Merge "bionic: Report linker relocation address to gdb"
diff --git a/libc/Android.mk b/libc/Android.mk
index 0c4fa6a..4ceb12f 100644
--- a/libc/Android.mk
+++ b/libc/Android.mk
@@ -217,6 +217,7 @@
 	string/__strcpy_chk.c \
 	string/__strlcat_chk.c \
 	string/__strlcpy_chk.c \
+	string/__strlen_chk.c \
 	string/__strncat_chk.c \
 	string/__strncpy_chk.c \
 	wchar/wcpcpy.c \
diff --git a/libc/include/limits.h b/libc/include/limits.h
index 1de8ea6..d691a8f 100644
--- a/libc/include/limits.h
+++ b/libc/include/limits.h
@@ -90,6 +90,7 @@
 #endif
 
 #ifndef PAGESIZE
+#include <asm/page.h>
 #define  PAGESIZE  PAGE_SIZE
 #endif
 
diff --git a/libc/include/stdio.h b/libc/include/stdio.h
index c12ddb8..453cf0b 100644
--- a/libc/include/stdio.h
+++ b/libc/include/stdio.h
@@ -547,7 +547,7 @@
     }
 
     // Compiler doesn't know destination size. Don't call __fgets_chk
-    if (bos == (size_t) -1) {
+    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
         return __fgets_real(dest, size, stream);
     }
 
diff --git a/libc/include/string.h b/libc/include/string.h
index 32fd25f..8e472e7 100644
--- a/libc/include/string.h
+++ b/libc/include/string.h
@@ -87,9 +87,34 @@
 
 #if defined(__BIONIC_FORTIFY_INLINE)
 
+extern void __memcpy_dest_size_error()
+    __attribute__((__error__("memcpy called with size bigger than destination")));
+extern void __memcpy_src_size_error()
+    __attribute__((__error__("memcpy called with size bigger than source")));
+extern void __memcpy_overlap_error()
+    __attribute__((__error__("memcpy called with overlapping regions")));
+
 __BIONIC_FORTIFY_INLINE
-void *memcpy (void *dest, const void *src, size_t len) {
-    return __builtin___memcpy_chk(dest, src, len, __builtin_object_size (dest, 0));
+void *memcpy (void *dest, const void *src, size_t copy_amount) {
+    char *d = (char *) dest;
+    const char *s = (const char *) src;
+    size_t s_len = __builtin_object_size(s, 0);
+    size_t d_len = __builtin_object_size(d, 0);
+
+    if (__builtin_constant_p(copy_amount) && (copy_amount > d_len)) {
+        __memcpy_dest_size_error();
+    }
+
+    if (__builtin_constant_p(copy_amount) && (copy_amount > s_len)) {
+        __memcpy_src_size_error();
+    }
+
+    if (__builtin_constant_p(d - s) && __builtin_constant_p(copy_amount)
+            && (((size_t)(d - s) < copy_amount) || ((size_t)(s - d) < copy_amount))) {
+        __memcpy_overlap_error();
+    }
+
+    return __builtin___memcpy_chk(dest, src, copy_amount, d_len);
 }
 
 __BIONIC_FORTIFY_INLINE
@@ -133,7 +158,7 @@
     size_t bos = __builtin_object_size(dest, 0);
 
     // Compiler doesn't know destination size. Don't call __strlcpy_chk
-    if (bos == (size_t) -1) {
+    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
         return __strlcpy_real(dest, src, size);
     }
 
@@ -164,7 +189,7 @@
     size_t bos = __builtin_object_size(dest, 0);
 
     // Compiler doesn't know destination size. Don't call __strlcat_chk
-    if (bos == (size_t) -1) {
+    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
         return __strlcat_real(dest, src, size);
     }
 
@@ -183,6 +208,22 @@
     return __strlcat_chk(dest, src, size, bos);
 }
 
+__purefunc extern size_t __strlen_real(const char *)
+    __asm__(__USER_LABEL_PREFIX__ "strlen");
+extern size_t __strlen_chk(const char *, size_t);
+
+__BIONIC_FORTIFY_INLINE
+size_t strlen(const char *s) {
+    size_t bos = __builtin_object_size(s, 0);
+
+    // Compiler doesn't know destination size. Don't call __strlen_chk
+    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+        return __strlen_real(s);
+    }
+
+    return __strlen_chk(s, bos);
+}
+
 
 #endif /* defined(__BIONIC_FORTIFY_INLINE) */
 
diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h
index 1ba9100..987a5e3 100644
--- a/libc/include/sys/cdefs.h
+++ b/libc/include/sys/cdefs.h
@@ -507,6 +507,7 @@
     __attribute__ ((always_inline)) \
     __attribute__ ((gnu_inline)) \
     __attribute__ ((artificial))
+#define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
 #endif
 
 #endif /* !_SYS_CDEFS_H_ */
diff --git a/libc/string/__memcpy_chk.c b/libc/string/__memcpy_chk.c
index e79f6ac..10334ba 100644
--- a/libc/string/__memcpy_chk.c
+++ b/libc/string/__memcpy_chk.c
@@ -26,12 +26,13 @@
  * SUCH DAMAGE.
  */
 
