diff options
author | The Android Open Source Project <initial-contribution@android.com> | 2008-10-21 07:00:00 -0700 |
---|---|---|
committer | The Android Open Source Project <initial-contribution@android.com> | 2008-10-21 07:00:00 -0700 |
commit | a09f917d93140479fd7964892dd38d3a86c42b7a (patch) | |
tree | 8758a973d75e1b4db5a1ddb8f49b01460705f442 | |
parent | 4fd37285a5ca04b18307255139e71603f55fd2fd (diff) | |
download | safe-iop-a09f917d93140479fd7964892dd38d3a86c42b7a.tar.gz |
Initial Contributionandroid-1.0release-1.0cdma-import
-rw-r--r-- | Android.mk | 28 | ||||
-rw-r--r-- | MODULE_LICENSE_BSD_LIKE | 0 | ||||
-rw-r--r-- | Makefile | 44 | ||||
-rw-r--r-- | NOTICE | 16 | ||||
-rw-r--r-- | README | 136 | ||||
-rw-r--r-- | examples/askme.c | 20 | ||||
-rw-r--r-- | include/safe_iop.h | 2 | ||||
-rw-r--r-- | src/safe_iop.c | 2 | ||||
-rw-r--r-- | testsuite/Android.mk | 30 |
9 files changed, 76 insertions, 202 deletions
diff --git a/Android.mk b/Android.mk new file mode 100644 index 0000000..e3f2c27 --- /dev/null +++ b/Android.mk @@ -0,0 +1,28 @@ +# Copyright (C) 2008 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + + +LOCAL_PATH:= $(call my-dir) +include $(CLEAR_VARS) + +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH)/include + +LOCAL_SRC_FILES := src/safe_iop.c + +LOCAL_MODULE := libsafe_iop + +include $(BUILD_STATIC_LIBRARY) + +include $(LOCAL_PATH)/testsuite/Android.mk diff --git a/MODULE_LICENSE_BSD_LIKE b/MODULE_LICENSE_BSD_LIKE new file mode 100644 index 0000000..e69de29 --- /dev/null +++ b/MODULE_LICENSE_BSD_LIKE diff --git a/Makefile b/Makefile deleted file mode 100644 index 499c813..0000000 --- a/Makefile +++ /dev/null @@ -1,44 +0,0 @@ -# -# safe_iop - Makefile -# -# Author:: Will Drewry <redpig@dataspill.org> -# Copyright 2007,2008 redpig@dataspill.org -# Some portions copyright 2008 Google Inc. -# -# Unless required by applicable law or agreed to in writing, software -# distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS -# OF ANY KIND, either express or implied. -# - -CC = gcc -VERSION = 0.3 -TESTNAME = safe_iop_test -# For sparc64, _only_ use -O1 or -O0 -CFLAGS = -Wall -O2 -Iinclude -SOURCES = src/safe_iop.c - -all: $(TESTNAME) - -# This may be built as a library or directly included in source. -# Unless support for safe_iopf is needed, header inclusion is enough. - -$(TESTNAME): src/safe_iop.c include/safe_iop.h - $(CC) $(CFLAGS) -DNDEBUG=1 -DSAFE_IOP_TEST=1 $(SOURCES) -o $@ - -askme: examples/askme.c include/safe_iop.h - $(CC) $(CFLAGS) examples/askme.c -o $@ - -so: src/safe_iop.c include/safe_iop.h - $(CC) -shared -Wl,-soname,libsafe_iop.so.$(VERSION) $(CFLAGS) $(SOURCES) -o libsafe_iop.so.$(VERSION) - -dylib: src/safe_iop.c include/safe_iop.h - $(CC) -dynamiclib -Wl,-headerpad_max_install_names,-undefined,dynamic_lookup,-compatibility_version,$(VERSION),-current_version,$(VERSION),-install_name,/usr/local/lib/libsafe_iop.$(VERSION).dylib $(CFLAGS) $(SOURCES) -o libsafe_iop.$(VERSION).dylib - - -test: $(TESTNAME) - @./$(TESTNAME) - @rm $(TESTNAME) - -clean: - rm $(TESTNAME) - @@ -0,0 +1,16 @@ +/* + * Copyright (c) 2007,2008 Will Drewry <redpig@dataspill.org> + * Some portions contributed by Google Inc., 2008. + * + * Permission to use, copy, modify, and distribute this software for any + * purpose with or without fee is hereby granted, provided that the above + * copyright notice and this permission notice appear in all copies. + * + * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES + * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF + * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR + * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES + * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN + * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF + * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. + */ @@ -1,136 +0,0 @@ -safe_iop - a safe integer