Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / b97049c0390cb1a11b9cb0b14391972e69398ce5 / . / libc / include / bits / fortify / unistd.h
blob: 5df67b496a725f8ef7eb78f80af937409ed495f3 [file] [log] [blame]
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame^]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28#ifndef _UNISTD_H_
29#error "Never include this file directly; instead, include <unistd.h>"
30#endif
31
32char* __getcwd_chk(char*, size_t, size_t) __INTRODUCED_IN(24);
33
34ssize_t __pread_chk(int, void*, size_t, off_t, size_t) __INTRODUCED_IN(23);
35ssize_t __pread_real(int, void*, size_t, off_t) __RENAME(pread);
36
37ssize_t __pread64_chk(int, void*, size_t, off64_t, size_t) __INTRODUCED_IN(23);
38ssize_t __pread64_real(int, void*, size_t, off64_t) __RENAME(pread64) __INTRODUCED_IN(12);
39
40ssize_t __pwrite_chk(int, const void*, size_t, off_t, size_t) __INTRODUCED_IN(24);
41ssize_t __pwrite_real(int, const void*, size_t, off_t) __RENAME(pwrite);
42
43ssize_t __pwrite64_chk(int, const void*, size_t, off64_t, size_t) __INTRODUCED_IN(24);
44ssize_t __pwrite64_real(int, const void*, size_t, off64_t) __RENAME(pwrite64)
45 __INTRODUCED_IN(12);
46
47ssize_t __read_chk(int, void*, size_t, size_t) __INTRODUCED_IN(21);
48ssize_t __write_chk(int, const void*, size_t, size_t) __INTRODUCED_IN(24);
49ssize_t __readlink_chk(const char*, char*, size_t, size_t) __INTRODUCED_IN(23);
50ssize_t __readlinkat_chk(int dirfd, const char*, char*, size_t, size_t) __INTRODUCED_IN(23);
51
52#if defined(__BIONIC_FORTIFY)
53
54#if defined(__USE_FILE_OFFSET64)
55#define __PREAD_PREFIX(x) __pread64_ ## x
56#define __PWRITE_PREFIX(x) __pwrite64_ ## x
57#else
58#define __PREAD_PREFIX(x) __pread_ ## x
59#define __PWRITE_PREFIX(x) __pwrite_ ## x
60#endif
61
62#if defined(__clang__)
63#define __error_if_overflows_ssizet(what) \
64 __enable_if(what > SSIZE_MAX, #what " must be <= SSIZE_MAX") \
65 __errorattr(#what " must be <= SSIZE_MAX")
66
67#define __enable_if_no_overflow_ssizet(what) \
68 __enable_if((what) <= SSIZE_MAX, "enabled if " #what " <= SSIZE_MAX")
69
70#define __error_if_overflows_objectsize(what, objsize) \
71 __enable_if((objsize) != __BIONIC_FORTIFY_UNKNOWN_SIZE && \
72 (what) > (objsize), \
73 "'" #what "' bytes overflows the given object") \
74 __errorattr("'" #what "' bytes overflows the given object")
75
76__BIONIC_ERROR_FUNCTION_VISIBILITY
77char* getcwd(char* buf, size_t size) __overloadable
78 __error_if_overflows_objectsize(size, __bos(buf));
79
80#if __ANDROID_API__ >= __ANDROID_API_N__
81__BIONIC_FORTIFY_INLINE
82char* getcwd(char* const __pass_object_size buf, size_t size) __overloadable {
83 size_t bos = __bos(buf);
84
85 /*
86 * Clang responds bos==0 if buf==NULL
87 * (https://llvm.org/bugs/show_bug.cgi?id=23277). Given that NULL is a valid
88 * value, we need to handle that.
