning, it doesn't rely on something
that doesn't appear to be supported by gold (which is why you only used
to see these warnings on mips builds), and the errors refer to the exact
call site(s) rather than just telling you which object file contains a
reference to the bad function.

This is primarily so we can build bionic for aarch64; building libc.so
caused these warnings to fire (because link time is the wrong time) and
warnings are errors.

Change-Id: I5df9281b2a9d98b164a9b11807ea9472c6faa9e3
2013-12-17 20:43:30 -08:00
Elliott Hughes
ab61eb366a Switch to upstream sleep(3) and usleep(3).
Also fix the signature of usleep, and the definition of useconds_t which
should be unsigned, as the 'u' in its name implies.

This patch also cleans up the existing FreeBSD hacks by moving the libm
stuff from <sys/cdefs.h> to a libm-private header, and adding comments
about the hacks we use to build FreeBSD source.

Change-Id: Ibe5067a380502df94a0a3a7901969b35411085b6
2013-11-20 16:24:16 -08:00
Nick Kralevich
bd8e6749b7 cdefs.h: introduce __bos0
Introduce __bos0 as a #define for __builtin_object_size((s), 0).
This macro is intended to be used for places where the standard
__bos macro isn't appropriate.

memcpy, memmove, and memset deliberately use __bos0. This is done
for two reasons:

1) I haven't yet tested to see if __bos is safe to use.
2) glibc uses __bos0 for these methods.

Change-Id: Ifbe02efdb10a72fe3529dbcc47ff647bde6feeca
2013-08-28 14:27:14 -07:00
Elliott Hughes
06040fd75c Add <sys/statvfs.h>.
Bug: 2512019
Change-Id: I6e7fd3fa281977cc4bc270481a95416b5b2dc351
2013-07-09 13:25:03 -07:00
Nick Kralevich
16d1af167f libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.

This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:

* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)

It may be possible, in the future, to enable other functions. However,
I need to write unittests first.

For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.

I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.

I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.

Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-18 12:14:20 -07:00
Nick Kralevich
b24c0637d0 libc: Introduce __errordecl()
Define __errordecl and replace __attribute__((__error__("foo")))
with __errordecl. Make sure __errordecl is a no-op on clang, as it
generates a compile time warning.

Change-Id: Ifa1a2d3afd6881de9d479fc2adac6737871a2949
2013-06-18 12:13:52 -07:00
Elliott Hughes
d04c183979 Add more __restricts, clean up __format__ attributes.
Change-Id: I7e2d270cc722d339d221eaea92747eaff3b51403
2013-05-14 16:08:43 -07:00
Nick Kralevich
78d6d9888c libc: upgrade sprintf to _FORTIFY_SOURCE=2
Upgrade sprintf to fortify_source level 2, to catch
additional security bugs.

Change-Id: Ibc957d65e4cb96152de84b3745a04e00fa22659e
2013-04-29 16:41:54 -07:00
Nick Kralevich
1aae9bd170 strncpy: implement _FORTIFY_SOURCE=2
Add support for fortify source level 2 to strncpy.
This will enable detection of more areas where strncpy
is used inappropriately. For example, this would have detected
bug 8727221.

Move the fortify_source tests out of string_test.cpp, and
put it into fortify1_test.cpp.

Create a new fortify2_test.cpp file, which copies all
the tests in fortify1_test.cpp, and adds fortify_source level
2 specific tests.

Change-Id: Ica0fba531cc7d0609e4f23b8176739b13f7f7a83
2013-04-29 15:22:10 -07:00
Elliott Hughes
890c8ed6ef Fix builds where _FORTIFY_SOURCE is off.
Also add a more intention-revealing guard so we don't have loads of
places checking whether our inlining macro is defined.

Change-Id: I168860cedcfc798b07a5145bc48a125700265e47
2013-03-22 10:58:55 -07:00
Elliott Hughes
7582a9c119 Switch x86 syscall stubs over to the ENTER/END style of the ARM stubs.
Also update the x86 asm.h to support this; we need it for libm assembler
anyway.

Also clean up the _FBSDID hack in <sys/cdefs.h>.

Change-Id: Iababd977b8110ec022bf7c93f4d62ece47630e7c
2013-02-06 17:08:15 -08:00
Elliott Hughes
24fad01755 Document the mallinfo struct, add missing attributes.
Change-Id: Ia97acce1f6a83bd8b3ba8dd20efd962bc96f35a9
2013-02-04 13:44:14 -08:00
Elliott Hughes
a0ee07829a Upgrade libm.
This brings us up to date with FreeBSD HEAD, fixes various bugs, unifies
the set of functions we support on ARM, MIPS, and x86, fixes "long double",
adds ISO C99 support, and adds basic unit tests.

It turns out that our "long double" functions have always been broken
for non-normal numbers. This patch fixes that by not using the upstream
implementations and just forwarding to the regular "double" implementation
instead (since "long double" on Android is just "double" anyway, which is
what BSD doesn't support).

All the tests pass on ARM, MIPS, and x86, plus glibc on x86-64.

Bug: 3169850
Bug: 8012787
Bug: https://code.google.com/p/android/issues/detail?id=6697
Change-Id: If0c343030959c24bfc50d4d21c9530052c581837
2013-02-01 14:51:19 -08:00
David 'Digit' Turner
c1b44ecc53 Revert "libc: Provide ucontext_t/mcontext_t/<sys/ucontext.h>"
This creates build issues in the internal Android tree.
Will investigate later.

