90242350053e6fd2c03640d3f9b37864d18c414d |
|
06-Feb-2018 |
George Burgess IV <gbiv@google.com> |
Remove __overloadable/__RENAME_CLANG Now that we have a clang that supports transparent overloads, we can kill all of this cruft, and restore our upstream sources to their untouched glory. Woohoo! Bug: 12231437 Test: Built aosp_marlin; no obvious patch-related aosp_mips issues. Change-Id: I520a19d014f12137f80e43f973dccd6711c571cd
|
8e13b67c64df389ce72bcb02ab3e1888da48f254 |
|
07-Nov-2017 |
Josh Gao <jmgao@google.com> |
versioner: properly handle extern "C", "C++". extern "C" and "C++" are parsed as a LinkageSpecDecl with the real Decl as a child node. This leads to the preprocessor sticking its guard between the extern specifier and the declaration. Update the AST visitor to add a special-case for calculating the SourceRange on a LinkageSpecDecl, and add a test. Bug: https://github.com/android-ndk/ndk/issues/440 Test: python run_tests.py Change-Id: I76445fe366cef46cfd2f16fb93d534d410c5edca
|
df9a489b2bfcc224943a12b447e9cf00db81d9e0 |
|
23-Aug-2017 |
Elliott Hughes <enh@google.com> |
Add more const-correct C++ overloads. libc++ actually provides overloads for all the standard C library stuff, so we just need to handle the POSIX and GNU extensions, of which there are just two more: memrchr and strcasestr. Bug: http://b/22768375 Test: builds Change-Id: Ie9ed1fbcc794e14a0c9bba13b5307ad677949613
|
684c31a2676772ad1fa2005941dcb6f6493b7dfc |
|
19-Aug-2017 |
Elliott Hughes <enh@google.com> |
Name function arguments in libc headers for Studio. Third batch of headers... Bug: http://b/64613623 Test: builds Change-Id: I32d8467a0bd22ba94d76476397f4f7dc51003886
|
3f7e65e66e63113d2556df517647c812d21f8817 |
|
15-Aug-2017 |
Dan Albert <danalbert@google.com> |
Add guards for things the versioner can't catch. The versioner doesn't handle C++ blocks yet, so these guards won't be added and it will appear as though the functions are always available in C++, but based on API level in C. Test: make checkbuild Bug: https://github.com/android-ndk/ndk/issues/440 Change-Id: I31a20fa1596d836b280ffc6d7feb863afccca6c7
|
3f66e74b903905e763e104396aff52a81718cfde |
|
01-Aug-2017 |
Elliott Hughes <enh@google.com> |
Remove nullability specifications. Bug: http://b/64251432 Test: builds Change-Id: I5b1613484783f7478d30b5e694007f77fa626659
|
ec6850d849746ffbafaaf9b993c5dbb74a014b3f |
|
01-Aug-2017 |
Elliott Hughes <enh@google.com> |
Remove restrict/__restrict. We've never really used __restrict: only <string.h> and <stdio.h> (which are still very similar to upstream BSD headers) consistently have these annotations. Neither clang nor GCC warns for trivial cases, and there's little obvious documentation benefit. Bug: http://b/30833514 Test: builds Change-Id: I3e4384281865475d0c55d764b546d8166419ee31
|
b97049c0390cb1a11b9cb0b14391972e69398ce5 |
|
25-Jul-2017 |
George Burgess IV <gbiv@google.com> |
libc: Split FORTIFY into its own headers This patch cleans up our standard headers by moving most of the FORTIFY cruft out in to its own sandbox. In order to include the *_chk and *_real declarations, you can either enable FORTIFY, or `#define __BIONIC_DECLARE_FORTIFY_HELPERS`. Both sys/select.h and strings.h are explicitly ignored by this patch. Both of these files have very small __BIONIC_FORTIFY blocks, and don't define any actual FORTIFY'ed functions (just macros, and 3 *_chk functions). This patch also makes the versioner ignore the FORTIFY implementation headers, since we're guaranteed to pick the FORTIFY'ed headers up when looking at the regular headers. (...Not to mention that making the FORTIFY'ed headers freestanding would be annoying to do and maintain for ~no benefit). We bake the knowledge of where FORTIFY headers live directly into the versioner. We could go with a more general approach (e.g. adding an -X IGNORED_FILE flag that tells the versioner to ignore $HEADER_PATH/$IGNORED_FILE), but we'd then have to repeat that for every test, every manual invocation of the versioner, etc. for no benefit that's obvious to me. Bug: 12231437 Test: m checkbuild on bullhead internal master + CtsBionicTestCases. no new errors. Change-Id: Iffc0cc609009b33d989cdaddde0a809282131a5b
|
16d9ba808b64a2af8a10b5710bea7c4b63e989db |
|
30-Jun-2017 |
Josh Gao <jmgao@google.com> |
Add version info for C++ versions of basename, strchrnul. These still won't get guards added by the preprocessor, because it compiles with C-only. Bug: https://github.com/android-ndk/ndk/issues/440 Test: treehugger Change-Id: I893b345e528ed1b761e0db00700037411bbb8b78
|
07e75fe9a1cbf323b5de168448583ed66211efe0 |
|
19-Apr-2017 |
George Burgess IV <gbiv@google.com> |
