/* Mudflap: narrow-pointer bounds-checking by tree rewriting.
- Copyright (C) 2002, 2003, 2004 Free Software Foundation, Inc.
+ Copyright (C) 2002, 2003, 2004, 2009 Free Software Foundation, Inc.
Contributed by Frank Ch. Eigler <fche@redhat.com>
and Graydon Hoare <graydon@redhat.com>
GCC is free software; you can redistribute it and/or modify it under
the terms of the GNU General Public License as published by the Free
-Software Foundation; either version 2, or (at your option) any later
+Software Foundation; either version 3, or (at your option) any later
version.
-In addition to the permissions in the GNU General Public License, the
-Free Software Foundation gives you unlimited permission to link the
-compiled version of this file into combinations with other programs,
-and to distribute those combinations without any restriction coming
-from the use of this file. (The General Public License restrictions
-do apply in other respects; for example, they cover modification of
-the file, and distribution when not linked into a combine
-executable.)
-
GCC is distributed in the hope that it will be useful, but WITHOUT ANY
WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
for more details.
-You should have received a copy of the GNU General Public License
-along with GCC; see the file COPYING. If not, write to the Free
-Software Foundation, 59 Temple Place - Suite 330, Boston, MA
-02111-1307, USA. */
+Under Section 7 of GPL version 3, you are granted additional
+permissions described in the GCC Runtime Library Exception, version
+3.1, as published by the Free Software Foundation.
+You should have received a copy of the GNU General Public License and
+a copy of the GCC Runtime Library Exception along with this program;
+see the files COPYING3 and COPYING.RUNTIME respectively. If not, see
+<http://www.gnu.org/licenses/>. */
#include "config.h"
#if !defined(__FreeBSD__) && !defined(__APPLE__)
#define _POSIX_SOURCE
#endif /* Some BSDs break <sys/socket.h> if this is defined. */
-#define _GNU_SOURCE
+#define _GNU_SOURCE
#define _XOPEN_SOURCE
#define _BSD_TYPES
#define __EXTENSIONS__
size_t n = strlen (src);
TRACE ("%s\n", __PRETTY_FUNCTION__);
- MF_VALIDATE_EXTENT(src, CLAMPADD(n, 1), __MF_CHECK_READ, "strcpy src");
+ MF_VALIDATE_EXTENT(src, CLAMPADD(n, 1), __MF_CHECK_READ, "strcpy src");
MF_VALIDATE_EXTENT(dest, CLAMPADD(n, 1), __MF_CHECK_WRITE, "strcpy dest");
return strcpy (dest, src);
}
size_t src_sz;
TRACE ("%s\n", __PRETTY_FUNCTION__);
dest_sz = strlen (dest);
- src_sz = strlen (src);
+ src_sz = strlen (src);
MF_VALIDATE_EXTENT(src, CLAMPADD(src_sz, 1), __MF_CHECK_READ, "strcat src");
MF_VALIDATE_EXTENT(dest, CLAMPADD(dest_sz, CLAMPADD(src_sz, 1)),
__MF_CHECK_WRITE, "strcat dest");
{
/* nb: validating the extents (s,n) might be a mistake for two reasons.
-
- (1) the string s might be shorter than n chars, and n is just a
+
+ (1) the string s might be shorter than n chars, and n is just a
poor choice by the programmer. this is not a "true" error in the
sense that the call to strncat would still be ok.
-
+
(2) we could try to compensate for case (1) by calling strlen(s) and
using that as a bound for the extent to verify, but strlen might fall off
the end of a non-terminated string, leading to a false positive.
