xref: /aosp_15_r20/bionic/libc/include/bits/fortify/stdio.h (revision 8d67ca893c1523eb926b9080dbe4e2ffd2a27ba1) 
1 /*
2  * Copyright (C) 2017 The Android Open Source Project
3  * All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  *  * Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  *  * Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in
12  *    the documentation and/or other materials provided with the
13  *    distribution.
14  *
15  * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16  * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17  * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18  * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19  * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20  * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21  * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22  * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23  * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24  * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25  * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26  * SUCH DAMAGE.
27  */
28 
29 #ifndef _STDIO_H_
30 #error "Never include this file directly; instead, include <stdio.h>"
31 #endif
32 
33 char* _Nullable __fgets_chk(char* _Nonnull, int, FILE* _Nonnull, size_t);
34 
35 #if __BIONIC_AVAILABILITY_GUARD(24)
36 size_t __fread_chk(void* _Nonnull, size_t, size_t, FILE* _Nonnull, size_t) __INTRODUCED_IN(24);
37 size_t __fwrite_chk(const void* _Nonnull, size_t, size_t, FILE* _Nonnull, size_t) __INTRODUCED_IN(24);
38 #endif /* __BIONIC_AVAILABILITY_GUARD(24) */
39 
40 
41 #if defined(__BIONIC_FORTIFY) && !defined(__BIONIC_NO_STDIO_FORTIFY)
42 
43 #if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
44 /* No diag -- clang diagnoses misuses of this on its own.  */
45 __BIONIC_FORTIFY_INLINE __printflike(3, 0)
vsnprintf(char * const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest,size_t size,const char * _Nonnull format,va_list ap)46 int vsnprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, size_t size, const char* _Nonnull format, va_list ap)
47         __diagnose_as_builtin(__builtin_vsnprintf, 1, 2, 3, 4)
48         __overloadable {
49     return __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, ap);
50 }
51 
52 __BIONIC_FORTIFY_INLINE __printflike(2, 0)
vsprintf(char * const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest,const char * _Nonnull format,va_list ap)53 int vsprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, const char* _Nonnull format, va_list ap) __overloadable {
54     return __builtin___vsprintf_chk(dest, 0, __bos(dest), format, ap);
55 }
56 #endif
57 
58 __BIONIC_ERROR_FUNCTION_VISIBILITY
59 int sprintf(char* __BIONIC_COMPLICATED_NULLNESS dest, const char* _Nonnull format)
60     __overloadable
61     __enable_if(__bos_unevaluated_lt(__bos(dest), __builtin_strlen(format)),
62                 "format string will always overflow destination buffer")
63     __errorattr("format string will always overflow destination buffer");
64 
65 #if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
66 __BIONIC_FORTIFY_VARIADIC __printflike(2, 3)
sprintf(char * const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest,const char * _Nonnull format,...)67 int sprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, const char* _Nonnull format, ...) __overloadable {
68     va_list va;
69     va_start(va, format);
70     int result = __builtin___vsprintf_chk(dest, 0, __bos(dest), format, va);
71     va_end(va);
72     return result;
73 }
74 
75 /* No diag -- clang diagnoses misuses of this on its own.  */
76 __BIONIC_FORTIFY_VARIADIC __printflike(3, 4)
snprintf(char * const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest,size_t size,const char * _Nonnull format,...)77 int snprintf(char* const __BIONIC_COMPLICATED_NULLNESS __pass_object_size dest, size_t size, const char* _Nonnull format, ...)
78         __diagnose_as_builtin(__builtin_snprintf, 1, 2, 3)
79         __overloadable {
80     va_list va;
81     va_start(va, format);
82     int result = __builtin___vsnprintf_chk(dest, size, 0, __bos(dest), format, va);
83     va_end(va);
84     return result;
85 }
86 #endif
87 
88 #define __bos_trivially_ge_mul(bos_val, size, count) \
89   __bos_dynamic_check_impl_and(bos_val, >=, (size) * (count), \
90                                !__unsafe_check_mul_overflow(size, count))
91 
92 __BIONIC_FORTIFY_INLINE
fread(void * const _Nonnull __pass_object_size0 buf,size_t size,size_t count,FILE * _Nonnull stream)93 size_t fread(void* const _Nonnull __pass_object_size0 buf, size_t size, size_t count, FILE* _Nonnull stream)
94         __overloadable
95         __clang_error_if(__unsafe_check_mul_overflow(size, count),
96                          "in call to 'fread', size * count overflows")
97         __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
98                          "in call to 'fread', size * count is too large for the given buffer") {
99 #if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
100     size_t bos = __bos0(buf);
101 
102     if (!__bos_trivially_ge_mul(bos, size, count)) {
103         return __fread_chk(buf, size, count, stream, bos);
104     }
105 #endif
106     return __call_bypassing_fortify(fread)(buf, size, count, stream);
107 }
108 
109 __BIONIC_FORTIFY_INLINE
fwrite(const void * const _Nonnull __pass_object_size0 buf,size_t size,size_t count,FILE * _Nonnull stream)110 size_t fwrite(const void* const _Nonnull __pass_object_size0 buf, size_t size, size_t count, FILE* _Nonnull stream)
111         __overloadable
112         __clang_error_if(__unsafe_check_mul_overflow(size, count),
113                          "in call to 'fwrite', size * count overflows")
114         __clang_error_if(__bos_unevaluated_lt(__bos0(buf), size * count),
115                          "in call to 'fwrite', size * count is too large for the given buffer") {
116 #if __ANDROID_API__ >= 24 && __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
117     size_t bos = __bos0(buf);
118 
119     if (!__bos_trivially_ge_mul(bos, size, count)) {
120         return __fwrite_chk(buf, size, count, stream, bos);
121     }
122 #endif
123     return __call_bypassing_fortify(fwrite)(buf, size, count, stream);
124 }
125 #undef __bos_trivially_ge_mul
126 
127 __BIONIC_FORTIFY_INLINE
fgets(char * const _Nonnull __pass_object_size dest,int size,FILE * _Nonnull stream)128 char* _Nullable fgets(char* const _Nonnull __pass_object_size dest, int size, FILE* _Nonnull stream)
129         __overloadable
130         __clang_error_if(size < 0, "in call to 'fgets', size should not be negative")
131         __clang_error_if(__bos_unevaluated_lt(__bos(dest), size),
132                          "in call to 'fgets', size is larger than the destination buffer") {
133 #if __BIONIC_FORTIFY_RUNTIME_CHECKS_ENABLED
134     size_t bos = __bos(dest);
135 
136     if (!__bos_dynamic_check_impl_and(bos, >=, (size_t)size, size >= 0)) {
137         return __fgets_chk(dest, size, stream, bos);
138     }
139 #endif
140     return __call_bypassing_fortify(fgets)(dest, size, stream);
141 }
142 
143 #endif /* defined(__BIONIC_FORTIFY) */
144