Merge "Improve fchmod() coverage."
diff --git a/TEST_MAPPING b/TEST_MAPPING
index 11efdae..da16e65 100644
--- a/TEST_MAPPING
+++ b/TEST_MAPPING
@@ -4,6 +4,12 @@
       "name": "CtsBionicTestCases"
     },
     {
+      "name": "CtsTaggingHostTestCases"
+    },
+    {
+      "name": "debuggerd_test"
+    },
+    {
       "name": "fdtrack_test"
     },
     {
@@ -17,9 +23,6 @@
     },
     {
       "name": "memunreachable_unit_test"
-    },
-    {
-      "name": "CtsTaggingHostTestCases"
     }
   ]
 }
diff --git a/libc/async_safe/Android.bp b/libc/async_safe/Android.bp
index aed28d0..2e05d7a 100644
--- a/libc/async_safe/Android.bp
+++ b/libc/async_safe/Android.bp
@@ -37,6 +37,7 @@
         "com.android.media",
         "com.android.media.swcodec",
     ],
+    min_sdk_version: "apex_inherit",
 }
 
 cc_library_headers {
diff --git a/libc/bionic/fgetxattr.cpp b/libc/bionic/fgetxattr.cpp
index c753235..136d41f 100644
--- a/libc/bionic/fgetxattr.cpp
+++ b/libc/bionic/fgetxattr.cpp
@@ -37,7 +37,7 @@
 
 extern "C" ssize_t __fgetxattr(int, const char*, void*, size_t);
 
-ssize_t fgetxattr(int fd, const char *name, void *value, size_t size) {
+ssize_t fgetxattr(int fd, const char* name, void* value, size_t size) {
   int saved_errno = errno;
   ssize_t result = __fgetxattr(fd, name, value, size);
 
diff --git a/libc/bionic/flistxattr.cpp b/libc/bionic/flistxattr.cpp
index 3bad383..e42419f 100644
--- a/libc/bionic/flistxattr.cpp
+++ b/libc/bionic/flistxattr.cpp
@@ -37,7 +37,7 @@
 
 extern "C" ssize_t __flistxattr(int, char*, size_t);
 
-ssize_t flistxattr(int fd, char *list, size_t size) {
+ssize_t flistxattr(int fd, char* list, size_t size) {
   int saved_errno = errno;
   ssize_t result = __flistxattr(fd, list, size);
   if (result != -1 || errno != EBADF) {
@@ -45,7 +45,7 @@
   }
 
   // fd could be an O_PATH file descriptor, and the kernel
-  // may not directly support fgetxattr() on such a file descriptor.
+  // may not directly support flistxattr() on such a file descriptor.
   // Use /proc/self/fd instead to emulate this support.
   int fd_flag = fcntl(fd, F_GETFL);
   if (fd_flag == -1 || (fd_flag & O_PATH) == 0) {
diff --git a/libc/bionic/libc_init_common.cpp b/libc/bionic/libc_init_common.cpp
index a710fa8..dd623a5 100644
--- a/libc/bionic/libc_init_common.cpp
+++ b/libc/bionic/libc_init_common.cpp
@@ -132,6 +132,14 @@
   pthread_atfork(arc4random_fork_handler, _thread_arc4_unlock, _thread_arc4_unlock);
 }
 
+extern "C" void scudo_malloc_set_add_large_allocation_slack(int add_slack);
+
+__BIONIC_WEAK_FOR_NATIVE_BRIDGE void __libc_set_target_sdk_version(int target __unused) {
+#if defined(USE_SCUDO)
+  scudo_malloc_set_add_large_allocation_slack(target < __ANDROID_API_S__);
+#endif
+}
+
 __noreturn static void __early_abort(int line) {
   // We can't write to stdout or stderr because we're aborting before we've checked that
   // it's safe for us to use those file descriptors. We probably can't strace either, so
diff --git a/libc/bionic/libc_init_common.h b/libc/bionic/libc_init_common.h
index a899089..15c747e 100644
--- a/libc/bionic/libc_init_common.h
+++ b/libc/bionic/libc_init_common.h
@@ -66,4 +66,6 @@
 // pthread_atfork may call malloc() during its once-init.
 __LIBC_HIDDEN__ void __libc_init_fork_handler();
 
