1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 * All rights reserved.
4 *
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
7 * are met:
8 * * Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * * Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in
12 * the documentation and/or other materials provided with the
13 * distribution.
14 *
15 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
16 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
17 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
18 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
19 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
20 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
21 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS
22 * OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED
23 * AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY,
24 * OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT
25 * OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
26 * SUCH DAMAGE.
27 */
29 #include <machine/asm.h>
30 #include "private/libc_events.h"
32 .syntax unified
34 .thumb
35 .thumb_func
37 // Get the length of src string, then get the source of the dst string.
38 // Check that the two lengths together don't exceed the threshold, then
39 // do a memcpy of the data.
40 ENTRY(__strcat_chk)
41 pld [r0, #0]
42 push {r0, lr}
43 .save {r0, lr}
44 .cfi_def_cfa_offset 8
45 .cfi_rel_offset r0, 0
46 .cfi_rel_offset lr, 4
47 push {r4, r5}
48 .save {r4, r5}
49 .cfi_adjust_cfa_offset 8
50 .cfi_rel_offset r4, 0
51 .cfi_rel_offset r5, 4
53 mov lr, r2
55 // Save the dst register to r5
56 mov r5, r0
58 // Zero out r4
59 eor r4, r4, r4
61 // r1 contains the address of the string to count.
62 .L_strlen_start:
63 mov r0, r1
64 ands r3, r1, #7
65 beq .L_mainloop
67 // Align to a double word (64 bits).
68 rsb r3, r3, #8
69 lsls ip, r3, #31
70 beq .L_align_to_32
72 ldrb r2, [r1], #1
73 cbz r2, .L_update_count_and_finish
75 .L_align_to_32:
76 bcc .L_align_to_64
77 ands ip, r3, #2
78 beq .L_align_to_64
80 ldrb r2, [r1], #1
81 cbz r2, .L_update_count_and_finish
82 ldrb r2, [r1], #1
83 cbz r2, .L_update_count_and_finish
85 .L_align_to_64:
86 tst r3, #4
87 beq .L_mainloop
88 ldr r3, [r1], #4
90 sub ip, r3, #0x01010101
91 bic ip, ip, r3
92 ands ip, ip, #0x80808080
93 bne .L_zero_in_second_register
95 .p2align 2
96 .L_mainloop:
97 ldrd r2, r3, [r1], #8
99 pld [r1, #64]
101 sub ip, r2, #0x01010101
102 bic ip, ip, r2
103 ands ip, ip, #0x80808080
104 bne .L_zero_in_first_register
106 sub ip, r3, #0x01010101
107 bic ip, ip, r3
108 ands ip, ip, #0x80808080
109 bne .L_zero_in_second_register
110 b .L_mainloop
112 .L_update_count_and_finish:
113 sub r3, r1, r0
114 sub r3, r3, #1
115 b .L_finish
117 .L_zero_in_first_register:
118 sub r3, r1, r0
119 lsls r2, ip, #17
120 bne .L_sub8_and_finish
121 bcs .L_sub7_and_finish
122 lsls ip, ip, #1
123 bne .L_sub6_and_finish
125 sub r3, r3, #5
126 b .L_finish
128 .L_sub8_and_finish:
129 sub r3, r3, #8
130 b .L_finish
132 .L_sub7_and_finish:
133 sub r3, r3, #7
134 b .L_finish
136 .L_sub6_and_finish:
137 sub r3, r3, #6
138 b .L_finish
140 .L_zero_in_second_register:
141 sub r3, r1, r0
142 lsls r2, ip, #17
143 bne .L_sub4_and_finish
144 bcs .L_sub3_and_finish
145 lsls ip, ip, #1
146 bne .L_sub2_and_finish
148 sub r3, r3, #1
149 b .L_finish
151 .L_sub4_and_finish:
152 sub r3, r3, #4
153 b .L_finish
155 .L_sub3_and_finish:
156 sub r3, r3, #3
157 b .L_finish
159 .L_sub2_and_finish:
160 sub r3, r3, #2
162 .L_finish:
163 cmp r4, #0
164 bne .L_strlen_done
166 // Time to get the dst string length.
167 mov r1, r5
169 // Save the original source address to r5.
170 mov r5, r0
172 // Save the current length (adding 1 for the terminator).
173 add r4, r3, #1
174 b .L_strlen_start
176 // r0 holds the pointer to the dst string.
177 // r3 holds the dst string length.
178 // r4 holds the src string length + 1.
179 .L_strlen_done:
180 add r2, r3, r4
181 cmp r2, lr
182 bhi __strcat_chk_failed
184 // Set up the registers for the memcpy code.
185 mov r1, r5
186 pld [r1, #64]
187 mov r2, r4
188 add r0, r0, r3
189 pop {r4, r5}
190 END(__strcat_chk)
192 #define MEMCPY_BASE __strcat_chk_memcpy_base
193 #define MEMCPY_BASE_ALIGNED __strcat_chk_memcpy_base_aligned
195 #include "memcpy_base.S"
197 ENTRY_PRIVATE(__strcat_chk_failed)
198 .save {r0, lr}
199 .save {r4, r5}
201 .cfi_def_cfa_offset 8
202 .cfi_rel_offset r0, 0
203 .cfi_rel_offset lr, 4
204 .cfi_adjust_cfa_offset 8
205 .cfi_rel_offset r4, 0
206 .cfi_rel_offset r5, 4
208 ldr r0, error_message
209 ldr r1, error_code
210 1:
211 add r0, pc
212 bl __fortify_chk_fail
213 error_code:
214 .word BIONIC_EVENT_STRCAT_BUFFER_OVERFLOW
215 error_message:
216 .word error_string-(1b+4)
217 END(__strcat_chk_failed)
219 .data
220 error_string:
221 .string "strcat: prevented write past end of buffer"