+#undef _FORTIFY_SOURCE
 #include <string.h>
 #include <stdlib.h>
 #include <private/logd.h>
 
 /*
- * Runtime implementation of __builtin____memcpy_chk.
+ * Runtime implementation of __memcpy_chk.
  *
  * See
  *   http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
@@ -41,15 +42,15 @@
  * This memcpy check is called if _FORTIFY_SOURCE is defined and
  * greater than 0.
  */
-void *__memcpy_chk (void *dest, const void *src,
-              size_t len, size_t dest_len)
+void *__memcpy_chk(void *dest, const void *src,
+              size_t copy_amount, size_t dest_len)
 {
-    if (len > dest_len) {
+    if (__builtin_expect(copy_amount > dest_len, 0)) {
         __libc_android_log_print(ANDROID_LOG_FATAL, "libc",
             "*** memcpy buffer overflow detected ***\n");
         __libc_android_log_event_uid(BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW);
         abort();
     }
 
-    return memcpy(dest, src, len);
+    return memcpy(dest, src, copy_amount);
 }
diff --git a/libc/string/__strlen_chk.c b/libc/string/__strlen_chk.c
new file mode 100644
index 0000000..43e7e80
--- /dev/null
+++ b/libc/string/__strlen_chk.c
@@ -0,0 +1,67 @@
+/*
+ * Copyright (C) 2012 The Android Open Source Project
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ *  * Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ *  * Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in
+ *    the documentation and/or other materials provided with the
+ *    distribution.
+ *
+ * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
+ * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
+ * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
+ * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
+ * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
+ * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
+ * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
+ * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
+ * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
+ * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
+ * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <string.h>
+#include <stdlib.h>
+#include <private/logd.h>
+
+/*
+ * Runtime implementation of __strlen_chk.
+ *
+ * See
+ *   http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
+ *   http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
+ * for details.
+ *
+ * This strlen check is called if _FORTIFY_SOURCE is defined and
+ * greater than 0.
+ *
+ * This test is designed to detect code such as:
+ *
+ * int main() {
+ *   char buf[10];
+ *   memcpy(buf, "1234567890", sizeof(buf));
+ *   size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE
+ *   printf("%d\n", len);
+ *   return 0;
+ * }
+ *
+ * or anytime strlen reads beyond an object boundary.
+ */
+size_t __strlen_chk(const char *s, size_t s_len)
+{
+    size_t ret = strlen(s);
+
+    if (__builtin_expect(ret >= s_len, 0)) {
+        __libc_android_log_print(ANDROID_LOG_FATAL, "libc",
+            "*** strlen read overflow detected ***\n");
+        abort();
+    }
+
+    return ret;
+}
diff --git a/libc/string/memmove.c b/libc/string/memmove.c
index 072104b..a9fc1b5 100644
--- a/libc/string/memmove.c
+++ b/libc/string/memmove.c
@@ -25,6 +25,7 @@
  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  */
+#undef _FORTIFY_SOURCE
 #include <string.h>
 #include <strings.h>
 
@@ -32,10 +33,11 @@
 {
   const char *p = src;
   char *q = dst;
-  /* We can use the optimized memcpy if the destination is below the
-   * source (i.e. q < p), or if it is completely over it (i.e. q >= p+n).
+  /* We can use the optimized memcpy if the source and destination
+   * don't overlap.
    */
-  if (__builtin_expect((q < p) || ((size_t)(q - p) >= n), 1)) {
+  if (__builtin_expect(((q < p) && ((size_t)(p - q) >= n))
+                    || ((p < q) && ((size_t)(q - p) >= n)), 1)) {
     return memcpy(dst, src, n);
   } else {
     bcopy(src, dst, n);
diff --git a/linker/Android.mk b/linker/Android.mk
index a739b4f..c9d053f 100644
--- a/linker/Android.mk
+++ b/linker/Android.mk
@@ -15,7 +15,8 @@
 
 LOCAL_CFLAGS += -fno-stack-protector \
         -Wstrict-overflow=5 \
-        -fvisibility=hidden
+        -fvisibility=hidden \
+        -std=gnu99
 
 # Set LINKER_DEBUG to either 1 or 0
 #
diff --git a/linker/linker.c b/linker/linker.c
index c5a8127..753ee89 100644
--- a/linker/linker.c
+++ b/linker/linker.c
@@ -393,8 +393,8 @@
         switch(ELF32_ST_BIND(s->st_info)){
         case STB_GLOBAL:
         case STB_WEAK:
-                /* no section == undefined */
-            if(s->st_shndx == 0) continue;
+            if(s->st_shndx == SHN_UNDEF)
+                continue;
 
             TRACE_TYPE(LOOKUP, "%5d FOUND %s in %s (%08x) %d\n", pid,
                        name, si->name, s->st_value, s->st_size);
@@ -462,7 +462,7 @@
             DEBUG("%5d %s: looking up %s in %s\n",
                   pid, si->name, name, lsi->name);
             s = soinfo_elf_lookup(lsi, elf_hash, name);
-            if ((s != NULL) && (s->st_shndx != SHN_UNDEF))
+            if (s != NULL)
                 goto done;
         }
     }