diff options
| author | George Burgess IV <gbiv@google.com> | 2019-06-06 14:14:52 -0700 |
|---|---|---|
| committer | George Burgess IV <gbiv@google.com> | 2019-06-13 23:26:02 -0700 |
| commit | 77f99aaf58b944b23f2cfb38fce08a98feabe93f (patch) | |
| tree | ddcadad346c394fa7d1d7b15d488e988e5feaaf0 /libc | |
| parent | 1eb5976d7505f299754040e19792a0de94abccbc (diff) | |
fortify: add diagnostics for str* functions
This CL allows us to diagnose string functions that get an explicit size
passed into them, and string functions that are trivially misused.
Bug: 131861088
Test: mma
Change-Id: I894aec99420a75c6474cfd7d5010f0cf2f10ab21
Diffstat (limited to 'libc')
| -rw-r--r-- | libc/include/bits/fortify/string.h | 28 |
1 files changed, 22 insertions, 6 deletions
diff --git a/libc/include/bits/fortify/string.h b/libc/include/bits/fortify/string.h index 1e129868c..0e205d30a 100644 --- a/libc/include/bits/fortify/string.h +++ b/libc/include/bits/fortify/string.h @@ -94,12 +94,18 @@ char* strcpy(char* const dst __pass_object_size, const char* src) } __BIONIC_FORTIFY_INLINE -char* strcat(char* const dst __pass_object_size, const char* src) __overloadable { +char* strcat(char* const dst __pass_object_size, const char* src) + __overloadable + __clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)), + "'strcat' called with string bigger than buffer") { return __builtin___strcat_chk(dst, src, __bos(dst)); } __BIONIC_FORTIFY_INLINE -char* strncat(char* const dst __pass_object_size, const char* src, size_t n) __overloadable { +char* strncat(char* const dst __pass_object_size, const char* src, size_t n) + __overloadable + __clang_error_if(__bos_unevaluated_lt(__bos(dst), n), + "'strncat' called with size bigger than buffer") { return __builtin___strncat_chk(dst, src, n, __bos(dst)); } @@ -145,7 +151,9 @@ void* __memrchr_fortify(const void* const __pass_object_size s, int c, size_t n) #if __ANDROID_API__ >= __ANDROID_API_L__ __BIONIC_FORTIFY_INLINE char* stpncpy(char* const dst __pass_object_size, const char* const src __pass_object_size, size_t n) - __overloadable { + __overloadable + __clang_error_if(__bos_unevaluated_lt(__bos(dst), n), + "'stpncpy' called with size bigger than buffer") { size_t bos_dst = __bos(dst); size_t bos_src = __bos(src); @@ -159,7 +167,9 @@ char* stpncpy(char* const dst __pass_object_size, const char* const src __pass_o __BIONIC_FORTIFY_INLINE char* strncpy(char* const dst __pass_object_size, const char* const src __pass_object_size, size_t n) - __overloadable { + __overloadable + __clang_error_if(__bos_unevaluated_lt(__bos(dst), n), + "'strncpy' called with size bigger than buffer") { size_t bos_dst = __bos(dst); size_t bos_src = __bos(src); @@ -174,7 +184,10 @@ char* strncpy(char* const dst __pass_object_size, const char* const src __pass_o #if __ANDROID_API__ >= __ANDROID_API_J_MR1__ __BIONIC_FORTIFY_INLINE -size_t strlcpy(char* const dst __pass_object_size, const char* src, size_t size) __overloadable { +size_t strlcpy(char* const dst __pass_object_size, const char* src, size_t size) + __overloadable + __clang_error_if(__bos_unevaluated_lt(__bos(dst), size), + "'strlcpy' called with size bigger than buffer") { size_t bos = __bos(dst); if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { @@ -185,7 +198,10 @@ size_t strlcpy(char* const dst __pass_object_size, const char* src, size_t size) } __BIONIC_FORTIFY_INLINE -size_t strlcat(char* const dst __pass_object_size, const char* src, size_t size) __overloadable { +size_t strlcat(char* const dst __pass_object_size, const char* src, size_t size) + __overloadable + __clang_error_if(__bos_unevaluated_lt(__bos(dst), size), + "'strlcat' called with size bigger than buffer") { size_t bos = __bos(dst); if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { |