1/*
2 * Copyright (C) 2013 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 *  * Redistributions of source code must retain the above copyright
9 *    notice, this list of conditions and the following disclaimer.
10 *  * Redistributions in binary form must reproduce the above copyright
11 *    notice, this list of conditions and the following disclaimer in
12 *    the documentation and/or other materials provided with the
13 *    distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#include <private/bionic_asm.h>
30#include <private/libc_events.h>
31
32    .syntax unified
33
34    .thumb
35    .thumb_func
36
37// Get the length of the source string first, then do a memcpy of the data
38// instead of a strcpy.
39ENTRY(__strcpy_chk)
40    pld     [r0, #0]
41    push    {r0, lr}
42    .cfi_adjust_cfa_offset 8
43    .cfi_rel_offset r0, 0
44    .cfi_rel_offset lr, 4
45
46    mov     lr, r2
47    mov     r0, r1
48
49    ands    r3, r1, #7
50    beq     .L_mainloop
51
52    // Align to a double word (64 bits).
53    rsb     r3, r3, #8
54    lsls    ip, r3, #31
55    beq     .L_align_to_32
56
57    ldrb    r2, [r0], #1
58    cbz     r2, .L_update_count_and_finish
59
60.L_align_to_32:
61    bcc     .L_align_to_64
62    ands    ip, r3, #2
63    beq     .L_align_to_64
64
65    ldrb    r2, [r0], #1
66    cbz     r2, .L_update_count_and_finish
67    ldrb    r2, [r0], #1
68    cbz     r2, .L_update_count_and_finish
69
70.L_align_to_64:
71    tst     r3, #4
72    beq     .L_mainloop
73    ldr     r3, [r0], #4
74
75    sub     ip, r3, #0x01010101
76    bic     ip, ip, r3
77    ands    ip, ip, #0x80808080
78    bne     .L_zero_in_second_register
79
80    .p2align 2
81.L_mainloop:
82    ldrd    r2, r3, [r0], #8
83
84    pld     [r0, #64]
85
86    sub     ip, r2, #0x01010101
87    bic     ip, ip, r2
88    ands    ip, ip, #0x80808080
89    bne     .L_zero_in_first_register
90
91    sub     ip, r3, #0x01010101
92    bic     ip, ip, r3
93    ands    ip, ip, #0x80808080
94    bne     .L_zero_in_second_register
95    b       .L_mainloop
96
97.L_update_count_and_finish:
98    sub     r3, r0, r1
99    sub     r3, r3, #1
100    b       .L_check_size
101
102.L_zero_in_first_register:
103    sub     r3, r0, r1
104    lsls    r2, ip, #17
105    bne     .L_sub8_and_finish
106    bcs     .L_sub7_and_finish
107    lsls    ip, ip, #1
108    bne     .L_sub6_and_finish
109
110    sub     r3, r3, #5
111    b       .L_check_size
112
113.L_sub8_and_finish:
114    sub     r3, r3, #8
115    b       .L_check_size
116
117.L_sub7_and_finish:
118    sub     r3, r3, #7
119    b       .L_check_size
120
121.L_sub6_and_finish:
122    sub     r3, r3, #6
123    b       .L_check_size
124
125.L_zero_in_second_register:
126    sub     r3, r0, r1
127    lsls    r2, ip, #17
128    bne     .L_sub4_and_finish
129    bcs     .L_sub3_and_finish
130    lsls    ip, ip, #1
131    bne     .L_sub2_and_finish
132
133    sub     r3, r3, #1
134    b       .L_check_size
135
136.L_sub4_and_finish:
137    sub     r3, r3, #4
138    b       .L_check_size
139
140.L_sub3_and_finish:
141    sub     r3, r3, #3
142    b       .L_check_size
143
144.L_sub2_and_finish:
145    sub     r3, r3, #2
146
147.L_check_size:
148    pld     [r1, #0]
149    pld     [r1, #64]
150    ldr     r0, [sp]
151    cmp     r3, lr
152    bhs     .L_strcpy_chk_failed
153
154    // Add 1 for copy length to get the string terminator.
155    add     r2, r3, #1
156
157#include "memcpy_base.S"
158
159.L_strcpy_chk_failed:
160    ldr     r0, error_message
161    ldr     r1, error_code
1621:
163    add     r0, pc
164    bl      __fortify_chk_fail
165error_code:
166    .word   BIONIC_EVENT_STRCPY_BUFFER_OVERFLOW
167error_message:
168    .word   error_string-(1b+4)
169END(__strcpy_chk)
170
171    .data
172error_string:
173    .string "strcpy: prevented write past end of buffer"
174