2013-04-29 23:07:06 +02:00
|
|
|
/*
|
|
|
|
* Copyright (C) 2013 The Android Open Source Project
|
|
|
|
*
|
|
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
|
|
* you may not use this file except in compliance with the License.
|
|
|
|
* You may obtain a copy of the License at
|
|
|
|
*
|
|
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
|
|
*
|
|
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
|
|
* See the License for the specific language governing permissions and
|
|
|
|
* limitations under the License.
|
|
|
|
*/
|
|
|
|
|
2016-02-03 02:13:03 +01:00
|
|
|
// -Werror is on whether we like it or not, and we're intentionally doing awful
|
|
|
|
// things in this file. GCC is dumb and doesn't have a specific error class for
|
|
|
|
// the fortify failures (it's just -Werror), so we can't use anything more
|
|
|
|
// constrained than disabling all the warnings in the file :( It also won't let
|
|
|
|
// us use system_header in a .cpp file, so we have to #include this from
|
|
|
|
// fortify_test_main.cpp.
|
|
|
|
#pragma GCC system_header
|
|
|
|
|
2013-04-29 23:07:06 +02:00
|
|
|
#include <gtest/gtest.h>
|
2014-11-06 03:01:01 +01:00
|
|
|
#include "BionicDeathTest.h"
|
|
|
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
#include <malloc.h>
|
2015-02-02 18:15:19 +01:00
|
|
|
#include <poll.h>
|
2013-12-21 03:43:21 +01:00
|
|
|
#include <signal.h>
|
2013-06-27 17:58:14 +02:00
|
|
|
#include <stdarg.h>
|
2014-11-06 03:01:01 +01:00
|
|
|
#include <string.h>
|
2013-09-25 01:32:07 +02:00
|
|
|
#include <sys/socket.h>
|
2014-11-06 03:01:01 +01:00
|
|
|
#include <sys/stat.h>
|
|
|
|
#include <sys/types.h>
|
2015-02-04 02:52:32 +01:00
|
|
|
#include <time.h>
|
2013-04-29 23:07:06 +02:00
|
|
|
|
2015-02-02 20:18:58 +01:00
|
|
|
#if __BIONIC__
|
|
|
|
#define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
|
|
|
|
#else
|
|
|
|
#define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
|
|
|
|
#endif
|
|
|
|
|
2014-11-06 03:01:01 +01:00
|
|
|
// Fortify test code needs to run multiple times, so TEST_NAME macro is used to
|
|
|
|
// distinguish different tests. TEST_NAME is defined in compilation command.
|
2013-06-28 19:34:09 +02:00
|
|
|
#define DEATHTEST_PASTER(name) name##_DeathTest
|
|
|
|
#define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
|
|
|
|
#define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
|
|
|
|
|
2014-11-06 03:01:01 +01:00
|
|
|
class DEATHTEST : public BionicDeathTest {};
|
2014-07-23 22:56:23 +02:00
|
|
|
|
2013-06-28 19:34:09 +02:00
|
|
|
#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
|
2013-04-29 23:07:06 +02:00
|
|
|
struct foo {
|
2013-06-03 19:58:06 +02:00
|
|
|
char empty[0];
|
|
|
|
char one[1];
|
2013-04-29 23:07:06 +02:00
|
|
|
char a[10];
|
|
|
|
char b[10];
|
|
|
|
};
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, stpncpy_fortified2) {
|
2014-04-04 23:38:18 +02:00
|
|
|
foo myfoo;
|
|
|
|
int copy_amt = atoi("11");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
|
2014-04-04 23:38:18 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, stpncpy2_fortified2) {
|
2014-04-04 23:38:18 +02:00
|
|
|
foo myfoo;
|
|
|
|
memset(&myfoo, 0, sizeof(myfoo));
|
|
|
|
myfoo.one[0] = 'A'; // not null terminated string
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
|
2014-04-04 23:38:18 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncpy_fortified2) {
|
2013-04-29 23:07:06 +02:00
|
|
|
foo myfoo;
|
|
|
|
int copy_amt = atoi("11");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
|
2013-04-29 23:07:06 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncpy2_fortified2) {
|
2013-08-28 19:47:43 +02:00
|
|
|
foo myfoo;
|
|
|
|
memset(&myfoo, 0, sizeof(myfoo));
|
|
|
|
myfoo.one[0] = 'A'; // not null terminated string
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
|
2013-08-28 19:47:43 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, sprintf_fortified2) {
|
2013-04-30 01:29:37 +02:00
|
|
|
foo myfoo;
|
|
|
|
char source_buf[15];
|
|
|
|
memcpy(source_buf, "12345678901234", 15);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
|
2013-04-30 01:29:37 +02:00
|
|
|
}
|
|
|
|
|
2014-10-06 02:39:47 +02:00
|
|
|
TEST_F(DEATHTEST, sprintf2_fortified2) {
|
|
|
|
foo myfoo;
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
|
2014-10-06 02:39:47 +02:00
|
|
|
}
|
|
|
|
|
2013-06-27 17:58:14 +02:00
|
|
|
static int vsprintf_helper2(const char *fmt, ...) {
|
|
|
|
foo myfoo;
|
|
|
|
va_list va;
|
|
|
|
int result;
|
|
|
|
|
|
|
|
va_start(va, fmt);
|
|
|
|
result = vsprintf(myfoo.a, fmt, va); // should crash here
|
|
|
|
va_end(va);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, vsprintf_fortified2) {
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
|
2013-06-27 17:58:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, vsprintf2_fortified2) {
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
|
2013-06-27 17:58:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static int vsnprintf_helper2(const char *fmt, ...) {
|
|
|
|
foo myfoo;
|
|
|
|
va_list va;
|
|
|
|
int result;
|
|
|
|
size_t size = atoi("11");
|
|
|
|
|
|
|
|
va_start(va, fmt);
|
|
|
|
result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
|
|
|
|
va_end(va);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, vsnprintf_fortified2) {
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
|
