diff options
Diffstat (limited to 'libc')
| -rw-r--r-- | libc/include/bits/fortify/poll.h | 12 | ||||
| -rw-r--r-- | libc/include/bits/fortify/stdio.h | 11 | ||||
| -rw-r--r-- | libc/include/bits/fortify/string.h | 19 | ||||
| -rw-r--r-- | libc/include/sys/cdefs.h | 15 |
4 files changed, 32 insertions, 25 deletions
diff --git a/libc/include/bits/fortify/poll.h b/libc/include/bits/fortify/poll.h index 0d9b92793..660dfca01 100644 --- a/libc/include/bits/fortify/poll.h +++ b/libc/include/bits/fortify/poll.h @@ -37,6 +37,10 @@ int __ppoll64_chk(struct pollfd*, nfds_t, const struct timespec*, const sigset64 #if defined(__BIONIC_FORTIFY) #if __ANDROID_API__ >= __ANDROID_API_M__ +#define __bos_fd_count_trivially_safe(bos_val, fds, fd_count) \ + __bos_dynamic_check_impl_and((bos_val), >=, (sizeof(*fds) * (fd_count)), \ + (fd_count) <= __BIONIC_CAST(static_cast, nfds_t, -1) / sizeof(*fds)) + __BIONIC_FORTIFY_INLINE int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeout) __overloadable @@ -44,7 +48,7 @@ int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeo "in call to 'poll', fd_count is larger than the given buffer") { size_t bos_fds = __bos(fds); - if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) { return __call_bypassing_fortify(poll)(fds, fd_count, timeout); } return __poll_chk(fds, fd_count, timeout, bos_fds); @@ -57,7 +61,7 @@ int ppoll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const st "in call to 'ppoll', fd_count is larger than the given buffer") { size_t bos_fds = __bos(fds); - if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) { return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask); } return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds); @@ -71,12 +75,14 @@ int ppoll64(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const "in call to 'ppoll64', fd_count is larger than the given buffer") { size_t bos_fds = __bos(fds); - if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) { return __call_bypassing_fortify(ppoll64)(fds, fd_count, timeout, mask); } return __ppoll64_chk(fds, fd_count, timeout, mask, bos_fds); } #endif +#undef __bos_fd_count_trivially_safe + #endif /* __ANDROID_API__ >= __ANDROID_API_M__ */ #endif /* defined(__BIONIC_FORTIFY) */ diff --git a/libc/include/bits/fortify/stdio.h b/libc/include/bits/fortify/stdio.h index fc7d35978..6e47dafee 100644 --- a/libc/include/bits/fortify/stdio.h +++ b/libc/include/bits/fortify/stdio.h @@ -89,6 +89,10 @@ int sprintf(char* const __pass_object_size dest, const char* format, ...) __over #endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */ #if __ANDROID_API__ >= __ANDROID_API_N__ +#define __bos_trivially_not_lt_mul(bos_val, size, count) \ + __bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \ + !__unsafe_check_mul_overflow(size, count)) + __BIONIC_FORTIFY_INLINE size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FILE* stream) __overloadable @@ -98,7 +102,7 @@ size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FIL "in call to 'fread', size * count is too large for the given buffer") { size_t bos = __bos0(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_mul(bos, size, count)) { return __call_bypassing_fortify(fread)(buf, size, count, stream); } return __fread_chk(buf, size, count, stream, bos); @@ -113,12 +117,13 @@ size_t fwrite(const void* const __pass_object_size0 buf, size_t size, size_t cou "in call to 'fwrite', size * count is too large for the given buffer") { size_t bos = __bos0(buf); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_not_lt_mul(bos, size, count)) { return __call_bypassing_fortify(fwrite)(buf, size, count, stream); } return __fwrite_chk(buf, size, count, stream, bos); } +#undef __bos_trivially_not_lt_mul #endif /* __ANDROID_API__ >= __ANDROID_API_N__ */ #if __ANDROID_API__ >= __ANDROID_API_J_MR1__ @@ -130,7 +135,7 @@ char* fgets(char* const __pass_object_size dest, int size, FILE* stream) "in call to 'fgets', size is larger than the destination buffer") { size_t bos = __bos(dest); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) { return __call_bypassing_fortify(fgets)(dest, size, stream); } diff --git a/libc/include/bits/fortify/string.h b/libc/include/bits/fortify/string.h index 426076ea1..af93b9117 100644 --- a/libc/include/bits/fortify/string.h +++ b/libc/include/bits/fortify/string.h @@ -123,7 +123,7 @@ __BIONIC_FORTIFY_INLINE void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable { size_t bos = __bos(s); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_geq(bos, n)) { return __builtin_memchr(s, c, n); } @@ -134,7 +134,7 @@ __BIONIC_FORTIFY_INLINE void* __memrchr_fortify(const void* const __pass_object_size s, int c, size_t n) __overloadable { size_t bos = __bos(s); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_geq(bos, n)) { return __memrchr_real(s, c, n); } @@ -195,24 +195,11 @@ size_t strlcat(char* const dst __pass_object_size, const char* src, size_t size) return __strlcat_chk(dst, src, size, bos); } -/* - * If we can evaluate the size of s at compile-time, just call __builtin_strlen - * on it directly. This makes it way easier for compilers to fold things like - * strlen("Foo") into a constant, as users would expect. -1ULL is chosen simply - * because it's large. - */ -__BIONIC_FORTIFY_INLINE -size_t strlen(const char* const s __pass_object_size) - __overloadable __enable_if(__builtin_strlen(s) != -1ULL, - "enabled if s is a known good string.") { - return __builtin_strlen(s); -} - __BIONIC_FORTIFY_INLINE size_t strlen(const char* const s __pass_object_size0) __overloadable { size_t bos = __bos0(s); - if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) { + if (__bos_trivially_gt(bos, __builtin_strlen(s))) { return __builtin_strlen(s); } diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h index b4ae39394..42bf451a1 100644 --- a/libc/include/sys/cdefs.h +++ b/libc/include/sys/cdefs.h @@ -297,12 +297,21 @@ ((bos_val) != __BIONIC_FORTIFY_UNKNOWN_SIZE && (bos_val) <= (val)) /* Intended for use in evaluated contexts. */ +#define __bos_dynamic_check_impl_and(bos_val, op, index, cond) \ + (bos_val == __BIONIC_FORTIFY_UNKNOWN_SIZE || \ + (__builtin_constant_p(index) && bos_val op index && (cond))) + #define __bos_dynamic_check_impl(bos_val, op, index) \ - (bos_val == __BIONIC_FORTIFY_UNKNOWN_SIZE || (__builtin_constant_p(index) && bos_val op index)) + __bos_dynamic_check_impl_and(bos_val, op, index, 1) + +#define __bos_trivially_geq(bos_val, index) __bos_dynamic_check_impl((bos_val), >=, (index)) + +#define __bos_trivially_gt(bos_val, index) __bos_dynamic_check_impl((bos_val), >, (index)) /* The names here are meant to match nicely with the __bos_unevaluated macros above. */ -#define __bos_trivially_not_lt(bos_val, index) __bos_dynamic_check_impl((bos_val), >=, (index)) -#define __bos_trivially_not_leq(bos_val, index) __bos_dynamic_check_impl((bos_val), >, (index)) +#define __bos_trivially_not_lt __bos_trivially_geq +#define __bos_trivially_not_leq __bos_trivially_gt + #if defined(__BIONIC_FORTIFY) || defined(__BIONIC_DECLARE_FORTIFY_HELPERS) # define __BIONIC_INCLUDE_FORTIFY_HEADERS 1 |