Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / 5273dc588a39579b7b48baa38323994d9b12c49a^! / . / libc / include / bits / fortify / stdio.h
commit5273dc588a39579b7b48baa38323994d9b12c49a[log] [tgz]
authorGeorge Burgess IV <gbiv@google.com>Thu May 09 13:46:57 2019 -0700
committerGeorge Burgess IV <gbiv@google.com>Thu May 23 13:38:09 2019 -0700
treeb1df0b2c9616d944b03359c99f5f5d8eb46f8e30
parentf8813d14aa5eb70fa0cf95b36b5f68a4f631c123 [diff] [blame]
fortify: use a macro in diagnose_if

Our diagnose_if conditions are repetitive. It's potentially convenient
to hide that behind a macro. There's an upcoming refactor to our
run-time checks; having static checks look super similar is convenient,
and makes correctness (hopefully) slightly more obvious.

Bug: 131861088
Test: checkbuild on internal master.
Change-Id: Ic39a3b6bf020734c1bef6be144f61ef81466aafe

diff --git a/libc/include/bits/fortify/stdio.h b/libc/include/bits/fortify/stdio.h
index 0b5700a..fc7d359 100644
--- a/libc/include/bits/fortify/stdio.h
+++ b/libc/include/bits/fortify/stdio.h

@@ -57,8 +57,7 @@
 __BIONIC_ERROR_FUNCTION_VISIBILITY
 int snprintf(char* dest, size_t size, const char* format)
     __overloadable
-    __enable_if(__bos(dest) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
-                    __bos(dest) < __builtin_strlen(format),
+    __enable_if(__bos_unevaluated_lt(__bos(dest), __builtin_strlen(format)),
                 "format string will always overflow destination buffer")
     __errorattr("format string will always overflow destination buffer");
 
@@ -75,8 +74,7 @@
 __BIONIC_ERROR_FUNCTION_VISIBILITY
 int sprintf(char* dest, const char* format)
     __overloadable
-    __enable_if(__bos(dest) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
-                __bos(dest) < __builtin_strlen(format),
+    __enable_if(__bos_unevaluated_lt(__bos(dest), __builtin_strlen(format)),
                 "format string will always overflow destination buffer")
     __errorattr("format string will always overflow destination buffer");
 
@@ -96,7 +94,7 @@
         __overloadable
         __clang_error_if(__unsafe_check_mul_overflow(size, count),
                          "in call to 'fread', size * count overflows")
-        __clang_error_if(__bos(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE && size * count > __bos(buf),
+        __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
                          "in call to 'fread', size * count is too large for the given buffer") {
     size_t bos = __bos0(buf);
 
@@ -111,7 +109,7 @@
         __overloadable
         __clang_error_if(__unsafe_check_mul_overflow(size, count),
                          "in call to 'fwrite', size * count overflows")
-        __clang_error_if(__bos(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE && size * count > __bos(buf),
+        __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
                          "in call to 'fwrite', size * count is too large for the given buffer") {
     size_t bos = __bos0(buf);
 
@@ -128,7 +126,7 @@
 char* fgets(char* const __pass_object_size dest, int size, FILE* stream)
         __overloadable
         __clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
-        __clang_error_if(size > __bos(dest),
+        __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
                          "in call to 'fgets', size is larger than the destination buffer") {
     size_t bos = __bos(dest);