Merge "libc fortify: make socket.h and stdlib.h use diagnose_if"
diff --git a/libc/include/bits/fortify/poll.h b/libc/include/bits/fortify/poll.h
index e9b52c8..8363e35 100644
--- a/libc/include/bits/fortify/poll.h
+++ b/libc/include/bits/fortify/poll.h
@@ -37,42 +37,31 @@
#if defined(__BIONIC_FORTIFY)
#if __ANDROID_API__ >= __ANDROID_API_M__
#if defined(__clang__)
-__BIONIC_ERROR_FUNCTION_VISIBILITY
-int poll(struct pollfd* fds, nfds_t fd_count, int timeout) __overloadable
- __enable_if(__bos(fds) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
- __bos(fds) < sizeof(*fds) * fd_count,
- "selected when there aren't fd_count fds")
- __errorattr("too many fds specified");
-
__BIONIC_FORTIFY_INLINE
-int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count,
- int timeout) __overloadable {
+int poll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, int timeout)
+ __overloadable
+ __clang_error_if(__bos(fds) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
+ __bos(fds) < sizeof(*fds) * fd_count,
+ "in call to 'poll', fd_count is larger than the given buffer") {
size_t bos_fds = __bos(fds);
if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
- return __call_bypassing_fortify(poll)(fds, fd_count, timeout);
+ return __call_bypassing_fortify(poll)(fds, fd_count, timeout);
}
-
return __poll_chk(fds, fd_count, timeout, bos_fds);
}
-__BIONIC_ERROR_FUNCTION_VISIBILITY
-int ppoll(struct pollfd* fds, nfds_t fd_count, const struct timespec* timeout,
- const sigset_t* mask) __overloadable
- __enable_if(__bos(fds) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
- __bos(fds) < sizeof(*fds) * fd_count,
- "selected when there aren't fd_count fds")
- __errorattr("too many fds specified");
-
__BIONIC_FORTIFY_INLINE
-int ppoll(struct pollfd* const fds __pass_object_size, nfds_t fd_count,
- const struct timespec* timeout, const sigset_t* mask) __overloadable {
+int ppoll(struct pollfd* const fds __pass_object_size, nfds_t fd_count, const struct timespec* timeout, const sigset_t* mask)
+ __overloadable
+ __clang_error_if(__bos(fds) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
+ __bos(fds) < sizeof(*fds) * fd_count,
+ "in call to 'ppoll', fd_count is larger than the given buffer") {
size_t bos_fds = __bos(fds);
if (bos_fds == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
- return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask);
+ return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask);
}
-
return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds);
}
#else /* defined(__clang__) */
diff --git a/libc/include/bits/fortify/stat.h b/libc/include/bits/fortify/stat.h
index d119e2c..c168c38 100644
--- a/libc/include/bits/fortify/stat.h
+++ b/libc/include/bits/fortify/stat.h
@@ -33,23 +33,17 @@
mode_t __umask_chk(mode_t) __INTRODUCED_IN(18);
#if defined(__BIONIC_FORTIFY)
-#define __umask_invalid_mode_str "umask called with invalid mode"
+#define __umask_invalid_mode_str "'umask' called with invalid mode"
#if defined(__clang__)
#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
-/*
- * Abuse enable_if to make these be seen as overloads of umask, rather than
- * definitions.
- */
-__BIONIC_ERROR_FUNCTION_VISIBILITY
-mode_t umask(mode_t mode) __overloadable
- __enable_if(1, "")
- __enable_if(mode & ~0777, __umask_invalid_mode_str)
- __errorattr(__umask_invalid_mode_str);
-
+/* Abuse enable_if to make this an overload of umask. */
__BIONIC_FORTIFY_INLINE
-mode_t umask(mode_t mode) __enable_if(1, "") __overloadable {
+mode_t umask(mode_t mode)
+ __overloadable
+ __enable_if(1, "")
+ __clang_error_if(mode & ~0777, __umask_invalid_mode_str) {
return __umask_chk(mode);
}
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
diff --git a/libc/include/bits/fortify/stdio.h b/libc/include/bits/fortify/stdio.h
index 4acefd7..cfc78d7 100644
--- a/libc/include/bits/fortify/stdio.h
+++ b/libc/include/bits/fortify/stdio.h
@@ -38,13 +38,13 @@
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
__BIONIC_FORTIFY_INLINE __printflike(3, 0)
-int vsnprintf(char *const __pass_object_size dest, size_t size,
- const char * format, va_list ap) __overloadable {
+int vsnprintf(char* const __pass_object_size dest, size_t size, const char* format, va_list ap)
+ __overloadable {
return __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, ap);
}
__BIONIC_FORTIFY_INLINE __printflike(2, 0)
-int vsprintf(char *const __pass_object_size dest, const char* format, va_list ap) __overloadable {
+int vsprintf(char* const __pass_object_size dest, const char* format, va_list ap) __overloadable {
return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
}
#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
@@ -59,14 +59,14 @@
int snprintf(char* dest, size_t size, const char* format)
__overloadable
__enable_if(__bos(dest) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
- __bos(dest) < __builtin_strlen(format),
+ __bos(dest) < __builtin_strlen(format),
"format string will always overflow destination buffer")
__errorattr("format string will always overflow destination buffer");
__BIONIC_FORTIFY_INLINE
__printflike(3, 4)
-int snprintf(char* const __pass_object_size dest,
- size_t size, const char* format, ...) __overloadable {
+int snprintf(char* const __pass_object_size dest, size_t size, const char* format, ...)