2013-06-27 17:58:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, vsnprintf2_fortified2) {
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
|
2013-06-27 17:58:14 +02:00
|
|
|
}
|
|
|
|
|
2014-04-04 23:38:18 +02:00
|
|
|
// zero sized target with "\0" source (should fail)
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, stpcpy_fortified2) {
|
2014-04-04 23:38:18 +02:00
|
|
|
#if defined(__BIONIC__)
|
|
|
|
foo myfoo;
|
|
|
|
char* src = strdup("");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
|
2014-04-04 23:38:18 +02:00
|
|
|
free(src);
|
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
|
|
|
}
|
|
|
|
|
2013-06-03 19:58:06 +02:00
|
|
|
// zero sized target with "\0" source (should fail)
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcpy_fortified2) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-03 19:58:06 +02:00
|
|
|
foo myfoo;
|
|
|
|
char* src = strdup("");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcpy(myfoo.empty, src));
|
2013-06-03 19:58:06 +02:00
|
|
|
free(src);
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-03 19:58:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// zero sized target with longer source (should fail)
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcpy2_fortified2) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-03 19:58:06 +02:00
|
|
|
foo myfoo;
|
|
|
|
char* src = strdup("1");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcpy(myfoo.empty, src));
|
2013-06-03 19:58:06 +02:00
|
|
|
free(src);
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-03 19:58:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// one byte target with longer source (should fail)
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcpy3_fortified2) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-03 19:58:06 +02:00
|
|
|
foo myfoo;
|
|
|
|
char* src = strdup("12");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcpy(myfoo.one, src));
|
2013-06-03 19:58:06 +02:00
|
|
|
free(src);
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-03 19:58:06 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strchr_fortified2) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-04-20 01:54:22 +02:00
|
|
|
foo myfoo;
|
|
|
|
memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
|
|
|
|
myfoo.b[0] = '\0';
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
|
libc: add const-correct string.h overloads
libcxx provides const-correct overloads for a few string.h functions.
These overloads use clang's enable_if attribute, so they're preferred
over our FORTIFY'ed equivalents.
This weakens _FORTIFY_SOURCE=2 when used with some of these functions,
since clang needs to see __pass_object_size in order to pass an accurate
result for __builtin_object_size(s, 1) at a callsite. Since those
functions don't have __pass_object_size on their params, clang can't do
that. This makes LLVM lower the __builtin_object_size calls, which means
we get the same result as __builtin_object_size(s, 0).
We have to provide all of the overloads in Bionic, since enable_if is
only used to disambiguate overloads with (otherwise) the same type. In
other words:
// overload 1
char *strchr(const char *, int s) __attribute__((enable_if(1, "")));
// overload 2
char *strchr(char *, int s);
void foo() {
char cs[1] = {};
strchr(static_cast<const char *>(cs), '\0'); // calls overload #1.
strchr(cs, '\0'); // calls overload #2.
}
Bug: 34747525
Test: m checkbuild on bullhead internal master + AOSP. vts -m
BionicUnitTests passes on both. Surprisingly, the only code that this
seems to break is contained in Bionic.
Change-Id: Ie406f42fb3d1c5bf940dc857889876fc39b57c90
2017-04-05 02:34:02 +02:00
|
|
|
ASSERT_FORTIFY(printf("%s", strchr(static_cast<const char*>(myfoo.a), 'a')));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-04-20 01:54:22 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strrchr_fortified2) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-05-01 23:55:33 +02:00
|
|
|
foo myfoo;
|
|
|
|
memcpy(myfoo.a, "0123456789", 10);
|
|
|
|
memcpy(myfoo.b, "01234", 6);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
|
libc: add const-correct string.h overloads
libcxx provides const-correct overloads for a few string.h functions.
These overloads use clang's enable_if attribute, so they're preferred
over our FORTIFY'ed equivalents.
This weakens _FORTIFY_SOURCE=2 when used with some of these functions,
since clang needs to see __pass_object_size in order to pass an accurate
result for __builtin_object_size(s, 1) at a callsite. Since those
functions don't have __pass_object_size on their params, clang can't do
that. This makes LLVM lower the __builtin_object_size calls, which means
we get the same result as __builtin_object_size(s, 0).
We have to provide all of the overloads in Bionic, since enable_if is
only used to disambiguate overloads with (otherwise) the same type. In
other words:
// overload 1
char *strchr(const char *, int s) __attribute__((enable_if(1, "")));
// overload 2
char *strchr(char *, int s);
void foo() {
char cs[1] = {};
strchr(static_cast<const char *>(cs), '\0'); // calls overload #1.
strchr(cs, '\0'); // calls overload #2.
}
Bug: 34747525
Test: m checkbuild on bullhead internal master + AOSP. vts -m
BionicUnitTests passes on both. Surprisingly, the only code that this
seems to break is contained in Bionic.
