Revert "fortify: allow diagnostics without run-time checks"
This reverts commit d7e11b88531665de59de466bbc9ee6c480b00a4f.
Reason for revert: Breaks aosp_x86_64-eng. Will look into it and
unbreak when it's not almost midnight. :)
Change-Id: I21f76efe4d19c70d0b14630e441376d359a45b49
diff --git a/libc/include/bits/fortify/fcntl.h b/libc/include/bits/fortify/fcntl.h
index 3c5a037..ded62ee 100644
--- a/libc/include/bits/fortify/fcntl.h
+++ b/libc/include/bits/fortify/fcntl.h
@@ -59,11 +59,11 @@
int open(const char* const __pass_object_size pathname, int flags)
__overloadable
__clang_error_if(__open_modes_useful(flags), "'open' " __open_too_few_args_error) {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
return __open_2(pathname, flags);
#else
return __open_real(pathname, flags);
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
}
__BIONIC_FORTIFY_INLINE
@@ -83,11 +83,11 @@
int openat(int dirfd, const char* const __pass_object_size pathname, int flags)
__overloadable
__clang_error_if(__open_modes_useful(flags), "'openat' " __open_too_few_args_error) {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
return __openat_2(dirfd, pathname, flags);
#else
return __openat_real(dirfd, pathname, flags);
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
}
__BIONIC_FORTIFY_INLINE
@@ -109,7 +109,7 @@
int open64(const char* const __pass_object_size pathname, int flags)
__overloadable
__clang_error_if(__open_modes_useful(flags), "'open64' " __open_too_few_args_error) {
- return open(pathname, flags);
+ return __open_2(pathname, flags);
}
__BIONIC_FORTIFY_INLINE
@@ -117,7 +117,7 @@
__overloadable
__clang_warning_if(!__open_modes_useful(flags) && modes,
"'open64' " __open_useless_modes_warning) {
- return open(pathname, flags, modes);
+ return __open_real(pathname, flags, modes);
}
__BIONIC_ERROR_FUNCTION_VISIBILITY
@@ -129,7 +129,7 @@
int openat64(int dirfd, const char* const __pass_object_size pathname, int flags)
__overloadable
__clang_error_if(__open_modes_useful(flags), "'openat64' " __open_too_few_args_error) {
- return openat(dirfd, pathname, flags);
+ return __openat_2(dirfd, pathname, flags);
}
__BIONIC_FORTIFY_INLINE
@@ -137,7 +137,7 @@
__overloadable
__clang_warning_if(!__open_modes_useful(flags) && modes,
"'openat64' " __open_useless_modes_warning) {
- return openat(dirfd, pathname, flags, modes);
+ return __openat_real(dirfd, pathname, flags, modes);
}
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
diff --git a/libc/include/bits/fortify/poll.h b/libc/include/bits/fortify/poll.h
index 30fdce4..7a727a4 100644
--- a/libc/include/bits/fortify/poll.h
+++ b/libc/include/bits/fortify/poll.h
@@ -44,13 +44,13 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
"in call to 'poll', fd_count is larger than the given buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_M__
size_t bos_fds = __bos(fds);
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
return __poll_chk(fds, fd_count, timeout, bos_fds);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
return __call_bypassing_fortify(poll)(fds, fd_count, timeout);
}
@@ -60,13 +60,13 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
"in call to 'ppoll', fd_count is larger than the given buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_M__
size_t bos_fds = __bos(fds);
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
return __ppoll_chk(fds, fd_count, timeout, mask, bos_fds);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
return __call_bypassing_fortify(ppoll)(fds, fd_count, timeout, mask);
}
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
@@ -77,13 +77,11 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos(fds), sizeof(*fds) * fd_count),
"in call to 'ppoll64', fd_count is larger than the given buffer") {
-#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
size_t bos_fds = __bos(fds);
if (!__bos_fd_count_trivially_safe(bos_fds, fds, fd_count)) {
return __ppoll64_chk(fds, fd_count, timeout, mask, bos_fds);
}
-#endif
return __call_bypassing_fortify(ppoll64)(fds, fd_count, timeout, mask);
}
#endif /* __ANDROID_API__ >= __ANDROID_API_P__ */
diff --git a/libc/include/bits/fortify/socket.h b/libc/include/bits/fortify/socket.h
index 30fe0d7..cf5f189 100644
--- a/libc/include/bits/fortify/socket.h