-
+
so we will call strnlen(s,n) and use that as a bound.
if strnlen returns a length beyond the end of the registered extent
size_t s2_sz;
TRACE ("%s\n", __PRETTY_FUNCTION__);
s1_sz = strlen (s1);
- s2_sz = strlen (s2);
+ s2_sz = strlen (s2);
MF_VALIDATE_EXTENT(s1, CLAMPADD(s1_sz, 1), __MF_CHECK_READ, "strcmp 1st arg");
MF_VALIDATE_EXTENT(s2, CLAMPADD(s2_sz, 1), __MF_CHECK_WRITE, "strcmp 2nd arg");
return strcmp (s1, s2);
size_t s2_sz;
TRACE ("%s\n", __PRETTY_FUNCTION__);
s1_sz = strlen (s1);
- s2_sz = strlen (s2);
+ s2_sz = strlen (s2);
MF_VALIDATE_EXTENT(s1, CLAMPADD(s1_sz, 1), __MF_CHECK_READ, "strcasecmp 1st arg");
MF_VALIDATE_EXTENT(s2, CLAMPADD(s2_sz, 1), __MF_CHECK_READ, "strcasecmp 2nd arg");
return strcasecmp (s1, s2);
size_t n = strlen (s);
TRACE ("%s\n", __PRETTY_FUNCTION__);
MF_VALIDATE_EXTENT(s, CLAMPADD(n,1), __MF_CHECK_READ, "strdup region");
- result = (char *)CALL_REAL(malloc,
+ result = (char *)CALL_REAL(malloc,
CLAMPADD(CLAMPADD(n,1),
CLAMPADD(__mf_opts.crumple_zone,
__mf_opts.crumple_zone)));
MF_VALIDATE_EXTENT(s, sz, __MF_CHECK_READ, "strndup region"); /* nb: strNdup */
/* note: strndup still adds a \0, even with the N limit! */
- result = (char *)CALL_REAL(malloc,
+ result = (char *)CALL_REAL(malloc,
CLAMPADD(CLAMPADD(n,1),
CLAMPADD(__mf_opts.crumple_zone,
__mf_opts.crumple_zone)));
-
+
if (UNLIKELY(! result)) return result;
result += __mf_opts.crumple_zone;
#ifdef HAVE_MEMMEM
-WRAPPER2(void *, memmem,
+WRAPPER2(void *, memmem,
const void *haystack, size_t haystacklen,
const void *needle, size_t needlelen)
{
/* The following indicate if the result of the corresponding function
* should be explicitly un/registered by the wrapper
*/
+
+#ifdef __FreeBSD__
+#define MF_REGISTER_fopen __MF_TYPE_STATIC
+#else
#undef MF_REGISTER_fopen
+#endif
#define MF_RESULT_SIZE_fopen (sizeof (FILE))
+
#undef MF_REGISTER_opendir
#define MF_RESULT_SIZE_opendir 0 /* (sizeof (DIR)) */
#undef MF_REGISTER_readdir
}
+
+/* An auxiliary data structure for tracking the hand-made stdio
+ buffers we generate during the fopen/fopen64 hooks. In a civilized
+ language, this would be a simple dynamically sized FILE*->char*
+ lookup table, but this is C and we get to do it by hand. */
+struct mf_filebuffer
+{
+ FILE *file;
+ char *buffer;
+ struct mf_filebuffer *next;
+};
+static struct mf_filebuffer *mf_filebuffers = NULL;
+
+static void
+mkbuffer (FILE *f)
+{
+ /* Reset any buffer automatically provided by libc, since this may
+ have been done via mechanisms that libmudflap couldn't
+ intercept. */
+ int rc;
+ size_t bufsize = BUFSIZ;
+ int bufmode;
+ char *buffer = malloc (bufsize);
+ struct mf_filebuffer *b = malloc (sizeof (struct mf_filebuffer));
+ assert ((buffer != NULL) && (b != NULL));
+
+ /* Link it into list. */