Change-Id: Ie406f42fb3d1c5bf940dc857889876fc39b57c90
2017-04-05 02:34:02 +02:00
|
|
|
ASSERT_FORTIFY(printf("%s", strrchr(static_cast<const char*>(myfoo.a), 'a')));
|
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(DEATHTEST, memchr_fortified2) {
|
|
|
|
#if defined(__BIONIC__)
|
|
|
|
foo myfoo;
|
|
|
|
volatile int asize = sizeof(myfoo.a) + 1;
|
|
|
|
memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
|
|
|
|
ASSERT_FORTIFY(printf("%s", memchr(myfoo.a, 'a', asize)));
|
|
|
|
ASSERT_FORTIFY(printf("%s", memchr(static_cast<const void*>(myfoo.a), 'a', asize)));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-05-01 23:55:33 +02:00
|
|
|
}
|
2013-06-20 21:17:44 +02:00
|
|
|
|
2017-11-09 06:22:44 +01:00
|
|
|
TEST_F(DEATHTEST, memrchr_fortified2) {
|
|
|
|
#if defined(__BIONIC__)
|
|
|
|
foo myfoo;
|
|
|
|
volatile int asize = sizeof(myfoo.a) + 1;
|
|
|
|
memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
|
|
|
|
ASSERT_FORTIFY(printf("%s", memrchr(myfoo.a, 'a', asize)));
|
|
|
|
ASSERT_FORTIFY(printf("%s", memrchr(static_cast<const void*>(myfoo.a), 'a', asize)));
|
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strlcpy_fortified2) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-20 21:17:44 +02:00
|
|
|
foo myfoo;
|
|
|
|
strcpy(myfoo.a, "01");
|
|
|
|
size_t n = strlen(myfoo.a);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-20 21:17:44 +02:00
|
|
|
}
|
2013-05-01 23:55:33 +02:00
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strlcat_fortified2) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-29 17:15:25 +02:00
|
|
|
foo myfoo;
|
|
|
|
strcpy(myfoo.a, "01");
|
|
|
|
myfoo.one[0] = '\0';
|
|
|
|
size_t n = strlen(myfoo.a);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-29 17:15:25 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncat_fortified2) {
|
2013-05-30 22:21:14 +02:00
|
|
|
foo myfoo;
|
|
|
|
size_t n = atoi("10"); // avoid compiler optimizations
|
|
|
|
strncpy(myfoo.a, "012345678", n);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
|
2013-05-30 22:21:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncat2_fortified2) {
|
2013-05-30 22:21:14 +02:00
|
|
|
foo myfoo;
|
|
|
|
myfoo.a[0] = '\0';
|
|
|
|
size_t n = atoi("10"); // avoid compiler optimizations
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
|
2013-05-30 22:21:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncat3_fortified2) {
|
2013-05-31 01:48:53 +02:00
|
|
|
foo myfoo;
|
|
|
|
memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
|
|
|
|
myfoo.b[0] = '\0';
|
|
|
|
size_t n = atoi("10"); // avoid compiler optimizations
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
|
2013-05-31 01:48:53 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcat_fortified2) {
|
2013-05-31 01:48:53 +02:00
|
|
|
char src[11];
|
|
|
|
strcpy(src, "0123456789");
|
|
|
|
foo myfoo;
|
|
|
|
myfoo.a[0] = '\0';
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcat(myfoo.a, src));
|
2013-05-31 01:48:53 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcat2_fortified2) {
|
2013-05-31 01:48:53 +02:00
|
|
|
foo myfoo;
|
|
|
|
memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
|
|
|
|
myfoo.b[0] = '\0';
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
|
2013-05-31 01:48:53 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, snprintf_fortified2) {
|
2013-06-25 19:02:35 +02:00
|
|
|
foo myfoo;
|
|
|
|
strcpy(myfoo.a, "012345678");
|
|
|
|
size_t n = strlen(myfoo.a) + 2;
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
|
2013-06-25 19:02:35 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, bzero_fortified2) {
|
2013-06-29 17:15:25 +02:00
|
|
|
foo myfoo;
|
|
|
|
memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
|
|
|
|
size_t n = atoi("11");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(bzero(myfoo.b, n));
|
2013-06-29 17:15:25 +02:00
|
|
|
}
|
|
|
|
|
2013-06-28 19:34:09 +02:00
|
|
|
#endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
|
2013-04-30 01:29:37 +02:00
|
|
|
|
2013-06-03 19:58:06 +02:00
|
|
|
// multibyte target where we over fill (should fail)
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcpy_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-04-29 23:07:06 +02:00
|
|
|
char buf[10];
|
|
|
|
char *orig = strdup("0123456789");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcpy(buf, orig));
|
2013-04-29 23:07:06 +02:00
|
|
|
free(orig);
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-04-29 23:07:06 +02:00
|
|
|
}
|
|
|
|
|
2013-06-03 19:58:06 +02:00
|
|
|
// zero sized target with "\0" source (should fail)
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcpy2_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-03 19:58:06 +02:00
|
|
|
char buf[0];
|
|
|
|
char *orig = strdup("");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcpy(buf, orig));
|
2013-06-03 19:58:06 +02:00
|
|
|
free(orig);
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-03 19:58:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// zero sized target with longer source (should fail)
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcpy3_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-03 19:58:06 +02:00
|
|
|
char buf[0];
|
|
|
|
char *orig = strdup("1");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcpy(buf, orig));
|
2013-06-03 19:58:06 +02:00
|
|
|
free(orig);
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-03 19:58:06 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
// one byte target with longer source (should fail)
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcpy4_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-03 19:58:06 +02:00
|
|
|
char buf[1];
|
|
|
|
char *orig = strdup("12");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcpy(buf, orig));
|
2013-06-03 19:58:06 +02:00
|
|
|
free(orig);
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-03 19:58:06 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strlen_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-04-29 23:07:06 +02:00
|
|
|
char buf[10];
|
|
|
|
memcpy(buf, "0123456789", sizeof(buf));
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(printf("%zd", strlen(buf)));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-04-29 23:07:06 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strchr_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-04-29 23:07:06 +02:00
|
|
|
char buf[10];
|
|
|
|
memcpy(buf, "0123456789", sizeof(buf));
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-04-29 23:07:06 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strrchr_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-04-29 23:07:06 +02:00
|
|
|
char buf[10];
|
|
|
|
memcpy(buf, "0123456789", sizeof(buf));
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-04-29 23:07:06 +02:00
|
|
|
}
|
2013-06-20 21:17:44 +02:00
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strlcpy_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-20 21:17:44 +02:00
|
|
|
char bufa[15];
|
|
|
|
char bufb[10];
|
|
|
|
strcpy(bufa, "01234567890123");
|
|
|
|
size_t n = strlen(bufa);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-20 21:17:44 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strlcat_fortified) {
|
2013-12-21 03:43:21 +01:00
|
|
|
#if defined(__BIONIC__)
|
2013-06-29 17:15:25 +02:00
|
|
|
char bufa[15];
|
|
|
|
char bufb[10];
|
|
|
|
bufb[0] = '\0';
|
|
|
|
strcpy(bufa, "01234567890123");
|
|
|
|
size_t n = strlen(bufa);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strlcat(bufb, bufa, n));
|
2013-12-21 03:43:21 +01:00
|
|
|
#else // __BIONIC__
|
|
|
|
GTEST_LOG_(INFO) << "This test does nothing.\n";
|
|
|
|
#endif // __BIONIC__
|
2013-06-29 17:15:25 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, sprintf_fortified) {
|
2013-04-30 01:29:37 +02:00
|
|
|
char buf[10];
|
|
|
|
char source_buf[15];
|
|
|
|
memcpy(source_buf, "12345678901234", 15);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
|
2013-04-30 01:29:37 +02:00
|
|
|
}
|
2013-05-30 22:21:14 +02:00
|
|
|
|
2017-05-01 00:08:05 +02:00
|
|
|
#ifdef __clang__ && !__has_attribute(alloc_size)
|
|
|
|
// TODO: remove this after Clang prebuilt rebase.
