1 /*
2 * Copyright (C) 2012 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 /*
30 * Copyright (c) 1988 Regents of the University of California.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the University nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
58 #include <poll.h>
59 #include <stdarg.h>
60 #include <stddef.h>
61 #include <stdio.h>
62 #include <stdlib.h>
63 #include <string.h>
64 #include <sys/cdefs.h>
65 #include <sys/select.h>
66 #include <sys/socket.h>
67 #include <sys/stat.h>
68 #include <unistd.h>
69
70 #include "private/bionic_fortify.h"
71
72 //
73 // For more about FORTIFY see:
74 //
75 // https://android-developers.googleblog.com/2017/04/fortify-in-android.html
76 //
77 // http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
78 // http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
79 //
80
__FD_ISSET_chk(int fd,const fd_set * set,size_t set_size)81 int __FD_ISSET_chk(int fd, const fd_set* set, size_t set_size) {
82 __check_fd_set("FD_ISSET", fd, set_size);
83 return __FD_ISSET(fd, set);
84 }
85
__FD_CLR_chk(int fd,fd_set * set,size_t set_size)86 void __FD_CLR_chk(int fd, fd_set* set, size_t set_size) {
87 __check_fd_set("FD_CLR", fd, set_size);
88 __FD_CLR(fd, set);
89 }
90
__FD_SET_chk(int fd,fd_set * set,size_t set_size)91 void __FD_SET_chk(int fd, fd_set* set, size_t set_size) {
92 __check_fd_set("FD_SET", fd, set_size);
93 __FD_SET(fd, set);
94 }
95
__fgets_chk(char * dst,int supplied_size,FILE * stream,size_t dst_len_from_compiler)96 char* __fgets_chk(char* dst, int supplied_size, FILE* stream, size_t dst_len_from_compiler) {
97 __check_buffer_access("fgets", "write into", supplied_size, dst_len_from_compiler);
98 return fgets(dst, supplied_size, stream);
99 }
100
__fread_chk(void * buf,size_t size,size_t count,FILE * stream,size_t buf_size)101 size_t __fread_chk(void* buf, size_t size, size_t count, FILE* stream, size_t buf_size) {
102 size_t total;
103 if (__predict_false(__size_mul_overflow(size, count, &total))) {
104 // overflow: trigger the error path in fread
105 return fread(buf, size, count, stream);
106 }
107 __check_buffer_access("fread", "write into", total, buf_size);
108 return fread(buf, size, count, stream);
109 }
110
__fwrite_chk(const void * buf,size_t size,size_t count,FILE * stream,size_t buf_size)111 size_t __fwrite_chk(const void* buf, size_t size, size_t count, FILE* stream, size_t buf_size) {
112 size_t total;
113 if (__predict_false(__size_mul_overflow(size, count, &total))) {
114 // overflow: trigger the error path in fwrite
115 return fwrite(buf, size, count, stream);
116 }
117 __check_buffer_access("fwrite", "read from", total, buf_size);
118 return fwrite(buf, size, count, stream);
119 }
120
__getcwd_chk(char * buf,size_t len,size_t actual_size)121 extern char* __getcwd_chk(char* buf, size_t len, size_t actual_size) {
122 __check_buffer_access("getcwd", "write into", len, actual_size);
123 return getcwd(buf, len);
124 }
125
__memchr_chk(const void * s,int c,size_t n,size_t actual_size)126 void* __memchr_chk(const void* s, int c, size_t n, size_t actual_size) {
127 __check_buffer_access("memchr", "read from", n, actual_size);
128 return const_cast<void*>(memchr(s, c, n));
129 }
130
131 // Runtime implementation of __builtin____memmove_chk (used directly by compiler, not in headers).
__memmove_chk(void * dst,const void * src,size_t len,size_t dst_len)132 extern "C" void* __memmove_chk(void* dst, const void* src, size_t len, size_t dst_len) {
133 __check_buffer_access("memmove", "write into", len, dst_len);
134 return memmove(dst, src, len);
135 }
136
137 // memcpy is performance-critical enough that we have assembler __memcpy_chk implementations.