+ __overloadable {
va_list va;
va_start(va, format);
int result = __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, va);
@@ -75,7 +75,8 @@
}
__BIONIC_ERROR_FUNCTION_VISIBILITY
-int sprintf(char* dest, const char* format) __overloadable
+int sprintf(char* dest, const char* format)
+ __overloadable
__enable_if(__bos(dest) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
__bos(dest) < __builtin_strlen(format),
"format string will always overflow destination buffer")
@@ -94,44 +95,27 @@
#if __ANDROID_API__ >= __ANDROID_API_N__
__BIONIC_FORTIFY_INLINE
-size_t fread(void* buf, size_t size, size_t count,
- FILE* stream) __overloadable
- __enable_if(__unsafe_check_mul_overflow(size, count), "size * count overflows")
- __errorattr("size * count overflows");
-
-__BIONIC_FORTIFY_INLINE
-size_t fread(void* buf, size_t size, size_t count, FILE* stream) __overloadable
- __enable_if(!__unsafe_check_mul_overflow(size, count), "no overflow")
- __enable_if(__bos(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
- size * count > __bos(buf), "size * count is too large")
- __errorattr("size * count is too large");
-
-__BIONIC_FORTIFY_INLINE
-size_t fread(void* const __pass_object_size0 buf, size_t size,
- size_t count, FILE* stream) __overloadable {
+size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FILE* stream)
+ __overloadable
+ __clang_error_if(__unsafe_check_mul_overflow(size, count),
+ "in call to 'fread', size * count overflows")
+ __clang_error_if(__bos(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE && size * count > __bos(buf),
+ "in call to 'fread', size * count is too large for the given buffer") {
size_t bos = __bos0(buf);
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
return __call_bypassing_fortify(fread)(buf, size, count, stream);
}
-
return __fread_chk(buf, size, count, stream, bos);
}
-size_t fwrite(const void* buf, size_t size, size_t count, FILE* stream) __overloadable
- __enable_if(__unsafe_check_mul_overflow(size, count),
- "size * count overflows")
- __errorattr("size * count overflows");
-
-size_t fwrite(const void* buf, size_t size, size_t count, FILE* stream) __overloadable
- __enable_if(!__unsafe_check_mul_overflow(size, count), "no overflow")
- __enable_if(__bos(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE &&
- size * count > __bos(buf), "size * count is too large")
- __errorattr("size * count is too large");
-
__BIONIC_FORTIFY_INLINE
size_t fwrite(const void* const __pass_object_size0 buf, size_t size, size_t count, FILE* stream)
- __overloadable {
+ __overloadable
+ __clang_error_if(__unsafe_check_mul_overflow(size, count),
+ "in call to 'fwrite', size * count overflows")
+ __clang_error_if(__bos(buf) != __BIONIC_FORTIFY_UNKNOWN_SIZE && size * count > __bos(buf),
+ "in call to 'fwrite', size * count is too large for the given buffer") {
size_t bos = __bos0(buf);
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
@@ -143,19 +127,12 @@
#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
-__BIONIC_ERROR_FUNCTION_VISIBILITY
-char *fgets(char* dest, int size, FILE* stream) __overloadable
- __enable_if(size < 0, "size is negative")
- __errorattr("size is negative");
-
-__BIONIC_ERROR_FUNCTION_VISIBILITY
-char *fgets(char* dest, int size, FILE* stream) __overloadable
- __enable_if(size >= 0 && size > __bos(dest),
- "size is larger than the destination buffer")
- __errorattr("size is larger than the destination buffer");
-
__BIONIC_FORTIFY_INLINE
-char *fgets(char* const __pass_object_size dest, int size, FILE* stream) __overloadable {
+char* fgets(char* const __pass_object_size dest, int size, FILE* stream)
+ __overloadable
+ __clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
+ __clang_error_if(size > __bos(dest),
+ "in call to 'fgets', size is larger than the destination buffer") {
size_t bos = __bos(dest);
