summaryrefslogtreecommitdiffstats
path: root/libc/arch-arm/krait/bionic
diff options
context:
space:
mode:
Diffstat (limited to 'libc/arch-arm/krait/bionic')
-rw-r--r--libc/arch-arm/krait/bionic/memcpy.S26
-rw-r--r--libc/arch-arm/krait/bionic/memset.S24
2 files changed, 49 insertions, 1 deletions
diff --git a/libc/arch-arm/krait/bionic/memcpy.S b/libc/arch-arm/krait/bionic/memcpy.S
index 0cd4d44..f3ae9f3 100644
--- a/libc/arch-arm/krait/bionic/memcpy.S
+++ b/libc/arch-arm/krait/bionic/memcpy.S
@@ -30,6 +30,7 @@
#include <machine/cpu-features.h>
#include <machine/asm.h>
+#include "libc_events.h"
/*
* This code assumes it is running on a processor that supports all arm v7
@@ -37,10 +38,17 @@
* cache line.
*/
+#define CACHE_LINE_SIZE 32
+
.text
.fpu neon
-#define CACHE_LINE_SIZE 32
+ENTRY(__memcpy_chk)
+ cmp r2, r3
+ bgt fortify_check_failed
+
+ // Fall through to memcpy...
+END(__memcpy_chk)
ENTRY(memcpy)
.save {r0, lr}
@@ -143,4 +151,20 @@ ENTRY(memcpy)
ldmfd sp!, {r0, lr}
bx lr
+
+ // Only reached when the __memcpy_chk check fails.
+fortify_check_failed:
+ ldr r0, error_message
+ ldr r1, error_code
+1:
+ add r0, pc
+ bl __fortify_chk_fail
+error_code:
+ .word BIONIC_EVENT_MEMCPY_BUFFER_OVERFLOW
+error_message:
+ .word error_string-(1b+8)
END(memcpy)
+
+ .data
+error_string:
+ .string "memcpy buffer overflow"
diff --git a/libc/arch-arm/krait/bionic/memset.S b/libc/arch-arm/krait/bionic/memset.S
index a2e2d80..4e4788b 100644
--- a/libc/arch-arm/krait/bionic/memset.S
+++ b/libc/arch-arm/krait/bionic/memset.S
@@ -28,6 +28,7 @@
#include <machine/cpu-features.h>
#include <machine/asm.h>
+#include "libc_events.h"
/*
* This code assumes it is running on a processor that supports all arm v7
@@ -37,9 +38,28 @@
.fpu neon
+ENTRY(__memset_chk)
+ cmp r2, r3
+ bls done
+
+ ldr r0, error_message
+ ldr r1, error_code
+1:
+ add r0, pc
+ bl __fortify_chk_fail
+error_code:
+ .word BIONIC_EVENT_MEMSET_BUFFER_OVERFLOW
+error_message:
+ .word error_string-(1b+8)
+
+END(__memset_chk)
+
ENTRY(bzero)
mov r2, r1
mov r1, #0
+
+done:
+ // Fall through to memset...
END(bzero)
/* memset() returns its first argument. */
@@ -79,3 +99,7 @@ ENTRY(memset)
ldmfd sp!, {r0}
bx lr
END(memset)
+
+ .data
+error_string:
+ .string "memset buffer overflow"
generated by cgit v1.1 at 2025-01-09 12:45:37 +0000