libc: fix typo in __RENAME macro Apparently __strncpy_real redirects to strcpy instead of strncpy for GCC builds. This is bad, and it confused a project compiled by GCC that uses strcpy. I audited all of the FORTIFY-related __RENAMEs both manually and with a script I hacked together; they all look correct aside from this one. FWIW, with the cleaned up clang FORTIFY, lots of the `void foo() __RENAME(foo)` will just become `void foo()` if this last thing I'm working on gets through review. Bug: 35329524 Test: Previously broken project now seems to work. Bullhead and Ryu both build + boot. (cherry picked from commit 31e5a35f3d403ffa4ffe0215f9664d08fb749ada) Change-Id: I790a42f2cf2f7b8e003faa4df9135db22a2e20db
|
31e5a35f3d403ffa4ffe0215f9664d08fb749ada |
|
19-Apr-2017 |
George Burgess IV <gbiv@google.com> |
libc: fix typo in __RENAME macro Apparently __strncpy_real redirects to strcpy instead of strncpy for GCC builds. This is bad, and it confused a project compiled by GCC that uses strcpy. I audited all of the FORTIFY-related __RENAMEs both manually and with a script I hacked together; they all look correct aside from this one. FWIW, with the cleaned up clang FORTIFY, lots of the `void foo() __RENAME(foo)` will just become `void foo()` if this last thing I'm working on gets through review. Bug: 35329524 Test: Previously broken project now seems to work. Bullhead and Ryu both build + boot. Change-Id: Ib18ee3535ae31eb7e8ae846dc012f9b64cac80bf
|
19710f761b4134d653936fde88f3c4477ab2128e |
|
05-Apr-2017 |
George Burgess IV <gbiv@google.com> |
libc: remove newlines in prototypes in string.h This gives more useful diagnostics if clang needs to mention these functions (or a parameter of them). Bug: 36984245 Test: m on bullhead completes successfully. Change-Id: I17c2b624d08bc9dd3f08185b30029ed0c49ebb08
|
bd3d2088d99f45babb8a73192b53b6fd91930af3 |
|
05-Apr-2017 |
George Burgess IV <gbiv@google.com> |
libc: add const-correct string.h overloads libcxx provides const-correct overloads for a few string.h functions. These overloads use clang's enable_if attribute, so they're preferred over our FORTIFY'ed equivalents. This weakens _FORTIFY_SOURCE=2 when used with some of these functions, since clang needs to see __pass_object_size in order to pass an accurate result for __builtin_object_size(s, 1) at a callsite. Since those functions don't have __pass_object_size on their params, clang can't do that. This makes LLVM lower the __builtin_object_size calls, which means we get the same result as __builtin_object_size(s, 0). We have to provide all of the overloads in Bionic, since enable_if is only used to disambiguate overloads with (otherwise) the same type. In other words: // overload 1 char *strchr(const char *, int s) __attribute__((enable_if(1, ""))); // overload 2 char *strchr(char *, int s); void foo() { char cs[1] = {}; strchr(static_cast<const char *>(cs), '\0'); // calls overload #1. strchr(cs, '\0'); // calls overload #2. } Bug: 34747525 Test: m checkbuild on bullhead internal master + AOSP. vts -m BionicUnitTests passes on both. Surprisingly, the only code that this seems to break is contained in Bionic. Change-Id: Ie406f42fb3d1c5bf940dc857889876fc39b57c90
|
bce9a7d51898f73d8e3cef2c4a437bf08698430f |
|
04-Apr-2017 |
George Burgess IV <gbiv@google.com> |
libc: use __bos instead of __bos0 for strchr. I dunno why I used __bos0 in the first place; clang's strrchr (and GCC's strchr+strrchr) both use __bos. Bug: 34747525 Test: m. Device still boots. cts -m BionicUnitTests shows no new failures. Change-Id: Ifec0e05a6a1144fa3e3ac70562af3ec57c09c194
|
9c2094f3c527301068f2049eefd9e684a7995352 |
|
15-Feb-2017 |
Dan Albert <danalbert@google.com> |
Fixup API level guards for new fortify functions. Test: tools/update_headers.sh && make checkbuild Bug: None Change-Id: I9d06ea8a5ee9dc27d957f59e6e84150651ed1c76
|
8b154b1e8233e1d34a6a66b72369f05f8655b653 |
|
15-Feb-2017 |
Dan Albert <danalbert@google.com> |
Guard the GNU strerror_r with an API check. The deprecated headers have always had only the POSIX definition available (and it's always been available). With the unified headers as they are now, we actually make it unavailable for C++ users (C++ implies _GNU_SOURCE) targeting below M. Adding this guard means that pre-M users will still at least get the POSIX one. It's not great that moving to M as your target API will actually change the signature of your strerror_r, but I don't see a better option here (not until we have the compatibility library, anyway). Test: make checkbuild Bug: None Change-Id: I2d15702467533a826c4ec10fd973ee929d2b562a
|
156d5a8ae93c6515919dd6706481991c7c0dc600 |
|
10-Feb-2017 |
George Burgess IV <gbiv@google.com> |
