Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / ec6850d849746ffbafaaf9b993c5dbb74a014b3f / . / libc / bionic / fortify.cpp
blob: eaf538742ac137e00f7819570efc87f4fc215924 [file] [log] [blame]
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]1/*
2 * Copyright (C) 2012 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29/*
30 * Copyright (c) 1988 Regents of the University of California.
31 * All rights reserved.
32 *
33 * Redistribution and use in source and binary forms, with or without
34 * modification, are permitted provided that the following conditions
35 * are met:
36 * 1. Redistributions of source code must retain the above copyright
37 * notice, this list of conditions and the following disclaimer.
38 * 2. Redistributions in binary form must reproduce the above copyright
39 * notice, this list of conditions and the following disclaimer in the
40 * documentation and/or other materials provided with the distribution.
41 * 3. Neither the name of the University nor the names of its contributors
42 * may be used to endorse or promote products derived from this software
43 * without specific prior written permission.
44 *
45 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
46 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
47 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
48 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
49 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
50 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
51 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
52 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
53 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
54 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
55 * SUCH DAMAGE.
56 */
57
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]58#include <poll.h>
59#include <stdarg.h>
60#include <stddef.h>
61#include <stdio.h>
62#include <stdlib.h>
63#include <string.h>
64#include <sys/cdefs.h>
65#include <sys/select.h>
66#include <sys/socket.h>
67#include <sys/stat.h>
68#include <unistd.h>
69
70#include "private/bionic_fortify.h"
71
72//
Elliott Hughesef2b2fe2017-04-16 08:50:58 -0700[diff] [blame]73// For more about FORTIFY see:
74//
75// https://android-developers.googleblog.com/2017/04/fortify-in-android.html
76//
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]77// http://gcc.gnu.org/onlinedocs/gcc/Object-Size-Checking.html
78// http://gcc.gnu.org/ml/gcc-patches/2004-09/msg02055.html
79//
Elliott Hughesef2b2fe2017-04-16 08:50:58 -0700[diff] [blame]80
81struct __bionic_zero_size_is_okay_t __bionic_zero_size_is_okay;
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]82
83int __FD_ISSET_chk(int fd, fd_set* set, size_t set_size) {
84 __check_fd_set("FD_ISSET", fd, set_size);
85 return FD_ISSET(fd, set);
86}
87
88void __FD_CLR_chk(int fd, fd_set* set, size_t set_size) {
89 __check_fd_set("FD_CLR", fd, set_size);
90 FD_CLR(fd, set);
91}
92
93void __FD_SET_chk(int fd, fd_set* set, size_t set_size) {
94 __check_fd_set("FD_SET", fd, set_size);
95 FD_SET(fd, set);
96}
97
98char* __fgets_chk(char* dst, int supplied_size, FILE* stream, size_t dst_len_from_compiler) {
99 if (supplied_size < 0) {
100 __fortify_fatal("fgets: buffer size %d < 0", supplied_size);
101 }
102 __check_buffer_access("fgets", "write into", supplied_size, dst_len_from_compiler);
103 return fgets(dst, supplied_size, stream);
104}
105
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame^]106size_t __fread_chk(void* buf, size_t size, size_t count, FILE* stream, size_t buf_size) {
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]107 size_t total;
108 if (__predict_false(__size_mul_overflow(size, count, &total))) {
109 // overflow: trigger the error path in fread
110 return fread(buf, size, count, stream);
111 }
112 __check_buffer_access("fread", "write into", total, buf_size);
113 return fread(buf, size, count, stream);
114}
115
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame^]116size_t __fwrite_chk(const void* buf, size_t size, size_t count, FILE* stream, size_t buf_size) {
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]117 size_t total;
118 if (__predict_false(__size_mul_overflow(size, count, &total))) {
119 // overflow: trigger the error path in fwrite
120 return fwrite(buf, size, count, stream);
121 }
122 __check_buffer_access("fwrite", "read from", total, buf_size);
123 return fwrite(buf, size, count, stream);
124}
125
126extern char* __getcwd_chk(char* buf, size_t len, size_t actual_size) {
127 __check_buffer_access("getcwd", "write into", len, actual_size);
128 return getcwd(buf, len);
129}
130
131void* __memchr_chk(const void* s, int c, size_t n, size_t actual_size) {
132 __check_buffer_access("memchr", "read from", n, actual_size);
George Burgess IVbd3d2082017-04-04 17:34:02 -0700[diff] [blame]133 return const_cast<void*>(memchr(s, c, n));
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]134}
135
136// Runtime implementation of __builtin____memmove_chk (used directly by compiler, not in headers).