|
2017-04-06 20:26:11 +02:00
|
|
|
#else
|
2013-10-02 23:14:40 +02:00
|
|
|
// This test is disabled in clang because clang doesn't properly detect
|
|
|
|
// this buffer overflow. TODO: Fix clang.
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, sprintf_malloc_fortified) {
|
2013-10-02 23:14:40 +02:00
|
|
|
char* buf = (char *) malloc(10);
|
|
|
|
char source_buf[11];
|
|
|
|
memcpy(source_buf, "1234567890", 11);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
|
2013-10-02 23:14:40 +02:00
|
|
|
free(buf);
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
|
2014-10-06 02:39:47 +02:00
|
|
|
TEST_F(DEATHTEST, sprintf2_fortified) {
|
|
|
|
char buf[5];
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
|
2014-10-06 02:39:47 +02:00
|
|
|
}
|
|
|
|
|
2013-06-27 17:58:14 +02:00
|
|
|
static int vsprintf_helper(const char *fmt, ...) {
|
|
|
|
char buf[10];
|
|
|
|
va_list va;
|
|
|
|
int result;
|
|
|
|
|
|
|
|
va_start(va, fmt);
|
|
|
|
result = vsprintf(buf, fmt, va); // should crash here
|
|
|
|
va_end(va);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, vsprintf_fortified) {
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
|
2013-06-27 17:58:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, vsprintf2_fortified) {
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(vsprintf_helper("0123456789"));
|
2013-06-27 17:58:14 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
static int vsnprintf_helper(const char *fmt, ...) {
|
|
|
|
char buf[10];
|
|
|
|
va_list va;
|
|
|
|
int result;
|
|
|
|
size_t size = atoi("11");
|
|
|
|
|
|
|
|
va_start(va, fmt);
|
|
|
|
result = vsnprintf(buf, size, fmt, va); // should crash here
|
|
|
|
va_end(va);
|
|
|
|
return result;
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, vsnprintf_fortified) {
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
|
2013-06-27 17:58:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, vsnprintf2_fortified) {
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
|
2013-06-27 17:58:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncat_fortified) {
|
2013-05-30 22:21:14 +02:00
|
|
|
char buf[10];
|
|
|
|
size_t n = atoi("10"); // avoid compiler optimizations
|
|
|
|
strncpy(buf, "012345678", n);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncat(buf, "9", n));
|
2013-05-30 22:21:14 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncat2_fortified) {
|
2013-05-30 22:21:14 +02:00
|
|
|
char buf[10];
|
|
|
|
buf[0] = '\0';
|
|
|
|
size_t n = atoi("10"); // avoid compiler optimizations
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncat(buf, "0123456789", n));
|
2013-05-30 22:21:14 +02:00
|
|
|
}
|
2013-05-31 01:48:53 +02:00
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strcat_fortified) {
|
2013-05-31 01:48:53 +02:00
|
|
|
char src[11];
|
|
|
|
strcpy(src, "0123456789");
|
|
|
|
char buf[10];
|
|
|
|
buf[0] = '\0';
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strcat(buf, src));
|
2013-05-31 01:48:53 +02:00
|
|
|
}
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, memmove_fortified) {
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
char buf[20];
|
|
|
|
strcpy(buf, "0123456789");
|
|
|
|
size_t n = atoi("10");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(memmove(buf + 11, buf, n));
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, memcpy_fortified) {
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
char bufa[10];
|
|
|
|
char bufb[10];
|
|
|
|
strcpy(bufa, "012345678");
|
|
|
|
size_t n = atoi("11");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(memcpy(bufb, bufa, n));
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
}
|
|
|
|
|
2016-03-01 20:22:42 +01:00
|
|
|
TEST_F(DEATHTEST, memset_fortified) {
|
|
|
|
char buf[10];
|
|
|
|
size_t n = atoi("11");
|
|
|
|
ASSERT_FORTIFY(memset(buf, 0, n));
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, stpncpy_fortified) {
|
2014-04-04 23:38:18 +02:00
|
|
|
char bufa[15];
|
|
|
|
char bufb[10];
|
|
|
|
strcpy(bufa, "01234567890123");
|
|
|
|
size_t n = strlen(bufa);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
|
2014-04-04 23:38:18 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, stpncpy2_fortified) {
|
2014-04-04 23:38:18 +02:00
|
|
|
char dest[11];
|
|
|
|
char src[10];
|
|
|
|
memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
|
2014-04-04 23:38:18 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncpy_fortified) {
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
char bufa[15];
|
|
|
|
char bufb[10];
|
|
|
|
strcpy(bufa, "01234567890123");
|
|
|
|
size_t n = strlen(bufa);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncpy(bufb, bufa, n));
|
libc: add limited FORTIFY_SOURCE support for clang
In 829c089f83ddee37203b52bcb294867a9ae7bdbc, we disabled all
FORTIFY_SOURCE support when compiling under clang. At the time,
we didn't have proper test cases, and couldn't easily create targeted
clang tests.