Match __bos0 to __pass_object_size0 in FORTIFY pass_object_size(N) forwards the result of __builtin_object_size(param, N) to a function. So, a function that looks like: size_t foo(void *const p __pass_object_size) { return __bos0(p); } int bar = foo(baz); would effectively be turned into size_t foo(void *const p, size_t sz) { return sz; } int bar = foo(baz, __bos(baz)); // note that this is not __bos0 This is bad, since if we're using __bos0, we want more relaxed objectsize checks. __bos0 should be more permissive than __bos in all cases, so this change Should Be Fineā¢. This change also makes GCC and clang share another function's implementation (recv). I just realized we need to add special diagnostic-related overloads bits for clang to it, but I can do that in another patch. Bug: None Test: Bullhead builds and boots; CtsBionicTestCases passes. Change-Id: I6818d0041328ab5fd0946a1e57321a977c1e1250
|
7cc779f15c524e1622f7d5b1c7e82e6ffc6677fd |
|
09-Feb-2017 |
George Burgess IV <gbiv@google.com> |
libc: add clang FORTIFY support This patch adds clang-style FORTIFY to Bionic. For more information on FORTIFY, please see https://goo.gl/8HS2dW . This implementation works for versions of clang that don't support diagnose_if, so please see the "without diagnose_if" sections. We plan to swap to a diagnose_if-based FORTIFY later this year (since it doesn't really add any features; it just simplifies the implementation a lot, and it gives us much prettier diagnostics) Bug: 32073964 Test: Builds on angler, bullhead, marlin, sailfish. Bionic CTS tests pass on Angler and Bullhead. Change-Id: I607aecbeee81529709b1eee7bef5b0836151eb2b
|
5bc78c8bcd0c1e634c04029309ede3ec05f2d424 |
|
16-Nov-2016 |
Elliott Hughes <enh@google.com> |
Add and use constants for the Android API levels. Test: bionic tests still pass Change-Id: If1b619cfc9db1d3f5d91f14f2ace71058dca0c4a
|
a3ce418ca6ad440d19c98e15132a76a877eb0bdc |
|
01-Nov-2016 |
Dan Albert <danalbert@google.com> |
Revert "Add legacy inlines for locale aware APIs." We can't really add these to the unified headers yet since we're still using the old headers as well, and libandroid_support needs to work with both. These functions are already defined in libandroid_support, so when using unified headers we'll get duplicate definitions. This was only going to be a temporary solution anyway. Instead we'll just rely on libandroid_support (and eventually its rewrite) to handle these. This reverts commit 6576a3749bd3805508294bfcac3d9658fc0f8d6e. Test: ./tools/update_headers.py && make ndk && make native # Copied into working directory for unified headers NDK work. ndk/checkbuild.py ndk/run_tests.py --force-unified-headers Bug: None Change-Id: I5762e815e2030c89d7f2540df08dd67b6c2d10a5
|
95fa061678400315ee757758bf5f9146176d47a0 |
|
28-Sep-2016 |
Elliott Hughes <enh@google.com> |
Rename __pure, __pure2, and __purefunc. These names were pretty misleading (aka "backwards"), so switch to the same obvious names glibc uses. Test: build. Change-Id: Ia98c9dbbccd0820386116562347654e84669034a
|
6cd9fb080caca2d0d8fcb8f400c1ec466e7b2466 |
|
23-Sep-2016 |
Josh Gao <jmgao@google.com> |
Fix warnings (and errors) in static inline headers. Bug: http://b/31676510 Change-Id: Idcbc544e498f7e6bbe99c2bf7dc557a5681e96c4 Test: preupload hook
|
6576a3749bd3805508294bfcac3d9658fc0f8d6e |
|
21-Sep-2016 |
Dan Albert <danalbert@google.com> |
Add legacy inlines for locale aware APIs. Test: make checkbuild tests Bug: http://b/31639993 Change-Id: Ic43d690dff3c6960d7826bd0b064640a3ea0e883
|
e5dd632e43dd81f293afdb93a6556d40d7007765 |
|
08-Sep-2016 |
Dan Albert <danalbert@google.com> |
Move strncpy fortify into android-21. __strncpy_chk2 wasn't added until android-21. Test: make checkbuild Bug: None Change-Id: I527f88aca55ef5010e12ece18abbdce3d54ce252
|
dfa6bbb54bd9ab2a71df4c066427ea804608e20b |
|
03-Aug-2016 |
Dan Albert <danalbert@google.com> |
Guard fortify inlines with __ANDROID_API__. Test: make checkbuild with libc ndk_library patches applied Change-Id: Ic5e248994c4f2702b0f4d6dfeda787187ea86017
|
5470c183611737af5ec954984e4bdb5da8c99b73 |
|
22-Jul-2016 |
Elliott Hughes <enh@google.com> |
Make it possible to build bionic with -I instead of -isystem. Various things: * work around -Wnullability-completeness. * use C++ casts in C++ and C casts in C. * stop using attributes clang doesn't support (such as `warning`). * remove duplicate definitions of XATTR_CREATE and XATTR_REPLACE. Change-Id: I07649e46275b28a23ca477deea119fe843999533
|
46b44160e9e4c466be0faf1bb8d6ec70ecc83273 |
|
27-May-2016 |
Josh Gao <jmgao@google.com> |
Update header versions for NDK platform fixes. Bug: http://b/28178111 Change-Id: Icd638673b409aa43a91490f77c6b4d79c9ea20d9
|
baa2a973bd776a51bb05a8590ab05d86eea7b321 |
|
14-Aug-2015 |
Dan Albert <danalbert@google.com> |
