Commit Graph

1457 Commits

Author SHA1 Message Date
Raghu Gandham
c29f295d39 Updated the cleaned header file mman.h for MIPS.
Change-Id: I8b3734e535711ca07fbf4066e6d967d1ce0f30eb
2012-07-31 14:47:51 -07:00
Elliott Hughes
a513f70b43 Merge "bionic: Stack pointer/signal race condition." 2012-07-31 10:32:59 -07:00
Elliott Hughes
21372896ea Merge "fix __cxa_finalize() implementation to be thread safe." 2012-07-31 10:31:20 -07:00
Srinavasa Nagaraju
2270dfa0c4 fix __cxa_finalize() implementation to be thread safe.
__cxa_finalize() modifies the access permissions of __atexit
global variable without acquiring  _ATEXIT_LOCK(). Fix it prevent
any possible races.

Change-Id: I11939d0ebcbf6f360c14163222d40a449d96948e
2012-07-31 12:30:28 +02:00
Michael Hope
ea8fad11d9 Add a .note.android.ident section to Android ELF binaries.
This allows debugging tools to know they are working with Android
binaries and adapt accordingly.

Signed-off-by: Thiago Jung Bauermann <thiago.bauermann@linaro.org>
Signed-off-by: Michael Hope <michael.hope@linaro.org>

Change-Id: Ic906992fcad61c028bb765821637a3e1333bf52b
2012-07-31 16:18:22 +12:00
Shih-wei Liao
fc0725ec5c Install crt(begin|end)_so.o to target library path.
BUG=6886348.

Change-Id: I176b2c4963d9731b06d10d4e0b92c010a0006b59
2012-07-28 00:33:28 -07:00
Elliott Hughes
52d6233296 Report errors to the log, not just stderr.
In particular this affects assert(3) and __cxa_pure_virtual, both of
which have managed to confuse people this week by apparently aborting
without reason. (Because stderr goes nowhere, normally.)

Bug: 6852995
Bug: 6840813
Change-Id: I7f5d17d5ddda439e217b7932096702dc013b9142
2012-07-27 17:43:38 -07:00
Ying Wang
6171d11e72 Replace ALL_PREBUILTS with BUILD_PREBUILT
(cherry-picked from 186b36b65bdfbf2c89a661539bf530359364eac9.)

Bug: 6857263
Change-Id: If787d84415dd2ac07105fe0d0b7a27c9be75df64
2012-07-27 13:44:01 -07:00
Elliott Hughes
12f411d9a6 Merge "Correction to use of TEMP_FAILURE_RETRY in send_prop_msg" 2012-07-27 10:02:59 -07:00
Jens Gulin
c20d0f3993 Correction to use of TEMP_FAILURE_RETRY in send_prop_msg
RETRY macro may retry command if result is -1. In this
case the command was "connect < 0" instead of just
connect. The comparison will not return -1 and thus
retry is never done. This is now corrected so that
interrupts will cause retry instead of fail.

(There was no other negative side effect of the bug.
The result code from RETRY was used in an if-statement
and it would be true for all negative connect results.
This was according to expectations.)

Change-Id: Ie206b39878e9befea4e3be9a4061ee39eb232d80
2012-07-27 15:18:23 +02:00
Peter Enderborg
3460db9490 bionic: Stack pointer/signal race condition.
Move the stackpointer so a captured signal does not corrupt
stack variables needed for __thread_entry.

Change-Id: I3e1e7b94a6d7cd3a07081f849043262743aa8064
2012-07-27 15:11:01 +02:00
Elliott Hughes
7d6c3f700b Merge "Remove the 'Factory' time zone by not processing the 'factory' file." 2012-07-26 17:36:21 -07:00
Elliott Hughes
541c225320 Remove the 'Factory' time zone by not processing the 'factory' file.
The factory file (and Factory time zone) was meant as a way to say
"not configured" that would give a clear error when running date(1).
For us it would just look like UTC, so it is of no value.

Bug: 2997381
Change-Id: I1a4b85dce97d1d9370b22ba79e8fe5dafff56541
2012-07-26 16:19:46 -07:00
Nick Kralevich
9145ad3f0a vfprintf: fix spelling.
Change-Id: I6dc611143fb1f3e9ccf0a77b40ee48a3c1d72ca9
2012-07-25 16:01:38 -07:00
Chris Dearman
00a66a6fe8 [MIPS] Use an aligned address to provoke SIGSEGV in abort()
Change-Id: I269c9ccc07058773fb0f9d70673673157ab38f6a
2012-07-24 17:42:06 -07:00
Chris Dearman
958dad705a Fix implementation of generic atomic operations
Change-Id: Ie1ea5aacc561e2d6d40125d2952ed0e9116b7b0d
2012-07-24 13:56:38 -07:00
Raghu Gandham
f7fb9e1ef1 [MIPS] Add atomic routines
Change-Id: I2cb20ce44dd230d222b7fc1ede2e1e3dce6e692b
2012-07-24 10:30:22 -07:00
Elliott Hughes
5d967e43d0 Upgrade to tzdata2012d.
This upgrade involved rewriting the script; the data has moved to ftp.iana.org,
where it's slightly less convenient to access, so it's time to use something
that can talk FTP...