if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
diff --git a/tests/fortify_compilation_test.cpp b/tests/fortify_compilation_test.cpp
index aab71a1..17dfacf 100644
--- a/tests/fortify_compilation_test.cpp
+++ b/tests/fortify_compilation_test.cpp
@@ -169,12 +169,12 @@
// NOLINTNEXTLINE(whitespace/line_length)
// GCC: error: call to '__fgets_too_small_error' declared with attribute error: fgets called with size less than zero
- // CLANG: error: call to unavailable function 'fgets': size is negative
+ // CLANG: error: in call to 'fgets', size should not be negative
fgets(buf, -1, stdin);
// NOLINTNEXTLINE(whitespace/line_length)
// GCC: error: call to '__fgets_too_big_error' declared with attribute error: fgets called with size bigger than buffer
- // CLANG: error: call to unavailable function 'fgets': size is larger than the destination buffer
+ // CLANG: error: in call to 'fgets', size is larger than the destination buffer
fgets(buf, 6, stdin);
}
@@ -199,8 +199,8 @@
void test_umask() {
// NOLINTNEXTLINE(whitespace/line_length)
- // GCC: error: call to '__umask_invalid_mode' declared with attribute error: umask called with invalid mode
- // CLANG: error: call to unavailable function 'umask': umask called with invalid mode
+ // GCC: error: call to '__umask_invalid_mode' declared with attribute error: 'umask' called with invalid mode
+ // CLANG: error: 'umask' called with invalid mode
umask(01777);
}
@@ -228,7 +228,7 @@
pollfd fds[1];
// NOLINTNEXTLINE(whitespace/line_length)
// GCC: error: call to '__poll_too_small_error' declared with attribute error: poll: pollfd array smaller than fd count
- // CLANG: error: call to unavailable function 'poll': too many fds specified
+ // CLANG: error: in call to 'poll', fd_count is larger than the given buffer
poll(fds, 2, 0);
}
@@ -237,7 +237,7 @@
timespec timeout;
// NOLINTNEXTLINE(whitespace/line_length)
// GCC: error: call to '__ppoll_too_small_error' declared with attribute error: ppoll: pollfd array smaller than fd count
- // CLANG: error: call to unavailable function 'ppoll': too many fds specified
+ // CLANG: error: in call to 'ppoll', fd_count is larger than the given buffer
ppoll(fds, 2, &timeout, NULL);
}
@@ -245,7 +245,7 @@
char buf[4];
// NOLINTNEXTLINE(whitespace/line_length)
// GCC: error: call to '__fread_overflow' declared with attribute error: fread called with overflowing size * count
- // CLANG: error: call to unavailable function 'fread': size * count overflows
+ // CLANG: error: in call to 'fread', size * count overflows
fread(buf, 2, (size_t)-1, stdin);
}
@@ -253,7 +253,8 @@
char buf[4];
// NOLINTNEXTLINE(whitespace/line_length)
// GCC: error: call to '__fread_too_big_error' declared with attribute error: fread called with size * count bigger than buffer
- // CLANG: error: call to unavailable function 'fread': size * count is too large
+ // NOLINTNEXTLINE(whitespace/line_length)
+ // CLANG: error: in call to 'fread', size * count is too large for the given buffer
fread(buf, 1, 5, stdin);
}
@@ -261,7 +262,7 @@
char buf[4] = {0};
// NOLINTNEXTLINE(whitespace/line_length)
// GCC: error: call to '__fwrite_overflow' declared with attribute error: fwrite called with overflowing size * count
- // CLANG: error: call to unavailable function 'fwrite': size * count overflows
+ // CLANG: error: in call to 'fwrite', size * count overflows
fwrite(buf, 2, (size_t)-1, stdout);
}
@@ -269,7 +270,8 @@
char buf[4] = {0};
// NOLINTNEXTLINE(whitespace/line_length)
// GCC: error: call to '__fwrite_too_big_error' declared with attribute error: fwrite called with size * count bigger than buffer
- // CLANG: error: call to unavailable function 'fwrite': size * count is too large
+ // NOLINTNEXTLINE(whitespace/line_length)
+ // CLANG: error: in call to 'fwrite', size * count is too large for the given buffer
fwrite(buf, 1, 5, stdout);
}