Use clang's nullability instead of nonnull. http://clang.llvm.org/docs/AttributeReference.html#nonnull _Nonnull is similar to the nonnull attribute in that it will instruct compilers to warn the user if it can prove that a null argument is being passed. Unlike the nonnull attribute, this annotation indicated that a value *should not* be null, not that it *cannot* be null, or even that the behavior is undefined. The important distinction is that the optimizer will perform surprising optimizations like the following: void foo(void*) __attribute__(nonnull, 1); int bar(int* p) { foo(p); // The following null check will be elided because nonnull // attribute means that, since we call foo with p, p can be // assumed to not be null. Thus this will crash if we are called // with a null pointer. if (src != NULL) { return *p; } return 0; } int main() { return bar(NULL); } Note that by doing this we are no longer attaching any sort of attribute for GCC (GCC doesn't support attaching nonnull directly to a parameter, only to the function and naming the arguments positionally). This means we won't be getting a warning for this case from GCC any more. People that listen to warnings tend to use clang anyway, and we're quickly moving toward that as the default, so this seems to be an acceptable tradeoff. Change-Id: Ie05fe7cec2f19a082c1defb303f82bcf9241b88d
|
14adff1cfa06a3d4d3281a9bf7848b556d84c20d |
|
29-Apr-2016 |
Josh Gao <jmgao@google.com> |
Add versioning information to symbols. Bug: http://b/28178111 Change-Id: I46bf95accd819f4521afb1173d8badcc5e9df31c
|
c3cec27ad75544fdd1a5efc78260404a7de564bf |
|
07-Apr-2016 |
Josh Gao <jmgao@google.com> |
Extract strcasecmp and friends to <bits/strcasecmp.h>. Bug: http://b/28067717 Change-Id: I76bab098d4c35d07a7a108055c43c820087f9253
|
eb9b9250122080df4a11293b9b6679e0b63ae2dd |
|
04-Nov-2015 |
Josh Gao <jmgao@google.com> |
Fix GNU/POSIX basename headers. Including glibc's <libgen.h> will result in the user getting the POSIX version of basename always, regardless of when it is included relative to <string.h>. Prior to this patch, our implementation would result in the one that's included first winning. Bug: http://b/25459151 Change-Id: Id4aaf1670dad317d6bbc05763a84ee87596e8e59
|
7ac3c128bb5df83cb001cb50b6a5ee4da9a0b0e0 |
|
26-Aug-2015 |
Elliott Hughes <enh@google.com> |
Add strchrnul. Bug: http://b/18374026 Change-Id: Iea923309c090a51a2d41c5a83320ab3789f40f1c
|
4ae773633aac9ceba5ec62bb8e1aa22c3c56ebde |
|
18-Apr-2015 |
Daniel Micay <danielmicay@gmail.com> |
add fortified memchr/memrchr implementations Change-Id: I38c473cc0c608b08f971409a95eb8b853cb2ba1c
|
3cfb52aab2548df635e9672218cc433e14922fd3 |
|
19-Feb-2015 |
Elliott Hughes <enh@google.com> |
Add GNU extensions mempcpy and wmemcpy. Used by elfutils. On the bright side, they stopped using __mempcpy. Bug: 18374026 Change-Id: Id29bbe6ef1c5ed5a171bb6c32182f129d8332abb
|
5038b19cef207b526f9993951e4a04c8df91ce1d |
|
29-Jan-2015 |
Elliott Hughes <enh@google.com> |
Break two incorrect transitive includes. Change-Id: I95519caa5258cf5c6b8053f1c7e08ade2a824e49
|
76f8916b904db14facf811ae44e1265261349702 |
|
26-Jan-2015 |
Elliott Hughes <enh@google.com> |
Clean up <stdlib.h> slightly. Interestingly, this mostly involves cleaning up our implementation of various <string.h> functions. Change-Id: Ifaef49b5cb997134f7bc0cc31bdac844bdb9e089
|
b20c24456e43df430ec5626a68e5dc0dc6929344 |
|
07-Nov-2014 |
Elliott Hughes <enh@google.com> |
Implement all the POSIX _l functions. Strictly speaking, this only implements the _l variants of the functions we actually have. We're still missing nl_langinfo_l, for example, but we don't have nl_langinfo either. Change-Id: Ie711c7b04e7b9100932a13f5a5d5b28847eb4c12
|
55ee845b8ec0861d09197b32fbb5f2d34320155d |
|
07-Oct-2014 |
Dan Albert <danalbert@google.com> |
Inline helpers need to be exported unmangled. __open_2() is used by the fortify implementation of open(2) in fcntl.h, and as such needs an unmangled C name. For some reason (inlining?), this doesn't cause problems at the default optimization level, but does for -O0. The rest of these didn't cause build failures, but they look suspect and probably will, we just haven't caught them yet. (cherry-pick of 658727e111ed6dee7be5239494f0764f7b1b02f8 with conflicts in stdio.h and string.h.) Bug: 17784968 Change-Id: I7391a7a8999ee204eaf6abd14a3d5373ea419d5b
|
658727e111ed6dee7be5239494f0764f7b1b02f8 |
|
07-Oct-2014 |
Dan Albert <danalbert@google.com> |
Inline helpers need to be exported unmangled. __open_2() is used by the fortify implementation of open(2) in fcntl.h, and as such needs an unmangled C name. For some reason (inlining?), this doesn't cause problems at the default optimization level, but does for -O0. The rest of these didn't cause build failures, but they look suspect and probably will, we just haven't caught them yet. Bug: 17784968 Change-Id: I7391a7a8999ee204eaf6abd14a3d5373ea419d5b
|
d87d401ab134996d1f25f5b63cefb48b5b5877c8 |
|
18-Aug-2014 |
Elliott Hughes <enh@google.com> |
Improve <sys/cdefs.h>. Fix and use __RENAME (and lose ___RENAME --- two underscores should be enough for anybody). This was the point of this change, because I want to use __RENAME to support the two basename variants and the two strerror_r variants. Lose a bunch of macros that weren't being used. Lose three dead files from the DNS code. Bug: 17784968 (cherry picked from commit 2cfb4e8e2e217ef0e4140dcbf9b3da809781158c) Change-Id: I5e96146f92c0521248c78c0933bec5e9a9818222
