FORTIFY_SOURCE: fortify strrchr
This change compliments 049e58369c37fdeacd0380a6bf1e078d9baf819f
Change-Id: I27d015d70a520713c7472558a3c427f546d36ee4
diff --git a/libc/include/string.h b/libc/include/string.h
index 32b9310..2ed74e8 100644
--- a/libc/include/string.h
+++ b/libc/include/string.h
@@ -240,6 +240,22 @@
return __strchr_chk(s, c, bos);
}
+__purefunc extern char* __strrchr_real(const char *, int)
+ __asm__(__USER_LABEL_PREFIX__ "strrchr");
+extern char* __strrchr_chk(const char *, int, size_t);
+
+__BIONIC_FORTIFY_INLINE
+char* strrchr(const char *s, int c) {
+ size_t bos = __builtin_object_size(s, 0);
+
+ // Compiler doesn't know destination size. Don't call __strrchr_chk
+ if (bos == __BIONIC_FORTIFY_UNKNOWN_SIZE) {
+ return __strrchr_real(s, c);
+ }
+
+ return __strrchr_chk(s, c, bos);
+}
+
#endif /* defined(__BIONIC_FORTIFY_INLINE) */
diff --git a/libc/string/strrchr.c b/libc/string/strrchr.c
index 10c07e6..fc3dc4e 100644
--- a/libc/string/strrchr.c
+++ b/libc/string/strrchr.c
@@ -29,13 +29,19 @@
*/
#include <string.h>
+#include <private/logd.h>
char *
-strrchr(const char *p, int ch)
+__strrchr_chk(const char *p, int ch, size_t s_len)
{
char *save;
- for (save = NULL;; ++p) {
+ for (save = NULL;; ++p, s_len--) {
+ if (s_len == 0) {
+ __libc_android_log_print(ANDROID_LOG_FATAL, "libc",
+ "*** FORTIFY_SOURCE strrchr read beyond buffer ***\n");
+ abort();
+ }
if (*p == (char) ch)
save = (char *)p;
if (!*p)
@@ -43,3 +49,9 @@
}
/* NOTREACHED */
}
+
+char *
+strrchr(const char *p, int ch)
+{
+ return __strrchr_chk(p, ch, (size_t) -1);
+}