fortify: add even more warnings
Bug: 131861088
Test: mma
Change-Id: I557309b3e25b54321ee1fe0207f18b6e840bf76e
diff --git a/libc/include/bits/fortify/stdio.h b/libc/include/bits/fortify/stdio.h
index 6e47daf..e766b20 100644
--- a/libc/include/bits/fortify/stdio.h
+++ b/libc/include/bits/fortify/stdio.h
@@ -39,6 +39,8 @@
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
__BIONIC_FORTIFY_INLINE __printflike(3, 0)
int vsnprintf(char* const __pass_object_size dest, size_t size, const char* format, va_list ap)
+ __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
+ "in call to 'vsnprintf', size is larger than the destination buffer")
__overloadable {
return __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, ap);
}
@@ -50,19 +52,10 @@
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
-/*
- * Simple case: `format` can't have format specifiers, so we can just compare
- * its length to the length of `dest`
- */
-__BIONIC_ERROR_FUNCTION_VISIBILITY
-int snprintf(char* dest, size_t size, const char* format)
- __overloadable
- __enable_if(__bos_unevaluated_lt(__bos(dest), __builtin_strlen(format)),
- "format string will always overflow destination buffer")
- __errorattr("format string will always overflow destination buffer");
-
__BIONIC_FORTIFY_VARIADIC __printflike(3, 4)
int snprintf(char* const __pass_object_size dest, size_t size, const char* format, ...)
+ __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
+ "in call to 'snprintf', size is larger than the destination buffer")
__overloadable {
va_list va;
va_start(va, format);
diff --git a/tests/Android.bp b/tests/Android.bp
index 97712d3..65c6035 100644
--- a/tests/Android.bp
+++ b/tests/Android.bp
@@ -284,6 +284,7 @@
name: "bionic_clang_fortify_tests_w_flags",
cflags: [
"-Wno-builtin-memcpy-chk-size",
+ "-Wno-format-security",
"-Wno-format-zero-length",
"-Wno-memset-transposed-args",
"-Wno-strlcpy-strlcat-size",
diff --git a/tests/clang_fortify_tests.cpp b/tests/clang_fortify_tests.cpp
index 8b90df4..e1ecfa5 100644
--- a/tests/clang_fortify_tests.cpp
+++ b/tests/clang_fortify_tests.cpp
@@ -55,6 +55,12 @@
#define __clang_error_if(...)
#undef __clang_warning_if
#define __clang_warning_if(...)
+
+// SOMETIMES_CONST allows clang to emit eager diagnostics when we're doing compilation tests, but
+// blocks them otherwise. This is needed for diagnostics emitted with __enable_if.
+#define SOMETIMES_CONST volatile
+#else
+#define SOMETIMES_CONST const
#endif
#include <err.h>
@@ -484,17 +490,18 @@
FORTIFY_TEST(stdio) {
char small_buffer[8] = {};
{
-#if 0
- // expected-error@+1{{may overflow the destination buffer}}
-#endif
+ // expected-error@+1{{size is larger than the destination buffer}}
EXPECT_FORTIFY_DEATH(snprintf(small_buffer, sizeof(small_buffer) + 1, ""));
va_list va;
-#if 0
- // expected-error@+1{{may overflow the destination buffer}}
-#endif
+ // expected-error@+2{{size is larger than the destination buffer}}
// expected-warning@+1{{format string is empty}}
EXPECT_FORTIFY_DEATH(vsnprintf(small_buffer, sizeof(small_buffer) + 1, "", va));
+
+ const char *SOMETIMES_CONST format_string = "aaaaaaaaa";
+
+ // expected-error@+1{{format string will always overflow}}
+ EXPECT_FORTIFY_DEATH(sprintf(small_buffer, format_string));
}
// expected-error@+1{{size should not be negative}}