commit d9865e7734d1d3465795aaf4529c96f4237e856f
author George Burgess IV <gbiv@google.com> Mon May 13 17:20:04 2019 -0700
committer George Burgess IV <gbiv@google.com> Thu May 23 15:01:55 2019 -0700
tree a448e41d2a75381be89a9688d5212351a4b66b4c
parent a1a09b211ec2f931d119937ca574d4befe2e303f

fortify: more use of __builtin_constant_p

This converts all of stdio to short-circuit _chk functions in trivially
safe cases.

Bug: 131861088
Test: checkbuild on internal master. blueline bionic tests pass + it
      boots.
Change-Id: I981ac9bd19112492d5a47dc5277526426b9af710

libc/include/bits/fortify/unistd.h

diff --git a/libc/include/bits/fortify/unistd.h b/libc/include/bits/fortify/unistd.h
index 04c7495..543c3c7 100644
--- a/libc/include/bits/fortify/unistd.h
+++ b/libc/include/bits/fortify/unistd.h
@@ -66,6 +66,9 @@
     __clang_error_if(__bos_unevaluated_lt((objsize), (what)), \
                      "in call to '" #fn "', '" #what "' bytes overflows the given object")
 
+#define __bos_trivially_not_lt_no_overflow(bos_val, index)  \
+      __bos_dynamic_check_impl_and((bos_val), >=, (index), (bos_val) <= SSIZE_MAX)
+
 #if __ANDROID_API__ >= __ANDROID_API_N__
 __BIONIC_FORTIFY_INLINE
 char* getcwd(char* const __pass_object_size buf, size_t size)
@@ -73,7 +76,7 @@
         __error_if_overflows_objectsize(size, __bos(buf), getcwd) {
     size_t bos = __bos(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt(bos, size)) {
         return __call_bypassing_fortify(getcwd)(buf, size);
     }
 
@@ -89,7 +92,7 @@
         __error_if_overflows_objectsize(count, __bos0(buf), pread) {
     size_t bos = __bos0(buf);
 
-    if (count == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_no_overflow(bos, count)) {
         return __PREAD_PREFIX(real)(fd, buf, count, offset);
     }
 
@@ -103,7 +106,7 @@
         __error_if_overflows_objectsize(count, __bos0(buf), pread64) {
     size_t bos = __bos0(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_no_overflow(bos, count)) {
         return __pread64_real(fd, buf, count, offset);
     }
 
@@ -119,7 +122,7 @@
         __error_if_overflows_objectsize(count, __bos0(buf), pwrite) {
     size_t bos = __bos0(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_no_overflow(bos, count)) {
         return __PWRITE_PREFIX(real)(fd, buf, count, offset);
     }
 
@@ -133,7 +136,7 @@
         __error_if_overflows_objectsize(count, __bos0(buf), pwrite64) {
     size_t bos = __bos0(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_no_overflow(bos, count)) {
         return __pwrite64_real(fd, buf, count, offset);
     }
 
@@ -149,7 +152,7 @@
         __error_if_overflows_objectsize(count, __bos0(buf), read) {
     size_t bos = __bos0(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_no_overflow(bos, count)) {
         return __call_bypassing_fortify(read)(fd, buf, count);
     }
 
@@ -165,7 +168,7 @@
         __error_if_overflows_objectsize(count, __bos0(buf), write) {
     size_t bos = __bos0(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_no_overflow(bos, count)) {
         return __call_bypassing_fortify(write)(fd, buf, count);
     }
 
@@ -181,7 +184,7 @@
         __error_if_overflows_objectsize(size, __bos(buf), readlink) {
     size_t bos = __bos(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_no_overflow(bos, size)) {
         return __call_bypassing_fortify(readlink)(path, buf, size);
     }
 
@@ -195,7 +198,7 @@
         __error_if_overflows_objectsize(size, __bos(buf), readlinkat) {
     size_t bos = __bos(buf);
 
-    if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+    if (__bos_trivially_not_lt_no_overflow(bos, size)) {
         return __call_bypassing_fortify(readlinkat)(dirfd, path, buf, size);
     }
 
@@ -203,6 +206,7 @@
 }
 #endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
 
+#undef __bos_trivially_not_lt_no_overflow
 #undef __enable_if_no_overflow_ssizet
 #undef __error_if_overflows_objectsize
 #undef __error_if_overflows_ssizet