__strcpy_chk.S revision 05332f2ce7e542d32ff4d5cd9f60248ad71fbf0d
1/* 2 * Copyright (C) 2013 The Android Open Source Project 3 * All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * * Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * * Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in 12 * the documentation and/or other materials provided with the 13 * distribution. 14 * 15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT 17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS 18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE 19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, 20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, 21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS 22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED 23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, 24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT 25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26 * SUCH DAMAGE. 27 */ 28 29#include <machine/asm.h> 30#include "libc_events.h" 31 32 .syntax unified 33 34 .thumb 35 .thumb_func 36 37// Get the length of the source string first, then do a memcpy of the data 38// instead of a strcpy. 39ENTRY(__strcpy_chk) 40 .cfi_startproc 41 pld [r0, #0] 42 push {r0, lr} 43 .save {r0, lr} 44 .cfi_def_cfa_offset 8 45 .cfi_rel_offset r0, 0 46 .cfi_rel_offset lr, 4 47 48 mov lr, r2 49 mov r0, r1 50 51 ands r3, r1, #7 52 beq .L_mainloop 53 54 // Align to a double word (64 bits). 55 rsb r3, r3, #8 56 lsls ip, r3, #31 57 beq .L_align_to_32 58 59 ldrb r2, [r0], #1 60 cbz r2, .L_update_count_and_finish 61 62.L_align_to_32: 63 bcc .L_align_to_64 64 ands ip, r3, #2 65 beq .L_align_to_64 66 67 ldrb r2, [r0], #1 68 cbz r2, .L_update_count_and_finish 69 ldrb r2, [r0], #1 70 cbz r2, .L_update_count_and_finish 71 72.L_align_to_64: 73 tst r3, #4 74 beq .L_mainloop 75 ldr r3, [r0], #4 76 77 sub ip, r3, #0x01010101 78 bic ip, ip, r3 79 ands ip, ip, #0x80808080 80 bne .L_zero_in_second_register 81 82 .p2align 2 83.L_mainloop: 84 ldrd r2, r3, [r0], #8 85 86 pld [r0, #64] 87 88 sub ip, r2, #0x01010101 89 bic ip, ip, r2 90 ands ip, ip, #0x80808080 91 bne .L_zero_in_first_register 92 93 sub ip, r3, #0x01010101 94 bic ip, ip, r3 95 ands ip, ip, #0x80808080 96 bne .L_zero_in_second_register 97 b .L_mainloop 98 99.L_update_count_and_finish: 100 sub r3, r0, r1 101 sub r3, r3, #1 102 b .L_check_size 103 104.L_zero_in_first_register: 105 sub r3, r0, r1 106 lsls r2, ip, #17 107 bne .L_sub8_and_finish 108 bcs .L_sub7_and_finish 109 lsls ip, ip, #1 110 bne .L_sub6_and_finish 111 112 sub r3, r3, #5 113 b .L_check_size 114 115.L_sub8_and_finish: 116 sub r3, r3, #8 117 b .L_check_size 118 119.L_sub7_and_finish: 120 sub r3, r3, #7 121 b .L_check_size 122 123.L_sub6_and_finish: 124 sub r3, r3, #6 125 b .L_check_size 126 127.L_zero_in_second_register: 128 sub r3, r0, r1 129 lsls r2, ip, #17 130 bne .L_sub4_and_finish 131 bcs .L_sub3_and_finish 132 lsls ip, ip, #1 133 bne .L_sub2_and_finish 134 135 sub r3, r3, #1 136 b .L_check_size 137 138.L_sub4_and_finish: 139 sub r3, r3, #4 140 b .L_check_size 141 142.L_sub3_and_finish: 143 sub r3, r3, #3 144 b .L_check_size 145 146.L_sub2_and_finish: 147 sub r3, r3, #2 148 149.L_check_size: 150 pld [r1, #0] 151 pld [r1, #64] 152 ldr r0, [sp] 153 cmp r3, lr 154 bge __strcpy_chk_failed 155 156 // Add 1 for copy length to get the string terminator. 157 add r2, r3, #1 158 159 .cfi_endproc 160END(__strcpy_chk) 161 162#define MEMCPY_BASE __strcpy_chk_memcpy_base 163#define MEMCPY_BASE_ALIGNED __strcpy_chk_memcpy_base_aligned 164#include "memcpy_base.S" 165 166ENTRY(__strcpy_chk_failed) 167 .cfi_startproc 168 .save {r0, lr} 169 .cfi_def_cfa_offset 8 170 .cfi_rel_offset r0, 0 171 .cfi_rel_offset lr, 4 172 173 ldr r0, error_message 174 ldr r1, error_code 1751: 176 add r0, pc 177 bl __fortify_chk_fail 178error_code: 179 .word BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW 180error_message: 181 .word error_string-(1b+4) 182 183 .cfi_endproc 184END(__strcpy_chk_failed) 185 186 .data 187error_string: 188 .string "strcpy buffer overflow" 189