+++ b/libc/include/bits/fortify/socket.h
@@ -42,13 +42,13 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), len),
"'recvfrom' called with size bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_N__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge(bos, len)) {
return __recvfrom_chk(fd, buf, len, bos, flags, src_addr, addr_len);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
return __call_bypassing_fortify(recvfrom)(fd, buf, len, flags, src_addr, addr_len);
}
@@ -57,13 +57,13 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), len),
"'sendto' called with size bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_N_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_N_MR1__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge(bos, len)) {
return __sendto_chk(fd, buf, len, bos, flags, dest_addr, addr_len);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_N_MR1__ */
return __call_bypassing_fortify(sendto)(fd, buf, len, flags, dest_addr, addr_len);
}
diff --git a/libc/include/bits/fortify/stat.h b/libc/include/bits/fortify/stat.h
index 43fc69c..6a2e822 100644
--- a/libc/include/bits/fortify/stat.h
+++ b/libc/include/bits/fortify/stat.h
@@ -41,11 +41,11 @@
__overloadable
__enable_if(1, "")
__clang_error_if(mode & ~0777, "'umask' called with invalid mode") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR2__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
return __umask_chk(mode);
#else
return __umask_real(mode);
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
}
#endif /* defined(__BIONIC_FORTIFY) */
diff --git a/libc/include/bits/fortify/stdio.h b/libc/include/bits/fortify/stdio.h
index fb503c3..528d5fb 100644
--- a/libc/include/bits/fortify/stdio.h
+++ b/libc/include/bits/fortify/stdio.h
@@ -36,7 +36,7 @@
#if defined(__BIONIC_FORTIFY) && !defined(__BIONIC_NO_STDIO_FORTIFY)
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
/* No diag -- clang diagnoses misuses of this on its own. */
__BIONIC_FORTIFY_INLINE __printflike(3, 0)
int vsnprintf(char* const __pass_object_size dest, size_t size, const char* format, va_list ap)
@@ -48,7 +48,7 @@
int vsprintf(char* const __pass_object_size dest, const char* format, va_list ap) __overloadable {
return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
__BIONIC_ERROR_FUNCTION_VISIBILITY
int sprintf(char* dest, const char* format)
@@ -57,7 +57,7 @@
"format string will always overflow destination buffer")
__errorattr("format string will always overflow destination buffer");
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
__BIONIC_FORTIFY_VARIADIC __printflike(2, 3)
int sprintf(char* const __pass_object_size dest, const char* format, ...) __overloadable {
va_list va;
@@ -77,7 +77,7 @@
va_end(va);
return result;
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
#define __bos_trivially_ge_mul(bos_val, size, count) \
__bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
@@ -90,13 +90,13 @@
"in call to 'fread', size * count overflows")
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
"in call to 'fread', size * count is too large for the given buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_N__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge_mul(bos, size, count)) {
return __fread_chk(buf, size, count, stream, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
return __call_bypassing_fortify(fread)(buf, size, count, stream);
}
@@ -107,13 +107,13 @@
"in call to 'fwrite', size * count overflows")
__clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
"in call to 'fwrite', size * count is too large for the given buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_N__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge_mul(bos, size, count)) {
return __fwrite_chk(buf, size, count, stream, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
}
#undef __bos_trivially_ge_mul
@@ -124,13 +124,13 @@
__clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
__clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
"in call to 'fgets', size is larger than the destination buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
size_t bos = __bos(dest);
if (!__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
return __fgets_chk(dest, size, stream, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