+ b->file = f;
+ b->buffer = buffer;
+ b->next = mf_filebuffers;
+ mf_filebuffers = b;
+
+ /* Determine how the file is supposed to be buffered at the moment. */
+ bufmode = fileno (f) == 2 ? _IONBF : (isatty (fileno (f)) ? _IOLBF : _IOFBF);
+
+ rc = setvbuf (f, buffer, bufmode, bufsize);
+ assert (rc == 0);
+}
+
+static void
+unmkbuffer (FILE *f)
+{
+ struct mf_filebuffer *b = mf_filebuffers;
+ struct mf_filebuffer **pb = & mf_filebuffers;
+ while (b != NULL)
+ {
+ if (b->file == f)
+ {
+ *pb = b->next;
+ free (b->buffer);
+ free (b);
+ return;
+ }
+ pb = & b->next;
+ b = b->next;
+ }
+}
+
+
+
WRAPPER2(FILE *, fopen, const char *path, const char *mode)
{
size_t n;
__mf_register (p, sizeof (*p), MF_REGISTER_fopen, "fopen result");
#endif
MF_VALIDATE_EXTENT (p, sizeof (*p), __MF_CHECK_WRITE, "fopen result");
+
+ mkbuffer (p);
+ }
+
+ return p;
+}
+
+
+WRAPPER2(int, setvbuf, FILE *stream, char *buf, int mode, size_t size)
+{
+ int rc = 0;
+ TRACE ("%s\n", __PRETTY_FUNCTION__);
+
+ MF_VALIDATE_EXTENT (stream, sizeof (*stream), __MF_CHECK_WRITE, "setvbuf stream");
+
+ unmkbuffer (stream);
+
+ if (buf != NULL)
+ MF_VALIDATE_EXTENT (buf, size, __MF_CHECK_WRITE, "setvbuf buffer");
+
+ /* Override the user only if it's an auto-allocated buffer request. Otherwise
+ assume that the supplied buffer is already known to libmudflap. */
+ if ((buf == NULL) && ((mode == _IOFBF) || (mode == _IOLBF)))
+ mkbuffer (stream);
+ else
+ rc = setvbuf (stream, buf, mode, size);
+
+ return rc;
+}
+
+
+#ifdef HAVE_SETBUF
+WRAPPER2(int, setbuf, FILE* stream, char *buf)
+{
+ return __mfwrap_setvbuf (stream, buf, buf ? _IOFBF : _IONBF, BUFSIZ);
+}
+#endif
+
+#ifdef HAVE_SETBUFFER
+WRAPPER2(int, setbuffer, FILE* stream, char *buf, size_t sz)
+{
+ return __mfwrap_setvbuf (stream, buf, buf ? _IOFBF : _IONBF, sz);
+}
+#endif
+
+#ifdef HAVE_SETLINEBUF
+WRAPPER2(int, setlinebuf, FILE* stream)
+{
+ return __mfwrap_setvbuf(stream, NULL, _IOLBF, 0);
+}
+#endif
+
+
+
+WRAPPER2(FILE *, fdopen, int fd, const char *mode)
+{
+ size_t n;
+ FILE *p;
+ TRACE ("%s\n", __PRETTY_FUNCTION__);
+
+ n = strlen (mode);
+ MF_VALIDATE_EXTENT (mode, CLAMPADD(n, 1), __MF_CHECK_READ, "fdopen mode");
+
+ p = fdopen (fd, mode);
+ if (NULL != p) {
+#ifdef MF_REGISTER_fopen
+ __mf_register (p, sizeof (*p), MF_REGISTER_fopen, "fdopen result");
+#endif
+ MF_VALIDATE_EXTENT (p, sizeof (*p), __MF_CHECK_WRITE, "fdopen result");
+
+ mkbuffer (p);
+ }
+
+ return p;
+}
+
+
+WRAPPER2(FILE *, freopen, const char *path, const char *mode, FILE *s)
+{
+ size_t n;
+ FILE *p;
+ TRACE ("%s\n", __PRETTY_FUNCTION__);
+
+ n = strlen (path);
+ MF_VALIDATE_EXTENT (path, CLAMPADD(n, 1), __MF_CHECK_READ, "freopen path");
+
+ MF_VALIDATE_EXTENT (s, (sizeof (*s)), __MF_CHECK_WRITE, "freopen stream");