As for tzdata2012d, it's just updating Morocco for this weekend's changes, now
they've been decided at the last minute (as usual).

Change-Id: I772df57a6e09b3bf3d9541bfc08930d6f18633b4
2012-07-20 16:53:32 -07:00
Nick Pelly
0351955a68 Update time.h for CLOCK_BOOTTIME.
(cherry-pick of 8958a38329)

Change-Id: Ie8de6b32fa81566db53ad7e9fd4b197f4cede628
2012-07-19 17:10:14 -07:00
Elliott Hughes
fabddfe833 Merge "limits.h: Include page.h when relying on PAGE_SIZE" 2012-07-16 09:39:24 -07:00
Nick Kralevich
c37fc1ab6a FORTIFY_SOURCE: revert memcpy changes.
Performance regressions.  Hopefully this is a temporary
rollback.

Bug: 6821003
Change-Id: I84abbb89e1739d506b583f2f1668f31534127764
2012-07-13 17:58:37 -07:00
Nick Kralevich
9b6cc223a3 FORTIFY_SOURCE: introduce __BIONIC_FORTIFY_UNKNOWN_SIZE macro
Replace all occurances of "(size_t) -1" with a
__BIONIC_FORTIFY_UNKNOWN_SIZE macro.

Change-Id: I0b188f6cf31417d2dbef0e1bd759de3f9782873a
2012-07-13 14:49:33 -07:00
Nick Kralevich
260bf8cfe0 FORTIFY_SOURCE: strlen check.
This test is designed to detect code such as:

int main() {
  char buf[10];
  memcpy(buf, "1234567890", sizeof(buf));
  size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
  printf("%d\n", len);
  return 0;
}

or anytime strlen reads beyond an object boundary. This should
help address memory leakage vulnerabilities and make other
unrelated vulnerabilities harder to exploit.

Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182
2012-07-13 13:49:59 -07:00
Nick Kralevich
b2060b027c FORTIFY_SOURCE: restore __memcpy_chk()
In our previous FORTIFY_SOURCE change, we started using a custom
inline for memcpy(), rather than using GCC's __builtin_memcpy_chk().
This allowed us to delete our copy of __memcpy_chk(), and replace it
by __memcpy_chk2().

Apparently GCC uses __memcpy_chk() outside of __builtin_memcpy_chk().
Specifically, __memcpy_chk() is used by __builtin__memMOVE_chk() under
certain optimization levels.

Keep the old __memcpy_chk() function around, and have it call into
__memcpy_chk2().

Change-Id: I2453930b24b8a492a3b6ed860e18d92a6b762b80
2012-07-13 13:49:45 -07:00
Nick Kralevich
f3913b5b68 FORTIFY_SOURCE: enhanced memcpy protections.
Two changes:

1) Detect memory read overruns.

For example:

int main() {
  char buf[10];
  memcpy(buf, "abcde", sizeof(buf));
  sprintf("%s\n", buf);
}

because "abcde" is only 6 bytes, copying 10 bytes from it is a bug.
This particular bug will be detected at compile time.  Other similar
bugs may be detected at runtime.

2) Detect overlapping buffers on memcpy()

It is a bug to call memcpy() on buffers which overlap. For
example, the following code is buggy:

  char buf3[0x800];
  char *first_half  = &buf3[0x400];
  char *second_half = &buf3[1];
  memset(buf3, 0, sizeof(buf3));
  memcpy(first_half, second_half, 0x400);
  printf("1: %s\n", buf3);

We now detect this at compile and run time.

Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
2012-07-12 15:38:15 -07:00
Nick Kralevich
e64259e860 memmove: Don't call memcpy if regions overlap
memmove() unconditionally calls memcpy() if "dst" < "src". For
example, in the code below, memmove() would end up calling memcpy(),
even though the regions of memory overlap.

int main() {
  char buf3[0x800];
  char *dst  = &buf3[1];
  char *src = &buf3[0x400];
  memset(buf3, 0, sizeof(buf3));
  memmove(dst, src, 0x400);
  printf("1: %s\n", buf3);
  return 0;
}

Calling memcpy() on overlaping regions only works if you assume
that memcpy() copies from start to finish. On some architectures,
it's more efficient to call memcpy() from finish to start.