137extern "C" void* __memmove_chk(void* dst, const void* src, size_t len, size_t dst_len) {
138 __check_buffer_access("memmove", "write into", len, dst_len);
139 return memmove(dst, src, len);
140}
141
Elliott Hughes3c6016f2016-03-01 14:45:58 -0800[diff] [blame]142// memcpy is performance-critical enough that we have assembler __memcpy_chk implementations.
143// This function is used to give better diagnostics than we can easily do from assembler.
144extern "C" void* __memcpy_chk_fail(void* /*dst*/, const void* /*src*/, size_t count, size_t dst_len) {
145 __check_count("memcpy", "count", count);
146 __check_buffer_access("memcpy", "write into", count, dst_len);
147 abort(); // One of the above is supposed to have failed, otherwise we shouldn't have been called.
148}
149
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]150void* __memrchr_chk(const void* s, int c, size_t n, size_t actual_size) {
151 __check_buffer_access("memrchr", "read from", n, actual_size);
152 return memrchr(s, c, n);
153}
154
Elliott Hughes62e59642016-03-01 11:22:42 -0800[diff] [blame]155// memset is performance-critical enough that we have assembler __memset_chk implementations.
156// This function is used to give better diagnostics than we can easily do from assembler.
157extern "C" void* __memset_chk_fail(void* /*dst*/, int /*byte*/, size_t count, size_t dst_len) {
158 __check_count("memset", "count", count);
159 __check_buffer_access("memset", "write into", count, dst_len);
160 abort(); // One of the above is supposed to have failed, otherwise we shouldn't have been called.
161}
162
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]163int __poll_chk(pollfd* fds, nfds_t fd_count, int timeout, size_t fds_size) {
164 __check_pollfd_array("poll", fds_size, fd_count);
165 return poll(fds, fd_count, timeout);
166}
167
168int __ppoll_chk(pollfd* fds, nfds_t fd_count, const timespec* timeout,
169 const sigset_t* mask, size_t fds_size) {
170 __check_pollfd_array("ppoll", fds_size, fd_count);
171 return ppoll(fds, fd_count, timeout, mask);
172}
173
174ssize_t __pread64_chk(int fd, void* buf, size_t count, off64_t offset, size_t buf_size) {
175 __check_count("pread64", "count", count);
176 __check_buffer_access("pread64", "write into", count, buf_size);
177 return pread64(fd, buf, count, offset);
178}
179
180ssize_t __pread_chk(int fd, void* buf, size_t count, off_t offset, size_t buf_size) {
181 __check_count("pread", "count", count);
182 __check_buffer_access("pread", "write into", count, buf_size);
183 return pread(fd, buf, count, offset);
184}
185
186ssize_t __pwrite64_chk(int fd, const void* buf, size_t count, off64_t offset,
187 size_t buf_size) {
188 __check_count("pwrite64", "count", count);
189 __check_buffer_access("pwrite64", "read from", count, buf_size);
190 return pwrite64(fd, buf, count, offset);
191}
192
193ssize_t __pwrite_chk(int fd, const void* buf, size_t count, off_t offset,
194 size_t buf_size) {
195 __check_count("pwrite", "count", count);
196 __check_buffer_access("pwrite", "read from", count, buf_size);
197 return pwrite(fd, buf, count, offset);
198}
199
200ssize_t __read_chk(int fd, void* buf, size_t count, size_t buf_size) {
201 __check_count("read", "count", count);
202 __check_buffer_access("read", "write into", count, buf_size);
203 return read(fd, buf, count);
204}
205
206ssize_t __readlinkat_chk(int dirfd, const char* path, char* buf, size_t size, size_t buf_size) {
207 __check_count("readlinkat", "size", size);
208 __check_buffer_access("readlinkat", "write into", size, buf_size);
209 return readlinkat(dirfd, path, buf, size);
210}
211
212ssize_t __readlink_chk(const char* path, char* buf, size_t size, size_t buf_size) {
213 __check_count("readlink", "size", size);
214 __check_buffer_access("readlink", "write into", size, buf_size);
215 return readlink(path, buf, size);
216}
217
218ssize_t __recvfrom_chk(int socket, void* buf, size_t len, size_t buf_size,
Elliott Hughes8197aca2016-08-12 09:20:07 -0700[diff] [blame]219 int flags, sockaddr* src_addr, socklen_t* addrlen) {
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]220 __check_buffer_access("recvfrom", "write into", len, buf_size);
221 return recvfrom(socket, buf, len, flags, src_addr, addrlen);
222}
223
Daniel Micay95b59c52017-02-13 17:27:59 -0800[diff] [blame]224ssize_t __sendto_chk(int socket, const void* buf, size_t len, size_t buflen,
225 int flags, const struct sockaddr* dest_addr,
226 socklen_t addrlen) {
227 __check_buffer_access("sendto", "read from", len, buflen);
228 return sendto(socket, buf, len, flags, dest_addr, addrlen);
229}
230
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]231// Runtime implementation of __builtin____stpcpy_chk (used directly by compiler, not in headers)..
