thestinger

// This double-free is detected with 100% reliability in CopperheadOS via the
// malloc quarantine. The malloc quarantine uses a ring buffer to provide a
// guaranteed baseline delay and a hash table for detecting double frees. A
// double free can also be detected after allocations are flushed from the
// quarantine, but only if the slot is still free.
//
// /data/data/test/test(688) in free(): error: double free 0x8e503300
// Aborted

#include <stdlib.h>

thestinger

// Clang is clever enough to optimize out these malloc and free calls.

#include <stdio.h>
#include <stdlib.h>

int main(void) {
  void *ptr = malloc(16);
  if (!ptr) {
    puts("side effect");
    return 1;

thestinger

From 90af9982190cc4ff4d4a8d5c1e3eac53b67ac27c Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Thu, 27 Oct 2016 22:25:21 -0400
Subject: [PATCH] turbostat: add support for printing Vcore values

---
 tools/power/x86/turbostat/turbostat.c | 17 +++++++++++++++++
 1 file changed, 17 insertions(+)

diff --git a/tools/power/x86/turbostat/turbostat.c b/tools/power/x86/turbostat/turbostat.c

thestinger

#include <linux/futex.h>
#include <syscall.h>
#include <time.h>
#include <unistd.h>

#include "mutex.h"

#define unlikely(x) __builtin_expect(!!(x), 0)

static int sys_futex(void *uaddr, int op, int val1, struct timespec *timeout, void *uaddr2,

thestinger

The Neglected Android Open Source Project

What is the Android Open Source Project?

The Android Open Source Project is essentially the Android source code for Nexus devices and the Pixel C. However, it's somewhat different from the internal source tree used to build stock Android for those devices.

It's important to note that it's only closely tied to the internal source code for stable releases. The master branch of AOSP does not closely track the internal development. The internal work is released as part of a stable update, and then merged into the AOSP master branch afterwards. AOSP master and the internal source tree are repeatedly merged into each other to some extent during a year of development, as some work happens out in the open (lots of the low-level userspace work) while other work happens internally. For some repositories, there's substantial amounts of both. The merges are primarily from AOSP into the internal tree until new stable source code is released. These strange workflows result

thestinger

// gcc -O2 -D_FORTIFY_SOURCE

#include <stdlib.h>
#include <string.h>

int main(void) {
  char dst[4];
  char src[5] = {};
  memcpy(dst, src, atoi("5"));
}

thestinger

From 02f8db1d34c6979c72a8e5c9992398d7a948d36f Mon Sep 17 00:00:00 2001
From: Daniel Micay <danielmicay@gmail.com>
Date: Sun, 13 Sep 2015 20:40:56 -0400
Subject: [PATCH] add an isolated region for dynamic libraries

---
 linker/linker.cpp      | 134 ++++++++++++++++++++++++++++++++++++++++++++++++-
 linker/linker.h        |   2 +
 linker/linker_phdr.cpp |  13 +++--
 3 files changed, 145 insertions(+), 4 deletions(-)

thestinger

#include <stdio.h>
#include <stdint.h>
#include <stdlib.h>
#include <stddef.h>
#include <string.h>

int main() {
  char *p = malloc(64);
  if (!p)
    return 1;

thestinger

strcat@thinktank i ~/android/aosp master % find -iname '*.mk' -exec grep 'LOCAL_SANITIZE.*integer' {} +
./external/libgdx/gdx/jni/Android.mk:LOCAL_SANITIZE := unsigned-integer-overflow signed-integer-overflow
./system/core/init/Android.mk:LOCAL_SANITIZE := integer
./system/core/sdcard/Android.mk:LOCAL_SANITIZE := integer
./system/core/fs_mgr/Android.mk:LOCAL_SANITIZE := integer
./system/extras/libfec/test/Android.mk:LOCAL_SANITIZE := integer
./system/extras/libfec/test/Android.mk:LOCAL_SANITIZE := integer
./system/extras/verity/fec/Android.mk:LOCAL_SANITIZE := integer
./system/extras/verity/Android.mk:LOCAL_SANITIZE := integer
./system/security/keystore/Android.mk:LOCAL_SANITIZE := integer

thestinger

unlocking requirement in stock Android:

- cast
- location

unlocking requirement added:

- bt
- nfc
- airplane