Prefix private functions with underscores, to prevent name
conflicts.
Use __error__ instead of error, since occasionally programs will
create their own "#define error ...".
Change-Id: I7bb171df58aec5627e61896032a140db547fd95d
Add strlcpy / strlcat support to FORTIFY_SOURCE. This allows
us to do consistency checks on to ensure we don't overflow buffers
when the compiler is able to tell us the size of the buffer we're
dealing with.
Unlike previous changes, this change DOES NOT use the compiler's
builtin support. Instead, we do everything the compiler would
normally do.
Change-Id: I47c099a911382452eafd711f8e9bfe7c2d0a0d22
Add _FORTIFY_SOURCE support for the following functions:
* memset
* bzero
Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it
can be used from multiple header files.
Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7
Add initial support for -D_FORTIFY_SOURCE to bionic for the
following functions:
* memcpy
* memmove
* strcpy
* strcat
* strncpy
* strncat
This change adds a new version of the above functions which passes
the size of the destination buffer to __builtin___*_chk.
If the compiler can determine, at compile time, that the destination
buffer is large enough, or the destination buffer can point to an object
of unknown size, then the check call is bypassed.
If the compiler can't make a compile time decision, then it calls
the __*_chk() function, which does a runtime buffer size check
These options are only enabled if the code is compiled with
-D_FORTIFY_SOURCE=1 or 2, and only when optimizations are enabled.
Please see
* http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
* http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
for additional details on FORTIFY_SOURCE.
Testing: Compiled the entire Android tree with -D_FORTIFY_SOURCE=1,
and verified that everything appears to be working properly.
Also created a test buffer overflow, and verified that it was
caught by this change.
Change-Id: I4fddb445bafe92b16845b22458d72e6dedd24fbc
cdefs.h: Introduce the __purefunc attribute, which allows us to mark
certain functions as being "pure".
http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
Many functions have no effects except the return value and their
return value depends only on the parameters and/or global variables.
Such a function can be subject to common subexpression elimination
and loop optimization just as an arithmetic operator would be.
string.h: Mark many commently used string functions as "pure", to
allow for additional compiler optimizations.
Change-Id: I42961f90f822b6dbcbc3fd72cdbe774a7adc8785