232extern "C" char* __stpcpy_chk(char* dst, const char* src, size_t dst_len) {
233 // TODO: optimize so we don't scan src twice.
234 size_t src_len = strlen(src) + 1;
235 __check_buffer_access("stpcpy", "write into", src_len, dst_len);
236 return stpcpy(dst, src);
237}
238
239// Runtime implementation of __builtin____stpncpy_chk (used directly by compiler, not in headers).
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame^]240extern "C" char* __stpncpy_chk(char* dst, const char* src, size_t len, size_t dst_len) {
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]241 __check_buffer_access("stpncpy", "write into", len, dst_len);
242 return stpncpy(dst, src, len);
243}
244
245// This is a variant of __stpncpy_chk, but it also checks to make
246// sure we don't read beyond the end of "src". The code for this is
247// based on the original version of stpncpy, but modified to check
248// how much we read from "src" at the end of the copy operation.
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame^]249char* __stpncpy_chk2(char* dst, const char* src, size_t n, size_t dst_len, size_t src_len) {
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]250 __check_buffer_access("stpncpy", "write into", n, dst_len);
251 if (n != 0) {
252 char* d = dst;
253 const char* s = src;
254
255 do {
256 if ((*d++ = *s++) == 0) {
257 // NUL pad the remaining n-1 bytes.
258 while (--n != 0) {
259 *d++ = 0;
260 }
261 break;
262 }
263 } while (--n != 0);
264
265 size_t s_copy_len = static_cast<size_t>(s - src);
266 if (__predict_false(s_copy_len > src_len)) {
267 __fortify_fatal("stpncpy: detected read past end of %zu-byte buffer", src_len);
268 }
269 }
270
271 return dst;
272}
273
Elliott Hughesc75da092016-05-25 17:01:31 -0700[diff] [blame]274// strcat is performance-critical enough that we have assembler __strcat_chk implementations.
275// This function is used to give better diagnostics than we can easily do from assembler.
276extern "C" void __strcat_chk_fail(size_t dst_buf_size) {
277 __fortify_fatal("strcat: prevented write past end of %zu-byte buffer", dst_buf_size);
278}
279
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]280char* __strchr_chk(const char* p, int ch, size_t s_len) {
281 for (;; ++p, s_len--) {
282 if (__predict_false(s_len == 0)) {
283 __fortify_fatal("strchr: prevented read past end of buffer");
284 }
285 if (*p == static_cast<char>(ch)) {
286 return const_cast<char*>(p);
287 }
288 if (*p == '\0') {
289 return NULL;
290 }
291 }
292}
293
Elliott Hughesbdd8f892016-05-26 16:38:34 -0700[diff] [blame]294// strcpy is performance-critical enough that we have assembler __strcpy_chk implementations.
295// This function is used to give better diagnostics than we can easily do from assembler.
