commit 95bd4884b525ad7a898105863c086113556ada29
author George Burgess IV <gbiv@google.com> Mon Aug 14 14:48:55 2017 -0700
committer George Burgess IV <gbiv@google.com> Mon Aug 14 14:48:55 2017 -0700
tree 81f2d25c6491285b2fa0aade7a8298aeb7b33d7a
parent 30438e4cea83628bcacbedff37a35398bb8b40e7

libc fortify: error on realpath(NULL, foo)

I've half a mind to make this a warning instead, since this sort of
call isn't UB. That said:
- if the user really wants this (I can't imagine why they would), they
  can just put NULL in a non-const variable,
- we're slowly moving to -Werror ~everywhere anyway, and
- it's presumably easier to change this from an error to a warning than
  the other way around

Bug: 12231437
Test: m checkbuild on bullhead internal master. No new
CtsBionicTestCases failures.

Change-Id: Ie8bf5a3455f663686fda4a7450fb35d147fa745e

libc/include/bits/fortify/stdlib.h

diff --git a/libc/include/bits/fortify/stdlib.h b/libc/include/bits/fortify/stdlib.h
index cf4b7ea..8f3b02c 100644
--- a/libc/include/bits/fortify/stdlib.h
+++ b/libc/include/bits/fortify/stdlib.h
@@ -40,7 +40,8 @@
 #if defined(__clang__)
 char* realpath(const char* path, char* resolved)
         __clang_error_if(__bos(resolved) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
-                         __bos(resolved) < __PATH_MAX, __realpath_buf_too_small_str);
+                         __bos(resolved) < __PATH_MAX, __realpath_buf_too_small_str)
+        __clang_error_if(!path, "'realpath': NULL path is never correct; flipped arguments?");
 /* No need for a definition; the only issues we can catch are at compile-time. */
 
 #else /* defined(__clang__) */