Loading...
--- libmalloc/libmalloc-474.0.13/src/malloc_common.c
+++ libmalloc/libmalloc-646.40.3/src/malloc_common.c
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2018 Apple Inc. All rights reserved.
+ * Copyright (c) 2018-2023 Apple Inc. All rights reserved.
*
* @APPLE_LICENSE_HEADER_START@
*
@@ -20,20 +20,22 @@
*
* @APPLE_LICENSE_HEADER_END@
*/
+
#include "internal.h"
#pragma mark -
#pragma mark Utility Functions
// libplatform does not have strstr() and we don't want to add any new
-// dependencies on libc, so we have to implement a version of strntr()
+// dependencies on libc, so we have to implement a version of strstr()
// here. Fortunately, as it's only used to look for boot arguments, it does not
// have to be efficient. We can also assume that the source string is
// nul-terminated. Eventually, we will move the function to a more central
// location and use it to replace other uses of strstr().
-const char *
-malloc_common_strstr(const char *src, const char *target, size_t target_len)
-{
+const char * __null_terminated
+malloc_common_strstr(const char * __null_terminated src, const char * __counted_by(target_len) target, size_t target_len)
+{
+#if !MALLOC_TARGET_EXCLAVES
const char *next = src;
while (*next) {
if (!strncmp(next, target, target_len)) {
@@ -42,6 +44,9 @@
next++;
}
return NULL;
+#else
+ return strstr(src, __unsafe_null_terminated_from_indexable(target, target + target_len));
+#endif // MALLOC_TARGET_EXCLAVES
}
// Converts a string to a long. If a non-numeric value is found, the
@@ -52,8 +57,9 @@
// replace the existing calls to strtol(). Currenly only handles non-negative
// numbers and does not detect overflow.
long
-malloc_common_convert_to_long(const char *ptr, const char **end_ptr)
-{
+malloc_common_convert_to_long(const char * __null_terminated ptr, const char * __null_terminated *end_ptr)
+{
+#if !MALLOC_TARGET_EXCLAVES
long value = 0;
while (*ptr) {
char c = *ptr;
@@ -65,18 +71,24 @@
}
*end_ptr = ptr;
return value;
+#else
+ return strtol(ptr, (char * __null_terminated *)end_ptr, 10);
+#endif // MALLOC_TARGET_EXCLAVES
}
// Looks for a sequence of the form "key=value" in the string 'src' and
// returns the location of the first character of 'value', or NULL if not
// found. No spaces are permitted around the "=".
-const char *
-malloc_common_value_for_key(const char *src, const char *key)
-{
- const char *ptr = src;
+const char * __null_terminated
+malloc_common_value_for_key(const char * __null_terminated src, const char * __null_terminated key)
+{
+ const char * __null_terminated ptr = src;
size_t keylen = strlen(key);
- while ((ptr = malloc_common_strstr(ptr, key, keylen)) != NULL) {
- ptr += keylen;
+ while ((ptr = malloc_common_strstr(ptr, __unsafe_forge_bidi_indexable(const char *, key, keylen), keylen)) != NULL) {
+ // Workaround for indexable pointers being incrementable by one only
+ for (size_t i = 0; i < keylen; ++i) {
+ ++ptr;
+ }
if (*ptr == '=') {
return ptr + 1;
}
@@ -89,30 +101,32 @@
// permitted around the "=". The value is copied to 'bufp', up to the first
// whitespace or nul character and bounded by maxlen, and nul-terminated.
// Returns bufp if the key was found, NULL if not.
-const char *
-malloc_common_value_for_key_copy(const char *src, const char *key,
- char *bufp, size_t maxlen)
-{
- const char *ptr = malloc_common_value_for_key(src, key);
+const char * __null_terminated
+malloc_common_value_for_key_copy(const char * __null_terminated src, const char * __null_terminated key,
+ char * __counted_by(maxlen) bufp, size_t maxlen)
+{
+ const char * __null_terminated ptr = malloc_common_value_for_key(src, key);
if (ptr) {
- char *to = bufp;
- while (maxlen > 1) { // Always leave room for a '\0'
+ size_t to_len = maxlen;
+ char * __counted_by(to_len) to = bufp;
+ while (to_len > 1) { // Always leave room for a '\0'
char c = *ptr++;
if (c == '\0' || c == ' ' || c == '\t' || c == '\n') {
break;
}
- *to++ = c;
- maxlen--;
+ *to = c;
+ ++to;
+ to_len--;
}
*to = '\0'; // Always nul-terminate
- return bufp;
+ return __unsafe_null_terminated_from_indexable(bufp, to);
}
return NULL;
}
unsigned
malloc_zone_batch_malloc_fallback(malloc_zone_t *zone, size_t size,
- void **results, unsigned num_requested)
+ void * __unsafe_indexable * __counted_by(num_requested) results, unsigned num_requested)
{
unsigned allocated;
for (allocated = 0; allocated < num_requested; allocated++) {
@@ -128,14 +142,15 @@
}
void
-malloc_zone_batch_free_fallback(malloc_zone_t *zone, void **to_be_freed,
+malloc_zone_batch_free_fallback(malloc_zone_t *zone,
+ void * __unsafe_indexable * __counted_by(count) to_be_freed,
unsigned count)
{
for (unsigned i = 1; i <= count; i++) {
// Note: we iterate backward because nano and magazine malloc both do,
// although that seems likely to just be a vestigial codegen
// optimization for ancient non-optimizing compilers
- void *ptr = to_be_freed[count - i];
+ void * __unsafe_indexable ptr = to_be_freed[count - i];
if (ptr) {
zone->free(zone, ptr);
}
@@ -147,3 +162,42 @@
{
return 0;
}
+
+#if !MALLOC_TARGET_EXCLAVES && !MALLOC_TARGET_EXCLAVES_INTROSPECTOR
+
+#if CONFIG_CHECK_PLATFORM_BINARY
+// Avoid conditioning on this if at all possible
+bool malloc_is_platform_binary = true;
+#endif // CONFIG_CHECK_PLATFORM_BINARY
+
+// Use malloc_is_platform_binary instead
+bool
+_malloc_is_platform_binary(void)
+{
+ uint32_t flags = 0;
+ int err = csops(getpid(), CS_OPS_STATUS, &flags, sizeof(flags));
+ if (err) {
+ return false;
+ }
+ return (flags & CS_PLATFORM_BINARY);
+}
+
+#if CONFIG_CHECK_SECURITY_POLICY
+bool malloc_internal_security_policy = false;
+#endif // CONFIG_CHECK_SECURITY_POLICY
+
+bool
+_malloc_allow_internal_security_policy(void)
+{
+#if TARGET_OS_SIMULATOR
+ return true;
+#elif defined(_COMM_PAGE_DEV_FIRM)
+ return !!*((uint32_t *)_COMM_PAGE_DEV_FIRM);
+#else
+ // For backwards compatibility on x86, where we don't have that comm page
+ // bit, keep parsing the environment variables as we did before
+ return true;
+#endif
+}
+
+#endif // !MALLOC_TARGET_EXCLAVES && !MALLOC_TARGET_EXCLAVES_INTROSPECTOR