return __call_bypassing_fortify(fgets)(dest, size, stream);
}
diff --git a/libc/include/bits/fortify/string.h b/libc/include/bits/fortify/string.h
index 3bfbfe9..bd36483 100644
--- a/libc/include/bits/fortify/string.h
+++ b/libc/include/bits/fortify/string.h
@@ -40,7 +40,7 @@
#if defined(__BIONIC_FORTIFY)
extern void* __memrchr_real(const void*, int, size_t) __RENAME(memrchr);
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
/* No diag -- clang diagnoses misuses of this on its own. */
__BIONIC_FORTIFY_INLINE
void* memcpy(void* const dst __pass_object_size0, const void* src, size_t copy_amount)
@@ -61,7 +61,7 @@
}
return __builtin___memmove_chk(dst, src, len, bos_dst);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
#if defined(__USE_GNU)
#if __ANDROID_API__ >= __ANDROID_API_R__
@@ -70,13 +70,11 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos0(dst), copy_amount),
"'mempcpy' called with size bigger than buffer") {
-#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
size_t bos_dst = __bos0(dst);
- if (!__bos_trivially_ge(bos_dst, copy_amount)) {
- return __builtin___mempcpy_chk(dst, src, copy_amount, bos_dst);
+ if (__bos_trivially_ge(bos_dst, copy_amount)) {
+ return __builtin_mempcpy(dst, src, copy_amount);
}
-#endif
- return __builtin_mempcpy(dst, src, copy_amount);
+ return __builtin___mempcpy_chk(dst, src, copy_amount, bos_dst);
}
#endif /* __ANDROID_API__ >= __ANDROID_API_R__ */
#endif /* __USE_GNU */
@@ -86,12 +84,12 @@
__overloadable
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
"'stpcpy' called with string bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_L__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_L__
size_t bos_dst = __bos(dst);
if (!__bos_trivially_gt(bos_dst, __builtin_strlen(src))) {
return __builtin___stpcpy_chk(dst, src, bos_dst);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
return __builtin_stpcpy(dst, src);
}
@@ -100,12 +98,12 @@
__overloadable
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
"'strcpy' called with string bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
size_t bos_dst = __bos(dst);
if (!__bos_trivially_gt(bos_dst, __builtin_strlen(src))) {
return __builtin___strcpy_chk(dst, src, bos_dst);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
return __builtin_strcpy(dst, src);
}
@@ -114,36 +112,36 @@
__overloadable
__clang_error_if(__bos_unevaluated_le(__bos(dst), __builtin_strlen(src)),
"'strcat' called with string bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
return __builtin___strcat_chk(dst, src, __bos(dst));
#else
return __builtin_strcat(dst, src);
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
}
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
/* No diag -- clang diagnoses misuses of this on its own. */
__BIONIC_FORTIFY_INLINE
char* strncat(char* const dst __pass_object_size, const char* src, size_t n) __overloadable {
return __builtin___strncat_chk(dst, src, n, __bos(dst));
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
/* No diag -- clang diagnoses misuses of this on its own. */
__BIONIC_FORTIFY_INLINE
void* memset(void* const s __pass_object_size0, int c, size_t n) __overloadable
/* If you're a user who wants this warning to go away: use `(&memset)(foo, bar, baz)`. */
__clang_warning_if(c && !n, "'memset' will set 0 bytes; maybe the arguments got flipped?") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
size_t bos = __bos0(s);
if (!__bos_trivially_ge(bos, n)) {
return __builtin___memset_chk(s, c, n, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
return __builtin_memset(s, c, n);
}
-#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_M__
__BIONIC_FORTIFY_INLINE
void* memchr(const void* const s __pass_object_size, int c, size_t n) __overloadable {
size_t bos = __bos(s);
@@ -165,9 +163,9 @@
return __memrchr_chk(s, c, n, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
-#if __ANDROID_API__ >= __ANDROID_API_L__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_L__
/* No diag -- clang diagnoses misuses of this on its own. */
__BIONIC_FORTIFY_INLINE
char* stpncpy(char* const dst __pass_object_size, const char* const src __pass_object_size, size_t n)
@@ -197,20 +195,20 @@
return __strncpy_chk2(dst, src, n, bos_dst, bos_src);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
