Gitiles
Code Review Sign In
gerrit.omnirom.org / android_bionic / f5cd29269f1ca1a734949c77a8dc10b43ecc6e37 / . / libc / include / bits / fortify / stdio.h
blob: 578d04c4d50e2783c5a9e465d5f0f710543e695a [file] [log] [blame]
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]1/*
2 * Copyright (C) 2017 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29#ifndef _STDIO_H_
30#error "Never include this file directly; instead, include <stdio.h>"
31#endif
32
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]33char* _Nullable __fgets_chk(char* _Nonnull, int, FILE* _Nonnull, size_t) __INTRODUCED_IN(17);
34size_t __fread_chk(void* _Nonnull, size_t, size_t, FILE* _Nonnull, size_t) __INTRODUCED_IN(24);
35size_t __fwrite_chk(const void* _Nonnull, size_t, size_t, FILE* _Nonnull, size_t) __INTRODUCED_IN(24);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]36
37#if defined(__BIONIC_FORTIFY) && !defined(__BIONIC_NO_STDIO_FORTIFY)
38
Elliott Hughesf4ace9d2023-02-23 17:38:37 +0000[diff] [blame]39#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IV36926f42019-09-15 16:57:00 -0700[diff] [blame]40/* No diag -- clang diagnoses misuses of this on its own. */
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]41__BIONIC_FORTIFY_INLINE __printflike(3, 0)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]42int vsnprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, size_t size, const char* _Nonnull format, va_list ap)
Pirama Arumuga Nainardb71def2022-01-06 15:46:55 -0800[diff] [blame]43 __diagnose_as_builtin(__builtin_vsnprintf, 1, 2, 3, 4)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]44 __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]45 return __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, ap);
46}
47
48__BIONIC_FORTIFY_INLINE __printflike(2, 0)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]49int vsprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, const char* _Nonnull format, va_list ap) __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]50 return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
51}
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]52#endif
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]53
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]54__BIONIC_ERROR_FUNCTION_VISIBILITY
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]55int sprintf(char* __BIONIC_COMPLICATED_NULLNESS dest, const char* _Nonnull format)
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]56 __overloadable
57 __enable_if(__bos_unevaluated_lt(__bos(dest), __builtin_strlen(format)),
58 "format string will always overflow destination buffer")
59 __errorattr("format string will always overflow destination buffer");
60
Elliott Hughesf4ace9d2023-02-23 17:38:37 +0000[diff] [blame]61#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]62__BIONIC_FORTIFY_VARIADIC __printflike(2, 3)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]63int sprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, const char* _Nonnull format, ...) __overloadable {
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]64 va_list va;
65 va_start(va, format);
66 int result = __builtin___vsprintf_chk(dest, 0, __bos(dest), format, va);
67 va_end(va);
68 return result;
69}
70
George Burgess IV36926f42019-09-15 16:57:00 -0700[diff] [blame]71/* No diag -- clang diagnoses misuses of this on its own. */
Chih-Hung Hsiehf81abef2018-01-25 15:30:27 -0800[diff] [blame]72__BIONIC_FORTIFY_VARIADIC __printflike(3, 4)
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]73int snprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, size_t size, const char* _Nonnull format, ...)
Pirama Arumuga Nainardb71def2022-01-06 15:46:55 -0800[diff] [blame]74 __diagnose_as_builtin(__builtin_snprintf, 1, 2, 3)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]75 __overloadable {
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]76 va_list va;
77 va_start(va, format);
78 int result = __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, va);
79 va_end(va);
80 return result;
81}
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]82#endif
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]83
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]84#define __bos_trivially_ge_mul(bos_val, size, count) \
George Burgess IVa1a09b22019-05-13 17:16:20 -0700[diff] [blame]85 __bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
86 !__unsafe_check_mul_overflow(size, count))
87
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]88__BIONIC_FORTIFY_INLINE
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]89size_t fread(void* const _Nonnull __pass_object_size0 buf, size_t size, size_t count, FILE* _Nonnull stream)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]90 __overloadable
91 __clang_error_if(__unsafe_check_mul_overflow(size, count),
92 "in call to 'fread', size * count overflows")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]93 __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]94 "in call to 'fread', size * count is too large for the given buffer") {
Elliott Hughes95c6cd72019-12-20 13:26:14 -0800[diff] [blame]95#if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]96 size_t bos = __bos0(buf);
97
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]98 if (!__bos_trivially_ge_mul(bos, size, count)) {
99 return __fread_chk(buf, size, count, stream, bos);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]100 }
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]101#endif
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]102 return __call_bypassing_fortify(fread)(buf, size, count, stream);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]103}
104
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]105__BIONIC_FORTIFY_INLINE
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]106size_t fwrite(const void* const _Nonnull __pass_object_size0 buf, size_t size, size_t count, FILE* _Nonnull stream)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]107 __overloadable
108 __clang_error_if(__unsafe_check_mul_overflow(size, count),
109 "in call to 'fwrite', size * count overflows")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]110 __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]111 "in call to 'fwrite', size * count is too large for the given buffer") {
Elliott Hughes95c6cd72019-12-20 13:26:14 -0800[diff] [blame]112#if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]113 size_t bos = __bos0(buf);
114
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]115 if (!__bos_trivially_ge_mul(bos, size, count)) {
116 return __fwrite_chk(buf, size, count, stream, bos);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]117 }
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]118#endif
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]119 return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
120}
121#undef __bos_trivially_ge_mul
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]122
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]123__BIONIC_FORTIFY_INLINE
zijunzhaoacd090d2023-06-02 19:46:52 +0000[diff] [blame]124char* _Nullable fgets(char* const _Nonnull __pass_object_size dest, int size, FILE* _Nonnull stream)
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]125 __overloadable
126 __clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
George Burgess IV5273dc52019-05-09 13:46:57 -0700[diff] [blame]127 __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
George Burgess IV23dbf822017-07-31 21:23:34 -0700[diff] [blame]128 "in call to 'fgets', size is larger than the destination buffer") {
Elliott Hughesf4ace9d2023-02-23 17:38:37 +0000[diff] [blame]129#if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]130 size_t bos = __bos(dest);
131
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]132 if (!__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
133 return __fgets_chk(dest, size, stream, bos);
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]134 }
George Burgess IV8a0cdb12019-10-21 13:27:57 -0700[diff] [blame]135#endif
George Burgess IV113d6fa2019-09-18 17:06:14 -0700[diff] [blame]136 return __call_bypassing_fortify(fgets)(dest, size, stream);
137}
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]138
George Burgess IVb97049c2017-07-24 15:05:05 -0700[diff] [blame]139#endif /* defined(__BIONIC_FORTIFY) */