This is also triggering a failure in some of my code.

More reading:
* http://lwn.net/Articles/414467/
* https://bugzilla.redhat.com/show_bug.cgi?id=638477#c31 (comment 31)

Change-Id: I65a51ae3a52dd4af335fe5c278056b8c2cbd8948
2012-07-11 17:46:03 -07:00
Nick Kralevich
6334c662ca Don't use -fstack-protector on ssp.c
libc's stack protector initialization routine (__guard_setup)
is in bionic/ssp.c. This code deliberately modifies the stack
canary.  This code should never be compiled with -fstack-protector-all
otherwise it will crash (mismatched canary value).

Force bionic/ssp.c to be compiled with -fno-stack-protector

Change-Id: Ib95a5736e4bafe1a460d6b4e522ca660b417d8d6
2012-07-10 10:51:41 -07:00
Arun Raghavan
6331db3fd2 limits.h: Include page.h when relying on PAGE_SIZE
limits.h relies on PAGE_SIZE being defined without actually including
page.h. Make sure this is included to avoid compilation failures.

Signed-off-by: Arun Raghavan <arun.raghavan@collabora.co.uk>
2012-07-10 10:36:37 +05:30
Nick Kralevich
8f08e1c902 Merge "FORTIFY_SOURCE: Add openat, fix bug" 2012-07-09 12:55:32 -07:00
Nick Kralevich
a3e230d1fa FORTIFY_SOURCE: Add openat, fix bug
Add fortify_source support for openat(). This change requires that
an argument be supplied when using O_CREAT.

Fix unnecessary call to __open_2. If, at compile time, we know that
"flags" is constant and DOESN'T contain O_CREAT, the call to __open_2
is useless.

Change-Id: Ifcd29c4fb25e25656961d7552d672e161f0cfdbd
2012-07-09 12:30:40 -07:00
Nick Kralevich
965dbc6405 FORTIFY_SOURCE: add fgets support.
Change-Id: I8c3410a90c71a3336c4ac8581618fa9330edf5e3
2012-07-09 09:57:18 -07:00
Rebecca Schultz Zavin
2ddf77b377 Merge "Modify ion header" 2012-06-28 14:16:10 -07:00
Nick Kralevich
bd73eede46 Merge "FORTIFY_SOURCE: add open() checks" 2012-06-27 12:56:52 -07:00
Nick Kralevich
cb228fb4a9 libc: cleanups
Prefix private functions with underscores, to prevent name
conflicts.

Use __error__ instead of error, since occasionally programs will
create their own "#define error ...".

Change-Id: I7bb171df58aec5627e61896032a140db547fd95d
2012-06-26 16:05:19 -07:00
Nick Kralevich
8118f62a7d FORTIFY_SOURCE: add open() checks
Add a FORTIFY_SOURCE check which requires that you pass a
"mode" argument when calling open(..., O_CREAT). If a mode isn't
passed, then the file is created with "undefined" permissions.

Change-Id: I4427be4f9ce170c69da01af5b00fb05b03613a28
2012-06-26 15:19:12 -07:00
Andy McFadden
f2ba5c9afa am 63c4179f: am 4d0128f1: Merge "Minor tweak to get memory around corrupted heap chunks dumped." into jb-dev
* commit '63c4179f5951edc2d68700fe75659fbd34febe63':
  Minor tweak to get memory around corrupted heap chunks dumped.
2012-06-19 11:33:19 -07:00
Andy McFadden
63c4179f59 am 4d0128f1: Merge "Minor tweak to get memory around corrupted heap chunks dumped." into jb-dev
* commit '4d0128f13a3ca9f7a0c81b6e69f7e20d28e9e6e3':
  Minor tweak to get memory around corrupted heap chunks dumped.
2012-06-19 11:31:14 -07:00
Ben Cheng
ec2ab73b87 Minor tweak to get memory around corrupted heap chunks dumped.
Change-Id: I8f72c5c7e23960b13fc53e2354cd74aca8aac3c0
2012-06-19 07:11:38 -07:00
Arve Hjønnevåg
ece8f502ed Merge "Add watchdog.h" 2012-06-14 16:13:16 -07:00
Nick Kralevich
70f6901c3d libc: make atoi, atol, and atoll pure functions
Change-Id: Ib831c079c865929b6c91d42f35e117f2e974808f
2012-06-14 13:57:43 -07:00
Nick Kralevich
8df49ad246 FORTIFY_SOURCE: add strlcpy / strlcat support
Add strlcpy / strlcat support to FORTIFY_SOURCE. This allows
us to do consistency checks on to ensure we don't overflow buffers
when the compiler is able to tell us the size of the buffer we're
dealing with.