This change re-enables FORTIFY_SOURCE support under clang for a
limited set of functions, where we have explicit unittests available.
The functions are:
* memcpy
* memmove
* strcpy
* strncpy
* strcat
* strncat
* memset
* strlen (with modifications)
* strchr (with modifications)
* strrchr (with modifications)
It may be possible, in the future, to enable other functions. However,
I need to write unittests first.
For strlen, strchr, and strrchr, clang unconditionally calls the
fortified version of the relevant function. If it doesn't know the
size of the buffer it's dealing with, it passes in ((size_t) -1),
which is the largest possible size_t.
I added two new clang specific unittest files, primarily copied
from fortify?_test.cpp.
I've also rebuild the entire system with these changes, and didn't
observe any obvious problems.
Change-Id: If12a15089bb0ffe93824b485290d05b14355fcaa
2013-06-17 23:49:19 +02:00
|
|
|
}
|
2013-06-25 19:02:35 +02:00
|
|
|
|
2014-04-04 23:38:18 +02:00
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, strncpy2_fortified) {
|
2013-08-28 19:47:43 +02:00
|
|
|
char dest[11];
|
|
|
|
char src[10];
|
|
|
|
memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
|
2013-08-28 19:47:43 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, snprintf_fortified) {
|
2013-06-25 19:02:35 +02:00
|
|
|
char bufa[15];
|
|
|
|
char bufb[10];
|
|
|
|
strcpy(bufa, "0123456789");
|
|
|
|
size_t n = strlen(bufa) + 1;
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
|
2013-06-25 19:02:35 +02:00
|
|
|
}
|
2013-06-28 19:34:09 +02:00
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, bzero_fortified) {
|
2013-06-29 17:15:25 +02:00
|
|
|
char buf[10];
|
|
|
|
memcpy(buf, "0123456789", sizeof(buf));
|
|
|
|
size_t n = atoi("11");
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(bzero(buf, n));
|
2013-06-29 17:15:25 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, umask_fortified) {
|
2013-06-29 17:15:25 +02:00
|
|
|
mode_t mask = atoi("1023"); // 01777 in octal
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(umask(mask));
|
2013-06-29 17:15:25 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, recv_fortified) {
|
2013-09-25 01:32:07 +02:00
|
|
|
size_t data_len = atoi("11"); // suppress compiler optimizations
|
|
|
|
char buf[10];
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(recv(0, buf, data_len, 0));
|
2013-09-25 01:32:07 +02:00
|
|
|
}
|
|
|
|
|
2017-02-14 02:27:59 +01:00
|
|
|
TEST_F(DEATHTEST, send_fortified) {
|
|
|
|
size_t data_len = atoi("11"); // suppress compiler optimizations
|
|
|
|
char buf[10] = {0};
|
|
|
|
ASSERT_FORTIFY(send(0, buf, data_len, 0));
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, FD_ISSET_fortified) {
|
2014-05-13 20:19:57 +02:00
|
|
|
#if defined(__BIONIC__) // glibc catches this at compile-time.
|
2013-10-03 01:11:30 +02:00
|
|
|
fd_set set;
|
|
|
|
memset(&set, 0, sizeof(set));
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(FD_ISSET(-1, &set));
|
2014-04-24 08:02:43 +02:00
|
|
|
#endif
|
2013-10-03 01:11:30 +02:00
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
|
2013-10-03 23:08:39 +02:00
|
|
|
char buf[1];
|
|
|
|
fd_set* set = (fd_set*) buf;
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(FD_ISSET(0, set));
|
2014-10-06 02:39:47 +02:00
|
|
|
}
|
|
|
|
|
2015-05-20 21:31:26 +02:00
|
|
|
TEST_F(DEATHTEST, getcwd_fortified) {
|
|
|
|
char buf[1];
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
ASSERT_FORTIFY(getcwd(buf, ct));
|
|
|
|
}
|
|
|
|
|
2015-04-16 15:07:45 +02:00
|
|
|
TEST_F(DEATHTEST, pread_fortified) {
|
|
|
|
char buf[1];
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
int fd = open("/dev/null", O_RDONLY);
|
|
|
|
ASSERT_FORTIFY(pread(fd, buf, ct, 0));
|
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(DEATHTEST, pread64_fortified) {
|
|
|
|
char buf[1];
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
int fd = open("/dev/null", O_RDONLY);
|
|
|
|
ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
|
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
|
2015-07-21 03:37:29 +02:00
|
|
|
TEST_F(DEATHTEST, pwrite_fortified) {
|
|
|
|
char buf[1] = {0};
