A Hidden Weakness

Summary

A Hidden Weakness This is the story of a bug hunt that lasted much longer than expected, but ended with the dearest of all treasures: knowledge. Let's draw some context: the Android platform defines different API levels. Unsurprisingly, some symbols are only defined starting with a given API version. For instance, ASystemFontIterator_open is only available starting at API 29. Unconditionally trying to use ASystemFontIterator_open while targeting an API older than 29 leads to a linker error (an undefined reference), which makes sense because the symbol, well, does not exist at that API level. So a native application that wants to use this symbol can either refuse to run on older API, or use a combination of dlopen and dlsym to dynamically lookup for the symbol and provide a fallback if it does not exist. The latter approach is used on Fenix, the Android version of Firefox. Introducing __ANDROID_UNAVAILABLE_SYMBOLS_ARE_WEAK__ As an alternative to the features from <dlfcn.h>, Android build system makes it possible to define -D__ANDROID_UNAVAILABLE_SYMBOLS_ARE_WEAK__, combine it with a compiler check through -Werror=unguarded-availability and a runtime check through __builtin_available. Here is an example: // The header that defines ASystemFontIterator_open. #include <android/system_fonts.h> ... // Runtime check for API level if (__builtin_available(android 29, *)) { /* Reference to the actual symbol. Does not fail at link time because an alternative weak definition is always provided by <android/system_fonts.h>*/ auto *iterator = ASystemFontIterator_open(); ... } There's a lot happening there, so let's dive in the wilderness of compiler extensions. <android/system_fonts.h> ASystemFontIterator_open is defined in <android/system_fonts.h> as: ASystemFontIterator* _Nullable ASystemFontIterator_open() __INTRODUCED_IN(29); The _Nullable attribute is an interesting topic, but it's a side quest we're not going to explore today. The macro function __INTRODUCED_IN(...) is define...