Unlike previous changes, this change DOES NOT use the compiler's
builtin support. Instead, we do everything the compiler would
normally do.

Change-Id: I47c099a911382452eafd711f8e9bfe7c2d0a0d22
2012-06-14 12:52:42 -07:00
Arve Hjønnevåg
420f4939b3 Add watchdog.h
Change-Id: Ib12d437151ccfbd634e9f01acd8556c79977ca04
2012-06-13 21:58:08 -07:00
Nick Kralevich
a5eaa02f62 Merge "Don't mark realloc with __attribute__((malloc))" 2012-06-13 16:13:32 -07:00
Nick Kralevich
b27631b9ae Don't mark realloc with __attribute__((malloc))
According to
http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html

realloc should NOT be marked with __attribute__((malloc)). Quoting:

   realloc-like functions do not have this property as the memory
   pointed to does not have undefined content.

For reference, __mallocfunc is defined in sys/cdefs.h as:

    #define __mallocfunc  __attribute__((malloc))

Change-Id: I56083542ba92e4608dd7c55fb5596a138eb50cc9
2012-06-13 15:43:14 -07:00
Nick Kralevich
8c54c56723 Merge "FORTIFY_SOURCE: add sprintf / vsprintf support" 2012-06-13 11:03:42 -07:00
Nick Kralevich
9b549c39c9 FORTIFY_SOURCE: add sprintf / vsprintf support
sprintf FORTIFY_SOURCE protections are not available
on clang.

Also add various __attribute__s to stdio functions.

Change-Id: I936d1f9e55fe53a68885c4524b7b59e68fed218d
2012-06-13 09:14:30 -07:00
Nick Kralevich
ca622f5748 Merge "update filter.h / prctl.h / seccomp.h" 2012-06-12 16:34:46 -07:00
Robert Greenwalt
8f88aa7d38 am c5cab345: am 028ccf5d: Merge "Avoid multiple dns lookups for the same query"
* commit 'c5cab3452d5ced55474e56497594579108670b51':
  Avoid multiple dns lookups for the same query
2012-06-12 15:56:29 -07:00
Robert Greenwalt
c5cab3452d am 028ccf5d: Merge "Avoid multiple dns lookups for the same query"
* commit '028ccf5d40dd9a945ea92aa79822c08c6f6aa1d2':
  Avoid multiple dns lookups for the same query
2012-06-12 15:52:56 -07:00
Nick Kralevich
d1a6918508 update filter.h / prctl.h / seccomp.h
Pull in an updated version of filter.h / prctl.h / seccomp.h
from the linux kernel.  Pulled from upstream kernel at
94fa83c424321189ca24fb6cb4c0d224cdedc72d

This file was generated using the following command:

cd bionic/libc/kernel/
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/seccomp.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/filter.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/prctl.h

Change-Id: I1ca996541d05b0d5927ab828a6ce49c09877ea01
2012-06-12 15:46:31 -07:00
Robert Greenwalt
028ccf5d40 Merge "Avoid multiple dns lookups for the same query" 2012-06-12 15:06:24 -07:00
Nick Kralevich
c2f1d215b1 Merge "FORTIFY_SOURCE: add snprintf, vsnprintf" 2012-06-12 08:50:57 -07:00
Elliott Hughes
c9142d4d8e am 571da80c: am c75491e2: Merge "Remove an obsolete jamfile."
* commit '571da80c58e13eac4d4fb29d38342879e5dede13':
  Remove an obsolete jamfile.
2012-06-11 17:42:43 -07:00
Elliott Hughes
20afd4e70c am e0961445: Merge "Remove the meaningless on Linux if_dl.h header."
* commit 'e0961445124b5ff39412da32578e14e0d1f6afd6':
  Remove the meaningless on Linux if_dl.h header.
2012-06-11 17:41:10 -07:00
Elliott Hughes
571da80c58 am c75491e2: Merge "Remove an obsolete jamfile."
* commit 'c75491e291586540c213ae088fc75b71fc4d3752':
  Remove an obsolete jamfile.
2012-06-11 17:41:04 -07:00
Elliott Hughes
e096144512 Merge "Remove the meaningless on Linux if_dl.h header." 2012-06-11 16:49:57 -07:00
Nick Kralevich
cffdf6693f FORTIFY_SOURCE: add snprintf, vsnprintf
Add _FORTIFY_SOURCE support for snprintf, vsnprintf

At this time, we opt out of these protections for clang, as clang
does not implement __builtin_va_arg_pack().

http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc

Change-Id: I73ebe5ec8dad1dca8898a76d6afb693a25f75375
2012-06-11 16:46:16 -07:00
Elliott Hughes
4c19e4f64f Remove an obsolete jamfile.
Was bionic ever built with jam? Weird!