296extern "C" void __strcpy_chk_fail(size_t dst_buf_size) {
297 __fortify_fatal("strcpy: prevented write past end of %zu-byte buffer", dst_buf_size);
298}
299
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]300size_t __strlcat_chk(char* dst, const char* src,
301 size_t supplied_size, size_t dst_len_from_compiler) {
302 __check_buffer_access("strlcat", "write into", supplied_size, dst_len_from_compiler);
303 return strlcat(dst, src, supplied_size);
304}
305
306size_t __strlcpy_chk(char* dst, const char* src,
307 size_t supplied_size, size_t dst_len_from_compiler) {
308 __check_buffer_access("strlcpy", "write into", supplied_size, dst_len_from_compiler);
309 return strlcpy(dst, src, supplied_size);
310}
311
312size_t __strlen_chk(const char* s, size_t s_len) {
313 // TODO: "prevented" here would be a lie because this strlen can run off the end.
314 // strlen is too important to be expensive, so we wanted to be able to call the optimized
315 // implementation, but I think we need to implement optimized assembler __strlen_chk routines.
316 size_t ret = strlen(s);
317 if (__predict_false(ret >= s_len)) {
318 __fortify_fatal("strlen: detected read past end of buffer");
319 }
320 return ret;
321}
322
323// Runtime implementation of __builtin____strncat_chk (used directly by compiler, not in headers).
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame^]324extern "C" char* __strncat_chk(char* dst, const char* src, size_t len, size_t dst_buf_size) {
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]325 if (len == 0) {
326 return dst;
327 }
328
329 size_t dst_len = __strlen_chk(dst, dst_buf_size);
330 char* d = dst + dst_len;
331 dst_buf_size -= dst_len;
332
333 while (*src != '\0') {
334 *d++ = *src++;
335 len--; dst_buf_size--;
336
337 if (__predict_false(dst_buf_size == 0)) {
338 __fortify_fatal("strncat: prevented write past end of buffer");
339 }
340
341 if (len == 0) {
342 break;
343 }
344 }
345
346 *d = '\0';
347 return dst;
348}
349
350// Runtime implementation of __builtin____strncpy_chk (used directly by compiler, not in headers).
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame^]351extern "C" char* __strncpy_chk(char* dst, const char* src, size_t len, size_t dst_len) {
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]352 __check_buffer_access("strncpy", "write into", len, dst_len);
353 return strncpy(dst, src, len);
354}
355
356// This is a variant of __strncpy_chk, but it also checks to make
357// sure we don't read beyond the end of "src". The code for this is
358// based on the original version of strncpy, but modified to check
359// how much we read from "src" at the end of the copy operation.
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame^]360char* __strncpy_chk2(char* dst, const char* src, size_t n, size_t dst_len, size_t src_len) {
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]361 __check_buffer_access("strncpy", "write into", n, dst_len);
362 if (n != 0) {
363 char* d = dst;
364 const char* s = src;
365
366 do {
367 if ((*d++ = *s++) == 0) {
368 // NUL pad the remaining n-1 bytes.
369 while (--n != 0) {
370 *d++ = 0;
371 }
372 break;
373 }
374 } while (--n != 0);
375
376 size_t s_copy_len = static_cast<size_t>(s - src);
377 if (__predict_false(s_copy_len > src_len)) {
378 __fortify_fatal("strncpy: detected read past end of %zu-byte buffer", src_len);
379 }
380 }
381
382 return dst;
383}
384
385char* __strrchr_chk(const char* p, int ch, size_t s_len) {
386 for (const char* save = NULL;; ++p, s_len--) {
387 if (s_len == 0) {
388 __fortify_fatal("strrchr: prevented read past end of buffer");
389 }
390 if (*p == static_cast<char>(ch)) {
391 save = p;
392 }
393 if (!*p) {
394 return const_cast<char*>(save);
395 }
396 }
397}
398
399mode_t __umask_chk(mode_t mode) {
400 if (__predict_false((mode & 0777) != mode)) {
401 __fortify_fatal("umask: called with invalid mask %o", mode);
402 }
403
404 return umask(mode);
405}
406
407// Runtime implementation of __builtin____vsnprintf_chk (used directly by compiler, not in headers).