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
int fd = open("/dev/null", O_WRONLY);
|
|
|
|
ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
|
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(DEATHTEST, pwrite64_fortified) {
|
|
|
|
char buf[1] = {0};
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
int fd = open("/dev/null", O_WRONLY);
|
|
|
|
ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
|
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
|
2014-07-23 22:56:23 +02:00
|
|
|
TEST_F(DEATHTEST, read_fortified) {
|
2013-10-10 05:16:34 +02:00
|
|
|
char buf[1];
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
int fd = open("/dev/null", O_RDONLY);
|
2015-02-02 20:18:58 +01:00
|
|
|
ASSERT_FORTIFY(read(fd, buf, ct));
|
2013-10-10 05:16:34 +02:00
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
|
2015-07-21 03:37:29 +02:00
|
|
|
TEST_F(DEATHTEST, write_fortified) {
|
|
|
|
char buf[1] = {0};
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
int fd = open("/dev/null", O_WRONLY);
|
|
|
|
ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
|
|
|
|
close(fd);
|
|
|
|
}
|
|
|
|
|
2015-07-18 19:55:51 +02:00
|
|
|
TEST_F(DEATHTEST, fread_fortified) {
|
|
|
|
char buf[1];
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
FILE* fp = fopen("/dev/null", "r");
|
|
|
|
ASSERT_FORTIFY(fread(buf, 1, ct, fp));
|
|
|
|
fclose(fp);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(DEATHTEST, fwrite_fortified) {
|
|
|
|
char buf[1] = {0};
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
FILE* fp = fopen("/dev/null", "w");
|
|
|
|
ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
|
|
|
|
fclose(fp);
|
|
|
|
}
|
|
|
|
|
2015-04-17 17:26:36 +02:00
|
|
|
TEST_F(DEATHTEST, readlink_fortified) {
|
|
|
|
char buf[1];
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(DEATHTEST, readlinkat_fortified) {
|
|
|
|
char buf[1];
|
|
|
|
size_t ct = atoi("2"); // prevent optimizations
|
|
|
|
ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
|
|
|
|
}
|
|
|
|
|
2013-06-28 19:34:09 +02:00
|
|
|
extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
|
|
|
|
extern "C" char* __strcat_chk(char*, const char*, size_t);
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strncat) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[0] = 'a';
|
|
|
|
buf[1] = '\0';
|
|
|
|
char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('a', buf[0]);
|
|
|
|
ASSERT_EQ('0', buf[1]);
|
|
|
|
ASSERT_EQ('1', buf[2]);
|
|
|
|
ASSERT_EQ('2', buf[3]);
|
|
|
|
ASSERT_EQ('3', buf[4]);
|
|
|
|
ASSERT_EQ('4', buf[5]);
|
|
|
|
ASSERT_EQ('\0', buf[6]);
|
|
|
|
ASSERT_EQ('A', buf[7]);
|
|
|
|
ASSERT_EQ('A', buf[8]);
|
|
|
|
ASSERT_EQ('A', buf[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strncat2) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[0] = 'a';
|
|
|
|
buf[1] = '\0';
|
|
|
|
char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('a', buf[0]);
|
|
|
|
ASSERT_EQ('0', buf[1]);
|
|
|
|
ASSERT_EQ('1', buf[2]);
|
|
|
|
ASSERT_EQ('2', buf[3]);
|
|
|
|
ASSERT_EQ('3', buf[4]);
|
|
|
|
ASSERT_EQ('4', buf[5]);
|
|
|
|
ASSERT_EQ('\0', buf[6]);
|
|
|
|
ASSERT_EQ('A', buf[7]);
|
|
|
|
ASSERT_EQ('A', buf[8]);
|
|
|
|
ASSERT_EQ('A', buf[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strncat3) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[0] = '\0';
|
|
|
|
char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('0', buf[0]);
|
|
|
|
ASSERT_EQ('1', buf[1]);
|
|
|
|
ASSERT_EQ('2', buf[2]);
|
|
|
|
ASSERT_EQ('3', buf[3]);
|
|
|
|
ASSERT_EQ('4', buf[4]);
|
|
|
|
ASSERT_EQ('\0', buf[5]);
|
|
|
|
ASSERT_EQ('A', buf[6]);
|
|
|
|
ASSERT_EQ('A', buf[7]);
|
|
|
|
ASSERT_EQ('A', buf[8]);
|
|
|
|
ASSERT_EQ('A', buf[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strncat4) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[9] = '\0';
|
|
|
|
char* res = __strncat_chk(buf, "", 5, sizeof(buf));
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('A', buf[0]);
|
|
|
|
ASSERT_EQ('A', buf[1]);
|
|
|
|
ASSERT_EQ('A', buf[2]);
|
|
|
|
ASSERT_EQ('A', buf[3]);
|
|
|
|
ASSERT_EQ('A', buf[4]);
|
|
|
|
ASSERT_EQ('A', buf[5]);
|
|
|
|
ASSERT_EQ('A', buf[6]);
|
