__strcpy_chk.S revision 05332f2ce7e542d32ff4d5cd9f60248ad71fbf0d 
1/*
2 * Copyright (C) 2013 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *  * Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 *  * Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in
12 *    the documentation and/or other materials provided with the
13 *    distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#include <machine/asm.h>
30#include "libc_events.h"
31
32    .syntax unified
33
34    .thumb
35    .thumb_func
36
37// Get the length of the source string first, then do a memcpy of the data
38// instead of a strcpy.
39ENTRY(__strcpy_chk)
40    .cfi_startproc
41    pld     [r0, #0]
42    push    {r0, lr}
43    .save   {r0, lr}
44    .cfi_def_cfa_offset 8
45    .cfi_rel_offset r0, 0
46    .cfi_rel_offset lr, 4
47
48    mov     lr, r2
49    mov     r0, r1
50
51    ands    r3, r1, #7
52    beq     .L_mainloop
53
54    // Align to a double word (64 bits).
55    rsb     r3, r3, #8
56    lsls    ip, r3, #31
57    beq     .L_align_to_32
58
59    ldrb    r2, [r0], #1
60    cbz     r2, .L_update_count_and_finish
61
62.L_align_to_32:
63    bcc     .L_align_to_64
64    ands    ip, r3, #2
65    beq     .L_align_to_64
66
67    ldrb    r2, [r0], #1
68    cbz     r2, .L_update_count_and_finish
69    ldrb    r2, [r0], #1
70    cbz     r2, .L_update_count_and_finish
71
72.L_align_to_64:
73    tst     r3, #4
74    beq     .L_mainloop
75    ldr     r3, [r0], #4
76
77    sub     ip, r3, #0x01010101
78    bic     ip, ip, r3
79    ands    ip, ip, #0x80808080
80    bne     .L_zero_in_second_register
81
82    .p2align 2
83.L_mainloop:
84    ldrd    r2, r3, [r0], #8
85
86    pld     [r0, #64]
87
88    sub     ip, r2, #0x01010101
89    bic     ip, ip, r2
90    ands    ip, ip, #0x80808080
91    bne     .L_zero_in_first_register
92
93    sub     ip, r3, #0x01010101
94    bic     ip, ip, r3
95    ands    ip, ip, #0x80808080
96    bne     .L_zero_in_second_register
97    b       .L_mainloop
98
99.L_update_count_and_finish:
100    sub     r3, r0, r1
101    sub     r3, r3, #1
102    b       .L_check_size
103
104.L_zero_in_first_register:
105    sub     r3, r0, r1
106    lsls    r2, ip, #17
107    bne     .L_sub8_and_finish
108    bcs     .L_sub7_and_finish
109    lsls    ip, ip, #1
110    bne     .L_sub6_and_finish
111
112    sub     r3, r3, #5
113    b       .L_check_size
114
115.L_sub8_and_finish:
116    sub     r3, r3, #8
117    b       .L_check_size
118
119.L_sub7_and_finish:
120    sub     r3, r3, #7
121    b       .L_check_size
122
123.L_sub6_and_finish:
124    sub     r3, r3, #6
125    b       .L_check_size
126
127.L_zero_in_second_register:
128    sub     r3, r0, r1
129    lsls    r2, ip, #17
130    bne     .L_sub4_and_finish
131    bcs     .L_sub3_and_finish
132    lsls    ip, ip, #1
133    bne     .L_sub2_and_finish
134
135    sub     r3, r3, #1
136    b       .L_check_size
137
138.L_sub4_and_finish:
139    sub     r3, r3, #4
140    b       .L_check_size
141
142.L_sub3_and_finish:
143    sub     r3, r3, #3
144    b       .L_check_size
145
146.L_sub2_and_finish:
147    sub     r3, r3, #2
148
149.L_check_size:
150    pld     [r1, #0]
151    pld     [r1, #64]
152    ldr     r0, [sp]
153    cmp     r3, lr
154    bge     __strcpy_chk_failed
155
156    // Add 1 for copy length to get the string terminator.
157    add     r2, r3, #1
158
159    .cfi_endproc
160END(__strcpy_chk)
161
162#define MEMCPY_BASE         __strcpy_chk_memcpy_base
163#define MEMCPY_BASE_ALIGNED __strcpy_chk_memcpy_base_aligned
164#include "memcpy_base.S"
165
166ENTRY(__strcpy_chk_failed)
167    .cfi_startproc
168    .save   {r0, lr}
169    .cfi_def_cfa_offset 8
170    .cfi_rel_offset r0, 0
171    .cfi_rel_offset lr, 4
172
173    ldr     r0, error_message
174    ldr     r1, error_code
1751:
176    add     r0, pc
177    bl      __fortify_chk_fail
178error_code:
179    .word   BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW
180error_message:
181    .word   error_string-(1b+4)
182
183    .cfi_endproc
184END(__strcpy_chk_failed)
185
186    .data
187error_string:
188    .string "strcpy buffer overflow"
189