89 */
90 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE || buf == NULL) {
91 return __call_bypassing_fortify(getcwd)(buf, size);
92 }
93
94 return __getcwd_chk(buf, size, bos);
95}
96#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
97
98#if __ANDROID_API__ >= __ANDROID_API_M__
99__BIONIC_ERROR_FUNCTION_VISIBILITY
100ssize_t pread(int fd, void* buf, size_t count, off_t offset) __overloadable
101 __error_if_overflows_ssizet(count);
102
103__BIONIC_ERROR_FUNCTION_VISIBILITY
104ssize_t pread(int fd, void* buf, size_t count, off_t offset) __overloadable
105 __enable_if_no_overflow_ssizet(count)
106 __error_if_overflows_objectsize(count, __bos0(buf));
107
108__BIONIC_FORTIFY_INLINE
109ssize_t pread(int fd, void* const __pass_object_size0 buf, size_t count,
110 off_t offset) __overloadable {
111 size_t bos = __bos0(buf);
112
113 if (count == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
114 return __PREAD_PREFIX(real)(fd, buf, count, offset);
115 }
116
117 return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos);
118}
119
120__BIONIC_ERROR_FUNCTION_VISIBILITY
121ssize_t pread64(int fd, void* buf, size_t count, off64_t offset) __overloadable
122 __error_if_overflows_ssizet(count);
123
124__BIONIC_ERROR_FUNCTION_VISIBILITY
125ssize_t pread64(int fd, void* buf, size_t count, off64_t offset) __overloadable
126 __enable_if_no_overflow_ssizet(count)
127 __error_if_overflows_objectsize(count, __bos0(buf));
128
129__BIONIC_FORTIFY_INLINE
130ssize_t pread64(int fd, void* const __pass_object_size0 buf, size_t count,
131 off64_t offset) __overloadable {
132 size_t bos = __bos0(buf);
133
134 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
135 return __pread64_real(fd, buf, count, offset);
136 }
137
138 return __pread64_chk(fd, buf, count, offset, bos);
139}
140#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
141
142#if __ANDROID_API__ >= __ANDROID_API_N__
143__BIONIC_ERROR_FUNCTION_VISIBILITY
144ssize_t pwrite(int fd, const void* buf, size_t count, off_t offset)
145 __overloadable
146 __error_if_overflows_ssizet(count);
147
148__BIONIC_ERROR_FUNCTION_VISIBILITY
149ssize_t pwrite(int fd, const void* buf, size_t count, off_t offset)
150 __overloadable
151 __enable_if_no_overflow_ssizet(count)
152 __error_if_overflows_objectsize(count, __bos0(buf));
153
154__BIONIC_FORTIFY_INLINE
155ssize_t pwrite(int fd, const void* const __pass_object_size0 buf, size_t count,
156 off_t offset) __overloadable {
157 size_t bos = __bos0(buf);
158
159 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
160 return __PWRITE_PREFIX(real)(fd, buf, count, offset);
161 }
162
163 return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos);
164}
165
166__BIONIC_ERROR_FUNCTION_VISIBILITY
167ssize_t pwrite64(int fd, const void* buf, size_t count, off64_t offset)
168 __overloadable
169 __error_if_overflows_ssizet(count);
170
171__BIONIC_ERROR_FUNCTION_VISIBILITY
172ssize_t pwrite64(int fd, const void* buf, size_t count, off64_t offset)
173 __overloadable
174 __enable_if_no_overflow_ssizet(count)
175 __error_if_overflows_objectsize(count, __bos0(buf));
176
177__BIONIC_FORTIFY_INLINE
178ssize_t pwrite64(int fd, const void* const __pass_object_size0 buf,
179 size_t count, off64_t offset) __overloadable {
180 size_t bos = __bos0(buf);
181
182 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
183 return __pwrite64_real(fd, buf, count, offset);
184 }
185
186 return __pwrite64_chk(fd, buf, count, offset, bos);
187}
188#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
189
190#if __ANDROID_API__ >= __ANDROID_API_L__
191__BIONIC_ERROR_FUNCTION_VISIBILITY
192ssize_t read(int fd, void* buf, size_t count) __overloadable
193 __error_if_overflows_ssizet(count);
194
195__BIONIC_ERROR_FUNCTION_VISIBILITY