__BIONIC_FORTIFY_INLINE
size_t strlcpy(char* const dst __pass_object_size, const char* src, size_t size)
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
"'strlcpy' called with size bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
size_t bos = __bos(dst);
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
return __strlcpy_chk(dst, src, size, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
return __call_bypassing_fortify(strlcpy)(dst, src, size);
}
@@ -219,13 +217,13 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos(dst), size),
"'strlcat' called with size bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
size_t bos = __bos(dst);
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
return __strlcat_chk(dst, src, size, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
return __call_bypassing_fortify(strlcat)(dst, src, size);
}
@@ -233,39 +231,39 @@
size_t strlen(const char* const s __pass_object_size0) __overloadable {
size_t bos = __bos0(s);
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
if (!__bos_trivially_gt(bos, __builtin_strlen(s))) {
return __strlen_chk(s, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
return __builtin_strlen(s);
}
__BIONIC_FORTIFY_INLINE
char* strchr(const char* const s __pass_object_size, int c) __overloadable {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR2__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
size_t bos = __bos(s);
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
return __strchr_chk(s, c, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
return __builtin_strchr(s, c);
}
__BIONIC_FORTIFY_INLINE
char* strrchr(const char* const s __pass_object_size, int c) __overloadable {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR2__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR2__
size_t bos = __bos(s);
if (bos != __BIONIC_FORTIFY_UNKNOWN_SIZE) {
return __strrchr_chk(s, c, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR2__ */
return __builtin_strrchr(s, c);
}
-#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_M__
#if defined(__cplusplus)
extern "C++" {
__BIONIC_FORTIFY_INLINE
diff --git a/libc/include/bits/fortify/strings.h b/libc/include/bits/fortify/strings.h
index 1ebaf39..cc268db 100644
--- a/libc/include/bits/fortify/strings.h
+++ b/libc/include/bits/fortify/strings.h
@@ -33,13 +33,13 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos0(dst), len),
"'bcopy' called with size bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
size_t bos = __bos0(dst);
if (!__bos_trivially_ge(bos, len)) {
__builtin___memmove_chk(dst, src, len, bos);
return;
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
__builtin_memmove(dst, src, len);
}
@@ -48,13 +48,13 @@
__overloadable
__clang_error_if(__bos_unevaluated_lt(__bos0(b), len),
"'bzero' called with size bigger than buffer") {
-#if __ANDROID_API__ >= __ANDROID_API_J_MR1__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
size_t bos = __bos0(b);
if (!__bos_trivially_ge(bos, len)) {
__builtin___memset_chk(b, 0, len, bos);
return;
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
__builtin_memset(b, 0, len);
}
diff --git a/libc/include/bits/fortify/unistd.h b/libc/include/bits/fortify/unistd.h
index f1580ce..45ed2cf 100644
--- a/libc/include/bits/fortify/unistd.h
+++ b/libc/include/bits/fortify/unistd.h
@@ -73,13 +73,13 @@
char* getcwd(char* const __pass_object_size buf, size_t size)
__overloadable
__error_if_overflows_objectsize(size, __bos(buf), getcwd) {
-#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_N__
size_t bos = __bos(buf);
if (!__bos_trivially_ge(bos, size)) {
return __getcwd_chk(buf, size, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
return __call_bypassing_fortify(getcwd)(buf, size);
}
@@ -89,13 +89,13 @@
__overloadable
__error_if_overflows_ssizet(count, pread)
__error_if_overflows_objectsize(count, __bos0(buf), pread) {
-#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_M__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge_no_overflow(bos, count)) {
return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
return __PREAD_PREFIX(real)(fd, buf, count, offset);
}
#endif /* !defined(__USE_FILE_OFFSET64) */
@@ -105,13 +105,13 @@
