• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *  * Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *  * Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in
12  *    the documentation and/or other materials provided with the
13  *    distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #ifndef _STDIO_H_
30 #error "Never include this file directly; instead, include <stdio.h>"
31 #endif
32 
33 char* _Nullable __fgets_chk(char* _Nonnull, int, FILE* _Nonnull, size_t);
34 size_t __fread_chk(void* _Nonnull, size_t, size_t, FILE* _Nonnull, size_t) __INTRODUCED_IN(24);
35 size_t __fwrite_chk(const void* _Nonnull, size_t, size_t, FILE* _Nonnull, size_t) __INTRODUCED_IN(24);
36 
37 #if defined(__BIONIC_FORTIFY) && !defined(__BIONIC_NO_STDIO_FORTIFY)
38 
39 #if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
40 /* No diag -- clang diagnoses misuses of this on its own.  */
41 __BIONIC_FORTIFY_INLINE __printflike(3, 0)
vsnprintf(char * const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest,size_t size,const char * _Nonnull format,va_list ap)42 int vsnprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, size_t size, const char* _Nonnull format, va_list ap)
43         __diagnose_as_builtin(__builtin_vsnprintf, 1, 2, 3, 4)
44         __overloadable {
45     return __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, ap);
46 }
47 
48 __BIONIC_FORTIFY_INLINE __printflike(2, 0)
vsprintf(char * const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest,const char * _Nonnull format,va_list ap)49 int vsprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, const char* _Nonnull format, va_list ap) __overloadable {
50     return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
51 }
52 #endif
53 
54 __BIONIC_ERROR_FUNCTION_VISIBILITY
55 int sprintf(char* __BIONIC_COMPLICATED_NULLNESS dest, const char* _Nonnull format)
56     __overloadable
57     __enable_if(__bos_unevaluated_lt(__bos(dest), __builtin_strlen(format)),
58                 "format string will always overflow destination buffer")
59     __errorattr("format string will always overflow destination buffer");
60 
61 #if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
62 __BIONIC_FORTIFY_VARIADIC __printflike(2, 3)
sprintf(char * const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest,const char * _Nonnull format,...)63 int sprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, const char* _Nonnull format, ...) __overloadable {
64     va_list va;
65     va_start(va, format);
66     int result = __builtin___vsprintf_chk(dest, 0, __bos(dest), format, va);
67     va_end(va);
68     return result;
69 }
70 
71 /* No diag -- clang diagnoses misuses of this on its own.  */
72 __BIONIC_FORTIFY_VARIADIC __printflike(3, 4)
snprintf(char * const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest,size_t size,const char * _Nonnull format,...)73 int snprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, size_t size, const char* _Nonnull format, ...)
74         __diagnose_as_builtin(__builtin_snprintf, 1, 2, 3)
75         __overloadable {
76     va_list va;
77     va_start(va, format);
78     int result = __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, va);
79     va_end(va);
80     return result;
81 }
82 #endif
83 
84 #define __bos_trivially_ge_mul(bos_val, size, count) \
85   __bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
86                                !__unsafe_check_mul_overflow(size, count))
87 
88 __BIONIC_FORTIFY_INLINE
fread(void * const _Nonnull __pass_object_size0 buf,size_t size,size_t count,FILE * _Nonnull stream)89 size_t fread(void* const _Nonnull __pass_object_size0 buf, size_t size, size_t count, FILE* _Nonnull stream)
90         __overloadable
91         __clang_error_if(__unsafe_check_mul_overflow(size, count),
92                          "in call to 'fread', size * count overflows")
93         __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
94                          "in call to 'fread', size * count is too large for the given buffer") {
95 #if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
96     size_t bos = __bos0(buf);
97 
98     if (!__bos_trivially_ge_mul(bos, size, count)) {
99         return __fread_chk(buf, size, count, stream, bos);
100     }
101 #endif
102     return __call_bypassing_fortify(fread)(buf, size, count, stream);
103 }
104 
105 __BIONIC_FORTIFY_INLINE
fwrite(const void * const _Nonnull __pass_object_size0 buf,size_t size,size_t count,FILE * _Nonnull stream)106 size_t fwrite(const void* const _Nonnull __pass_object_size0 buf, size_t size, size_t count, FILE* _Nonnull stream)
107         __overloadable
108         __clang_error_if(__unsafe_check_mul_overflow(size, count),
109                          "in call to 'fwrite', size * count overflows")
110         __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
111                          "in call to 'fwrite', size * count is too large for the given buffer") {
112 #if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
113     size_t bos = __bos0(buf);
114 
115     if (!__bos_trivially_ge_mul(bos, size, count)) {
116         return __fwrite_chk(buf, size, count, stream, bos);
117     }
118 #endif
119     return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
120 }
121 #undef __bos_trivially_ge_mul
122 
123 __BIONIC_FORTIFY_INLINE
fgets(char * const _Nonnull __pass_object_size dest,int size,FILE * _Nonnull stream)124 char* _Nullable fgets(char* const _Nonnull __pass_object_size dest, int size, FILE* _Nonnull stream)
125         __overloadable
126         __clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
127         __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
128                          "in call to 'fgets', size is larger than the destination buffer") {
129 #if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
130     size_t bos = __bos(dest);
131 
132     if (!__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
133         return __fgets_chk(dest, size, stream, bos);
134     }
135 #endif
136     return __call_bypassing_fortify(fgets)(dest, size, stream);
137 }
138 
139 #endif /* defined(__BIONIC_FORTIFY) */
140