196ssize_t read(int fd, void* buf, size_t count) __overloadable
197 __enable_if_no_overflow_ssizet(count)
198 __error_if_overflows_objectsize(count, __bos0(buf));
199
200__BIONIC_FORTIFY_INLINE
201ssize_t read(int fd, void* const __pass_object_size0 buf, size_t count)
202 __overloadable {
203 size_t bos = __bos0(buf);
204
205 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
206 return __call_bypassing_fortify(read)(fd, buf, count);
207 }
208
209 return __read_chk(fd, buf, count, bos);
210}
211#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
212
213#if __ANDROID_API__ >= __ANDROID_API_N__
214__BIONIC_ERROR_FUNCTION_VISIBILITY
215ssize_t write(int fd, const void* buf, size_t count) __overloadable
216 __error_if_overflows_ssizet(count);
217
218__BIONIC_ERROR_FUNCTION_VISIBILITY
219ssize_t write(int fd, const void* buf, size_t count) __overloadable
220 __enable_if_no_overflow_ssizet(count)
221 __error_if_overflows_objectsize(count, __bos0(buf));
222
223__BIONIC_FORTIFY_INLINE
224ssize_t write(int fd, const void* const __pass_object_size0 buf, size_t count)
225 __overloadable {
226 size_t bos = __bos0(buf);
227
228 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
229 return __call_bypassing_fortify(write)(fd, buf, count);
230 }
231
232 return __write_chk(fd, buf, count, bos);
233}
234#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
235
236#if __ANDROID_API__ >= __ANDROID_API_M__
237__BIONIC_ERROR_FUNCTION_VISIBILITY
238ssize_t readlink(const char* path, char* buf, size_t size) __overloadable
239 __error_if_overflows_ssizet(size);
240
241__BIONIC_ERROR_FUNCTION_VISIBILITY
242ssize_t readlink(const char* path, char* buf, size_t size) __overloadable
243 __enable_if_no_overflow_ssizet(size)
244 __error_if_overflows_objectsize(size, __bos(buf));
245
246__BIONIC_FORTIFY_INLINE
247ssize_t readlink(const char* path, char* const __pass_object_size buf,
248 size_t size) __overloadable {
249 size_t bos = __bos(buf);
250
251 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
252 return __call_bypassing_fortify(readlink)(path, buf, size);
253 }
254
255 return __readlink_chk(path, buf, size, bos);
256}
257
258__BIONIC_ERROR_FUNCTION_VISIBILITY
259ssize_t readlinkat(int dirfd, const char* path, char* buf, size_t size)
260 __overloadable
261 __error_if_overflows_ssizet(size);
262
263__BIONIC_ERROR_FUNCTION_VISIBILITY
264ssize_t readlinkat(int dirfd, const char* path, char* buf, size_t size)
265 __overloadable
266 __enable_if_no_overflow_ssizet(size)
267 __error_if_overflows_objectsize(size, __bos(buf));
268
269__BIONIC_FORTIFY_INLINE
270ssize_t readlinkat(int dirfd, const char* path,
271 char* const __pass_object_size buf, size_t size)
272 __overloadable {
273 size_t bos = __bos(buf);
274
275 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
276 return __call_bypassing_fortify(readlinkat)(dirfd, path, buf, size);
277 }
278
279 return __readlinkat_chk(dirfd, path, buf, size, bos);
280}
281#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
282
283#undef __enable_if_no_overflow_ssizet
284#undef __error_if_overflows_objectsize
285#undef __error_if_overflows_ssizet
286#else /* defined(__clang__) */
287
288char* __getcwd_real(char*, size_t) __RENAME(getcwd);
289ssize_t __read_real(int, void*, size_t) __RENAME(read);
290ssize_t __write_real(int, const void*, size_t) __RENAME(write);
291ssize_t __readlink_real(const char*, char*, size_t) __RENAME(readlink);
292ssize_t __readlinkat_real(int dirfd, const char*, char*, size_t) __RENAME(readlinkat);
293
294__errordecl(__getcwd_dest_size_error, "getcwd called with size bigger than destination");
295__errordecl(__pread_dest_size_error, "pread called with size bigger than destination");