Original patch: https://android-review.googlesource.com/#/c/38875/

Change-Id: I12c5995ebf172890051af42a5d3b31014c9c5117
2012-10-17 19:10:11 +02:00
David 'Digit' Turner
c124baaf29 libc: Provide ucontext_t/mcontext_t/<sys/ucontext.h>
This patch updates the C library headers to provide ucontext_t
definitions for three architectures.

+ Fix <signal.h> to always define 'struct sigcontext'.

The new declarations are announced with new macros defined in
<sys/cdefs.h> in order to make it easier to adapt client code
that already defines its own, incompatible, versions of the
structures seen here.

http://code.google.com/p/android/issues/detail?id=34784

Change-Id: Ie78c48690a4ce61c50593f6c39639be7fead3596
2012-10-17 15:59:23 +02:00
Nick Kralevich
829c089f83 disable _FORTIFY_SOURCE under clang
Clang and _FORTIFY_SOURCE are just plain incompatible with
each other.  First of all, clang doesn't understand the
__attribute__((gnu_inline)) header. Second of all,
Clang doesn't have support for __builtin_va_arg_pack()
and __builtin_va_arg_pack_len() (see
http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc)

Until we can resolve these issues, don't even try using
_FORTIFY_SOURCE under clang.

Change-Id: I81c2b8073bb3276fa9a4a6b93c427b641038356a
2012-08-29 12:47:41 -07:00
Shih-wei Liao
2b7f68c03d Revert "Fix the clang build: this compiler doesn't support the gnu_inline function attribute"
This reverts commit 4f1f149c37.
2012-08-03 17:44:08 -07:00
Shih-wei Liao
4f1f149c37 Fix the clang build: this compiler doesn't support the gnu_inline function attribute
Recent clang compiler doesn't have gnu_inline working. When frameworks/rs
is compiled with clang instead of gcc, it no longer works. Will be fixed
by this patch.

Change-Id: I8b281a1305151909e18958b73914ea27343cb4cd
2012-08-03 04:38:15 -07:00
Nick Kralevich
9b6cc223a3 FORTIFY_SOURCE: introduce __BIONIC_FORTIFY_UNKNOWN_SIZE macro
Replace all occurances of "(size_t) -1" with a
__BIONIC_FORTIFY_UNKNOWN_SIZE macro.

Change-Id: I0b188f6cf31417d2dbef0e1bd759de3f9782873a
2012-07-13 14:49:33 -07:00
Nick Kralevich
71a18dd435 _FORTIFY_SOURCE: add memset / bzero support
Add _FORTIFY_SOURCE support for the following functions:

* memset
* bzero

Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it
can be used from multiple header files.

Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7
2012-06-07 14:19:52 -07:00
Nick Kralevich
a677907ee8 string.h: add __attribute__ ((pure)) to string functions
cdefs.h: Introduce the __purefunc attribute, which allows us to mark
certain functions as being "pure".

http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html

  Many functions have no effects except the return value and their
  return value depends only on the parameters and/or global variables.
  Such a function can be subject to common subexpression elimination
  and loop optimization just as an arithmetic operator would be.

string.h: Mark many commently used string functions as "pure", to
allow for additional compiler optimizations.

Change-Id: I42961f90f822b6dbcbc3fd72cdbe774a7adc8785
2012-03-21 08:54:54 -07:00
David 'Digit' Turner
8eda21baa5 libc: <sys/cdefs.h>: Fix the use of __STDC_VERSION__ from C++
See http://code.google.com/p/android/issues/detail?id=14627 for context.

Change-Id: Idb10b675667d0d6e64dcb1d382be11e45aa6f4c4
2011-03-22 14:22:32 +01:00
David 'Digit' Turner
23d24394e7 libc: Add <android/api-level.h>
Add a new header that defines __ANDROID_API__ as a constant integer
corresponding to the current native API level. This header is included
by <sys/cdefs.h>

Change-Id: Ib4774e247b395991266245815a24292afc919848
NOTE: This header is already provided by the NDK's platform headers.
      for levels 3 to 9.
2010-12-06 12:05:11 +01:00
David 'Digit' Turner
50ace4fec5 Remove compiler warnings when building Bionic.
Also add missing declarations to misc. functions.
Fix clearerr() implementation (previous was broken).
Handle feature test macros like _POSIX_C_SOURCE properly.

Change-Id: Icdc973a6b9d550a166fc2545f727ea837fe800c4
2010-06-22 17:51:41 -07:00
David 'Digit' Turner
3527fd6f0d wchar.h: improve wchar_t support in Bionic
Change-Id: Iffd41046fd0933c66542abf7627a1569522dfcb2
2010-06-15 07:04:41 -07:00
The Android Open Source Project
1dc9e472e1 auto import from //depot/cupcake/@135843 2009-03-03 19:28:35 -08:00
The Android Open Source Project
1767f908af auto import from //depot/cupcake/@135843 2009-03-03 18:28:13 -08:00
The Android Open Source Project
a27d2baa0c Initial Contribution 2008-10-21 07:00:00 -07:00