This is basically half of I5de76f6c46ac87779f207d568a86bb453e2414de from
Pavel Chupin <pavel.v.chupin@intel.com>, but with the stock upstream
setjump/sigsetjmp and H.J. Lu's suggested changes to __rt_sigreturn.
Change-Id: I8167ec228faeb2065391e5bec0413cca662f3d33
FORTIFY_SOURCE prevents buffer overflows from occurring.
However, the error message often implies that we only
detect it, not prevent it.
Bring more clarity to the error messages by emphasizing
prevention over detection.
Change-Id: I5f3e1478673bdfc589e6cc4199fce8e52e197a24
Got it all wrong on first patch. Somehow that didn't affect system
build, neither arm nor x86... something to think about.
Change-Id: I45416d843aad44af62841c6f6ab607ccf3f012ea
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
The NDK ABI requires that you support SSE2, and the build system won't let you
build with ARCH_X86_HAVE_SSE2 set to false. So let's stop pretending this
constant is actually a variable, and let's remove the corresponding dead code.
Also, the USE_SSE2 and USE_SSE3 macros are unused, so let's not bother
setting them.
Change-Id: I40b501d998530d22518ce1c4d14575513a8125bb
Make sure the buffer we're dealing with has enough room.
Might as well check for memory issues while we're here,
even though I don't imagine they'll happen in practice.
Change-Id: I0ae1f0f06aca9ceb91e58c70183bb14e275b92b5
memcpy.a15.S/strcmp.a15.S files were submitted by ARM for use as the basis
for the memcpy/strcmp implementations in cortex-a15.
memset.S was moved in to the generic directory.
NOTE: memcpy.a9.S was submitted by Linaro to be the basis for the memcpy
for cortex-a9/cortex-a15 but has not been incorporated yet.
Bug: 10971279
Merge from internal master.
(cherry-picked from 48fc3e8b9f)
Change-Id: I8f9297578990d517f004e4e8840e2b2cbd5a47d8
The check for __ARM_FEATURE_DSP being defined is pointless since it
is always defined.
Bug: 10971279
Merge from internal master.
(cherry-picked from d2642fa70c)
Change-Id: If23ab3271f4da0c38cd531ffdc9a7e5eed6ec5dc
malloc and family were not declared with __attribute__((alloc_size)).
This was (sometimes) preventing FORTIFY_SOURCE related functions
from knowing the size of the buffer it's dealing with, inhibiting
FORTIFY_SOURCE protections.
Add __attribute__((alloc_size))
Information about the alloc_size attribute can be found
at http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html
Change-Id: Ia2f0a445f0170a7325f69259b5e7fb35a9f14921
Clang and gcc default to different standards, so we should be explicit
about the versions we want to compile for.
Change-Id: I65495a2392dd29f36373b94c616c2506173e6033
I've no idea what _BITSIZE was supposed to be, glibc doesn't have it,
the BSDs don't have it, and no code is currently using it. But having
it set unconditionally to 32 sounds like a bad idea.
Change-Id: I900235c1489afba891fff0bc3b43e9d593249a4f
Clang (prior to 3.4) does not actually provide a declaration (or definition)
of _Unwind_GetIP() for ARM. We can work around this by writing our own
basic implementation using the available primitive operations.
Change-Id: If6c66846952d8545849ad32d2b55daa4599cfe2c
Use basic .c versions of all functions for x86_64 until they are
manually optimized and .s versions released.
Change-Id: I59bba08931e894822db485c8803c2665c226234a
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
This was causing conflicting declarations for the library definitions of
common functions like sprintf(), snprintf(), and strchr().
Change-Id: I5daaa8a58183aa0d4d0fae8a7cb799671810f576
This is used to set/get TLS on x86_64. There's no public declaration
of this because it's not meant to be used outside the C library, like
glibc (though we don't currently have any visibility controls to ensure
this).
Change-Id: I5fc0a5e3ffc3f4cd597d92ee685ab19568ea18f7
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
This touches the x86 stubs too because arm, x86, and x86_64 now
all share the same header (at a source level), which causes a
reordering of the #include lines.
Change-Id: If9a1e2b2718bd41d8399fea748bce672c513ef84
* Tune syscall stubs generator for 4th target: x86_64
* Update SYSCALLS.TXT with x86_64 syscalls:
- Most of the x86 syscalls are equally supported
- *32 syscalls are not supported on 64-bit
- *64 syscalls are replaced accordingly without 64 suffix
- Some syscalls are not supported, replaced with x86_64 analog
Syscalls are regenerated as separate patch for review convenience.
