1 /*
2 * Copyright (C) 2016 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
28
29 #pragma once
30
31 #include <poll.h> // For struct pollfd.
32 #include <stdarg.h>
33 #include <stdlib.h>
34 #include <sys/select.h> // For struct fd_set.
35
36 #include <async_safe/log.h>
37
__fortify_fatal(const char * fmt,...)38 static inline __noreturn void __fortify_fatal(const char* fmt, ...) {
39 va_list args;
40 va_start(args, fmt);
41 async_safe_fatal_va_list("FORTIFY", fmt, args);
42 va_end(args);
43 abort();
44 }
45
46 //
47 // Common helpers.
48 //
49
__check_fd_set(const char * fn,int fd,size_t set_size)50 static inline void __check_fd_set(const char* fn, int fd, size_t set_size) {
51 if (__predict_false(fd < 0)) {
52 __fortify_fatal("%s: file descriptor %d < 0", fn, fd);
53 }
54 if (__predict_false(fd >= FD_SETSIZE)) {
55 __fortify_fatal("%s: file descriptor %d >= FD_SETSIZE %zu", fn, fd, FD_SETSIZE);
56 }
57 if (__predict_false(set_size < sizeof(fd_set))) {
58 __fortify_fatal("%s: set size %zu is too small to be an fd_set", fn, set_size);
59 }
60 }
61
__check_pollfd_array(const char * fn,size_t fds_size,nfds_t fd_count)62 static inline void __check_pollfd_array(const char* fn, size_t fds_size, nfds_t fd_count) {
63 size_t pollfd_array_length = fds_size / sizeof(pollfd);
64 if (__predict_false(pollfd_array_length < fd_count)) {
65 __fortify_fatal("%s: %zu-element pollfd array too small for %u fds",
66 fn, pollfd_array_length, fd_count);
67 }
68 }
69
__check_count(const char * fn,const char * identifier,size_t value)70 static inline void __check_count(const char* fn, const char* identifier, size_t value) {
71 if (__predict_false(value > SSIZE_MAX)) {
72 __fortify_fatal("%s: %s %zu > SSIZE_MAX", fn, identifier, value);
73 }
74 }
75
__check_buffer_access(const char * fn,const char * action,size_t claim,size_t actual)76 static inline void __check_buffer_access(const char* fn, const char* action,
77 size_t claim, size_t actual) {
78 if (__predict_false(claim > actual)) {
79 __fortify_fatal("%s: prevented %zu-byte %s %zu-byte buffer", fn, claim, action, actual);
80 }
81 }
82