|
db408bf421faffe6c0623ca652844edfffa3726c |
|
05-Oct-2014 |
Nick Kralevich <nnk@google.com> |
further cleanup memcpy fortify implementation Bug: 17784968 (cherry picked from commit b84f667e9312611536a564700daea11c12b6fcfa) Change-Id: I68fc2cc0a1ee7f0887edf3681eb83ef678de1383
|
7ad2147a08b000e4bb6101bd24f055552f7a41aa |
|
05-Oct-2014 |
Nick Kralevich <nnk@google.com> |
string.h: remove unused variable (cherry picked from commit 48be71d02b6cc4e6493d38cdd6b7779032c38901) Bug: 17784968 Change-Id: Iac7732fb4f7fe42977cb9f62472bb636e17e5232
|
b84f667e9312611536a564700daea11c12b6fcfa |
|
05-Oct-2014 |
Nick Kralevich <nnk@google.com> |
further cleanup memcpy fortify implementation Change-Id: I0380f3c8ca8f9bb8a206accd839c32c9daf13c56
|
48be71d02b6cc4e6493d38cdd6b7779032c38901 |
|
05-Oct-2014 |
Nick Kralevich <nnk@google.com> |
string.h: remove unused variable Change-Id: I08b7dab1b374ad427fcbee4183f2c7d93d0199a9
|
416d7ddaff0946d480b6aa945a741b3eeaca5569 |
|
19-Aug-2014 |
Elliott Hughes <enh@google.com> |
Add GNU-compatible strerror_r. We already had the POSIX strerror_r, but some third-party code defines _GNU_SOURCE and expects to get the GNU strerror_r instead. This exposed a bug in the libc internal logging functions where unlike their standard brethren they wouldn't return the number of bytes they'd have liked to have written. Bug: 16243479 Change-Id: I1745752ccbdc569646d34f5071f6df2be066d5f4
|
09c39d6df0e952620f8c1751377b559a04e023aa |
|
19-Aug-2014 |
Elliott Hughes <enh@google.com> |
Implement the GNU basename(3) in addition to the POSIX one. Code like perf(1) needs this. Bug: 11860789 Change-Id: I907eb448052a7b165e4012d74303330d32328cb2
|
2cfb4e8e2e217ef0e4140dcbf9b3da809781158c |
|
18-Aug-2014 |
Elliott Hughes <enh@google.com> |
Improve <sys/cdefs.h>. Fix and use __RENAME (and lose ___RENAME --- two underscores should be enough for anybody). This was the point of this change, because I want to use __RENAME to support the two basename variants and the two strerror_r variants. Lose a bunch of macros that weren't being used. Lose three dead files from the DNS code. Change-Id: I3ef645c566b16a52217bc2e68c7d54b37c7c9522
|
7aa27e1c1a53afe28f6180fd1fc50d096cabea7b |
|
06-Aug-2014 |
Dehao Chen <dehao@google.com> |
Workaround b/16818336 which fails build under aggressive inlining. Change-Id: Ifcd596714c427a2ec39502b9c0af9082ded91884
|
28285f85a1c15c5b500b78ed63f12dd8eddb8ac9 |
|
06-Aug-2014 |
Dehao Chen <dehao@google.com> |
Workaround b/16818336 which fails build under aggressive inlining. (cherry-pick of 7aa27e1c1a53afe28f6180fd1fc50d096cabea7b.) Change-Id: Ifcd596714c427a2ec39502b9c0af9082ded91884
|
dfb5ce42bcc5a275af49211c0bbe64c5ec3d2668 |
|
10-Jul-2014 |
Dan Albert <danalbert@google.com> |
Revert "Revert "Add locale aware APIs."" This reverts commit 063e20c26943ec82ef1d53a544545e79054e93d3. Change-Id: Ib8c9004efefe75a5346b3af50dfe37952d91eb21
|
e087eac404b0e30de427392065e2750acf92bd4a |
|
09-Jul-2014 |
Dan Albert <danalbert@google.com> |
Add locale aware APIs. Since we only support the C locale, we can just forward all of these to their non-locale equivalents for correct behavior. Change-Id: Ib7be71b7f636309c0cc3be1096a4c1f693f04fbb
|
063e20c26943ec82ef1d53a544545e79054e93d3 |
|
10-Jul-2014 |
Dan Albert <danalbert@google.com> |
Revert "Add locale aware APIs." Accidentally verified against a dirty tree. Needs the companion change to libc++ to land upstream before I can submit this. This reverts commit e087eac404b0e30de427392065e2750acf92bd4a. Change-Id: I317ecd0923114f415eaad7603002f77feffb5e3f
|
40fca0f08b1eb87e283d6f634d9759ed3161f517 |
|
04-Jun-2014 |
Dan Albert <danalbert@google.com> |
Removes index() from bionic. This function has been removed from POSIX. Unfortunately, we can't leave #define index(a, b) strchr((a), (b)) in its place because defining a preprocessor macro for index() breaks a whole lot of code. Bug: 13935372 Change-Id: Ifda348acde06da61c12e7ee2f8fe6950a3174dd1
|
950a58e24d1019eb9d814dbb16f111a6b61e3f23 |
|
04-Apr-2014 |
Christopher Ferris <cferris@google.com> |
Add stpcpy/stpncpy. Add tests for the above. Add the fortify implementations of __stpcpy_chk and __stpncpy_chk. Modify the strncpy test to cover more cases and use this template for stpncpy. Add all of the fortify test cases. Bug: 13746695 Change-Id: I8c0f0d4991a878b8e8734fff12c8b73b07fdd344
|
152b9de19ade833ada124390ef153e53d3d3e2ed |
|
10-Mar-2014 |
Elliott Hughes <enh@google.com> |
Remove non-standard memswap. Change-Id: I06548dda339987b755ef7139c590ca3e1f9fe0a9
|
53e43292aac91bf62995788cd5ca2ceb7caea283 |
|
25-Feb-2014 |
Elliott Hughes <enh@google.com> |
More OpenBSD cleanup (primarily string). This patch removes the string/ and wchar/ directories. Change-Id: Ia489904bc67047e4bc79acb1f3eec21aa3fe5f0d
