sprintf FORTIFY_SOURCE protections are not available
on clang.
Also add various __attribute__s to stdio functions.
Change-Id: I936d1f9e55fe53a68885c4524b7b59e68fed218d
Pull in an updated version of filter.h / prctl.h / seccomp.h
from the linux kernel. Pulled from upstream kernel at
94fa83c424321189ca24fb6cb4c0d224cdedc72d
This file was generated using the following command:
cd bionic/libc/kernel/
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/seccomp.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/filter.h
./tools/clean_header.py -u ../../../external/kernel-headers/original/linux/prctl.h
Change-Id: I1ca996541d05b0d5927ab828a6ce49c09877ea01
Add _FORTIFY_SOURCE support for snprintf, vsnprintf
At this time, we opt out of these protections for clang, as clang
does not implement __builtin_va_arg_pack().
http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc
Change-Id: I73ebe5ec8dad1dca8898a76d6afb693a25f75375
Fix runtime error when snprintf() FORTIFY_SOURCE protections are
applied. The size passed to snprintf() is larger than the tmp
buffer size, which results in a runtime assertion failure.
Even though the size passed to snprintf is larger than the buffer,
there's no danger of overwriting the buffer because of the format
string passed to snprintf.
Change-Id: I35f0217d25f3b9c6d04c5a76c3238759c235545a
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.
Reported to AOSP by Jun-ya Kato.
(cherry-pick of 5056f1fad1187cd67729bb04ba72397d78256f03.)
Change-Id: Ic67f674d2221497c8166994812bb5fc7f0831066
This was misleading 'configure' into thinking we actually support AF_LINK,
but we're Linux, so we don't, and we never implemented the functions we
declared here either.
Reported to AOSP by Jun-ya Kato.
Change-Id: I111f9887f3812469b411b9cf5124d9dd624f19f7
Ensure that strcat / strncat check for integer overflows
when computing the length of the resulting string.
Change-Id: Ib806ad33a0d3b50876f384bc17787a28f0dddc37
I've basically just copied the relevant bits out of liblog and
EventLog.cpp. While this will let us do the uid logging we want
to address the concerns in 245c07027f78565858dd489eb0d94c3d48743e9d
it doesn't give us much else.
Change-Id: Icac6ff20bc0a3ade5927f6f76fedffe1ae6f8522
Add _FORTIFY_SOURCE support for the following functions:
* memset
* bzero
Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it
can be used from multiple header files.
Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7
Add initial support for -D_FORTIFY_SOURCE to bionic for the
following functions:
* memcpy
* memmove
* strcpy
* strcat
* strncpy
* strncat
This change adds a new version of the above functions which passes
the size of the destination buffer to __builtin___*_chk.
If the compiler can determine, at compile time, that the destination
buffer is large enough, or the destination buffer can point to an object
of unknown size, then the check call is bypassed.
If the compiler can't make a compile time decision, then it calls
the __*_chk() function, which does a runtime buffer size check
These options are only enabled if the code is compiled with
-D_FORTIFY_SOURCE=1 or 2, and only when optimizations are enabled.
Please see
* http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
* http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
for additional details on FORTIFY_SOURCE.
Testing: Compiled the entire Android tree with -D_FORTIFY_SOURCE=1,
and verified that everything appears to be working properly.
Also created a test buffer overflow, and verified that it was
caught by this change.
Change-Id: I4fddb445bafe92b16845b22458d72e6dedd24fbc
Before changing mmap() permission to PROT_NONE in alloc_mem_region(),
such libraries once worked with a bug that uses mmap'ed region outside of
memory region allocated by alloc_mem_region(). This possibly incurs
SIGSEGV because it can overwrite memory region of previously loaded
library, but it sometimes worked, depending on loading order.
After PROT_NONE, this caused SIGSEGV earlier during calculation of
si->phdr in load_library(), but this was fixed by:
75917c84d1 Use mmap to read an ...
Now the behaviour is the same as before applying PROT_NONE in
alloc_mem_region().
This CL fixed the original issue, supporting shared libraries that have
non-zero p_vaddr in first (= with lowest p_vaddr) PT_LOAD segment.
Bug: 6561258
Change-Id: Ib6176dd3e44c4d99a340eb1cbd16fb037586b0bc