138 // This function is used to give better diagnostics than we can easily do from assembler.
__memcpy_chk_fail(void *,const void *,size_t count,size_t dst_len)139 extern "C" void* __memcpy_chk_fail(void* /*dst*/, const void* /*src*/, size_t count, size_t dst_len) {
140 __check_count("memcpy", "count", count);
141 __check_buffer_access("memcpy", "write into", count, dst_len);
142 abort(); // One of the above is supposed to have failed, otherwise we shouldn't have been called.
143 }
144
__memrchr_chk(const void * s,int c,size_t n,size_t actual_size)145 void* __memrchr_chk(const void* s, int c, size_t n, size_t actual_size) {
146 __check_buffer_access("memrchr", "read from", n, actual_size);
147 return memrchr(const_cast<void *>(s), c, n);
148 }
149
150 // memset is performance-critical enough that we have assembler __memset_chk implementations.
151 // This function is used to give better diagnostics than we can easily do from assembler.
__memset_chk_fail(void *,int,size_t count,size_t dst_len)152 extern "C" void* __memset_chk_fail(void* /*dst*/, int /*byte*/, size_t count, size_t dst_len) {
153 __check_count("memset", "count", count);
154 __check_buffer_access("memset", "write into", count, dst_len);
155 abort(); // One of the above is supposed to have failed, otherwise we shouldn't have been called.
156 }
157
__poll_chk(pollfd * fds,nfds_t fd_count,int timeout,size_t fds_size)158 int __poll_chk(pollfd* fds, nfds_t fd_count, int timeout, size_t fds_size) {
159 __check_pollfd_array("poll", fds_size, fd_count);
160 return poll(fds, fd_count, timeout);
161 }
162
__ppoll_chk(pollfd * fds,nfds_t fd_count,const timespec * timeout,const sigset_t * mask,size_t fds_size)163 int __ppoll_chk(pollfd* fds, nfds_t fd_count, const timespec* timeout,
164 const sigset_t* mask, size_t fds_size) {
165 __check_pollfd_array("ppoll", fds_size, fd_count);
166 return ppoll(fds, fd_count, timeout, mask);
167 }
168
__ppoll64_chk(pollfd * fds,nfds_t fd_count,const timespec * timeout,const sigset64_t * mask,size_t fds_size)169 int __ppoll64_chk(pollfd* fds, nfds_t fd_count, const timespec* timeout,
170 const sigset64_t* mask, size_t fds_size) {
171 __check_pollfd_array("ppoll64", fds_size, fd_count);
172 return ppoll64(fds, fd_count, timeout, mask);
173 }
174
__pread64_chk(int fd,void * buf,size_t count,off64_t offset,size_t buf_size)175 ssize_t __pread64_chk(int fd, void* buf, size_t count, off64_t offset, size_t buf_size) {
176 __check_count("pread64", "count", count);
177 __check_buffer_access("pread64", "write into", count, buf_size);
178 return pread64(fd, buf, count, offset);
179 }
180
__pread_chk(int fd,void * buf,size_t count,off_t offset,size_t buf_size)181 ssize_t __pread_chk(int fd, void* buf, size_t count, off_t offset, size_t buf_size) {
182 __check_count("pread", "count", count);
183 __check_buffer_access("pread", "write into", count, buf_size);
184 return pread(fd, buf, count, offset);
185 }
186
__pwrite64_chk(int fd,const void * buf,size_t count,off64_t offset,size_t buf_size)187 ssize_t __pwrite64_chk(int fd, const void* buf, size_t count, off64_t offset,
188 size_t buf_size) {
189 __check_count("pwrite64", "count", count);
190 __check_buffer_access("pwrite64", "read from", count, buf_size);
191 return pwrite64(fd, buf, count, offset);
192 }
193
__pwrite_chk(int fd,const void * buf,size_t count,off_t offset,size_t buf_size)194 ssize_t __pwrite_chk(int fd, const void* buf, size_t count, off_t offset,
195 size_t buf_size) {
196 __check_count("pwrite", "count", count);