|
|
|
ASSERT_EQ('A', buf[7]);
|
|
|
|
ASSERT_EQ('A', buf[8]);
|
|
|
|
ASSERT_EQ('\0', buf[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strncat5) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[0] = 'a';
|
|
|
|
buf[1] = '\0';
|
|
|
|
char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('a', buf[0]);
|
|
|
|
ASSERT_EQ('0', buf[1]);
|
|
|
|
ASSERT_EQ('1', buf[2]);
|
|
|
|
ASSERT_EQ('2', buf[3]);
|
|
|
|
ASSERT_EQ('3', buf[4]);
|
|
|
|
ASSERT_EQ('4', buf[5]);
|
|
|
|
ASSERT_EQ('5', buf[6]);
|
|
|
|
ASSERT_EQ('6', buf[7]);
|
|
|
|
ASSERT_EQ('7', buf[8]);
|
|
|
|
ASSERT_EQ('\0', buf[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strncat6) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[0] = 'a';
|
|
|
|
buf[1] = '\0';
|
|
|
|
char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('a', buf[0]);
|
|
|
|
ASSERT_EQ('0', buf[1]);
|
|
|
|
ASSERT_EQ('1', buf[2]);
|
|
|
|
ASSERT_EQ('2', buf[3]);
|
|
|
|
ASSERT_EQ('3', buf[4]);
|
|
|
|
ASSERT_EQ('4', buf[5]);
|
|
|
|
ASSERT_EQ('5', buf[6]);
|
|
|
|
ASSERT_EQ('6', buf[7]);
|
|
|
|
ASSERT_EQ('7', buf[8]);
|
|
|
|
ASSERT_EQ('\0', buf[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strcat) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[0] = 'a';
|
|
|
|
buf[1] = '\0';
|
|
|
|
char* res = __strcat_chk(buf, "01234", sizeof(buf));
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('a', buf[0]);
|
|
|
|
ASSERT_EQ('0', buf[1]);
|
|
|
|
ASSERT_EQ('1', buf[2]);
|
|
|
|
ASSERT_EQ('2', buf[3]);
|
|
|
|
ASSERT_EQ('3', buf[4]);
|
|
|
|
ASSERT_EQ('4', buf[5]);
|
|
|
|
ASSERT_EQ('\0', buf[6]);
|
|
|
|
ASSERT_EQ('A', buf[7]);
|
|
|
|
ASSERT_EQ('A', buf[8]);
|
|
|
|
ASSERT_EQ('A', buf[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strcat2) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[0] = 'a';
|
|
|
|
buf[1] = '\0';
|
|
|
|
char* res = __strcat_chk(buf, "01234567", sizeof(buf));
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('a', buf[0]);
|
|
|
|
ASSERT_EQ('0', buf[1]);
|
|
|
|
ASSERT_EQ('1', buf[2]);
|
|
|
|
ASSERT_EQ('2', buf[3]);
|
|
|
|
ASSERT_EQ('3', buf[4]);
|
|
|
|
ASSERT_EQ('4', buf[5]);
|
|
|
|
ASSERT_EQ('5', buf[6]);
|
|
|
|
ASSERT_EQ('6', buf[7]);
|
|
|
|
ASSERT_EQ('7', buf[8]);
|
|
|
|
ASSERT_EQ('\0', buf[9]);
|
|
|
|
}
|
2013-08-28 19:47:43 +02:00
|
|
|
|
2014-04-04 23:38:18 +02:00
|
|
|
TEST(TEST_NAME, stpncpy) {
|
|
|
|
char src[10];
|
|
|
|
char dst[10];
|
|
|
|
memcpy(src, "0123456789", sizeof(src)); // non null terminated string
|
|
|
|
stpncpy(dst, src, sizeof(dst));
|
|
|
|
ASSERT_EQ('0', dst[0]);
|
|
|
|
ASSERT_EQ('1', dst[1]);
|
|
|
|
ASSERT_EQ('2', dst[2]);
|
|
|
|
ASSERT_EQ('3', dst[3]);
|
|
|
|
ASSERT_EQ('4', dst[4]);
|
|
|
|
ASSERT_EQ('5', dst[5]);
|
|
|
|
ASSERT_EQ('6', dst[6]);
|
|
|
|
ASSERT_EQ('7', dst[7]);
|
|
|
|
ASSERT_EQ('8', dst[8]);
|
|
|
|
ASSERT_EQ('9', dst[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(TEST_NAME, stpncpy2) {
|
|
|
|
char src[10];
|
|
|
|
char dst[15];
|
|
|
|
memcpy(src, "012345678\0", sizeof(src));
|
|
|
|
stpncpy(dst, src, sizeof(dst));
|
|
|
|
ASSERT_EQ('0', dst[0]);
|
|
|
|
ASSERT_EQ('1', dst[1]);
|
|
|
|
ASSERT_EQ('2', dst[2]);
|
|
|
|
ASSERT_EQ('3', dst[3]);
|
|
|
|
ASSERT_EQ('4', dst[4]);
|
|
|
|
ASSERT_EQ('5', dst[5]);
|
|
|
|
ASSERT_EQ('6', dst[6]);
|
|
|
|
ASSERT_EQ('7', dst[7]);
|
|
|
|
ASSERT_EQ('8', dst[8]);
|
|
|
|
ASSERT_EQ('\0', dst[9]);
|
|
|
|
ASSERT_EQ('\0', dst[10]);
|
|
|
|
ASSERT_EQ('\0', dst[11]);
|
|
|
|
ASSERT_EQ('\0', dst[12]);
|
|
|
|
ASSERT_EQ('\0', dst[13]);
|
|
|
|
ASSERT_EQ('\0', dst[14]);
|
|
|
|
}
|
|
|
|
|
2013-08-28 19:47:43 +02:00
|
|
|
TEST(TEST_NAME, strncpy) {
|
|
|
|
char src[10];
|
|
|
|
char dst[10];
|
|
|
|
memcpy(src, "0123456789", sizeof(src)); // non null terminated string
|
|
|
|
strncpy(dst, src, sizeof(dst));
|
|
|
|
ASSERT_EQ('0', dst[0]);
|
|
|
|
ASSERT_EQ('1', dst[1]);
|
|
|
|
ASSERT_EQ('2', dst[2]);
|
|
|
|
ASSERT_EQ('3', dst[3]);
|
|
|
|
ASSERT_EQ('4', dst[4]);
|
|
|
|
ASSERT_EQ('5', dst[5]);
|
|
|
|
ASSERT_EQ('6', dst[6]);
|
|
|
|
ASSERT_EQ('7', dst[7]);
|
|
|
|
ASSERT_EQ('8', dst[8]);
|
|
|
|
ASSERT_EQ('9', dst[9]);
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strncpy2) {