+__LIBC_HIDDEN__ void __libc_set_target_sdk_version(int target);
+
 #endif
diff --git a/libc/bionic/libc_init_dynamic.cpp b/libc/bionic/libc_init_dynamic.cpp
index 175fa3e..4625fa1 100644
--- a/libc/bionic/libc_init_dynamic.cpp
+++ b/libc/bionic/libc_init_dynamic.cpp
@@ -46,6 +46,7 @@
 #include <elf.h>
 #include "libc_init_common.h"
 
+#include "private/bionic_defs.h"
 #include "private/bionic_elf_tls.h"
 #include "private/bionic_globals.h"
 #include "platform/bionic/macros.h"
@@ -107,6 +108,8 @@
   __libc_shared_globals()->unload_hook = __hwasan_library_unloaded;
 #endif
 
+  __libc_shared_globals()->set_target_sdk_version_hook = __libc_set_target_sdk_version;
+
   netdClientInit();
 }
 
diff --git a/libc/bionic/libc_init_static.cpp b/libc/bionic/libc_init_static.cpp
index 2e4ee11..069ebb0 100644
--- a/libc/bionic/libc_init_static.cpp
+++ b/libc/bionic/libc_init_static.cpp
@@ -400,6 +400,7 @@
 
 extern "C" void android_set_application_target_sdk_version(int target) {
   g_target_sdk_version = target;
+  __libc_set_target_sdk_version(target);
 }
 
 // This function is called in the dynamic linker before ifunc resolvers have run, so this file is
diff --git a/libc/bionic/malloc_common_dynamic.cpp b/libc/bionic/malloc_common_dynamic.cpp
index 3a6958c..31d1e69 100644
--- a/libc/bionic/malloc_common_dynamic.cpp
+++ b/libc/bionic/malloc_common_dynamic.cpp
@@ -370,6 +370,7 @@
 
 extern "C" const char* __scudo_get_stack_depot_addr();
 extern "C" const char* __scudo_get_region_info_addr();
+extern "C" const char* __scudo_get_ring_buffer_addr();
 
 // Initializes memory allocation framework once per process.
 static void MallocInitImpl(libc_globals* globals) {
@@ -381,6 +382,7 @@
 #if defined(USE_SCUDO)
   __libc_shared_globals()->scudo_stack_depot = __scudo_get_stack_depot_addr();
   __libc_shared_globals()->scudo_region_info = __scudo_get_region_info_addr();
+  __libc_shared_globals()->scudo_ring_buffer = __scudo_get_ring_buffer_addr();
 #endif
 
   // Prefer malloc debug since it existed first and is a more complete
diff --git a/libc/private/bionic_globals.h b/libc/private/bionic_globals.h
index 16f89bf..e105c18 100644
--- a/libc/private/bionic_globals.h
+++ b/libc/private/bionic_globals.h
@@ -95,9 +95,10 @@
   TlsModules tls_modules;
   BionicAllocator tls_allocator;
 
-  // Values passed from the HWASan runtime (via libc.so) to the loader.
+  // Values passed from libc.so to the loader.
   void (*load_hook)(ElfW(Addr) base, const ElfW(Phdr)* phdr, ElfW(Half) phnum) = nullptr;
   void (*unload_hook)(ElfW(Addr) base, const ElfW(Phdr)* phdr, ElfW(Half) phnum) = nullptr;
+  void (*set_target_sdk_version_hook)(int target) = nullptr;
 
   // Values passed from the linker to libc.so.
   const char* init_progname = nullptr;
@@ -108,6 +109,7 @@
 
   const char* scudo_stack_depot = nullptr;
   const char* scudo_region_info = nullptr;
+  const char* scudo_ring_buffer = nullptr;
 
   HeapTaggingLevel initial_heap_tagging_level = M_HEAP_TAGGING_LEVEL_NONE;
 };
diff --git a/linker/linker_debuggerd_android.cpp b/linker/linker_debuggerd_android.cpp
index 203e441..cba6345 100644
--- a/linker/linker_debuggerd_android.cpp
+++ b/linker/linker_debuggerd_android.cpp
@@ -42,6 +42,7 @@
       .gwp_asan_metadata = __libc_shared_globals()->gwp_asan_metadata,
       .scudo_stack_depot = __libc_shared_globals()->scudo_stack_depot,
       .scudo_region_info = __libc_shared_globals()->scudo_region_info,
+      .scudo_ring_buffer = __libc_shared_globals()->scudo_ring_buffer,
   };
 }
 #endif
diff --git a/linker/linker_sdk_versions.cpp b/linker/linker_sdk_versions.cpp
index 29c0f4a..0d5796e 100644
--- a/linker/linker_sdk_versions.cpp
+++ b/linker/linker_sdk_versions.cpp
@@ -31,6 +31,8 @@
 #include <android/api-level.h>
 #include <android/fdsan.h>
 