Change-Id: Iea9a7af8bf46ee8319963e642da48e3bb49f6c60
2012-06-11 16:17:45 -07:00
Nick Kralevich
0f5b48ce28 Merge "inet_ntop: pass the size of tmp to snprintf()" 2012-06-11 16:11:20 -07:00
Nick Kralevich
85b06f9365 inet_ntop: pass the size of tmp to snprintf()
Fix runtime error when snprintf() FORTIFY_SOURCE protections are
applied. The size passed to snprintf() is larger than the tmp
buffer size, which results in a runtime assertion failure.

Even though the size passed to snprintf is larger than the buffer,
there's no danger of overwriting the buffer because of the format
string passed to snprintf.

Change-Id: I35f0217d25f3b9c6d04c5a76c3238759c235545a
2012-06-11 16:00:52 -07:00
Rebecca Schultz Zavin
6d3f548294 Modify ion header
Change-Id: Ib963e8b064f7883bf098e006c70df20732496100
Signed-off-by: Rebecca Schultz Zavin <rebecca@android.com>
2012-06-11 15:52:02 -07:00
Elliott Hughes
c3d45b822c Remove the meaningless on Linux if_dl.h header.
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.

Reported to AOSP by Jun-ya Kato.

(cherry-pick of 5056f1fad1187cd67729bb04ba72397d78256f03.)

Change-Id: Ic67f674d2221497c8166994812bb5fc7f0831066
2012-06-11 15:13:37 -07:00
Elliott Hughes
7c5c68f5c7 Merge "Remove the meaningless on Linux if_dl.h header." 2012-06-11 15:09:57 -07:00
Elliott Hughes
5056f1fad1 Remove the meaningless on Linux if_dl.h header.
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.

Reported to AOSP by Jun-ya Kato.

Change-Id: I111f9887f3812469b411b9cf5124d9dd624f19f7
2012-06-11 15:01:10 -07:00
Geremy Condra
631498de43 Merge "Added event logging for some spoofed DNS queries." 2012-06-11 12:17:12 -07:00
Geremy Condra
524c87c61c Added event logging for some spoofed DNS queries.
Change-Id: I40909306e8cf922f1dd5a5685db89f732a709794
2012-06-11 11:44:48 -07:00
Geremy Condra
009f38478e Added actual event logging calls to the FORTIFY_SOURCE methods.
Change-Id: I3bf4fa8678c33187cb8ce4b75e666ddcd24403ab
2012-06-11 11:30:56 -07:00
Nick Kralevich
76656afc6d _FORTIFY_SOURCE: check for integer overflows
Ensure that strcat / strncat check for integer overflows
when computing the length of the resulting string.

Change-Id: Ib806ad33a0d3b50876f384bc17787a28f0dddc37
2012-06-08 20:18:19 -07:00
Geremy Condra
ec8addcc8a Merge "Adding event logging to libc." 2012-06-08 12:17:11 -07:00
Geremy Condra
8b11c4cec2 Adding event logging to libc.
I've basically just copied the relevant bits out of liblog and
EventLog.cpp. While this will let us do the uid logging we want
to address the concerns in 245c07027f78565858dd489eb0d94c3d48743e9d
it doesn't give us much else.

Change-Id: Icac6ff20bc0a3ade5927f6f76fedffe1ae6f8522
2012-06-08 12:14:48 -07:00
Nick Kralevich
71a18dd435 _FORTIFY_SOURCE: add memset / bzero support
Add _FORTIFY_SOURCE support for the following functions:

* memset
* bzero

Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it
can be used from multiple header files.

Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7
2012-06-07 14:19:52 -07:00
Elliott Hughes
459049719c am d0c25027: am 2b89f1e3: Merge "Fix sysconf(_SC_NPROCESSORS_CONF) on ARM."
* commit 'd0c250271c983c3de282ff02bd2528e74ad8b5f1':
  Fix sysconf(_SC_NPROCESSORS_CONF) on ARM.
2012-06-06 13:50:29 -07:00
Elliott Hughes
d0c250271c am 2b89f1e3: Merge "Fix sysconf(_SC_NPROCESSORS_CONF) on ARM."
* commit '2b89f1e37df838e466d382fc602728930bad4c68':
  Fix sysconf(_SC_NPROCESSORS_CONF) on ARM.
2012-06-06 13:48:07 -07:00
Elliott Hughes
a985076bfe Fix sysconf(_SC_NPROCESSORS_CONF) on ARM.
Bug: http://code.google.com/p/enh/issues/detail?id=33
Change-Id: I679b4cd888d362031042284e8edf01c5273a92aa
2012-06-06 12:04:38 -07:00
Elliott Hughes
158ad015c2 am 3069270d: am c2bba24d: Merge "Give the timer_create SIGEV_THREAD helper threads sensible names."
* commit '3069270d8641c7bb57aa308d8f90b4d2dcbf66fc':
  Give the timer_create SIGEV_THREAD helper threads sensible names.
2012-06-06 11:37:25 -07:00
Elliott Hughes
3069270d86 am c2bba24d: Merge "Give the timer_create SIGEV_THREAD helper threads sensible names."
* commit 'c2bba24d0a6b906f00d7b9f20ac9d32d63bb2e9d':
  Give the timer_create SIGEV_THREAD helper threads sensible names.
2012-06-06 11:35:32 -07:00
Elliott Hughes
470631ed79 Give the timer_create SIGEV_THREAD helper threads sensible names.
Bug: 6609676
Change-Id: I286b197c75beee4d9930b0973f2d7dd47c14e91c
2012-06-06 10:32:56 -07:00
Nick Kralevich
204c6e5ff3 Merge "arm: rewrite crtbegin* as C files." 2012-06-06 08:54:22 -07:00
Nick Kralevich
0a2301598c libc: implement some FORTIFY_SOURCE functions
Add initial support for -D_FORTIFY_SOURCE to bionic for the
following functions:

* memcpy
* memmove
* strcpy
* strcat
* strncpy
* strncat

This change adds a new version of the above functions which passes
the size of the destination buffer to __builtin___*_chk.

If the compiler can determine, at compile time, that the destination
buffer is large enough, or the destination buffer can point to an object
of unknown size, then the check call is bypassed.

If the compiler can't make a compile time decision, then it calls
the __*_chk() function, which does a runtime buffer size check

These options are only enabled if the code is compiled with
-D_FORTIFY_SOURCE=1 or 2, and only when optimizations are enabled.

Please see
* http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
* http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html

for additional details on FORTIFY_SOURCE.

Testing: Compiled the entire Android tree with -D_FORTIFY_SOURCE=1,
and verified that everything appears to be working properly.
Also created a test buffer overflow, and verified that it was
caught by this change.

Change-Id: I4fddb445bafe92b16845b22458d72e6dedd24fbc
2012-06-05 15:44:31 -07:00
Iliyan Malchev
31431f454a am 252a5c85: resolved conflicts for merge of e1dd3c28 to jb-dev-plus-aosp
* commit '252a5c854a08e89fc7337ea679220161fe4ea98f':
  bionic: import heaptracker as chk_malloc
2012-06-02 08:35:07 -07:00
Iliyan Malchev
143ad4cf31 am f0ddaa2f: am 7d2e24eb: bionic: introduce libc.debug.malloc.program
* commit 'f0ddaa2fac00ac20059c0b2c142da9de2838a7b6':
  bionic: introduce libc.debug.malloc.program
2012-06-02 08:20:09 -07:00
Iliyan Malchev
252a5c854a resolved conflicts for merge of e1dd3c28 to jb-dev-plus-aosp
Change-Id: I58b9c13d20771aa39b703ec05cbff8aeaad38fe8
2012-06-02 08:14:36 -07:00
Iliyan Malchev
f0ddaa2fac am 7d2e24eb: bionic: introduce libc.debug.malloc.program
* commit '7d2e24eb167b6257f7935c7bd2023a708704ca1a':
  bionic: introduce libc.debug.malloc.program
2012-06-01 19:03:06 -07:00
Iliyan Malchev
e1dd3c287b bionic: import heaptracker as chk_malloc
This patch is a rewrite of libc.debug.malloc = 10 (chk_malloc).  It provides
the same features as the original (poison freed memory, detect heap overruns
and underruns), except that it provides more debugging information whenever it
detects a problem.

In addition to the original features, the new chk_malloc() implementation
detects multiple frees within a given range of the last N allocations, N being
configurable via the system property libc.debug.malloc.backlog.

Finally, this patch keeps track of all outstanding memory allocations.  On
program exit, we walk that list and report each outstanding allocation.

(There is support (not enabled) for a scanner thread periodically walks over
the list of outstanding allocations as well as the backlog of recently-freed
allocations, checking for heap-usage errors.)