+ unmkbuffer (s);
+
+ n = strlen (mode);
+ MF_VALIDATE_EXTENT (mode, CLAMPADD(n, 1), __MF_CHECK_READ, "freopen mode");
+
+ p = freopen (path, mode, s);
+ if (NULL != p) {
+#ifdef MF_REGISTER_fopen
+ __mf_register (p, sizeof (*p), MF_REGISTER_fopen, "freopen result");
+#endif
+ MF_VALIDATE_EXTENT (p, sizeof (*p), __MF_CHECK_WRITE, "freopen result");
+
+ mkbuffer (p);
}
return p;
__mf_register (p, sizeof (*p), MF_REGISTER_fopen, "fopen64 result");
#endif
MF_VALIDATE_EXTENT (p, sizeof (*p), __MF_CHECK_WRITE, "fopen64 result");
+
+ mkbuffer (p);
+ }
+
+ return p;
+}
+#endif
+
+
+#ifdef HAVE_FREOPEN64
+WRAPPER2(FILE *, freopen64, const char *path, const char *mode, FILE *s)
+{
+ size_t n;
+ FILE *p;
+ TRACE ("%s\n", __PRETTY_FUNCTION__);
+
+ n = strlen (path);
+ MF_VALIDATE_EXTENT (path, CLAMPADD(n, 1), __MF_CHECK_READ, "freopen64 path");
+
+ MF_VALIDATE_EXTENT (s, (sizeof (*s)), __MF_CHECK_WRITE, "freopen64 stream");
+ unmkbuffer (s);
+
+ n = strlen (mode);
+ MF_VALIDATE_EXTENT (mode, CLAMPADD(n, 1), __MF_CHECK_READ, "freopen64 mode");
+
+ p = freopen (path, mode, s);
+ if (NULL != p) {
+#ifdef MF_REGISTER_fopen
+ __mf_register (p, sizeof (*p), MF_REGISTER_fopen, "freopen64 result");
+#endif
+ MF_VALIDATE_EXTENT (p, sizeof (*p), __MF_CHECK_WRITE, "freopen64 result");
+
+ mkbuffer (p);
}
return p;
#ifdef MF_REGISTER_fopen
__mf_unregister (stream, sizeof (*stream), MF_REGISTER_fopen);
#endif
+ unmkbuffer (stream);
return resp;
}
WRAPPER2(int, fflush, FILE *stream)
{
TRACE ("%s\n", __PRETTY_FUNCTION__);
- MF_VALIDATE_EXTENT (stream, sizeof (*stream), __MF_CHECK_WRITE,
- "fflush stream");
+ if (stream != NULL)
+ MF_VALIDATE_EXTENT (stream, sizeof (*stream), __MF_CHECK_WRITE,
+ "fflush stream");
return fflush (stream);
}
}
-WRAPPER2(int, setvbuf, FILE *stream, char *buf, int mode , size_t size)
-{
- TRACE ("%s\n", __PRETTY_FUNCTION__);
- MF_VALIDATE_EXTENT (stream, sizeof (*stream), __MF_CHECK_WRITE,
- "setvbuf stream");
- if (NULL != buf)
- MF_VALIDATE_EXTENT (buf, size, __MF_CHECK_READ, "setvbuf buf");
- return setvbuf (stream, buf, mode, size);
-}
-
-
-WRAPPER2(void, setbuf, FILE *stream, char *buf)
-{
- TRACE ("%s\n", __PRETTY_FUNCTION__);
- MF_VALIDATE_EXTENT (stream, sizeof (*stream), __MF_CHECK_WRITE,
- "setbuf stream");
- if (NULL != buf)
- MF_VALIDATE_EXTENT (buf, BUFSIZ, __MF_CHECK_READ, "setbuf buf");
- setbuf (stream, buf);
-}
-
-
#ifdef HAVE_DIRENT_H
WRAPPER2(DIR *, opendir, const char *path)
{
WRAPPER2(int, accept, int s, struct sockaddr *addr, socklen_t *addrlen)
{
TRACE ("%s\n", __PRETTY_FUNCTION__);
- MF_VALIDATE_EXTENT (addr, (size_t)*addrlen, __MF_CHECK_WRITE, "accept addr");
+ if (addr != NULL)
+ MF_VALIDATE_EXTENT (addr, (size_t)*addrlen, __MF_CHECK_WRITE, "accept addr");
return accept (s, addr, addrlen);
}