+#include "private/bionic_globals.h"
+
 #include "linker.h"
 
 static std::atomic<int> g_target_sdk_version(__ANDROID_API__);
@@ -45,6 +47,9 @@
   if (target < 30) {
     android_fdsan_set_error_level_from_property(ANDROID_FDSAN_ERROR_LEVEL_WARN_ONCE);
   }
+  if (__libc_shared_globals()->set_target_sdk_version_hook) {
+    __libc_shared_globals()->set_target_sdk_version_hook(target);
+  }
 }
 
 int get_application_target_sdk_version() {
diff --git a/tests/malloc_test.cpp b/tests/malloc_test.cpp
index 3a09258..d73f243 100644
--- a/tests/malloc_test.cpp
+++ b/tests/malloc_test.cpp
@@ -46,6 +46,7 @@
 #if defined(__BIONIC__)
 
 #include "SignalUtils.h"
+#include "dlext_private.h"
 
 #include "platform/bionic/malloc.h"
 #include "platform/bionic/mte.h"
@@ -1351,3 +1352,22 @@
   GTEST_SKIP() << "bionic extension";
 #endif
 }
+
+TEST(malloc, allocation_slack) {
+#if defined(__BIONIC__)
+  bool allocator_scudo;
+  GetAllocatorVersion(&allocator_scudo);
+  if (!allocator_scudo) {
+    GTEST_SKIP() << "scudo allocator only test";
+  }
+
+  // Test that older target SDK levels let you access a few bytes off the end of
+  // a large allocation.
+  android_set_application_target_sdk_version(29);
+  auto p = std::make_unique<char[]>(131072);
+  volatile char *vp = p.get();
+  volatile char oob ATTRIBUTE_UNUSED = vp[131072];
+#else
+  GTEST_SKIP() << "bionic extension";
+#endif
+}
diff --git a/tests/stdlib_test.cpp b/tests/stdlib_test.cpp
index bb1fd7c..90ef861 100644
--- a/tests/stdlib_test.cpp
+++ b/tests/stdlib_test.cpp
@@ -489,6 +489,12 @@
   ASSERT_EQ(1, WEXITSTATUS(status));
 }
 
+TEST(stdlib, system_NULL) {
+  // "The system() function shall always return non-zero when command is NULL."
+  // http://pubs.opengroup.org/onlinepubs/9699919799/functions/system.html
+  ASSERT_NE(0, system(nullptr));
+}
+
 TEST(stdlib, atof) {
   ASSERT_DOUBLE_EQ(1.23, atof("1.23"));
 }
diff --git a/tests/sys_xattr_test.cpp b/tests/sys_xattr_test.cpp
index 8f4a336..45cf379 100644
--- a/tests/sys_xattr_test.cpp
+++ b/tests/sys_xattr_test.cpp
@@ -55,13 +55,13 @@
   ASSERT_EQ(ERANGE, errno);
 }
 
-TEST(sys_xattr, fsetxattr_invalidfd) {
+TEST(sys_xattr, fsetxattr_invalid_fd) {
   char buf[10];
   errno = 0;
-  ASSERT_EQ(-1, fsetxattr(65535, "user.foo", "0123", 5, 0));
+  ASSERT_EQ(-1, fsetxattr(-1, "user.foo", "0123", 5, 0));
   ASSERT_EQ(EBADF, errno);
   errno = 0;
-  ASSERT_EQ(-1, fgetxattr(65535, "user.foo", buf, sizeof(buf)));
+  ASSERT_EQ(-1, fgetxattr(-1, "user.foo", buf, sizeof(buf)));
   ASSERT_EQ(EBADF, errno);
 }
 
@@ -127,3 +127,10 @@
 #endif
   close(fd);
 }
+
+TEST(sys_xattr, flistattr_invalid_fd) {
+  char buf[65536];  // 64kB is max possible xattr list size. See "man 7 xattr".
+  errno = 0;
+  ASSERT_EQ(-1, flistxattr(-1, buf, sizeof(buf)));
+  ASSERT_EQ(EBADF, errno);
+}