Feature overview:

  1) memory leaks
  2) multiple frees
  3) use after free
  4) overrun

Implementation:

-- for each allocation, there is a:
  1) stack trace at the time the allocation is made
  2) if the memory is freed, there is also a stack trace at the point
  3) a front and rear guard (fence)
  4) the stack traces are kept together with the allocation

-- the following lists and maintained

  1) all outstanding memory allocations
  3) a backlog of allocations what are freed; when you call free(), instead of
     actually freed, the allocation is moved to this backlog;
  4) when the backlog of allocations gets full, the oldest entry gets evicted
     from it; at that point, the allocation is checked for overruns or
     use-after-free errors, and then actually freed.
  5) when the program exits, the list of outstanding allocations and the
     backlog are inspected for errors, then freed;

To use this, set the following system properties before running the process or
processes you want to inspect:

libc.malloc.debug.backlog # defaults to 100
libc.malloc.debug 10

When a problem is detected, you will see the following on logcat for a multiple
free:

E/libc    ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 BYTES MULTIPLY FREED!
E/libc    ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 ALLOCATED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c658  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d80  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 4009647c  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 FIRST FREED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c7d2  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d94  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 40096490  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9278 SIZE 10 NOW BEING FREED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c6ac  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d94  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 400964a0  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so

The following for a heap overrun and underrun:

E/libc    ( 7233): +++ REAR GUARD MISMATCH [10, 11)
E/libc    ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 HAS A CORRUPTED REAR GUARD
E/libc    ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 ALLOCATED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c658  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d80  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 40096438  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9198 SIZE 10 FREED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c7d2  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d94  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 40096462  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 HAS A CORRUPTED FRONT GUARD
E/libc    ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 ALLOCATED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c658  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d80  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 400964ba  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so
E/libc    ( 7233): +++ ALLOCATION 0x404b9358 SIZE 10 FREED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c7d2  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d94  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 400964e4  /system/bin/malloctest
E/libc    ( 7233):      #04  pc 00016f24  /system/lib/libc.so

The following for a memory leak:

E/libc    ( 7233): +++ THERE ARE 1 LEAKED ALLOCATIONS
E/libc    ( 7233): +++ DELETING 4096 BYTES OF LEAKED MEMORY AT 0x404b95e8 (1 REMAINING)
E/libc    ( 7233): +++ ALLOCATION 0x404b95e8 SIZE 4096 ALLOCATED HERE:
E/libc    ( 7233): *** *** *** *** *** *** *** *** *** *** *** *** *** *** *** ***
E/libc    ( 7233):      #00  pc 0000c35a  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #01  pc 0000c658  /system/lib/libc_malloc_debug_leak.so
E/libc    ( 7233):      #02  pc 00016d80  /system/lib/libc.so
E/libc    ( 7233):      #03  pc 0001bc94  /system/lib/libc.so
E/libc    ( 7233):      #04  pc 0001edf6  /system/lib/libc.so
E/libc    ( 7233):      #05  pc 0001b80a  /system/lib/libc.so
E/libc    ( 7233):      #06  pc 0001c086  /system/lib/libc.so
E/libc    ( 7233):      #07  pc 40096402  /system/bin/malloctest
E/libc    ( 7233):      #08  pc 00016f24  /system/lib/libc.so

Change-Id: Ic440e9d05a01e2ea86b25e8998714e88bc2d16e0
Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-06-01 15:54:34 -07:00
Nick Kralevich
9d40326830 arm: rewrite crtbegin* as C files.
Rewrite
 crtbegin.S     -> crtbegin.c
 crtbegin_so.S  -> crtbegin_so.c

This change allows us to generate PIC code without relying
on text relocations.

As a consequence of this rewrite, also rewrite
  __dso_handle.S    -> __dso_handle.c
  __dso_handle_so.S -> __dso_handle_so.c
  atexit.S          -> atexit.c

In crtbegin.c _start, place the __PREINIT_ARRAY__, __INIT_ARRAY__,
__FINI_ARRAY__, and __CTOR_LIST__ variables onto the stack, instead of
passing a pointer to the text section of the binary.

This change appears sorta wonky, as I attempted to preserve,
as much as possible, the structure of the original assembly.
As a result, you have C files including other C files, and other
programming uglyness.

Result: This change reduces the number of files with text-relocations
from 315 to 19 on my Android build.

Before:
  $ scanelf -aR $OUT/system | grep TEXTREL | wc -l
  315

After:
  $ scanelf -aR $OUT/system | grep TEXTREL | wc -l
  19

Change-Id: Ib9f98107c0eeabcb606e1ddc7ed7fc4eba01c9c4
2012-06-01 14:41:27 -07:00
Iliyan Malchev
7d2e24eb16 bionic: introduce libc.debug.malloc.program
libc.debug.malloc.program  provides an additional level of control over which
processes to enable libc.debug.malloc functionality for.  The string value of
libc.debug.malloc.program is matched against the program name; if the value of
libc.debug.malloc.program is a substring of the program name, then malloc debug
is applied to that program at whatever level libc.debug.malloc specifies.