Change-Id: I4ea2e0f13759b0aa61f05208ca68da8d6bc7c048
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Copyright headers shouldn't contain the filename (and especially
shouldn't contain a different file's filename).
Change-Id: I82690a3bf371265402bc16f5d2fbb9299c3a1926
Manual changes:
cpp.py: cope with macros that refer to other macros.
defaults.py: x86 no longer always implies __i386__; use __i386__ to replace
the kernel CONFIG_X86_32 flag.
asm/page.h: the upstream page.h isn't a uapi header and no longer includes
the stuff we were using it for. Let's just have our own static file, since
it's the same for all our architectures (both 32- and 64-bit).
sys/select.h: we used to use the various FD_SET-related macros from the
kernel header files, but they've gone. Adjust by adding trivial equivalent
definitions.
Automated changes:
libc/kernel/arch-x86, libc/kernel/common: regenerated from
external/kernel-headers.
Change-Id: I84fc0ed52dc742e043b4ae300fd3b58ee99b7fcd
If "n" is smaller than the size of "src", then we'll
never read off the end of src. It makes no sense to call
__strncpy_chk2 in those circumstances.
For example, consider the following code:
int main() {
char src[10];
char dst[5];
memcpy(src, "0123456789", sizeof(src));
strncpy(dst, src, sizeof(dst));
dst[4] = '\0';
printf("%s\n", dst);
return 0;
}
In this code, it's clear that the strncpy will never read off
the end of src.
Change-Id: I9cf58857a0c5216b4576d21d3c1625e2913ccc03
localtime.c and strftime.c are still quite different from upstream because of
our extensions, but the other files continue to be identical, and the two
exceptions should be otherwise identical.
From the tzcode2013e release notes:
Changes affecting Godthab time stamps after 2037 if version mismatch
Allow POSIX-like TZ strings where the transition time's hour can
range from -167 through 167, instead of the POSIX-required 0
through 24. E.g., TZ='FJT-12FJST,M10.3.1/146,M1.3.4/75' for the
new Fiji rules. This is a more-compact way to represent
far-future time stamps for America/Godthab, America/Santiago,
Antarctica/Palmer, Asia/Gaza, Asia/Hebron, Asia/Jerusalem,
Pacific/Easter, and Pacific/Fiji. Other zones are unaffected by
this change. (Derived from a suggestion by Arthur David Olson.)
Allow POSIX-like TZ strings where daylight saving time is in
effect all year. E.g., TZ='WART4WARST,J1/0,J365/25' for Western
Argentina Summer Time all year. This supports a more-compact way
to represent the 2013d data for America/Argentina/San_Luis.
Because of the change for San Luis noted above this change does not
affect the current data. (Thanks to Andrew Main (Zefram) for
suggestions that improved this change.)
Where these two TZ changes take effect, there is a minor extension
to the tz file format in that it allows new values for the
embedded TZ-format string, and the tz file format version number
has therefore been increased from 2 to 3 as a precaution.
Version-2-based client code should continue to work as before for
all time stamps before 2038. Existing version-2-based client code
(tzcode, GNU/Linux, Solaris) has been tested on version-3-format
files, and typically works in practice even for time stamps after
2037; the only known exception is America/Godthab.
Changes affecting API
Support for floating-point time_t has been removed.
It was always dicey, and POSIX no longer requires it.
(Thanks to Eric Blake for suggesting to the POSIX committee to
remove it, and thanks to Alan Barrett, Clive D.W. Feather, Andy
Heninger, Arthur David Olson, and Alois Treindl, for reporting
bugs and elucidating some of the corners of the old floating-point
implementation.)
The signatures of 'offtime', 'timeoff', and 'gtime' have been
changed back to the old practice of using 'long' to represent UT
offsets. This had been inadvertently and mistakenly changed to
'int_fast32_t'. (Thanks to Christos Zoulos.)
The code avoids undefined behavior on integer overflow in some
more places, including gmtime, localtime, mktime and zdump.
Changes affecting code internals
Minor changes pacify GCC 4.7.3 and GCC 4.8.1.
Changes affecting documentation and commentary
Documentation and commentary is more careful to distinguish UT in
general from UTC in particular. (Thanks to Steve Allen.)
From the tzcode2013f release notes:
Changes affecting API
The types of the global variables 'timezone' and 'altzone' (if present)
have been changed back to 'long'. This is required for 'timezone'
by POSIX, and for 'altzone' by common practice, e.g., Solaris 11.