__overloadable
__error_if_overflows_ssizet(count, pread64)
__error_if_overflows_objectsize(count, __bos0(buf), pread64) {
-#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_M__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge_no_overflow(bos, count)) {
return __pread64_chk(fd, buf, count, offset, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
return __pread64_real(fd, buf, count, offset);
}
@@ -121,13 +121,13 @@
__overloadable
__error_if_overflows_ssizet(count, pwrite)
__error_if_overflows_objectsize(count, __bos0(buf), pwrite) {
-#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_N__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge_no_overflow(bos, count)) {
return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
return __PWRITE_PREFIX(real)(fd, buf, count, offset);
}
#endif /* !defined(__USE_FILE_OFFSET64) */
@@ -137,13 +137,13 @@
__overloadable
__error_if_overflows_ssizet(count, pwrite64)
__error_if_overflows_objectsize(count, __bos0(buf), pwrite64) {
-#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_N__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge_no_overflow(bos, count)) {
return __pwrite64_chk(fd, buf, count, offset, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
return __pwrite64_real(fd, buf, count, offset);
}
@@ -152,13 +152,13 @@
__overloadable
__error_if_overflows_ssizet(count, read)
__error_if_overflows_objectsize(count, __bos0(buf), read) {
-#if __ANDROID_API__ >= __ANDROID_API_L__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_L__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge_no_overflow(bos, count)) {
return __read_chk(fd, buf, count, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
return __call_bypassing_fortify(read)(fd, buf, count);
}
@@ -167,13 +167,13 @@
__overloadable
__error_if_overflows_ssizet(count, write)
__error_if_overflows_objectsize(count, __bos0(buf), write) {
-#if __ANDROID_API__ >= __ANDROID_API_N__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_N__
size_t bos = __bos0(buf);
if (!__bos_trivially_ge_no_overflow(bos, count)) {
return __write_chk(fd, buf, count, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
return __call_bypassing_fortify(write)(fd, buf, count);
}
@@ -182,13 +182,13 @@
__overloadable
__error_if_overflows_ssizet(size, readlink)
__error_if_overflows_objectsize(size, __bos(buf), readlink) {
-#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_M__
size_t bos = __bos(buf);
if (!__bos_trivially_ge_no_overflow(bos, size)) {
return __readlink_chk(path, buf, size, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
return __call_bypassing_fortify(readlink)(path, buf, size);
}
@@ -198,13 +198,13 @@
__overloadable
__error_if_overflows_ssizet(size, readlinkat)
__error_if_overflows_objectsize(size, __bos(buf), readlinkat) {
-#if __ANDROID_API__ >= __ANDROID_API_M__ && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
+#if __ANDROID_API__ >= __ANDROID_API_M__
size_t bos = __bos(buf);
if (!__bos_trivially_ge_no_overflow(bos, size)) {
return __readlinkat_chk(dirfd, path, buf, size, bos);
}
-#endif
+#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
return __call_bypassing_fortify(readlinkat)(dirfd, path, buf, size);
}
#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
diff --git a/libc/include/sys/cdefs.h b/libc/include/sys/cdefs.h
index eb30690..8078bda 100644
--- a/libc/include/sys/cdefs.h
+++ b/libc/include/sys/cdefs.h
@@ -237,15 +237,14 @@
#define __BIONIC_FORTIFY_UNKNOWN_SIZE ((size_t) -1)
#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0
-/* FORTIFY can interfere with pattern-matching of clang-tidy/the static analyzer. */
-# if !defined(__clang_analyzer__)
+/*
+ * FORTIFY's _chk functions effectively disable ASAN's stdlib interceptors.
+ * Additionally, the static analyzer/clang-tidy try to pattern match some
+ * standard library functions, and FORTIFY sometimes interferes with this. So,
+ * we turn FORTIFY off in both cases.
+ */
+# if !__has_feature(address_sanitizer) && !defined(__clang_analyzer__)
# define __BIONIC_FORTIFY 1
-/* ASAN has interceptors that FORTIFY's _chk functions can break. */
-# if __has_feature(address_sanitizer)
-# define __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED 0
-# else
-# define __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED 1
-# endif
# endif
#endif