If lib.debug.malloc.program is not specified, then libc.debug.malloc has the
same effect as before.

For example, to enable libc.deubug.malloc = 10 only to the mediaserver, do the
following:

   adb root # necessary for setprop
   adb setprop libc.debug.malloc.program mediaserver
   adb setprop libc.debug.malloc 10
   adb kill -9 $(pid mediaserver)

Change-Id: I6f01c12f033c8e2e015d73025369d7f1685ba200
Signed-off-by: Iliyan Malchev <malchev@google.com>
2012-05-30 20:03:47 -07:00
Nick Kralevich
857fc9eab9 Merge "crtbegin: eliminate duplicate code" 2012-05-30 13:29:58 -07:00
Nick Kralevich
83a73d1afe crtbegin: eliminate duplicate code
crtbegin_dynamic and crtbegin_static are essentially identical,
minus a few trivial differences (comments and whitespace).

Eliminate duplicates.

Change-Id: Ic9fae6bc9695004974493b53bfc07cd3bb904480
2012-05-30 11:45:12 -07:00
Geremy Condra
207d7673e5 am 5a095ef2: am 03539a36: Merge "Ensure that the port number and TXID are properly randomized." into jb-dev
* commit '5a095ef28716b54f86d9c1727b9a2493ba775255':
  Ensure that the port number and TXID are properly randomized.
2012-05-30 11:11:33 -07:00
Geremy Condra
5a095ef287 am 03539a36: Merge "Ensure that the port number and TXID are properly randomized." into jb-dev
* commit '03539a36b634bdfa61c06277cf25e0ca8e3105ba':
  Ensure that the port number and TXID are properly randomized.
2012-05-30 11:09:05 -07:00
Geremy Condra
03539a36b6 Merge "Ensure that the port number and TXID are properly randomized." into jb-dev 2012-05-30 11:06:54 -07:00
Ben Cheng
41c2a112c2 am d7b60b20: am c84ff11d: Print the corrupted address passed to free().
* commit 'd7b60b207be79513b99faf2ef576db333f9c7a78':
  Print the corrupted address passed to free().
2012-05-24 17:23:43 -07:00
Ben Cheng
d7b60b207b am c84ff11d: Print the corrupted address passed to free().
* commit 'c84ff11dad26435dc5760bceda18e8f1175a6061':
  Print the corrupted address passed to free().
2012-05-24 17:21:03 -07:00
Ben Cheng
c84ff11dad Print the corrupted address passed to free().
For example:

@@@ ABORTING: INVALID HEAP ADDRESS IN dlfree addr=0x5c3bfbd0
Fatal signal 11 (SIGSEGV) at 0xdeadbaad (code=1), thread 2942

The addr=0x5c3bfbd0 part is new.

Change-Id: I8670144b2b0a3a6182384150d762c97dfee5452f
2012-05-24 17:06:43 -07:00
Geremy Condra
b23f193dcc Ensure that the port number and TXID are properly randomized.
This fix reads from /dev/urandom to get the required entropy.

Bug: 6535492
Change-Id: Ibc2fec3f71a67607b608ad9b767b0b6504993c1d
2012-05-24 15:26:12 -07:00
Jean-Baptiste Queru
15ed08d065 am d155ba57: am c7882ab2: Merge "bionic: add clean kernel header ucontext.h"
* commit 'd155ba57a32ce3182d8a5b79ff27bc5e7fa55df9':
  bionic: add clean kernel header ucontext.h
2012-05-21 12:41:30 -07:00
Elliott Hughes
7cce04381a resolved conflicts for merge of dc6c2b77 to master
Change-Id: Ifab4573a825cf5caa7158d8888243bb8d5d01148
2012-05-17 17:15:01 -07:00
Jean-Baptiste Queru
d155ba57a3 am c7882ab2: Merge "bionic: add clean kernel header ucontext.h"
* commit 'c7882ab2a99a74c8f772ab03fdfd9a3b53515e46':
  bionic: add clean kernel header ucontext.h
2012-05-17 13:28:10 -07:00
Jean-Baptiste Queru
c7882ab2a9 Merge "bionic: add clean kernel header ucontext.h" 2012-05-17 12:25:02 -07:00
Elliott Hughes
dc6c2b779b am 70cf0bc0: Merge "Remove the last references to SuperH."
* commit '70cf0bc0496a1d4c0e83fe3f1933f667ab66c148':
  Remove the last references to SuperH.
2012-05-16 17:18:23 -07:00