operation library for C -Will Drewry <redpig@dataspill.org> - -= Copyright and Licensing -Copyright 2007-2008, Will Drewry <redpig@dataspill.org> -Some portions copyright 2008 Google Inc -Released into the public domain with no warranty and no guarantees - -= Introduction - -Unsafe integer operations are a major cause of software defects even in modern -day software. C is the underlying language for most high level languages -(Ruby, Python, Java, etc) in addition to being in widespread general use. -C is a preferred language for high performance programming and is -often used for media file parsing and manipulation. - -Integer overflows occur when the calculated integer requires more storage from -the computing platform than is available. If a number is too large, not all of -its information can be stored. This has dangerous side effects. For a detailed -and thorough discussion on integer overflows, please check out CERT's website -on Secure Coding[1] and even Wikipedia[2]. - -[1] https://www.securecoding.cert.org/confluence/display/seccode/CERT+C+Secure+Coding+Standard -[2] http://en.wikipedia.org/wiki/Integer_overflow - - -= Requirements - -safe_iop was designed explicitly with GNU GCC in mind and has only been tested -with it. Your mileage may vary. Please let me know if it works for you with -different compilers or on different platforms, and I'll update the Compatibility -section below! - -In addition, your system must supply limits.h and assert.h for safe_iop to -function as expected. It is possible to remove the dependence on both, but it -breaks general portability. - -= Usage - -safe_iop comes in two pieces, safe_iop.h and safe_iop.c. safe_iop.h provides -extensive macros for performing safe integer operations quickly and easily. -safe_iop.c contains some testing code to make sure the package works on your -system and a preliminary format string interface, safe_iopf. safe_iopf is not -for the faint of heart as it is currently under development. The remainder of -this document will focus on safe_iop.h. - -In order to use safe_iop, you will need to place safe_iop.h in your compiler's -include path either by copying it somewhere like /usr/include, using an include -flag -I/opt/safe_iop/include, or whatever other way you prefer. You will then -need to include the header in the source file you will use the functions from. -E.g., #include <safe_iop.h> - -safe_iop provides macros which check the validity of a given integer operation. -It supports the following operations: -- multiplication: safe_mul() -- division: safe_div() -- addition: safe_add() -- subtraction: safe_sub() - -All of these macros take a result pointer, or NULL, as the first argument. The -subsequent argument should be the two values to operate on. They then return -true or false depending on if the operation is safe or not. (If NULL is given, -a true or false value will be returned.) - - uint32_t a = 100, b = 200, c = 0; - if (safe_mul(&c, a, b)) printf("c is %u\n", c); - -In addition, there are versions of these functions for multiple sequential operations: - - uint32_t a = 100, b = 200, c = 300, d = 0; - if (safe_mul3(&d, a, b, c)) printf("d is %u\n", d); - -safe_<op>3-5() are all available. - -It is important to note that if the types of integers passed to safe_iop do not -match, the operation will return false (0) with -DNDEBUG defined. If it is not -defined, assert() is called and the program will abort if these mismatch is -seen! - -For example, - uint32_t a = 100, c = 0; - uint8_t b = 20; - if (safe_add(&c, a, b)) /* I will return false! */ - - -Examples can be found in the examples/ directory. - -== safe_iopf - -If you'd like to use the format string function, do so at your own peril :-) -If you like it and would like to send me a patch to make it awesome, I'd -appreciate it! To use, just include the c file in your build, or build the -shared