|
d13c2b1ba6681fdbee73a044d988c3f9e1172d30 |
|
27-Sep-2013 |
Nick Kralevich <nnk@google.com> |
Fix unnecessary call to __strncpy_chk2 If "n" is smaller than the size of "src", then we'll never read off the end of src. It makes no sense to call __strncpy_chk2 in those circumstances. For example, consider the following code: int main() { char src[10]; char dst[5]; memcpy(src, "0123456789", sizeof(src)); strncpy(dst, src, sizeof(dst)); dst[4] = '\0'; printf("%s\n", dst); return 0; } In this code, it's clear that the strncpy will never read off the end of src. Change-Id: I9cf58857a0c5216b4576d21d3c1625e2913ccc03
|
3c4b50fd8cce143d9ba8f03a93f0fccba4e54d14 |
|
26-Jul-2013 |
Pavel Chupin <pavel.v.chupin@intel.com> |
Fix strchr for basic non-sse case on x86 Fix source location. Move declaration of __strchr_chk out of ifdef __BIONIC_FORTIFY which should be available for strchr.cpp compilation when __BIONIC_FORTIFY is not defined. Change-Id: I552a6e16656e59b276b322886cfbf57bbfb2e6a7 Signed-off-by: Pavel Chupin <pavel.v.chupin@intel.com>
|
bd8e6749b78567af62ec126d7cc057386ebee25a |
|
28-Aug-2013 |
Nick Kralevich <nnk@google.com> |
cdefs.h: introduce __bos0 Introduce __bos0 as a #define for __builtin_object_size((s), 0). This macro is intended to be used for places where the standard __bos macro isn't appropriate. memcpy, memmove, and memset deliberately use __bos0. This is done for two reasons: 1) I haven't yet tested to see if __bos is safe to use. 2) glibc uses __bos0 for these methods. Change-Id: Ifbe02efdb10a72fe3529dbcc47ff647bde6feeca
|
93501d3ab81156bcef251bb817a49e9ca46a6ec1 |
|
28-Aug-2013 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: introduce __strncpy_chk2 This change detects programs reading beyond the end of "src" when calling strncpy. Change-Id: Ie1b42de923385d62552b22c27b2d4713ab77ee03
|
a6cde392765eb955cb4be5faa6ee62dcf77e8aa5 |
|
29-Jun-2013 |
Nick Kralevich <nnk@google.com> |
More FORTIFY_SOURCE functions under clang * bzero * umask * strlcat Change-Id: I65065208e0b8b37e10f6a266d5305de8fa9e59fc
|
8bafa7452ec0892572b0b49f86022ce945c5e908 |
|
20-Jun-2013 |
Nick Kralevich <nnk@google.com> |
libc: enable FORTIFY_SOURCE clang strlcpy Change-Id: Idcfe08f5afc3dde592416df9eba83f64e130c7c2
|
16d1af167f8e36a9aa4a07ae77034ad519b00463 |
|
17-Jun-2013 |
Nick Kralevich <nnk@google.com> |
libc: add limited FORTIFY_SOURCE support for clang In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all FORTIFY_SOURCE support when compiling under clang. At the time, we didn't have proper test cases, and couldn't easily create targeted clang tests. This change re-enables FORTIFY_SOURCE support under clang for a limited set of functions, where we have explicit unittests available. The functions are: * memcpy * memmove * strcpy * strncpy * strcat * strncat * memset * strlen (with modifications) * strchr (with modifications) * strrchr (with modifications) It may be possible, in the future, to enable other functions. However, I need to write unittests first. For strlen, strchr, and strrchr, clang unconditionally calls the fortified version of the relevant function. If it doesn't know the size of the buffer it's dealing with, it passes in ((size_t) -1), which is the largest possible size_t. I added two new clang specific unittest files, primarily copied from fortify?_test.cpp. I've also rebuild the entire system with these changes, and didn't observe any obvious problems. Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
|
b24c0637d06fe0980b9e13a8d0c3e6f4dbda9cd5 |
|
18-Jun-2013 |
Nick Kralevich <nnk@google.com> |
libc: Introduce __errordecl() Define __errordecl and replace __attribute__((__error__("foo"))) with __errordecl. Make sure __errordecl is a no-op on clang, as it generates a compile time warning. Change-Id: Ifa1a2d3afd6881de9d479fc2adac6737871a2949
|
cf870199d576bdfc339b7fb016c9f6fe7f2c87ed |
|
31-May-2013 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: strcat / strncat optimize __strcat_chk and __strncat_chk are slightly inefficient, because they end up traversing over the same memory region two times. This change optimizes __strcat_chk / __strncat_chk so they only access the memory once. Although I haven't benchmarked these changes, it should improve the performance of these functions. __strlen_chk - expose this function, even if -D_FORTIFY_SOURCE isn't defined. This is needed to compile libc itself without -D_FORTIFY_SOURCE. Change-Id: Id2c70dff55a276b47c59db27a03734d659f84b74
|
1c462b7a04fc6afc99d8544728dd6d8f2a471fa2 |
|
07-May-2013 |
Nick Kralevich <nnk@google.com> |
Use restrict pointers for various libc functions. All the cool kids say this is the best thing since sliced bread. http://cellperformance.beyond3d.com/articles/2006/05/demystifying-the-restrict-keyword.html For the most part, these changes match what glibc does. Change-Id: I176268f27f82800162fe5f2515b08d5469ea2dfe
