Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / 260bf8cfe00f83bc579dfe81c78b75bd9973f051
commit260bf8cfe00f83bc579dfe81c78b75bd9973f051[log] [tgz]
authorNick Kralevich <nnk@google.com>Fri Jul 13 11:27:06 2012 -0700
committerNick Kralevich <nnk@google.com>Fri Jul 13 13:49:59 2012 -0700
treeb8ff686500d30625cb9d5908ecba4895f20a1467
parentb2060b027c9eb2748895b53a0d69d40b52371a4e [diff]
FORTIFY_SOURCE: strlen check.

This test is designed to detect code such as:

int main() {
  char buf[10];
  memcpy(buf, "1234567890", sizeof(buf));
  size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
  printf("%d\n", len);
  return 0;
}

or anytime strlen reads beyond an object boundary. This should
help address memory leakage vulnerabilities and make other
unrelated vulnerabilities harder to exploit.

Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182
3 files changed
tree: b8ff686500d30625cb9d5908ecba4895f20a1467
  1. libc/
  2. libdl/
  3. libm/
  4. libstdc++/
  5. libthread_db/
  6. linker/
  7. .gitignore
  8. Android.mk
  9. CleanSpec.mk
  10. ThirdPartyProject.prop