Add explicit null checks to some stdio functions. Applications fopening files and then blindly trying to read are widespread, leading to a recurring problem of SELinux tightening resulting in segfaults. Add a friendly diagnostic for this case. Bug: http://b/67455242 Test: bionic-unit-tests32/64 on sailfish Change-Id: I1734fa94487c4eff9b55a02c6b01baf6b265d236

commit: d162060928ceb7832766f386bf27b6e3003c2951 [log] [tgz]
author: Josh Gao <jmgao@google.com> Thu Oct 05 13:48:08 2017 -0700
committer: Josh Gao <jmgao@google.com> Mon Oct 23 12:48:08 2017 -0700
tree: 919de1c6bf179237287da858cad6a94e83c5c1f3
parent: c189e43f1009529e31cdbbf4225cb3f78e724552 [diff] [blame]
diff --git a/libc/stdio/local.h b/libc/stdio/local.h
index bf6a8f8..02ea8f8 100644
--- a/libc/stdio/local.h
+++ b/libc/stdio/local.h

@@ -38,6 +38,9 @@
 #include <pthread.h>
 #include <stdbool.h>
 #include <wchar.h>
+
+#include <async_safe/log.h>
+
 #include "wcio.h"
 
 /*
@@ -252,4 +255,13 @@
 
 __END_DECLS
 
+// Sanity check a FILE* for nullptr, so we can emit a message while crashing
+// instead of doing a blind null-dereference.
+#define CHECK_FP(fp)                                                       \
+  do {                                                                     \
+    if (__predict_false(fp == 0)) {                                        \
+      async_safe_fatal("invalid FILE* %p passed to %s", fp, __FUNCTION__); \
+    }                                                                      \
+  } while (0)
+
 #endif
commit	d162060928ceb7832766f386bf27b6e3003c2951	[log] [tgz]
author	Josh Gao <jmgao@google.com>	Thu Oct 05 13:48:08 2017 -0700
committer	Josh Gao <jmgao@google.com>	Mon Oct 23 12:48:08 2017 -0700
tree	919de1c6bf179237287da858cad6a94e83c5c1f3
parent	c189e43f1009529e31cdbbf4225cb3f78e724552 [diff] [blame]