This is a better solution than the old __warn_references because it's
a compile-time rather than link-time warning, it doesn't rely on something
that doesn't appear to be supported by gold (which is why you only used
to see these warnings on mips builds), and the errors refer to the exact
call site(s) rather than just telling you which object file contains a
reference to the bad function.
This is primarily so we can build bionic for aarch64; building libc.so
caused these warnings to fire (because link time is the wrong time) and
warnings are errors.
Change-Id: I5df9281b2a9d98b164a9b11807ea9472c6faa9e3
Modern architectures only get the *at(2) system calls. For example,
aarch64 doesn't have open(2), and expects userspace to use openat(2)
instead.
Change-Id: I87b4ed79790cb8a80844f5544ac1a13fda26c7b5
Previously, FORTIFY_SOURCE used single macros to define these standard
functions for use with clang. This can cause conflicts with other macros used
to call these functions, particularly when those macros expand the number of
arguments to the function. This change wraps our macro definitions, so that
expansion properly takes place for programmer arguments first.
Change-Id: I55929b1fd2a643b9d14a17631c4bcab3b0b712cf
Enable FORTIFY_SOURCE protections under clang for the following
functions:
* vsprintf
* vsnprintf
and add unittests.
Change-Id: I90f8a27f7b202c78b5dd8ebf53050bf9e33496f7
In 829c089f83, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
Define __errordecl and replace __attribute__((__error__("foo")))
with __errordecl. Make sure __errordecl is a no-op on clang, as it
generates a compile time warning.
Change-Id: Ifa1a2d3afd6881de9d479fc2adac6737871a2949
Also add a more intention-revealing guard so we don't have loads of
places checking whether our inlining macro is defined.
Change-Id: I168860cedcfc798b07a5145bc48a125700265e47
The near duplicates upset fussier compilers that insist that
typedefs be exactly the same, but the fix isn't to make all
copies identical...
Change-Id: Icfdace41726f36ec33c9ae919dbb5a54d3529cc9
There's a (bad) definition of NULL in <linux/stddef.h>, and this
definition of NULL, and the One True definition in the <stddef.h> provided
by the compiler. This change at least kills one of the bad duplicates.
Killing the <linux/stddef.h> one is harder, because it's in a generated
file.
Change-Id: Iea4ccb12d6758199f312ea9cd753b84322d5c471
Some userspace programs (e.g. perf) need getline.
Changes:
() add getdelim.c, getline.c from NetBSD (http://netbsd.org/) under the
NetBSD Foundation's (TNF) license ("2 clause" Berkeley-style license).
() add stub for reentrant.h header that is needed by getdelim.c
() add tests for getdelim(3) and getline(3).
() update NOTICE file.
Change-Id: I22ed82dd5904b9d7a3695535c04f502be3c27c5d
Signed-off-by: Irina Tirdea <irina.tirdea@intel.com>
Clang and _FORTIFY_SOURCE are just plain incompatible with
each other. First of all, clang doesn't understand the
__attribute__((gnu_inline)) header. Second of all,
Clang doesn't have support for __builtin_va_arg_pack()
and __builtin_va_arg_pack_len() (see
http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc)
Until we can resolve these issues, don't even try using
_FORTIFY_SOURCE under clang.
Change-Id: I81c2b8073bb3276fa9a4a6b93c427b641038356a
sprintf FORTIFY_SOURCE protections are not available
on clang.
Also add various __attribute__s to stdio functions.
Change-Id: I936d1f9e55fe53a68885c4524b7b59e68fed218d
Add _FORTIFY_SOURCE support for snprintf, vsnprintf
At this time, we opt out of these protections for clang, as clang
does not implement __builtin_va_arg_pack().
http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc
Change-Id: I73ebe5ec8dad1dca8898a76d6afb693a25f75375
Fix the handle locking in stdio to use flockfile/funlockfile
internally when and where required. Macros in <stdio.h> are updated
to automatically call the underlying functions when the process is
threaded to obtain the necessary locking. A private mutex is added
to protect __sglue, the internal list of FILE handles, and another
to protect the one-time initialization. Some routines in libc that
use getc() change to use getc_unlocked() as they're either protected
by their own lock or aren't thread-safe routines anyway.
Based on OpenBSD change by guenther@openbsd.orghttp://www.mail-archive.com/source-changes@cvs.openbsd.org/msg01015.html
Bug: 3446659
Change-Id: Ie82116e358c541718d6709ec45ca6796be5a007b
This matches recent changes in the NDK header.
We enclose missing functions in #if 0 .. #endif blocks
with a clear "MISSING" in comments in order to locate
them later.
Change-Id: I87b3a62e777897e75c9243360fb0a82bcc53d9fb
Also add missing declarations to misc. functions.
Fix clearerr() implementation (previous was broken).
Handle feature test macros like _POSIX_C_SOURCE properly.
Change-Id: Icdc973a6b9d550a166fc2545f727ea837fe800c4