|
3b2e6bc9acf5223db6e9967e46066219c76ee56f |
|
30-Apr-2013 |
Nick Kralevich <nnk@google.com> |
libc: upgrade strrchr to FORTIFY_SOURCE=2 Change-Id: I4c34c2ce22c5092c4446dc1ab55f37604c1c223f
|
9020fd503c9eb073f70dbc239a212f8ece19359d |
|
30-Apr-2013 |
Nick Kralevich <nnk@google.com> |
libc: upgrade some libc functions to _FORTIFY_SOURCE=2 Upgrade the following functions: * vsnprintf * vsprintf * snprintf * fgets * strcpy * strcat * strncat * strlcpy * strlcat * strlen * strchr Change-Id: Icc036fc7f0bb317e05f7c051617887a1601271aa
|
1aae9bd170883805f2e7975cd3dbd2502b083cc1 |
|
29-Apr-2013 |
Nick Kralevich <nnk@google.com> |
strncpy: implement _FORTIFY_SOURCE=2 Add support for fortify source level 2 to strncpy. This will enable detection of more areas where strncpy is used inappropriately. For example, this would have detected bug 8727221. Move the fortify_source tests out of string_test.cpp, and put it into fortify1_test.cpp. Create a new fortify2_test.cpp file, which copies all the tests in fortify1_test.cpp, and adds fortify_source level 2 specific tests. Change-Id: Ica0fba531cc7d0609e4f23b8176739b13f7f7a83
|
890c8ed6ef773160cd6840a92e0d469fe530871f |
|
22-Mar-2013 |
Elliott Hughes <enh@google.com> |
Fix builds where _FORTIFY_SOURCE is off. Also add a more intention-revealing guard so we don't have loads of places checking whether our inlining macro is defined. Change-Id: I168860cedcfc798b07a5145bc48a125700265e47
|
538f6fc202b07219ce78de54c0e05ab81e937154 |
|
22-Feb-2013 |
Elliott Hughes <enh@google.com> |
Stop advertising rindex(3), which is both deprecated and unimplemented. Change-Id: I3c775d9974e49c3f76a53e46e022659657b89034
|
a44e9afdd16105d6f36319cb538666d9cc78435a |
|
18-Jan-2013 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: optimize Don't do the fortify_source checks if we can determine, at compile time, that the provided operation is safe. This avoids silliness like calling fortify source on things like: size_t len = strlen("asdf"); printf("%d\n", len); and allows the compiler to optimize this code to: printf("%d\n", 4); Defer to gcc's builtin functions instead of pointing our code to the libc implementation. Change-Id: I5e1dcb61946461c4afaaaa983e39f07c7a0df0ae
|
57874753900865312d7d265d2ca15cb4edb00ef2 |
|
07-Dec-2012 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: remove memcpy overlap checks These checks haven't been as useful as I hoped, and it's causing a false positive finding. Remove the overlap compile time checks. Change-Id: I5d45dde10ae4663d728230d41fa904adf20acaea
|
9a4d305340e6ce2fc6c3f371f2d7ede446f8c6d4 |
|
03-Dec-2012 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: fortify strrchr This change compliments 049e58369c37fdeacd0380a6bf1e078d9baf819f Change-Id: I27d015d70a520713c7472558a3c427f546d36ee4
|
049e58369c37fdeacd0380a6bf1e078d9baf819f |
|
01-Dec-2012 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: fortify strchr Detect when strchr reads off the end of a buffer. Change-Id: I0e952eedcff5c36d646a9c3bc4e1337b959224f2
|
829c089f83ddee37203b52bcb294867a9ae7bdbc |
|
29-Aug-2012 |
Nick Kralevich <nnk@google.com> |
disable _FORTIFY_SOURCE under clang Clang and _FORTIFY_SOURCE are just plain incompatible with each other. First of all, clang doesn't understand the __attribute__((gnu_inline)) header. Second of all, Clang doesn't have support for __builtin_va_arg_pack() and __builtin_va_arg_pack_len() (see http://clang.llvm.org/docs/UsersManual.html#c_unimpl_gcc) Until we can resolve these issues, don't even try using _FORTIFY_SOURCE under clang. Change-Id: I81c2b8073bb3276fa9a4a6b93c427b641038356a
|
f4497e15b78383b06d59ce244255fc7625beaec5 |
|
06-Aug-2012 |
Shih-wei Liao <sliao@google.com> |
When compiling with clang, don't "fortify_source" the strlcpy and strlcat. Change-Id: I91f58322f28e425ab9d22b51c23fcd6b772ede97
|
a72246d67e309de62c26aca970fff65dfb86eb7c |
|
06-Aug-2012 |
Shih-wei Liao <sliao@google.com> |
When compiling with clang, don't "fortify_source" the strlen. At this point, FORTIFY_SOURCE and clang are just plain incompatible. Need to solve the underlying incompatibility first. Change-Id: I3366477d19461e1ec93b1c30e0c7e8145b391b9b
|
d600617645e85435cf98fc30139a6945aaadc1ca |
|
06-Aug-2012 |
Shih-wei Liao <sliao@google.com> |
When compiling with clang, don't "fortify_source" the strlcpy and strlcat. Change-Id: I91f58322f28e425ab9d22b51c23fcd6b772ede97
|
9a3d53fad062cdadb4df81f6998a5e09336c637b |
|
06-Aug-2012 |
Shih-wei Liao <sliao@google.com> |
When compiling with clang, don't "fortify_source" the strlen. At this point, FORTIFY_SOURCE and clang are just plain incompatible. Need to solve the underlying incompatibility first. Change-Id: I3366477d19461e1ec93b1c30e0c7e8145b391b9b
|
761ba27d62a67c098a3323fb37175a7274ee5f19 |
|
16-Jul-2012 |
Nick Kralevich <nnk@google.com> |
Merge "FORTIFY_SOURCE: revert memcpy changes."
