0a2301598c
Add initial support for -D_FORTIFY_SOURCE to bionic for the following functions: * memcpy * memmove * strcpy * strcat * strncpy * strncat This change adds a new version of the above functions which passes the size of the destination buffer to __builtin___*_chk. If the compiler can determine, at compile time, that the destination buffer is large enough, or the destination buffer can point to an object of unknown size, then the check call is bypassed. If the compiler can't make a compile time decision, then it calls the __*_chk() function, which does a runtime buffer size check These options are only enabled if the code is compiled with -D_FORTIFY_SOURCE=1 or 2, and only when optimizations are enabled. Please see * http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html * http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html for additional details on FORTIFY_SOURCE. Testing: Compiled the entire Android tree with -D_FORTIFY_SOURCE=1, and verified that everything appears to be working properly. Also created a test buffer overflow, and verified that it was caught by this change. Change-Id: I4fddb445bafe92b16845b22458d72e6dedd24fbc
55 lines
2.0 KiB
C
55 lines
2.0 KiB
C
/*
|
|
* Copyright (C) 2012 The Android Open Source Project
|
|
* All rights reserved.
|
|
*
|
|
* Redistribution and use in source and binary forms, with or without
|
|
* modification, are permitted provided that the following conditions
|
|
* are met:
|
|
* * Redistributions of source code must retain the above copyright
|
|
* notice, this list of conditions and the following disclaimer.
|
|
* * Redistributions in binary form must reproduce the above copyright
|
|
* notice, this list of conditions and the following disclaimer in
|
|
* the documentation and/or other materials provided with the
|
|
* distribution.
|
|
*
|
|
* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
|
|
* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
|
|
* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
|
|
* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
|
|
* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
|
|
* OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
|
|
* AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
|
|
* OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
|
|
* OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
|
* SUCH DAMAGE.
|
|
*/
|
|
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <private/logd.h>
|
|
|
|
/*
|
|
* Runtime implementation of __builtin____memcpy_chk.
|
|
*
|
|
* See
|
|
* http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
|
|
* http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
|
|
* for details.
|
|
*
|
|
* This memcpy check is called if _FORTIFY_SOURCE is defined and
|
|
* greater than 0.
|
|
*/
|
|
void *__memcpy_chk (void *dest, const void *src,
|
|
size_t len, size_t dest_len)
|
|
{
|
|
if (len > dest_len) {
|
|
__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
|
|
"*** memcpy buffer overflow detected ***\n");
|
|
abort();
|
|
}
|
|
|
|
return memcpy(dest, src, len);
|
|
}
|