1 /*
2 * Copyright (C) 2017 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #ifndef _STRING_H
30 #error "Never include this file directly; instead, include <string.h>"
31 #endif
32
33 void* __memchr_chk(const void*, int, size_t, size_t) __INTRODUCED_IN(23);
34 void* __memrchr_chk(const void*, int, size_t, size_t) __INTRODUCED_IN(23);
35 char* __stpncpy_chk2(char*, const char*, size_t, size_t, size_t) __INTRODUCED_IN(21);
36 char* __strncpy_chk2(char*, const char*, size_t, size_t, size_t) __INTRODUCED_IN(21);
37 size_t __strlcpy_chk(char*, const char*, size_t, size_t) __INTRODUCED_IN(17);
38 size_t __strlcat_chk(char*, const char*, size_t, size_t) __INTRODUCED_IN(17);
39
40 #if defined(__BIONIC_FORTIFY)
41 extern void* __memrchr_real(const void*, int, size_t) __RENAME(memrchr);
42
43 #if __ANDROID_API__ >= 17 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
44 /* No diag -- clang diagnoses misuses of this on its own. */
45 __BIONIC_FORTIFY_INLINE
memcpy(void * const dst __pass_object_size0,const void * src,size_t copy_amount)46 void* memcpy(void* const dst __pass_object_size0, const void* src, size_t copy_amount)
47 __overloadable {
48 return __builtin___memcpy_chk(dst, src, copy_amount, __bos0(dst));
49 }
50
51 /* No diag -- clang diagnoses misuses of this on its own. */
52 __BIONIC_FORTIFY_INLINE
memmove(void * const dst __pass_object_size0,const void * src,size_t len)53 void* memmove(void* const dst __pass_object_size0, const void* src, size_t len) __overloadable {
54 return __builtin___memmove_chk(dst, src, len, __bos0(dst));
55 }
56 #endif
57
58 #if defined(__USE_GNU)
59 #if __ANDROID_API__ >= 30
60 __BIONIC_FORTIFY_INLINE
mempcpy(void * const dst __pass_object_size0,const void * src,size_t copy_amount)61 void* mempcpy(void* const dst __pass_object_size0, const void* src, size_t copy_amount)
62 __overloadable
63 __clang_error_if(__bos_unevaluated_lt(__bos0(dst), copy_amount),
64 "'mempcpy' called with size bigger than buffer") {
65 #if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
66 size_t bos_dst = __bos0(dst);
67 if (!__bos_trivially_ge(bos_dst, copy_amount)) {
68 return __builtin___mempcpy_chk(dst, src, copy_amount, bos_dst);
69 }
70 #endif
71 return __builtin_mempcpy(dst, src, copy_amount);
72 }
73 #endif /* __ANDROID_API__ >= 30 */
74 #endif /* __USE_GNU */
75
76 __BIONIC_FORTIFY_INLINE
stpcpy(char * const dst __pass_object_size,const char * src)77 char* stpcpy(char* const dst __pass_object_size, const char* src)
78 __overloadable
79 __clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
80 "'stpcpy' called with string bigger than buffer") {
81 #if __ANDROID_API__ >= 21 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
82 return __builtin___stpcpy_chk(dst, src, __bos(dst));
83 #else
84 return __builtin_stpcpy(dst, src);
85 #endif
86 }
87
88 __BIONIC_FORTIFY_INLINE
strcpy(char * const dst __pass_object_size,const char * src)89 char* strcpy(char* const dst __pass_object_size, const char* src)
90 __overloadable
91 __clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
92 "'strcpy' called with string bigger than buffer") {
93 #if __ANDROID_API__ >= 17 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
94 return __builtin___strcpy_chk(dst, src, __bos(dst));
95 #else
96 return __builtin_strcpy(dst, src);
97 #endif
98 }
99
100 __BIONIC_FORTIFY_INLINE
strcat(char * const dst __pass_object_size,const char * src)101 char* strcat(char* const dst __pass_object_size, const char* src)
102 __overloadable
103 __clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
104 "'strcat' called with string bigger than buffer") {
105 #if __ANDROID_API__ >= 17 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
106 return __builtin___strcat_chk(dst, src, __bos(dst));
107 #else
108 return __builtin_strcat(dst, src);
109 #endif
110 }
111
112 #if __ANDROID_API__ >= 17 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
113 /* No diag -- clang diagnoses misuses of this on its own. */
114 __BIONIC_FORTIFY_INLINE
strncat(char * const dst __pass_object_size,const char * src,size_t n)115 char* strncat(char* const dst __pass_object_size, const char* src, size_t n) __overloadable {
116 return __builtin___strncat_chk(dst, src, n, __bos(dst));
117 }
118 #endif
119
120 /* No diag -- clang diagnoses misuses of this on its own. */
121 __BIONIC_FORTIFY_INLINE
memset(void * const s __pass_object_size0,int c,size_t n)122 void* memset(void* const s __pass_object_size0, int c, size_t n) __overloadable
123 /* If you're a user who wants this warning to go away: use `(&memset)(foo, bar, baz)`. */
124 __clang_warning_if(c && !n, "'memset' will set 0 bytes; maybe the arguments got flipped?") {
125 #if __ANDROID_API__ >= 17 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
126 return __builtin___memset_chk(s, c, n, __bos0(s));
127 #else
128 return __builtin_memset(s, c, n);
129 #endif
130 }
131
132 #if __ANDROID_API__ >= 23 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
133 __BIONIC_FORTIFY_INLINE
memchr(const void * const s __pass_object_size,int c,size_t n)134 void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable {
135 size_t bos = __bos(s);
136
137 if (__bos_trivially_ge(bos, n)) {
138 return __builtin_memchr(s, c, n);
139 }
140
141 return __memchr_chk(s, c, n, bos);
142 }
143
144 __BIONIC_FORTIFY_INLINE
__memrchr_fortify(const void * const __pass_object_size s,int c,size_t n)145 void* __memrchr_fortify(const void* const __pass_object_size s, int c, size_t n) __overloadable {
146 size_t bos = __bos(s);
147
148 if (__bos_trivially_ge(bos, n)) {
149 return __memrchr_real(s, c, n);
150 }
151
152 return __memrchr_chk(s, c, n, bos);
153 }
154 #endif
155
156 #if __ANDROID_API__ >= 21 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
157 /* No diag -- clang diagnoses misuses of this on its own. */
158 __BIONIC_FORTIFY_INLINE
stpncpy(char * const dst __pass_object_size,const char * const src __pass_object_size,size_t n)159 char* stpncpy(char* const dst __pass_object_size, const char* const src __pass_object_size, size_t n)
160 __overloadable {
161 size_t bos_dst = __bos(dst);
162 size_t bos_src = __bos(src);
163
164 /* Ignore dst size checks; they're handled in strncpy_chk */
165 if (bos_src == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
166 return __builtin___stpncpy_chk(dst, src, n, bos_dst);
167 }
168
169 return __stpncpy_chk2(dst, src, n, bos_dst, bos_src);
170 }
171
172 /* No diag -- clang diagnoses misuses of this on its own. */
173 __BIONIC_FORTIFY_INLINE
strncpy(char * const dst __pass_object_size,const char * const src __pass_object_size,size_t n)174 char* strncpy(char* const dst __pass_object_size, const char* const src __pass_object_size, size_t n)
175 __overloadable {
176 size_t bos_dst = __bos(dst);
177 size_t bos_src = __bos(src);
178
179 /* Ignore dst size checks; they're handled in strncpy_chk */
180 if (bos_src == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
181 return __builtin___strncpy_chk(dst, src, n, bos_dst);
182 }
183
184 return __strncpy_chk2(dst, src, n, bos_dst, bos_src);
185 }
186 #endif
187
188 __BIONIC_FORTIFY_INLINE
strlcpy(char * const dst __pass_object_size,const char * src,size_t size)189 size_t strlcpy(char* const dst __pass_object_size, const char* src, size_t size)
190 __overloadable
191 __clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
192 "'strlcpy' called with size bigger than buffer") {
193 #if __ANDROID_API__ >= 17 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
194 return __strlcpy_chk(dst, src, size, __bos(dst));
195 #else
196 return __call_bypassing_fortify(strlcpy)(dst, src, size);
197 #endif
198 }
199
200 __BIONIC_FORTIFY_INLINE
strlcat(char * const dst __pass_object_size,const char * src,size_t size)201 size_t strlcat(char* const dst __pass_object_size, const char* src, size_t size)
202 __overloadable
203 __clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
204 "'strlcat' called with size bigger than buffer") {
205 #if __ANDROID_API__ >= 17 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
206 return __strlcat_chk(dst, src, size, __bos(dst));
207 #else
208 return __call_bypassing_fortify(strlcat)(dst, src, size);
209 #endif
210 }
211
212 #if __ANDROID_API__ >= 17 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
213 __BIONIC_FORTIFY_INLINE
strlen(const char * const s __pass_object_size0)214 size_t strlen(const char* const s __pass_object_size0) __overloadable {
215 return __strlen_chk(s, __bos0(s));
216 }
217 #endif
218
219 __BIONIC_FORTIFY_INLINE
strchr(const char * const s __pass_object_size,int c)220 char* strchr(const char* const s __pass_object_size, int c) __overloadable {
221 #if __ANDROID_API__ >= 18 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
222 size_t bos = __bos(s);
223
224 if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
225 return __strchr_chk(s, c, bos);
226 }
227 #endif
228 return __builtin_strchr(s, c);
229 }
230
231 __BIONIC_FORTIFY_INLINE
strrchr(const char * const s __pass_object_size,int c)232 char* strrchr(const char* const s __pass_object_size, int c) __overloadable {
233 #if __ANDROID_API__ >= 18 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
234 size_t bos = __bos(s);
235
236 if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
237 return __strrchr_chk(s, c, bos);
238 }
239 #endif
240 return __builtin_strrchr(s, c);
241 }
242
243 #if __ANDROID_API__ >= 23 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
244 #if defined(__cplusplus)
245 extern "C++" {
246 __BIONIC_FORTIFY_INLINE
memrchr(void * const __pass_object_size s,int c,size_t n)247 void* memrchr(void* const __pass_object_size s, int c, size_t n) {
248 return __memrchr_fortify(s, c, n);
249 }
250
251 __BIONIC_FORTIFY_INLINE
memrchr(const void * const __pass_object_size s,int c,size_t n)252 const void* memrchr(const void* const __pass_object_size s, int c, size_t n) {
253 return __memrchr_fortify(s, c, n);
254 }
255 }
256 #else
257 __BIONIC_FORTIFY_INLINE
memrchr(const void * const __pass_object_size s,int c,size_t n)258 void* memrchr(const void* const __pass_object_size s, int c, size_t n) __overloadable {
259 return __memrchr_fortify(s, c, n);
260 }
261 #endif
262 #endif /* __ANDROID_API__ >= 23 */
263
264 #endif /* defined(__BIONIC_FORTIFY) */
265