296__errordecl(__pread_count_toobig_error, "pread called with count > SSIZE_MAX");
297__errordecl(__pread64_dest_size_error, "pread64 called with size bigger than destination");
298__errordecl(__pread64_count_toobig_error, "pread64 called with count > SSIZE_MAX");
299__errordecl(__pwrite_dest_size_error, "pwrite called with size bigger than destination");
300__errordecl(__pwrite_count_toobig_error, "pwrite called with count > SSIZE_MAX");
301__errordecl(__pwrite64_dest_size_error, "pwrite64 called with size bigger than destination");
302__errordecl(__pwrite64_count_toobig_error, "pwrite64 called with count > SSIZE_MAX");
303__errordecl(__read_dest_size_error, "read called with size bigger than destination");
304__errordecl(__read_count_toobig_error, "read called with count > SSIZE_MAX");
305__errordecl(__write_dest_size_error, "write called with size bigger than destination");
306__errordecl(__write_count_toobig_error, "write called with count > SSIZE_MAX");
307__errordecl(__readlink_dest_size_error, "readlink called with size bigger than destination");
308__errordecl(__readlink_size_toobig_error, "readlink called with size > SSIZE_MAX");
309__errordecl(__readlinkat_dest_size_error, "readlinkat called with size bigger than destination");
310__errordecl(__readlinkat_size_toobig_error, "readlinkat called with size > SSIZE_MAX");
311
312#if __ANDROID_API__ >= __ANDROID_API_N__
313__BIONIC_FORTIFY_INLINE
314char* getcwd(char* buf, size_t size) __overloadable {
315 size_t bos = __bos(buf);
316
317 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
318 return __getcwd_real(buf, size);
319 }
320
321 if (__builtin_constant_p(size) && (size > bos)) {
322 __getcwd_dest_size_error();
323 }
324
325 if (__builtin_constant_p(size) && (size <= bos)) {
326 return __getcwd_real(buf, size);
327 }
328
329 return __getcwd_chk(buf, size, bos);
330}
331#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
332
333#if __ANDROID_API__ >= __ANDROID_API_M__
334__BIONIC_FORTIFY_INLINE
335ssize_t pread(int fd, void* buf, size_t count, off_t offset) {
336 size_t bos = __bos0(buf);
337
338 if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
339 __PREAD_PREFIX(count_toobig_error)();
340 }
341
342 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
343 return __PREAD_PREFIX(real)(fd, buf, count, offset);
344 }
345
346 if (__builtin_constant_p(count) && (count > bos)) {
347 __PREAD_PREFIX(dest_size_error)();
348 }
349
350 if (__builtin_constant_p(count) && (count <= bos)) {
351 return __PREAD_PREFIX(real)(fd, buf, count, offset);
352 }
353
354 return __PREAD_PREFIX(chk)(fd, buf, count, offset, bos);
355}
356
357__BIONIC_FORTIFY_INLINE
358ssize_t pread64(int fd, void* buf, size_t count, off64_t offset) {
359 size_t bos = __bos0(buf);
360
361 if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
362 __pread64_count_toobig_error();
363 }
364
365 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
366 return __pread64_real(fd, buf, count, offset);
367 }
368
369 if (__builtin_constant_p(count) && (count > bos)) {
370 __pread64_dest_size_error();
371 }
372
373 if (__builtin_constant_p(count) && (count <= bos)) {
374 return __pread64_real(fd, buf, count, offset);
375 }
376
377 return __pread64_chk(fd, buf, count, offset, bos);
378}
379#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
380
381#if __ANDROID_API__ >= __ANDROID_API_N__
382__BIONIC_FORTIFY_INLINE
383ssize_t pwrite(int fd, const void* buf, size_t count, off_t offset) {
384 size_t bos = __bos0(buf);
385
386 if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
387 __PWRITE_PREFIX(count_toobig_error)();
388 }
389
390 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
391 return __PWRITE_PREFIX(real)(fd, buf, count, offset);
392 }
393
