FORTIFY_SOURCE: fortify strrchr This change compliments 049e58369c37fdeacd0380a6bf1e078d9baf819f Change-Id: I27d015d70a520713c7472558a3c427f546d36ee4

commit: 9a4d305340e6ce2fc6c3f371f2d7ede446f8c6d4 [log] [tgz]
author: Nick Kralevich <nnk@google.com> Mon Dec 03 10:36:13 2012 -0800
committer: Nick Kralevich <nnk@google.com> Mon Dec 03 10:39:16 2012 -0800
tree: e6c29deaf1b6789aa94bb1074db1b9b554033267
parent: 60fb68338b7541b6022fc343857b90c088c399cd [diff] [blame]
diff --git a/libc/string/strrchr.c b/libc/string/strrchr.c
index 10c07e6..fc3dc4e 100644
--- a/libc/string/strrchr.c
+++ b/libc/string/strrchr.c

@@ -29,13 +29,19 @@
  */
 
 #include <string.h>
+#include <private/logd.h>
 
 char *
-strrchr(const char *p, int ch)
+__strrchr_chk(const char *p, int ch, size_t s_len)
 {
 	char *save;
 
-	for (save = NULL;; ++p) {
+	for (save = NULL;; ++p, s_len--) {
+		if (s_len == 0) {
+			__libc_android_log_print(ANDROID_LOG_FATAL, "libc",
+				"*** FORTIFY_SOURCE strrchr read beyond buffer ***\n");
+			abort();
+		}
 		if (*p == (char) ch)
 			save = (char *)p;
 		if (!*p)
@@ -43,3 +49,9 @@
 	}
 	/* NOTREACHED */
 }
+
+char *
+strrchr(const char *p, int ch)
+{
+	return __strrchr_chk(p, ch, (size_t) -1);
+}
commit	9a4d305340e6ce2fc6c3f371f2d7ede446f8c6d4	[log] [tgz]
author	Nick Kralevich <nnk@google.com>	Mon Dec 03 10:36:13 2012 -0800
committer	Nick Kralevich <nnk@google.com>	Mon Dec 03 10:39:16 2012 -0800
tree	e6c29deaf1b6789aa94bb1074db1b9b554033267
parent	60fb68338b7541b6022fc343857b90c088c399cd [diff] [blame]