library and link it to your app: - make so # or make dylib for OS X - ... - gcc yourapp.c ... -lsafe_iop - -More to come! - -= Compatibility - -Tests pass on the following platforms: - -- OS X Tiger, x86, GNU GCC 4.0.1 -- OS X Leopard, x86, GNU GCC 4.0.1 -- GNU/Linux, x86, GNU GCC 4.0.3 -- GNU/Linux, x86_64, GNU GCC 4.0.3 -- OpenBSD, VAX, GNU GCC 2.95.3 -- OpenBSD, sparc, GNU GCC 2.95.3 -- OpenBSD, alpha, GNU GCC 3.3.5 -- OpenBSD, sparc, GNU GCC 2.95.3 -- OpenBSD, macppc, GNU GCC 3.3.5 -- OpenBSD, arm, GNU GCC 3.3.5 -~ OpenBSD, sparc64, GNU GCC 3.3.5 [1] - -[1] For sparc64, there is an optimization bug which causes tests to fail if - -O<level> exceeds 1. - -= Credit where credit is do - -- The functions used in this library were largely drawn from the examples - provided in CERT's secure coding standard. -- Thanks to peter@valchev.net for reviews, comments, enthusiasm, and multiple - platform tests! -- Thanks to taviso@sdf.lonestar.org for the pointing out stupid API decisions - and cross-checking my logic. - -= Changes - -The changes and todo list can be found in include/safe_iop.h - -= Contributions, corrections, suggestions, flames . . . - -Please drop me an email if I'm doing something completely stupid, you love -using the library, you have a patch or recommendation, or for whatever other -reason. I hope this software helps out a bit! diff --git a/examples/askme.c b/examples/askme.c deleted file mode 100644 index dcb4267..0000000 --- a/examples/askme.c +++ /dev/null @@ -1,20 +0,0 @@ -#include <stdio.h> /* for printf, fgets */ -#include <stdlib.h> /* for atoi */ -#include <stdint.h> /* for uint32_t */ -#include <safe_iop.h> /* for awesomeness */ - -int main(int argc, char **argv) { - char buf[1024]; - uint32_t width = 0, height = 0, pixels = 0; - printf("Please specify the width of the new image: "); - width = strtoul(fgets(buf, 1023, stdin), NULL, 10); - printf("Please specify the height of the new image: "); - height = strtoul(fgets(buf, 1023, stdin), NULL, 10); - if (safe_mul(&pixels, width, height)) { - printf("The resulting image will have %u pixels.\n", pixels); - return 0; - } else { - printf("Image size specified exceeds maximum size!\n"); - return 1; - } -} diff --git a/include/safe_iop.h b/include/safe_iop.h index bb3b8c4..0b558ca 100644 --- a/include/safe_iop.h +++ b/include/safe_iop.h @@ -2,7 +2,7 @@ * License:: released in to the public domain * Author:: Will Drewry <redpig@dataspill.org> * Copyright 2007,2008 redpig@dataspill.org - * Some portions copyright Google Inc, 2008. + * Some portions copyright The Android Open Source Project * * Unless required by applicable law or agreed to in writing, software * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS diff --git a/src/safe_iop.c b/src/safe_iop.c index adbe37c..1c8943b 100644 --- a/src/safe_iop.c +++ b/src/safe_iop.c @@ -2,7 +2,7 @@ * License:: released in to the public domain * Author:: Will Drewry <redpig@dataspill.org> * Copyright 2007,2008 redpig@dataspill.org - * Some portions copyright Google Inc, 2008. + * Some portions copyright The Android Open Source Project * * Unless required by applicable law or agreed to in writing, software * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS diff --git a/testsuite/Android.mk b/testsuite/Android.mk new file mode 100644 index 0000000..5039fc9 --- /dev/null +++ b/testsuite/Android.mk @@ -0,0 +1,30 @@ +# Copyright (C) 2008 The Android Open Source Project +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +LOCAL_PATH:= $(call my-dir) +include $(CLEAR_VARS) + +LOCAL_C_INCLUDES := \ + $(LOCAL_PATH)/../include + +# TODO: make the test use the compiled static lib. +LOCAL_SRC_FILES := ../src/safe_iop.c +LOCAL_CFLAGS := -DSAFE_IOP_TEST=1 -DNDEBUG=1 + +LOCAL_MODULE_PATH := $(TARGET_OUT_OPTIONAL_EXECUTABLES) +LOCAL_MODULE_TAGS := test + +LOCAL_MODULE := safe_iop_test + +include $(BUILD_EXECUTABLE) |