These variables were originally 'long' in the tz code, but were
mistakenly changed to 'time_t' in 1987; nobody reported the
incompatibility until now. The difference matters on x32, where
'long' is 32 bits and 'time_t' is 64. (Thanks to Elliott Hughes.)
Change-Id: I14937c42a391ddb865e4d89f0783961bcc6baa21
From the release notes:
Changes affecting near-future time stamps
Tocantins will very likely not observe DST starting this spring.
(Thanks to Steffen Thorsen.)
Jordan will likely stay at UTC+3 indefinitely, and will not fall
back this fall.
Palestine will fall back at 00:00, not 01:00. (Thanks to Steffen Thorsen.)
Change-Id: Iccee57578eef2ab51c519a23f151bc1963262ffe
From the release notes:
Changes affecting near-future time stamps
This year Fiji will start DST on October 27, not October 20.
(Thanks to David Wheeler for the heads-up.) For now, guess that
Fiji will continue to spring forward the Sunday before the fourth
Monday in October.
Changes affecting time stamps before 1970
Pacific/Johnston is now a link to Pacific/Honolulu. This corrects
some errors before 1947.
Some zones have been turned into links, when they differ from
existing zones only in older data that was likely invented or that
differs only in LMT or transition from LMT. These changes affect
only time stamps before 1943. The affected zones are:
Africa/Juba, America/Anguilla, America/Aruba, America/Dominica,
America/Grenada, America/Guadeloupe, America/Marigot,
America/Montserrat, America/St_Barthelemy, America/St_Kitts,
America/St_Lucia, America/St_Thomas, America/St_Vincent,
America/Tortola, and Europe/Vaduz. (Thanks to Alois Treindl for
confirming that the old Europe/Vaduz zone was wrong and the new
link is better for WWII-era times.)
Change Kingston Mean Time from -5:07:12 to -5:07:11. This affects
America/Cayman, America/Jamaica and America/Grand_Turk time stamps
from 1890 to 1912.
Change the UT offset of Bern Mean Time from 0:29:44 to 0:29:46.
This affects Europe/Zurich time stamps from 1853 to 1894. (Thanks
to Alois Treindl).
Change the date of the circa-1850 Zurich transition from 1849-09-12
to 1853-07-16, overriding Shanks with data from Messerli about
postal and telegraph time in Switzerland.
Data changes affecting behavior of tzselect and similar programs
Country code BQ is now called the more-common name "Caribbean Netherlands"
rather than the more-official "Bonaire, St Eustatius & Saba".
Remove from zone.tab the names America/Montreal, America/Shiprock,
and Antarctica/South_Pole, as they are equivalent to existing
same-country-code zones for post-1970 time stamps. The data for
these names are unchanged, so the names continue to work as before.
Change-Id: If78a517687532afcc0b22c7df664b5955f6e1564
Much of the per-architecture duplication can be removed, so let's do so
before we add the 64-bit architectures.
Change-Id: Ieb796503c8e5353ea38c3bab768bb9a690c9a767
Fortify calls to recv() and recvfrom().
We use __bos0 to match glibc's behavior, and because I haven't
tested using __bos.
Change-Id: Iad6ae96551a89af17a9c347b80cdefcf2020c505
Found by adapting the simple unit tests for libc logging to test
snprintf too. Fix taken from upstream OpenBSD without updating
the rest of stdio.
Change-Id: Ie339a8e9393a36080147aae4d6665118e5d93647
I accidentally did a signed comparison of the size_t values passed in
for three of the _chk functions. Changing them to unsigned compares.
Add three new tests to verify this failure is fixed.
Bug: 10691831
Merge from internal master.
(cherry-picked from 883ef2499c)
Change-Id: Id9a96b549435f5d9b61dc132cf1082e0e30889f5
The backtrace when a fortify check failed was not correct. This change
adds all of the necessary directives to get a correct backtrace.
Fix the strcmp directives and change all labels to local labels.
Testing:
- Verify that the runtime can decode the stack for __memcpy_chk, __memset_chk,
__strcpy_chk, __strcat_chk fortify failures.
- Verify that gdb can decode the stack properly when hitting a fortify check.
- Verify that the runtime can decode the stack for a seg fault for all of the
_chk functions and for memcpy/memset.
- Verify that gdb can decode the stack for a seg fault for all of the _chk
functions and for memcpy/memset.
- Verify that the runtime can decode the stack for a seg fault for strcmp.
