fortify: add __mempcpy_chk
Bug: 131861088
Test: mma + bionic-unit-tests on blueline
Change-Id: I02f8f87d5db0ba5fecec410da32f6ffa2c98ef57
diff --git a/libc/bionic/fortify.cpp b/libc/bionic/fortify.cpp
index 20e265e..cf37666 100644
--- a/libc/bionic/fortify.cpp
+++ b/libc/bionic/fortify.cpp
@@ -500,3 +500,10 @@
return memcpy(dst, src, count);
}
#endif // NO___MEMCPY_CHK
+
+// Runtime implementation of __mempcpy_chk (used directly by compiler, not in headers).
+extern "C" void* __mempcpy_chk(void* dst, const void* src, size_t count, size_t dst_len) {
+ __check_count("mempcpy", "count", count);
+ __check_buffer_access("mempcpy", "write into", count, dst_len);
+ return mempcpy(dst, src, count);
+}
diff --git a/libc/include/bits/fortify/string.h b/libc/include/bits/fortify/string.h
index 0e205d3..70e4476 100644
--- a/libc/include/bits/fortify/string.h
+++ b/libc/include/bits/fortify/string.h
@@ -66,6 +66,22 @@
}
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
+#if defined(__USE_GNU)
+#if __ANDROID_API__ >= __ANDROID_API_R__
+__BIONIC_FORTIFY_INLINE
+void* mempcpy(void* const dst __pass_object_size0, const void* src, size_t copy_amount)
+ __overloadable
+ __clang_error_if(__bos_unevaluated_lt(__bos0(dst), copy_amount),
+ "'mempcpy' called with size bigger than buffer") {
+ size_t bos_dst = __bos0(dst);
+ if (__bos_trivially_not_lt(bos_dst, copy_amount)) {
+ return __builtin_mempcpy(dst, src, copy_amount);
+ }
+ return __builtin___mempcpy_chk(dst, src, copy_amount, bos_dst);
+}
+#endif /* __ANDROID_API__ >= __ANDROID_API_R__ */
+#endif
+
#if __ANDROID_API__ >= __ANDROID_API_L__
__BIONIC_FORTIFY_INLINE
char* stpcpy(char* const dst __pass_object_size, const char* src)
diff --git a/libc/libc.map.txt b/libc/libc.map.txt
index b12df56..3c23da2 100644
--- a/libc/libc.map.txt
+++ b/libc/libc.map.txt
@@ -1482,6 +1482,7 @@
LIBC_R { # introduced=R
global:
+ __mempcpy_chk;
__open64_2;
__openat64_2;
call_once;
diff --git a/tests/clang_fortify_tests.cpp b/tests/clang_fortify_tests.cpp
index 5f87098..291fc5a 100644
--- a/tests/clang_fortify_tests.cpp
+++ b/tests/clang_fortify_tests.cpp
@@ -159,11 +159,8 @@
EXPECT_FORTIFY_DEATH(memcpy(small_buffer, large_buffer, sizeof(large_buffer)));
// expected-error@+1{{size bigger than buffer}}
EXPECT_FORTIFY_DEATH(memmove(small_buffer, large_buffer, sizeof(large_buffer)));
- // FIXME: this should be EXPECT_FORTIFY_DEATH
-#if 0
- // expected-error@+1{{called with bigger length than the destination}}
-#endif
- EXPECT_NO_DEATH(mempcpy(small_buffer, large_buffer, sizeof(large_buffer)));
+ // expected-error@+1{{size bigger than buffer}}
+ EXPECT_FORTIFY_DEATH(mempcpy(small_buffer, large_buffer, sizeof(large_buffer)));
// expected-error@+1{{size bigger than buffer}}
EXPECT_FORTIFY_DEATH(memset(small_buffer, 0, sizeof(large_buffer)));
// expected-warning@+1{{arguments got flipped?}}
diff --git a/tests/fortify_test.cpp b/tests/fortify_test.cpp
index 489b701..9a4b781 100644
--- a/tests/fortify_test.cpp
+++ b/tests/fortify_test.cpp
@@ -926,6 +926,24 @@
ASSERT_EQ('\0', buf[9]);
}
+TEST(TEST_NAME, mempcpy_chk) {
+ const char input_str[] = "abcdefg";
+ size_t input_str_size = strlen(input_str) + 1;
+
+ char buf1[10] = {};
+ char buf2[10] = {};
+
+ __builtin_mempcpy(buf1, input_str, input_str_size);
+ __builtin___mempcpy_chk(buf2, input_str, input_str_size, __bos0(buf2));
+
+ ASSERT_EQ(memcmp(buf1, buf2, sizeof(buf2)), 0);
+
+ void *builtin_ptr = __builtin_mempcpy(buf1, input_str, input_str_size);
+ void *fortify_ptr = __builtin___mempcpy_chk(buf1, input_str, input_str_size, __bos0(buf2));
+
+ ASSERT_EQ(builtin_ptr, fortify_ptr);
+}
+
extern "C" char* __stpcpy_chk(char*, const char*, size_t);
TEST(TEST_NAME, stpcpy_chk_max_int_size) {