commit 156d5a8ae93c6515919dd6706481991c7c0dc600
author George Burgess IV <gbiv@google.com> Fri Feb 10 13:56:22 2017 -0800
committer George Burgess IV <gbiv@google.com> Fri Feb 10 18:14:43 2017 -0800
tree babd491737f6965d7c6910869b435e5e47cf7cdc
parent e86a8d605b3df0c396e23ee02933c76d7040a73b

Match __bos0 to __pass_object_size0 in FORTIFY

pass_object_size(N) forwards the result of __builtin_object_size(param,
N) to a function. So, a function that looks like:

  size_t foo(void *const p __pass_object_size) { return __bos0(p); }
  int bar = foo(baz);

would effectively be turned into

  size_t foo(void *const p, size_t sz) { return sz; }
  int bar = foo(baz, __bos(baz)); // note that this is not __bos0

This is bad, since if we're using __bos0, we want more relaxed
objectsize checks.

__bos0 should be more permissive than __bos in all cases, so this
change Should Be Fine™.

This change also makes GCC and clang share another function's
implementation (recv). I just realized we need to add special
diagnostic-related overloads bits for clang to it, but I can do that in
another patch.

Bug: None
Test: Bullhead builds and boots; CtsBionicTestCases passes.
Change-Id: I6818d0041328ab5fd0946a1e57321a977c1e1250

libc/include/sys/socket.h

diff --git a/libc/include/sys/socket.h b/libc/include/sys/socket.h
index 997191e..0813423 100644
--- a/libc/include/sys/socket.h
+++ b/libc/include/sys/socket.h
@@ -329,18 +329,19 @@
 
 #if defined(__BIONIC_FORTIFY)
 
+#define __recvfrom_bad_size "recvfrom called with size bigger than buffer"
 #if defined(__clang__)
 #if __ANDROID_API__ >= __ANDROID_API_N__
 __BIONIC_ERROR_FUNCTION_VISIBILITY
-ssize_t recvfrom(int fd, void* const buf __pass_object_size, size_t len,
+ssize_t recvfrom(int fd, void* const buf __pass_object_size0, size_t len,
                  int flags, struct sockaddr* src_addr, socklen_t* addr_len)
         __overloadable
         __enable_if(__bos(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
                     __bos(buf) < len, "selected when the buffer is too small")
-        __errorattr("size is larger than the destination buffer");
+        __errorattr(__recvfrom_bad_size);
 
 __BIONIC_FORTIFY_INLINE
-ssize_t recvfrom(int fd, void* const buf __pass_object_size, size_t len,
+ssize_t recvfrom(int fd, void* const buf __pass_object_size0, size_t len,
                  int flags, struct sockaddr* src_addr, socklen_t* addr_len)
       __overloadable {
   size_t bos = __bos0(buf);
@@ -354,15 +355,9 @@
 }
 #endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
 
-__BIONIC_FORTIFY_INLINE
-ssize_t recv(int socket, void* const buf __pass_object_size, size_t len,
-             int flags) __overloadable {
-  return recvfrom(socket, buf, len, flags, NULL, 0);
-}
-
 #else /* defined(__clang__) */
 ssize_t __recvfrom_real(int, void*, size_t, int, struct sockaddr*, socklen_t*) __RENAME(recvfrom);
-__errordecl(__recvfrom_error, "recvfrom called with size bigger than buffer");
+__errordecl(__recvfrom_error, __recvfrom_bad_size);
 
 #if __ANDROID_API__ >= __ANDROID_API_N__
 __BIONIC_FORTIFY_INLINE
@@ -385,14 +380,15 @@
   return __recvfrom_chk(fd, buf, len, bos, flags, src_addr, addr_len);
 }
 #endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
+#endif /* defined(__clang__) */
+#undef __recvfrom_bad_size
 
 __BIONIC_FORTIFY_INLINE
-ssize_t recv(int socket, void* buf, size_t len, int flags) {
+ssize_t recv(int socket, void* const buf __pass_object_size0, size_t len,
+             int flags) __overloadable {
   return recvfrom(socket, buf, len, flags, NULL, 0);
 }
 
-#endif /* defined(__clang__) */
-
 #endif /* __BIONIC_FORTIFY */
 
 #undef __socketcall