Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / 1ffee0cfc1e3a7fddf4cbe633694be91e72265a1 / . / libc / include / bits / fortify / stdio.h
blob: e766b200779cd775b3c15582dcbb54aa2db4774c [file] [log] [blame]
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#ifndef _STDIO_H_
30#error "Never include this file directly; instead, include <stdio.h>"
31#endif
32
33char* __fgets_chk(char*, int, FILE*, size_t) __INTRODUCED_IN(17);
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame]34size_t __fread_chk(void*, size_t, size_t, FILE*, size_t) __INTRODUCED_IN(24);
35size_t __fwrite_chk(const void*, size_t, size_t, FILE*, size_t) __INTRODUCED_IN(24);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]36
37#if defined(__BIONIC_FORTIFY) && !defined(__BIONIC_NO_STDIO_FORTIFY)
38
39#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
40__BIONIC_FORTIFY_INLINE __printflike(3, 0)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]41int vsnprintf(char* const __pass_object_size dest, size_t size, const char* format, va_list ap)
George Burgess IV26d25a22019-06-06 17:45:05 -0700[diff] [blame]42 __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
43 "in call to 'vsnprintf', size is larger than the destination buffer")
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]44 __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]45 return __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, ap);
46}
47
48__BIONIC_FORTIFY_INLINE __printflike(2, 0)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]49int vsprintf(char* const __pass_object_size dest, const char* format, va_list ap) __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]50 return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
51}
52#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
53
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]54#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
Chih-Hung Hsiehf81abef2018-01-25 15:30:27 -0800[diff] [blame]55__BIONIC_FORTIFY_VARIADIC __printflike(3, 4)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]56int snprintf(char* const __pass_object_size dest, size_t size, const char* format, ...)
George Burgess IV26d25a22019-06-06 17:45:05 -0700[diff] [blame]57 __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
58 "in call to 'snprintf', size is larger than the destination buffer")
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]59 __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]60 va_list va;
61 va_start(va, format);
62 int result = __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, va);
63 va_end(va);
64 return result;
65}
66
67__BIONIC_ERROR_FUNCTION_VISIBILITY
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]68int sprintf(char* dest, const char* format)
69 __overloadable
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]70 __enable_if(__bos_unevaluated_lt(__bos(dest), __builtin_strlen(format)),
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]71 "format string will always overflow destination buffer")
72 __errorattr("format string will always overflow destination buffer");
73
Chih-Hung Hsiehf81abef2018-01-25 15:30:27 -0800[diff] [blame]74__BIONIC_FORTIFY_VARIADIC __printflike(2, 3)
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame]75int sprintf(char* const __pass_object_size dest, const char* format, ...) __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]76 va_list va;
77 va_start(va, format);
78 int result = __builtin___vsprintf_chk(dest, 0, __bos(dest), format, va);
79 va_end(va);
80 return result;
81}
82#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
83
84#if __ANDROID_API__ >= __ANDROID_API_N__
George Burgess IVa1a09b22019-05-13 17:16:20 -0700[diff] [blame]85#define __bos_trivially_not_lt_mul(bos_val, size, count) \
86 __bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
87 !__unsafe_check_mul_overflow(size, count))
88
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]89__BIONIC_FORTIFY_INLINE
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]90size_t fread(void* const __pass_object_size0 buf, size_t size, size_t count, FILE* stream)
91 __overloadable
92 __clang_error_if(__unsafe_check_mul_overflow(size, count),
93 "in call to 'fread', size * count overflows")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]94 __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]95 "in call to 'fread', size * count is too large for the given buffer") {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]96 size_t bos = __bos0(buf);
97
George Burgess IVa1a09b22019-05-13 17:16:20 -0700[diff] [blame]98 if (__bos_trivially_not_lt_mul(bos, size, count)) {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]99 return __call_bypassing_fortify(fread)(buf, size, count, stream);
100 }
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]101 return __fread_chk(buf, size, count, stream, bos);
102}
103
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]104__BIONIC_FORTIFY_INLINE
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame]105size_t fwrite(const void* const __pass_object_size0 buf, size_t size, size_t count, FILE* stream)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]106 __overloadable
107 __clang_error_if(__unsafe_check_mul_overflow(size, count),
108 "in call to 'fwrite', size * count overflows")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]109 __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]110 "in call to 'fwrite', size * count is too large for the given buffer") {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]111 size_t bos = __bos0(buf);
112
George Burgess IVa1a09b22019-05-13 17:16:20 -0700[diff] [blame]113 if (__bos_trivially_not_lt_mul(bos, size, count)) {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]114 return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
115 }
116
117 return __fwrite_chk(buf, size, count, stream, bos);
118}
George Burgess IVa1a09b22019-05-13 17:16:20 -0700[diff] [blame]119#undef __bos_trivially_not_lt_mul
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]120#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
121
122#if __ANDROID_API__ >= __ANDROID_API_J_MR1__
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]123__BIONIC_FORTIFY_INLINE
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]124char* fgets(char* const __pass_object_size dest, int size, FILE* stream)
125 __overloadable
126 __clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]127 __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]128 "in call to 'fgets', size is larger than the destination buffer") {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]129 size_t bos = __bos(dest);
130
George Burgess IVa1a09b22019-05-13 17:16:20 -0700[diff] [blame]131 if (__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]132 return __call_bypassing_fortify(fgets)(dest, size, stream);
133 }
134
135 return __fgets_chk(dest, size, stream, bos);
136}
137#endif /* __ANDROID_API__ >= __ANDROID_API_J_MR1__ */
138
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]139#endif /* defined(__BIONIC_FORTIFY) */