197 __check_buffer_access("pwrite", "read from", count, buf_size);
198 return pwrite(fd, buf, count, offset);
199 }
200
__read_chk(int fd,void * buf,size_t count,size_t buf_size)201 ssize_t __read_chk(int fd, void* buf, size_t count, size_t buf_size) {
202 __check_count("read", "count", count);
203 __check_buffer_access("read", "write into", count, buf_size);
204 return read(fd, buf, count);
205 }
206
__readlinkat_chk(int dirfd,const char * path,char * buf,size_t size,size_t buf_size)207 ssize_t __readlinkat_chk(int dirfd, const char* path, char* buf, size_t size, size_t buf_size) {
208 __check_count("readlinkat", "size", size);
209 __check_buffer_access("readlinkat", "write into", size, buf_size);
210 return readlinkat(dirfd, path, buf, size);
211 }
212
__readlink_chk(const char * path,char * buf,size_t size,size_t buf_size)213 ssize_t __readlink_chk(const char* path, char* buf, size_t size, size_t buf_size) {
214 __check_count("readlink", "size", size);
215 __check_buffer_access("readlink", "write into", size, buf_size);
216 return readlink(path, buf, size);
217 }
218
__recvfrom_chk(int socket,void * buf,size_t len,size_t buf_size,int flags,sockaddr * src_addr,socklen_t * addrlen)219 ssize_t __recvfrom_chk(int socket, void* buf, size_t len, size_t buf_size,
220 int flags, sockaddr* src_addr, socklen_t* addrlen) {
221 __check_buffer_access("recvfrom", "write into", len, buf_size);
222 return recvfrom(socket, buf, len, flags, src_addr, addrlen);
223 }
224
__sendto_chk(int socket,const void * buf,size_t len,size_t buflen,int flags,const struct sockaddr * dest_addr,socklen_t addrlen)225 ssize_t __sendto_chk(int socket, const void* buf, size_t len, size_t buflen,
226 int flags, const struct sockaddr* dest_addr,
227 socklen_t addrlen) {
228 __check_buffer_access("sendto", "read from", len, buflen);
229 return sendto(socket, buf, len, flags, dest_addr, addrlen);
230 }
231
232 // Runtime implementation of __builtin____stpcpy_chk (used directly by compiler, not in headers)..
__stpcpy_chk(char * dst,const char * src,size_t dst_len)233 extern "C" char* __stpcpy_chk(char* dst, const char* src, size_t dst_len) {
234 // TODO: optimize so we don't scan src twice.
235 size_t src_len = strlen(src) + 1;
236 __check_buffer_access("stpcpy", "write into", src_len, dst_len);
237 return stpcpy(dst, src);
238 }
239
240 // Runtime implementation of __builtin____stpncpy_chk (used directly by compiler, not in headers).
__stpncpy_chk(char * dst,const char * src,size_t len,size_t dst_len)241 extern "C" char* __stpncpy_chk(char* dst, const char* src, size_t len, size_t dst_len) {
242 __check_buffer_access("stpncpy", "write into", len, dst_len);
243 return stpncpy(dst, src, len);
244 }
245
246 // This is a variant of __stpncpy_chk, but it also checks to make
247 // sure we don't read beyond the end of "src". The code for this is
248 // based on the original version of stpncpy, but modified to check
249 // how much we read from "src" during the copy operation.
__stpncpy_chk2(char * dst,const char * src,size_t n,size_t dst_len,size_t src_len)250 char* __stpncpy_chk2(char* dst, const char* src, size_t n, size_t dst_len, size_t src_len) {
251 __check_buffer_access("stpncpy", "write into", n, dst_len);
252 if (n != 0) {
253 char* d = dst;
254 const char* s = src;
255
256 do {
257 size_t s_copy_len = static_cast<size_t>(s - src);
258 if (__predict_false(s_copy_len >= src_len)) {
259 __fortify_fatal("stpncpy: detected read past end of %zu-byte buffer", src_len);
260 }
261
262 if ((*d++ = *s++) == 0) {
263 // NUL pad the remaining n-1 bytes.
