bionic/__fgets_chk.cpp \
bionic/__memmove_chk.cpp \
bionic/__poll_chk.cpp \
+ bionic/__pread64_chk.cpp \
+ bionic/__pread_chk.cpp \
bionic/__read_chk.cpp \
bionic/__recvfrom_chk.cpp \
bionic/__stpcpy_chk.cpp \
--- /dev/null
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#undef _FORTIFY_SOURCE
+#include <unistd.h>
+#include "private/libc_logging.h"
+
+extern "C" ssize_t __pread64_chk(int fd, void* buf, size_t count, off64_t offset, size_t buf_size) {
+ if (__predict_false(count > buf_size)) {
+ __fortify_chk_fail("pread64: prevented write past end of buffer", 0);
+ }
+
+ if (__predict_false(count > SSIZE_MAX)) {
+ __fortify_chk_fail("pread64: count > SSIZE_MAX", 0);
+ }
+
+ return pread64(fd, buf, count, offset);
+}
--- /dev/null
+/*
+ * Copyright (C) 2015 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * * Redistributions of source code must retain the above copyright
+ * notice, this list of conditions and the following disclaimer.
+ * * Redistributions in binary form must reproduce the above copyright
+ * notice, this list of conditions and the following disclaimer in
+ * the documentation and/or other materials provided with the
+ * distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#undef _FORTIFY_SOURCE
+#include <unistd.h>
+#include "private/libc_logging.h"
+
+extern "C" ssize_t __pread_chk(int fd, void* buf, size_t count, off_t offset, size_t buf_size) {
+ if (__predict_false(count > buf_size)) {
+ __fortify_chk_fail("pread: prevented write past end of buffer", 0);
+ }
+
+ if (__predict_false(count > SSIZE_MAX)) {
+ __fortify_chk_fail("pread: count > SSIZE_MAX", 0);
+ }
+
+ return pread(fd, buf, count, offset);
+}
} while (_rc == -1 && errno == EINTR); \
_rc; })
+extern ssize_t __pread_chk(int, void*, size_t, off_t, size_t);
+__errordecl(__pread_dest_size_error, "pread called with size bigger than destination");
+__errordecl(__pread_count_toobig_error, "pread called with count > SSIZE_MAX");
+extern ssize_t __pread_real(int, void*, size_t, off_t) __RENAME(pread);
+
+extern ssize_t __pread64_chk(int, void*, size_t, off64_t, size_t);
+__errordecl(__pread64_dest_size_error, "pread64 called with size bigger than destination");
+__errordecl(__pread64_count_toobig_error, "pread64 called with count > SSIZE_MAX");
+extern ssize_t __pread64_real(int, void*, size_t, off64_t) __RENAME(pread64);
+
extern ssize_t __read_chk(int, void*, size_t, size_t);
__errordecl(__read_dest_size_error, "read called with size bigger than destination");
__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX");
#if defined(__BIONIC_FORTIFY)
+#if defined(__USE_FILE_OFFSET64)
+#define __PREAD_PREFIX(x) __pread64_ ## x
+#else
+#define __PREAD_PREFIX(x) __pread_ ## x
+#endif
+
+__BIONIC_FORTIFY_INLINE
+ssize_t pread(int fd, void* buf, size_t count, off_t offset) {
+ size_t bos = __bos0(buf);
+
+#if !defined(__clang__)
+ if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
+ __PREAD_PREFIX(count_toobig_error)();
+ }
+
+ if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+ return __PREAD_PREFIX(real)(fd, buf, count, offset);
+ }
+
+ if (__builtin_constant_p(count) && (count > bos)) {
+ __PREAD_PREFIX(dest_size_error)();
+ }
+
+ if (__builtin_constant_p(count) && (count <= bos)) {
+ return __PREAD_PREFIX(real)(fd, buf, count, offset);
+ }
+#endif
+
+ return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos);
+}
+
+__BIONIC_FORTIFY_INLINE
+ssize_t pread64(int fd, void* buf, size_t count, off64_t offset) {
+ size_t bos = __bos0(buf);
+
+#if !defined(__clang__)
+ if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
+ __pread64_count_toobig_error();
+ }
+
+ if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+ return __pread64_real(fd, buf, count, offset);
+ }
+
+ if (__builtin_constant_p(count) && (count > bos)) {
+ __pread64_dest_size_error();
+ }
+
+ if (__builtin_constant_p(count) && (count <= bos)) {
+ return __pread64_real(fd, buf, count, offset);
+ }
+#endif
+
+ return __pread64_chk(fd, buf, count, offset, bos);
+}
+
__BIONIC_FORTIFY_INLINE
ssize_t read(int fd, void* buf, size_t count) {
size_t bos = __bos0(buf);
return __read_chk(fd, buf, count, bos);
}
+
#endif /* defined(__BIONIC_FORTIFY) */
__END_DECLS
ASSERT_FORTIFY(FD_ISSET(0, set));
}
+TEST_F(DEATHTEST, pread_fortified) {
+ char buf[1];
+ size_t ct = atoi("2"); // prevent optimizations
+ int fd = open("/dev/null", O_RDONLY);
+ ASSERT_FORTIFY(pread(fd, buf, ct, 0));
+ close(fd);
+}
+
+TEST_F(DEATHTEST, pread64_fortified) {
+ char buf[1];
+ size_t ct = atoi("2"); // prevent optimizations
+ int fd = open("/dev/null", O_RDONLY);
+ ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
+ close(fd);
+}
+
TEST_F(DEATHTEST, read_fortified) {
char buf[1];
size_t ct = atoi("2"); // prevent optimizations
OSDN Git Service