408extern "C" int __vsnprintf_chk(char* dst, size_t supplied_size, int /*flags*/,
409 size_t dst_len_from_compiler, const char* format, va_list va) {
410 __check_buffer_access("vsnprintf", "write into", supplied_size, dst_len_from_compiler);
411 return vsnprintf(dst, supplied_size, format, va);
412}
413
414// Runtime implementation of __builtin____snprintf_chk (used directly by compiler, not in headers).
415extern "C" int __snprintf_chk(char* dst, size_t supplied_size, int flags,
416 size_t dst_len_from_compiler, const char* format, ...) {
417 va_list va;
418 va_start(va, format);
419 int result = __vsnprintf_chk(dst, supplied_size, flags, dst_len_from_compiler, format, va);
420 va_end(va);
421 return result;
422}
423
424// Runtime implementation of __builtin____vsprintf_chk (used directly by compiler, not in headers).
425extern "C" int __vsprintf_chk(char* dst, int /*flags*/,
426 size_t dst_len_from_compiler, const char* format, va_list va) {
Elliott Hughesfb3873d2016-08-10 11:07:54 -0700[diff] [blame]427 // The compiler uses SIZE_MAX to mean "no idea", but our vsnprintf rejects sizes that large.
428 int result = vsnprintf(dst,
429 dst_len_from_compiler == SIZE_MAX ? SSIZE_MAX : dst_len_from_compiler,
430 format, va);
431
432 // Try to catch failures after the fact...
Elliott Hughesb83d6742016-02-25 20:33:47 -0800[diff] [blame]433 __check_buffer_access("vsprintf", "write into", result + 1, dst_len_from_compiler);
434 return result;
435}
436
437// Runtime implementation of __builtin____sprintf_chk (used directly by compiler, not in headers).
438extern "C" int __sprintf_chk(char* dst, int flags, size_t dst_len_from_compiler,
439 const char* format, ...) {
440 va_list va;
441 va_start(va, format);
442 int result = __vsprintf_chk(dst, flags, dst_len_from_compiler, format, va);
443 va_end(va);
444 return result;
445}
446
447ssize_t __write_chk(int fd, const void* buf, size_t count, size_t buf_size) {
448 __check_count("write", "count", count);
449 __check_buffer_access("write", "read from", count, buf_size);
450 return write(fd, buf, count);
451}
George Burgess IVd34b0a92017-07-25 11:43:39 -0700[diff] [blame]452
453#if !defined(NO___STRCAT_CHK)
454// Runtime implementation of __builtin____strcat_chk (used directly by compiler, not in headers).
Elliott Hughesec6850d2017-08-01 08:28:46 -0700[diff] [blame^]455extern "C" char* __strcat_chk(char* dst, const char* src, size_t dst_buf_size) {
George Burgess IVd34b0a92017-07-25 11:43:39 -0700[diff] [blame]456 char* save = dst;
457 size_t dst_len = __strlen_chk(dst, dst_buf_size);
458
459 dst += dst_len;
460 dst_buf_size -= dst_len;
461
462 while ((*dst++ = *src++) != '\0') {
463 dst_buf_size--;
464 if (__predict_false(dst_buf_size == 0)) {
465 __fortify_fatal("strcat: prevented write past end of %zu-byte buffer", dst_buf_size);
466 }
467 }
468
469 return save;
470}
471#endif // NO___STRCAT_CHK
472
473#if !defined(NO___STRCPY_CHK)
474// Runtime implementation of __builtin____strcpy_chk (used directly by compiler, not in headers).
475extern "C" char* __strcpy_chk(char* dst, const char* src, size_t dst_len) {
476 // TODO: optimize so we don't scan src twice.
477 size_t src_len = strlen(src) + 1;
478 __check_buffer_access("strcpy", "write into", src_len, dst_len);
479 return strcpy(dst, src);
480}
481#endif // NO___STRCPY_CHK
482
483#if !defined(NO___MEMCPY_CHK)
484// Runtime implementation of __memcpy_chk (used directly by compiler, not in headers).
485extern "C" void* __memcpy_chk(void* dst, const void* src, size_t count, size_t dst_len) {
486 __check_count("memcpy", "count", count);
487 __check_buffer_access("memcpy", "write into", count, dst_len);
488 return memcpy(dst, src, count);
489}
490#endif // NO___MEMCPY_CHK