264 while (--n != 0) {
265 *d++ = 0;
266 }
267 break;
268 }
269 } while (--n != 0);
270 }
271
272 return dst;
273 }
274
275 // strcat is performance-critical enough that we have assembler __strcat_chk implementations.
276 // This function is used to give better diagnostics than we can easily do from assembler.
__strcat_chk_fail(size_t dst_buf_size)277 extern "C" void __strcat_chk_fail(size_t dst_buf_size) {
278 __fortify_fatal("strcat: prevented write past end of %zu-byte buffer", dst_buf_size);
279 }
280
__strchr_chk(const char * p,int ch,size_t s_len)281 char* __strchr_chk(const char* p, int ch, size_t s_len) {
282 for (;; ++p, s_len--) {
283 if (__predict_false(s_len == 0)) {
284 __fortify_fatal("strchr: prevented read past end of buffer");
285 }
286 if (*p == static_cast<char>(ch)) {
287 return const_cast<char*>(p);
288 }
289 if (*p == '\0') {
290 return nullptr;
291 }
292 }
293 }
294
295 // strcpy is performance-critical enough that we have assembler __strcpy_chk implementations.
296 // This function is used to give better diagnostics than we can easily do from assembler.
__strcpy_chk_fail(size_t dst_buf_size)297 extern "C" void __strcpy_chk_fail(size_t dst_buf_size) {
298 __fortify_fatal("strcpy: prevented write past end of %zu-byte buffer", dst_buf_size);
299 }
300
__strlcat_chk(char * dst,const char * src,size_t supplied_size,size_t dst_len_from_compiler)301 size_t __strlcat_chk(char* dst, const char* src,
302 size_t supplied_size, size_t dst_len_from_compiler) {
303 __check_buffer_access("strlcat", "write into", supplied_size, dst_len_from_compiler);
304 return strlcat(dst, src, supplied_size);
305 }
306
__strlcpy_chk(char * dst,const char * src,size_t supplied_size,size_t dst_len_from_compiler)307 size_t __strlcpy_chk(char* dst, const char* src,
308 size_t supplied_size, size_t dst_len_from_compiler) {
309 __check_buffer_access("strlcpy", "write into", supplied_size, dst_len_from_compiler);
310 return strlcpy(dst, src, supplied_size);
311 }
312
__strlen_chk(const char * s,size_t s_len)313 size_t __strlen_chk(const char* s, size_t s_len) {
314 // TODO: "prevented" here would be a lie because this strlen can run off the end.
315 // strlen is too important to be expensive, so we wanted to be able to call the optimized
316 // implementation, but I think we need to implement optimized assembler __strlen_chk routines.
317 size_t ret = strlen(s);
318 if (__predict_false(ret >= s_len)) {
319 __fortify_fatal("strlen: detected read past end of buffer");
320 }
321 return ret;
322 }
323
324 // Runtime implementation of __builtin____strncat_chk (used directly by compiler, not in headers).
__strncat_chk(char * dst,const char * src,size_t len,size_t dst_buf_size)325 extern "C" char* __strncat_chk(char* dst, const char* src, size_t len, size_t dst_buf_size) {
326 if (len == 0) {
327 return dst;
328 }
329
330 size_t dst_len = __strlen_chk(dst, dst_buf_size);
331 char* d = dst + dst_len;
332 dst_buf_size -= dst_len;
333
334 while (*src != '\0') {
335 *d++ = *src++;
336 len--; dst_buf_size--;
337
338 if (__predict_false(dst_buf_size == 0)) {
339 __fortify_fatal("strncat: prevented write past end of buffer");
340 }
341
342 if (len == 0) {
343 break;
344 }
345 }
346
347 *d = '\0';
348 return dst;
349 }
350
351 // Runtime implementation of __builtin____strncpy_chk (used directly by compiler, not in headers).