- Verify that gdb can decode the stack for a seg fault in strcmp.
Bug: 10342460
Bug: 10345269
Merge from internal master.
(cherry-picked from 05332f2ce7)
Change-Id: Ibc919b117cfe72b9ae97e35bd48185477177c5ca
The libcorkscrew stack unwinder does not understand cfi directives,
so add .save directives so that it can function properly.
Also add the directives in to strcmp.S and fix a missing set of
directives in cortex-a9/memcpy_base.S.
Bug: 10345269
Merge from internal master.
(cherry-picked from 5f7ccea3ff)
Change-Id: If48a216203216a643807f5d61906015984987189
This adds mmap64() to bionic so that it is possible to have
large offset passed to kernel. However, the syscall mechanism
only passes 32-bit number to kernel. So effectively, the
largest offset that can be passed is about 43 bits (since
offset is signed, and the number passed to kernel is number
of pages (page size == 4K => 12 bits)).
Change-Id: Ib54f4e9b54acb6ef8b0324f3b89c9bc810b07281
Signed-off-by: Andrew Boie <andrew.p.boie@intel.com>
__page_shift and __page_size were accidentally declared in unistd.h with
C linkage - their implementation needs to use the same linkage.
Going forward, though, let's stop the inlining madness and let's kill
the non-standard __getpageshift(). This patch takes getpagesize(3) out
of line and removes __getpageshift but fixes __page_shift and __page_size
for backwards binary compatibility.
Change-Id: I35ed66a08989ced1db422eb03e4d154a5d6b5bda
Signed-off-by: Bernhard Rosenkraenzer <Bernhard.Rosenkranzer@linaro.org>
This file was generated using bionic/libc/kernel/tools/update_all.py
The only change is a new netlink.h file, from external/kernel-headers.
Please see the commit message there for details.
Change-Id: I83645b88f0baff838131197913ebd70be69abd3f
KernelArgumentBlock is defined as a class in KernelArgumentBlock.h, but
forward declarations refer to it as a struct.
While this is essentially the same, the mismatch causes a compiler
warning in clang (and may cause warnings in future versions of gcc) in
code that is supposed to be compiled with -Werror.
Change-Id: I4ba49d364c44d0a42c276aff3a8098300dbdcdf0
Signed-off-by: Bernhard Rosenkraenzer <Bernhard.Rosenkranzer@linaro.org>
I accidentally did a signed comparison of the size_t values passed in
for three of the _chk functions. Changing them to unsigned compares.
Add three new tests to verify this failure is fixed.
Bug: 10691831
Change-Id: Ia831071f7dffd5972a748d888dd506c7cc7ddba3
Fix source location. Move declaration of __strchr_chk out of
ifdef __BIONIC_FORTIFY which should be available for strchr.cpp
compilation when __BIONIC_FORTIFY is not defined.
Change-Id: I552a6e16656e59b276b322886cfbf57bbfb2e6a7
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
Null or constant dereferencing occurs if properties are not initialized.
On Android devices it shouldn't happen but can be faced if testing bionic
libc.so on Linux host.
Change-Id: I8f047cbe17d0e7bcde40ace000a8aa53789c16cb
Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
The backtrace when a fortify check failed was not correct. This change
adds all of the necessary directives to get a correct backtrace.
Fix the strcmp directives and change all labels to local labels.
Testing:
- Verify that the runtime can decode the stack for __memcpy_chk, __memset_chk,
__strcpy_chk, __strcat_chk fortify failures.
- Verify that gdb can decode the stack properly when hitting a fortify check.
- Verify that the runtime can decode the stack for a seg fault for all of the
_chk functions and for memcpy/memset.
- Verify that gdb can decode the stack for a seg fault for all of the _chk
functions and for memcpy/memset.
- Verify that the runtime can decode the stack for a seg fault for strcmp.
- Verify that gdb can decode the stack for a seg fault in strcmp.
Bug: 10342460
Bug: 10345269
Change-Id: I1dedadfee207dce4a285e17a21e8952bbc63786a
Introduce __bos0 as a #define for __builtin_object_size((s), 0).
This macro is intended to be used for places where the standard
__bos macro isn't appropriate.
memcpy, memmove, and memset deliberately use __bos0. This is done
for two reasons:
1) I haven't yet tested to see if __bos is safe to use.
2) glibc uses __bos0 for these methods.
Change-Id: Ifbe02efdb10a72fe3529dbcc47ff647bde6feeca