394 if (__builtin_constant_p(count) && (count > bos)) {
395 __PWRITE_PREFIX(dest_size_error)();
396 }
397
398 if (__builtin_constant_p(count) && (count <= bos)) {
399 return __PWRITE_PREFIX(real)(fd, buf, count, offset);
400 }
401
402 return __PWRITE_PREFIX(chk)(fd, buf, count, offset, bos);
403}
404
405__BIONIC_FORTIFY_INLINE
406ssize_t pwrite64(int fd, const void* buf, size_t count, off64_t offset) {
407 size_t bos = __bos0(buf);
408
409 if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
410 __pwrite64_count_toobig_error();
411 }
412
413 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
414 return __pwrite64_real(fd, buf, count, offset);
415 }
416
417 if (__builtin_constant_p(count) && (count > bos)) {
418 __pwrite64_dest_size_error();
419 }
420
421 if (__builtin_constant_p(count) && (count <= bos)) {
422 return __pwrite64_real(fd, buf, count, offset);
423 }
424
425 return __pwrite64_chk(fd, buf, count, offset, bos);
426}
427#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
428
429#if __ANDROID_API__ >= __ANDROID_API_L__
430__BIONIC_FORTIFY_INLINE
431ssize_t read(int fd, void* buf, size_t count) {
432 size_t bos = __bos0(buf);
433
434 if (__builtin_constant_p(count) && (count > SSIZE_MAX)) {
435 __read_count_toobig_error();
436 }
437
438 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
439 return __read_real(fd, buf, count);
440 }
441
442 if (__builtin_constant_p(count) && (count > bos)) {
443 __read_dest_size_error();
444 }
445
446 if (__builtin_constant_p(count) && (count <= bos)) {
447 return __read_real(fd, buf, count);
448 }
449
450 return __read_chk(fd, buf, count, bos);
451}
452#endif /* __ANDROID_API__ >= __ANDROID_API_L__ */
453
454#if __ANDROID_API__ >= __ANDROID_API_N__
455__BIONIC_FORTIFY_INLINE
456ssize_t write(int fd, const void* buf, size_t count) {
457 size_t bos = __bos0(buf);
458
459 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
460 return __write_real(fd, buf, count);
461 }
462
463 if (__builtin_constant_p(count) && (count > bos)) {
464 __write_dest_size_error();
465 }
466
467 if (__builtin_constant_p(count) && (count <= bos)) {
468 return __write_real(fd, buf, count);
469 }
470
471 return __write_chk(fd, buf, count, bos);
472}
473#endif /* __ANDROID_API__ >= __ANDROID_API_N__ */
474
475#if __ANDROID_API__ >= __ANDROID_API_M__
476__BIONIC_FORTIFY_INLINE
477ssize_t readlink(const char* path, char* buf, size_t size) {
478 size_t bos = __bos(buf);
479
480 if (__builtin_constant_p(size) && (size > SSIZE_MAX)) {
481 __readlink_size_toobig_error();
482 }
483
484 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
485 return __readlink_real(path, buf, size);
486 }
487
488 if (__builtin_constant_p(size) && (size > bos)) {
489 __readlink_dest_size_error();
490 }
491
492 if (__builtin_constant_p(size) && (size <= bos)) {
493 return __readlink_real(path, buf, size);
494 }
495
496 return __readlink_chk(path, buf, size, bos);
497}
498
499__BIONIC_FORTIFY_INLINE
500ssize_t readlinkat(int dirfd, const char* path, char* buf, size_t size) {
501 size_t bos = __bos(buf);
502
503 if (__builtin_constant_p(size) && (size > SSIZE_MAX)) {
504 __readlinkat_size_toobig_error();
505 }
506
507 if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
508 return __readlinkat_real(dirfd, path, buf, size);
509 }
510
511 if (__builtin_constant_p(size) && (size > bos)) {
512 __readlinkat_dest_size_error();
513 }
514
515 if (__builtin_constant_p(size) && (size <= bos)) {
516 return __readlinkat_real(dirfd, path, buf, size);
517 }
518
519 return __readlinkat_chk(dirfd, path, buf, size, bos);
520}
521#endif /* __ANDROID_API__ >= __ANDROID_API_M__ */
522#endif /* defined(__clang__) */
523#undef __PREAD_PREFIX
524#undef __PWRITE_PREFIX
525#endif /* defined(__BIONIC_FORTIFY) */