__strncpy_chk(char * dst,const char * src,size_t len,size_t dst_len)352 extern "C" char* __strncpy_chk(char* dst, const char* src, size_t len, size_t dst_len) {
353 __check_buffer_access("strncpy", "write into", len, dst_len);
354 return strncpy(dst, src, len);
355 }
356
357 // This is a variant of __strncpy_chk, but it also checks to make
358 // sure we don't read beyond the end of "src". The code for this is
359 // based on the original version of strncpy, but modified to check
360 // how much we read from "src" during the copy operation.
__strncpy_chk2(char * dst,const char * src,size_t n,size_t dst_len,size_t src_len)361 char* __strncpy_chk2(char* dst, const char* src, size_t n, size_t dst_len, size_t src_len) {
362 __check_buffer_access("strncpy", "write into", n, dst_len);
363 if (n != 0) {
364 char* d = dst;
365 const char* s = src;
366
367 do {
368 size_t s_copy_len = static_cast<size_t>(s - src);
369 if (__predict_false(s_copy_len >= src_len)) {
370 __fortify_fatal("strncpy: detected read past end of %zu-byte buffer", src_len);
371 }
372
373 if ((*d++ = *s++) == 0) {
374 // NUL pad the remaining n-1 bytes.
375 while (--n != 0) {
376 *d++ = 0;
377 }
378 break;
379 }
380 } while (--n != 0);
381 }
382
383 return dst;
384 }
385
__strrchr_chk(const char * p,int ch,size_t s_len)386 char* __strrchr_chk(const char* p, int ch, size_t s_len) {
387 for (const char* save = nullptr;; ++p, s_len--) {
388 if (s_len == 0) {
389 __fortify_fatal("strrchr: prevented read past end of buffer");
390 }
391 if (*p == static_cast<char>(ch)) {
392 save = p;
393 }
394 if (!*p) {
395 return const_cast<char*>(save);
396 }
397 }
398 }
399
__umask_chk(mode_t mode)400 mode_t __umask_chk(mode_t mode) {
401 if (__predict_false((mode & 0777) != mode)) {
402 __fortify_fatal("umask: called with invalid mask %o", mode);
403 }
404
405 return umask(mode);
406 }
407
408 // Runtime implementation of __builtin____vsnprintf_chk (used directly by compiler, not in headers).
__vsnprintf_chk(char * dst,size_t supplied_size,int,size_t dst_len_from_compiler,const char * format,va_list va)409 extern "C" int __vsnprintf_chk(char* dst, size_t supplied_size, int /*flags*/,
410 size_t dst_len_from_compiler, const char* format, va_list va) {
411 __check_buffer_access("vsnprintf", "write into", supplied_size, dst_len_from_compiler);
412 return vsnprintf(dst, supplied_size, format, va);
413 }
414
415 // Runtime implementation of __builtin____snprintf_chk (used directly by compiler, not in headers).
__snprintf_chk(char * dst,size_t supplied_size,int flags,size_t dst_len_from_compiler,const char * format,...)416 extern "C" int __snprintf_chk(char* dst, size_t supplied_size, int flags,
417 size_t dst_len_from_compiler, const char* format, ...) {
418 va_list va;
419 va_start(va, format);
420 int result = __vsnprintf_chk(dst, supplied_size, flags, dst_len_from_compiler, format, va);
421 va_end(va);
422 return result;
423 }
424
425 // Runtime implementation of __builtin____vsprintf_chk (used directly by compiler, not in headers).
__vsprintf_chk(char * dst,int,size_t dst_len_from_compiler,const char * format,va_list va)426 extern "C" int __vsprintf_chk(char* dst, int /*flags*/,
427 size_t dst_len_from_compiler, const char* format, va_list va) {
428 // The compiler uses SIZE_MAX to mean "no idea", but our vsnprintf rejects sizes that large.
