FORTIFY_SOURCE: strlen check. This test is designed to detect code such as: int main() { char buf[10]; memcpy(buf, "1234567890", sizeof(buf)); size_t len = strlen(buf); // segfault here with _FORTIFY_SOURCE printf("%d\n", len); return 0; } or anytime strlen reads beyond an object boundary. This should help address memory leakage vulnerabilities and make other unrelated vulnerabilities harder to exploit. Change-Id: I354b425be7bef4713c85f6bab0e9738445e00182

commit: 260bf8cfe00f83bc579dfe81c78b75bd9973f051 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Fri Jul 13 11:27:06 2012 -0700
committer: Nick Kralevich <nnk@google.com> Fri Jul 13 13:49:59 2012 -0700
tree: b8ff686500d30625cb9d5908ecba4895f20a1467
parent: b2060b027c9eb2748895b53a0d69d40b52371a4e [diff] [blame]
diff --git a/libc/include/string.h b/libc/include/string.h
index 269f7ac..842aa39 100644
--- a/libc/include/string.h
+++ b/libc/include/string.h

@@ -216,6 +216,19 @@
     return __strlcat_chk(dest, src, size, bos);
 }
 
+__purefunc extern size_t __strlen_real(const char *)
+    __asm__(__USER_LABEL_PREFIX__ "strlen");
+extern size_t __strlen_chk(const char *, size_t);
+
+__BIONIC_FORTIFY_INLINE
+size_t strlen(const char *s) {
+    size_t bos = __builtin_object_size(s, 0);
+    if (bos == (size_t) -1) {
+        return __strlen_real(s);
+    }
+    return __strlen_chk(s, bos);
+}
+
 
 #endif /* defined(__BIONIC_FORTIFY_INLINE) */
commit	260bf8cfe00f83bc579dfe81c78b75bd9973f051	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Fri Jul 13 11:27:06 2012 -0700
committer	Nick Kralevich <nnk@google.com>	Fri Jul 13 13:49:59 2012 -0700
tree	b8ff686500d30625cb9d5908ecba4895f20a1467
parent	b2060b027c9eb2748895b53a0d69d40b52371a4e [diff] [blame]