Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / a3255e2cd6afc09b361a23ce1cd0b105eb8b89fc / . / libc / include / bits / fortify / stdio.h
blob: f9faeba87e36e4e3dd1687d6e9c8ccd4a27778c5 [file] [log] [blame]
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#ifndef _STDIO_H_
30#error "Never include this file directly; instead, include <stdio.h>"
31#endif
32
Elliott Hughes655e4302023-06-16 12:39:33 -0700[diff] [blame]33char* _Nullable __fgets_chk(char* _Nonnull, int, FILE* _Nonnull, size_t);
Dan Albert02ce4012024-10-25 19:13:49 +0000[diff] [blame]34
35#if __BIONIC_AVAILABILITY_GUARD(24)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]36size_t __fread_chk(void* _Nonnull, size_t, size_t, FILE* _Nonnull, size_t) __INTRODUCED_IN(24);
37size_t __fwrite_chk(const void* _Nonnull, size_t, size_t, FILE* _Nonnull, size_t) __INTRODUCED_IN(24);
Dan Albert02ce4012024-10-25 19:13:49 +0000[diff] [blame]38#endif /* __BIONIC_AVAILABILITY_GUARD(24) */
39
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]40
41#if defined(__BIONIC_FORTIFY) && !defined(__BIONIC_NO_STDIO_FORTIFY)
42
Elliott Hughesf4ace9d2023-02-23 17:38:37 +0000[diff] [blame]43#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IV36926f42019-09-15 16:57:00 -0700[diff] [blame]44/* No diag -- clang diagnoses misuses of this on its own. */
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]45__BIONIC_FORTIFY_INLINE __printflike(3, 0)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]46int vsnprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, size_t size, const char* _Nonnull format, va_list ap)
Pirama Arumuga Nainardb71def2022-01-06 15:46:55 -0800[diff] [blame]47 __diagnose_as_builtin(__builtin_vsnprintf, 1, 2, 3, 4)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]48 __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]49 return __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, ap);
50}
51
52__BIONIC_FORTIFY_INLINE __printflike(2, 0)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]53int vsprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, const char* _Nonnull format, va_list ap) __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]54 return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
55}
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]56#endif
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]57
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]58__BIONIC_ERROR_FUNCTION_VISIBILITY
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]59int sprintf(char* __BIONIC_COMPLICATED_NULLNESS dest, const char* _Nonnull format)
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]60 __overloadable
61 __enable_if(__bos_unevaluated_lt(__bos(dest), __builtin_strlen(format)),
62 "format string will always overflow destination buffer")
63 __errorattr("format string will always overflow destination buffer");
64
Elliott Hughesf4ace9d2023-02-23 17:38:37 +0000[diff] [blame]65#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]66__BIONIC_FORTIFY_VARIADIC __printflike(2, 3)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]67int sprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, const char* _Nonnull format, ...) __overloadable {
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]68 va_list va;
69 va_start(va, format);
70 int result = __builtin___vsprintf_chk(dest, 0, __bos(dest), format, va);
71 va_end(va);
72 return result;
73}
74
George Burgess IV36926f42019-09-15 16:57:00 -0700[diff] [blame]75/* No diag -- clang diagnoses misuses of this on its own. */
Chih-Hung Hsiehf81abef2018-01-25 15:30:27 -0800[diff] [blame]76__BIONIC_FORTIFY_VARIADIC __printflike(3, 4)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]77int snprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, size_t size, const char* _Nonnull format, ...)
Pirama Arumuga Nainardb71def2022-01-06 15:46:55 -0800[diff] [blame]78 __diagnose_as_builtin(__builtin_snprintf, 1, 2, 3)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]79 __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]80 va_list va;
81 va_start(va, format);
82 int result = __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, va);
83 va_end(va);
84 return result;
85}
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]86#endif
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]87
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]88#define __bos_trivially_ge_mul(bos_val, size, count) \
George Burgess IVa1a09b22019-05-13 17:16:20 -0700[diff] [blame]89 __bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
90 !__unsafe_check_mul_overflow(size, count))
91
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]92__BIONIC_FORTIFY_INLINE
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]93size_t fread(void* const _Nonnull __pass_object_size0 buf, size_t size, size_t count, FILE* _Nonnull stream)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]94 __overloadable
95 __clang_error_if(__unsafe_check_mul_overflow(size, count),
96 "in call to 'fread', size * count overflows")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]97 __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]98 "in call to 'fread', size * count is too large for the given buffer") {
Elliott Hughes95c6cd72019-12-20 13:26:14 -0800[diff] [blame]99#if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]100 size_t bos = __bos0(buf);
101
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]102 if (!__bos_trivially_ge_mul(bos, size, count)) {
103 return __fread_chk(buf, size, count, stream, bos);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]104 }
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]105#endif
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]106 return __call_bypassing_fortify(fread)(buf, size, count, stream);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]107}
108
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]109__BIONIC_FORTIFY_INLINE
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]110size_t fwrite(const void* const _Nonnull __pass_object_size0 buf, size_t size, size_t count, FILE* _Nonnull stream)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]111 __overloadable
112 __clang_error_if(__unsafe_check_mul_overflow(size, count),
113 "in call to 'fwrite', size * count overflows")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]114 __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]115 "in call to 'fwrite', size * count is too large for the given buffer") {
Elliott Hughes95c6cd72019-12-20 13:26:14 -0800[diff] [blame]116#if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]117 size_t bos = __bos0(buf);
118
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]119 if (!__bos_trivially_ge_mul(bos, size, count)) {
120 return __fwrite_chk(buf, size, count, stream, bos);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]121 }
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]122#endif
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]123 return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
124}
125#undef __bos_trivially_ge_mul
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]126
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]127__BIONIC_FORTIFY_INLINE
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]128char* _Nullable fgets(char* const _Nonnull __pass_object_size dest, int size, FILE* _Nonnull stream)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]129 __overloadable
130 __clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]131 __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]132 "in call to 'fgets', size is larger than the destination buffer") {
Elliott Hughesf4ace9d2023-02-23 17:38:37 +0000[diff] [blame]133#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]134 size_t bos = __bos(dest);
135
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]136 if (!__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
137 return __fgets_chk(dest, size, stream, bos);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]138 }
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]139#endif
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]140 return __call_bypassing_fortify(fgets)(dest, size, stream);
141}
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]142
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]143#endif /* defined(__BIONIC_FORTIFY) */