429 int result = vsnprintf(dst,
430 dst_len_from_compiler == SIZE_MAX ? SSIZE_MAX : dst_len_from_compiler,
431 format, va);
432
433 // Try to catch failures after the fact...
434 __check_buffer_access("vsprintf", "write into", result + 1, dst_len_from_compiler);
435 return result;
436 }
437
438 // Runtime implementation of __builtin____sprintf_chk (used directly by compiler, not in headers).
__sprintf_chk(char * dst,int flags,size_t dst_len_from_compiler,const char * format,...)439 extern "C" int __sprintf_chk(char* dst, int flags, size_t dst_len_from_compiler,
440 const char* format, ...) {
441 va_list va;
442 va_start(va, format);
443 int result = __vsprintf_chk(dst, flags, dst_len_from_compiler, format, va);
444 va_end(va);
445 return result;
446 }
447
__write_chk(int fd,const void * buf,size_t count,size_t buf_size)448 ssize_t __write_chk(int fd, const void* buf, size_t count, size_t buf_size) {
449 __check_count("write", "count", count);
450 __check_buffer_access("write", "read from", count, buf_size);
451 return write(fd, buf, count);
452 }
453
454 #if defined(RENAME___STRCAT_CHK)
455 #define __STRCAT_CHK __strcat_chk_generic
456 #else
457 #define __STRCAT_CHK __strcat_chk
458 #endif // RENAME___STRCAT_CHK
459
460 // Runtime implementation of __builtin____strcat_chk (used directly by compiler, not in headers).
__STRCAT_CHK(char * dst,const char * src,size_t dst_buf_size)461 extern "C" char* __STRCAT_CHK(char* dst, const char* src, size_t dst_buf_size) {
462 char* save = dst;
463 size_t dst_len = __strlen_chk(dst, dst_buf_size);
464
465 dst += dst_len;
466 dst_buf_size -= dst_len;
467
468 while ((*dst++ = *src++) != '\0') {
469 dst_buf_size--;
470 if (__predict_false(dst_buf_size == 0)) {
471 __fortify_fatal("strcat: prevented write past end of %zu-byte buffer", dst_buf_size);
472 }
473 }
474
475 return save;
476 }
477
478 #if defined(RENAME___STRCPY_CHK)
479 #define __STRCPY_CHK __strcpy_chk_generic
480 #else
481 #define __STRCPY_CHK __strcpy_chk
482 #endif // RENAME___STRCPY_CHK
483
484 // Runtime implementation of __builtin____strcpy_chk (used directly by compiler, not in headers).
__STRCPY_CHK(char * dst,const char * src,size_t dst_len)485 extern "C" char* __STRCPY_CHK(char* dst, const char* src, size_t dst_len) {
486 // TODO: optimize so we don't scan src twice.
487 size_t src_len = strlen(src) + 1;
488 __check_buffer_access("strcpy", "write into", src_len, dst_len);
489 return strcpy(dst, src);
490 }
491
492 #if !defined(NO___MEMCPY_CHK)
493 // Runtime implementation of __memcpy_chk (used directly by compiler, not in headers).
__memcpy_chk(void * dst,const void * src,size_t count,size_t dst_len)494 extern "C" void* __memcpy_chk(void* dst, const void* src, size_t count, size_t dst_len) {
495 __check_count("memcpy", "count", count);
496 __check_buffer_access("memcpy", "write into", count, dst_len);
497 return memcpy(dst, src, count);
498 }
499 #endif // NO___MEMCPY_CHK
500
501 // Runtime implementation of __mempcpy_chk (used directly by compiler, not in headers).
__mempcpy_chk(void * dst,const void * src,size_t count,size_t dst_len)502 extern "C" void* __mempcpy_chk(void* dst, const void* src, size_t count, size_t dst_len) {
503 __check_count("mempcpy", "count", count);
504 __check_buffer_access("mempcpy", "write into", count, dst_len);
505 return mempcpy(dst, src, count);
506 }
507