|
c37fc1ab6a3ac3956a8c9ba3ac089d41969815ed |
|
14-Jul-2012 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: revert memcpy changes. Performance regressions. Hopefully this is a temporary rollback. Bug: 6821003 Change-Id: I84abbb89e1739d506b583f2f1668f31534127764
|
9b6cc223a36835c4367a036d4cfeff14d25bc742 |
|
13-Jul-2012 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: introduce __BIONIC_FORTIFY_UNKNOWN_SIZE macro Replace all occurances of "(size_t) -1" with a __BIONIC_FORTIFY_UNKNOWN_SIZE macro. Change-Id: I0b188f6cf31417d2dbef0e1bd759de3f9782873a
|
260bf8cfe00f83bc579dfe81c78b75bd9973f051 |
|
13-Jul-2012 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: strlen check. This test is designed to detect code such as: int main() { char buf[10]; memcpy(buf, "1234567890", sizeof(buf)); size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE printf("%d\n", len); return 0; } or anytime strlen reads beyond an object boundary. This should help address memory leakage vulnerabilities and make other unrelated vulnerabilities harder to exploit. Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182
|
f3913b5b68347ce9a4cb17977df2c33f1e8f6000 |
|
13-Jul-2012 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: enhanced memcpy protections. Two changes: 1) Detect memory read overruns. For example: int main() { char buf[10]; memcpy(buf, "abcde", sizeof(buf)); sprintf("%s\n", buf); } because "abcde" is only 6 bytes, copying 10 bytes from it is a bug. This particular bug will be detected at compile time. Other similar bugs may be detected at runtime. 2) Detect overlapping buffers on memcpy() It is a bug to call memcpy() on buffers which overlap. For example, the following code is buggy: char buf3[0x800]; char *first_half = &buf3[0x400]; char *second_half = &buf3[1]; memset(buf3, 0, sizeof(buf3)); memcpy(first_half, second_half, 0x400); printf("1: %s\n", buf3); We now detect this at compile and run time. Change-Id: I092bd89f11f18e08e8a9dda0ca903aaea8e06d91
|
cb228fb4a91bdccfd974b8a4f45e2b6002e90728 |
|
27-Jun-2012 |
Nick Kralevich <nnk@google.com> |
libc: cleanups Prefix private functions with underscores, to prevent name conflicts. Use __error__ instead of error, since occasionally programs will create their own "#define error ...". Change-Id: I7bb171df58aec5627e61896032a140db547fd95d
|
8df49ad2467ec2d48f94a925162185c34bf6e68b |
|
14-Jun-2012 |
Nick Kralevich <nnk@google.com> |
FORTIFY_SOURCE: add strlcpy / strlcat support Add strlcpy / strlcat support to FORTIFY_SOURCE. This allows us to do consistency checks on to ensure we don't overflow buffers when the compiler is able to tell us the size of the buffer we're dealing with. Unlike previous changes, this change DOES NOT use the compiler's builtin support. Instead, we do everything the compiler would normally do. Change-Id: I47c099a911382452eafd711f8e9bfe7c2d0a0d22
|
71a18dd435e96564539b5af71b8ea5093a2109a1 |
|
07-Jun-2012 |
Nick Kralevich <nnk@google.com> |
_FORTIFY_SOURCE: add memset / bzero support Add _FORTIFY_SOURCE support for the following functions: * memset * bzero Move the __BIONIC_FORTIFY_INLINE definition to cdefs.h so it can be used from multiple header files. Change-Id: Iead4d5e35de6ec97786d58ee12573f9b11135bb7
|
0a2301598c207fd1b50015984942fee5e8511593 |
|
05-Jun-2012 |
Nick Kralevich <nnk@google.com> |
libc: implement some FORTIFY_SOURCE functions Add initial support for -D_FORTIFY_SOURCE to bionic for the following functions: * memcpy * memmove * strcpy * strcat * strncpy * strncat This change adds a new version of the above functions which passes the size of the destination buffer to __builtin___*_chk. If the compiler can determine, at compile time, that the destination buffer is large enough, or the destination buffer can point to an object of unknown size, then the check call is bypassed. If the compiler can't make a compile time decision, then it calls the __*_chk() function, which does a runtime buffer size check These options are only enabled if the code is compiled with -D_FORTIFY_SOURCE=1 or 2, and only when optimizations are enabled. Please see * http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html * http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html for additional details on FORTIFY_SOURCE. Testing: Compiled the entire Android tree with -D_FORTIFY_SOURCE=1, and verified that everything appears to be working properly. Also created a test buffer overflow, and verified that it was caught by this change. Change-Id: I4fddb445bafe92b16845b22458d72e6dedd24fbc
|
a677907ee8ecca034318fdb97902fa73e7392c4f |
|
21-Mar-2012 |
Nick Kralevich <nnk@google.com> |
string.h: add __attribute__ ((pure)) to string functions cdefs.h: Introduce the __purefunc attribute, which allows us to mark certain functions as being "pure". http://gcc.gnu.org/onlinedocs/gcc/Function-Attributes.html Many functions have no effects except the return value and their return value depends only on the parameters and/or global variables. Such a function can be subject to common subexpression elimination and loop optimization just as an arithmetic operator would be. string.h: Mark many commently used string functions as "pure", to allow for additional compiler optimizations. Change-Id: I42961f90f822b6dbcbc3fd72cdbe774a7adc8785
|
1dc9e472e19acfe6dc7f41e429236e7eef7ceda1 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
|
1767f908af327fa388b1c66883760ad851267013 |
|
04-Mar-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //depot/cupcake/@135843
|
9f65adf2ba3bb15feb8b7a7b3eef788df3fd270e |
|
11-Feb-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //branches/cupcake/...@130745
|
6d6c82c7a0a6b9a89f61b61c66f9b90d9c7177dc |
|
10-Jan-2009 |
The Android Open Source Project <initial-contribution@android.com> |
auto import from //branches/cupcake/...@125939
|
a27d2baa0c1a2ec70f47ea9199b1dd6762c8a349 |
|
21-Oct-2008 |
The Android Open Source Project <initial-contribution@android.com> |
Initial Contribution
|