|
|
|
|
char src[10];
|
|
|
|
char dst[15];
|
|
|
|
memcpy(src, "012345678\0", sizeof(src));
|
|
|
|
strncpy(dst, src, sizeof(dst));
|
|
|
|
ASSERT_EQ('0', dst[0]);
|
|
|
|
ASSERT_EQ('1', dst[1]);
|
|
|
|
ASSERT_EQ('2', dst[2]);
|
|
|
|
ASSERT_EQ('3', dst[3]);
|
|
|
|
ASSERT_EQ('4', dst[4]);
|
|
|
|
ASSERT_EQ('5', dst[5]);
|
|
|
|
ASSERT_EQ('6', dst[6]);
|
|
|
|
ASSERT_EQ('7', dst[7]);
|
|
|
|
ASSERT_EQ('8', dst[8]);
|
|
|
|
ASSERT_EQ('\0', dst[9]);
|
|
|
|
ASSERT_EQ('\0', dst[10]);
|
|
|
|
ASSERT_EQ('\0', dst[11]);
|
|
|
|
ASSERT_EQ('\0', dst[12]);
|
|
|
|
ASSERT_EQ('\0', dst[13]);
|
|
|
|
ASSERT_EQ('\0', dst[14]);
|
|
|
|
}
|
2013-09-11 01:56:34 +02:00
|
|
|
|
|
|
|
TEST(TEST_NAME, strcat_chk_max_int_size) {
|
|
|
|
char buf[10];
|
|
|
|
memset(buf, 'A', sizeof(buf));
|
|
|
|
buf[0] = 'a';
|
|
|
|
buf[1] = '\0';
|
|
|
|
char* res = __strcat_chk(buf, "01234567", (size_t)-1);
|
|
|
|
ASSERT_EQ(buf, res);
|
|
|
|
ASSERT_EQ('a', buf[0]);
|
|
|
|
ASSERT_EQ('0', buf[1]);
|
|
|
|
ASSERT_EQ('1', buf[2]);
|
|
|
|
ASSERT_EQ('2', buf[3]);
|
|
|
|
ASSERT_EQ('3', buf[4]);
|
|
|
|
ASSERT_EQ('4', buf[5]);
|
|
|
|
ASSERT_EQ('5', buf[6]);
|
|
|
|
ASSERT_EQ('6', buf[7]);
|
|
|
|
ASSERT_EQ('7', buf[8]);
|
|
|
|
ASSERT_EQ('\0', buf[9]);
|
|
|
|
}
|
|
|
|
|
2014-04-04 23:38:18 +02:00
|
|
|
extern "C" char* __stpcpy_chk(char*, const char*, size_t);
|
|
|
|
|
|
|
|
TEST(TEST_NAME, stpcpy_chk_max_int_size) {
|
|
|
|
char buf[10];
|
|
|
|
char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
|
|
|
|
ASSERT_EQ(buf + strlen("012345678"), res);
|
|
|
|
ASSERT_STREQ("012345678", buf);
|
|
|
|
}
|
|
|
|
|
2013-09-11 01:56:34 +02:00
|
|
|
extern "C" char* __strcpy_chk(char*, const char*, size_t);
|
|
|
|
|
|
|
|
TEST(TEST_NAME, strcpy_chk_max_int_size) {
|
|
|
|
char buf[10];
|
|
|
|
char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
|
|
|
|
ASSERT_EQ(buf, res);
|
2014-04-04 23:38:18 +02:00
|
|
|
ASSERT_STREQ("012345678", buf);
|
2013-09-11 01:56:34 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
|
|
|
|
|
|
|
|
TEST(TEST_NAME, memcpy_chk_max_int_size) {
|
|
|
|
char buf[10];
|
|
|
|
void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
|
|
|
|
ASSERT_EQ((void*)buf, res);
|
|
|
|
ASSERT_EQ('0', buf[0]);
|
|
|
|
ASSERT_EQ('1', buf[1]);
|
|
|
|
ASSERT_EQ('2', buf[2]);
|
|
|
|
ASSERT_EQ('3', buf[3]);
|
|
|
|
ASSERT_EQ('4', buf[4]);
|
|
|
|
ASSERT_EQ('5', buf[5]);
|
|
|
|
ASSERT_EQ('6', buf[6]);
|
|
|
|
ASSERT_EQ('7', buf[7]);
|
|
|
|
ASSERT_EQ('8', buf[8]);
|
|
|
|
ASSERT_EQ('\0', buf[9]);
|
|
|
|
}
|
2013-10-11 09:45:24 +02:00
|
|
|
|
|
|
|
// Verify that macro expansion is done properly for sprintf/snprintf (which
|
|
|
|
// are defined as macros in stdio.h under clang).
|
|
|
|
#define CONTENTS "macro expansion"
|
|
|
|
#define BUF_AND_SIZE(A) A, sizeof(A)
|
|
|
|
#define BUF_AND_CONTENTS(A) A, CONTENTS
|
|
|
|
#define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
|
|
|
|
TEST(TEST_NAME, s_n_printf_macro_expansion) {
|
|
|
|
char buf[BUFSIZ];
|
|
|
|
snprintf(BUF_AND_SIZE(buf), CONTENTS);
|
|
|
|
EXPECT_STREQ(CONTENTS, buf);
|
|
|
|
|
|
|
|
snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
|
|
|
|
EXPECT_STREQ(CONTENTS, buf);
|
|
|
|
|
|
|
|
sprintf(BUF_AND_CONTENTS(buf));
|
|
|
|
EXPECT_STREQ(CONTENTS, buf);
|
|
|
|
}
|
2015-02-02 18:15:19 +01:00
|
|
|
|
|
|
|
TEST_F(DEATHTEST, poll_fortified) {
|
|
|
|
nfds_t fd_count = atoi("2"); // suppress compiler optimizations
|
|
|
|
pollfd buf[1] = {{0, POLLIN, 0}};
|
2015-02-04 02:52:32 +01:00
|
|
|
// Set timeout to zero to prevent waiting in poll when fortify test fails.
|
|
|
|
ASSERT_FORTIFY(poll(buf, fd_count, 0));
|
2015-02-02 18:15:19 +01:00
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(DEATHTEST, ppoll_fortified) {
|
|
|
|
nfds_t fd_count = atoi("2"); // suppress compiler optimizations
|
|
|
|
pollfd buf[1] = {{0, POLLIN, 0}};
|
2015-02-04 02:52:32 +01:00
|
|
|
// Set timeout to zero to prevent waiting in ppoll when fortify test fails.
|
|
|
|
timespec timeout;
|
|
|
|
timeout.tv_sec = timeout.tv_nsec = 0;
|
|
|
|
ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL));
|
2015-02-02 18:15:19 +01:00
|
|
|
}
|
2017-08-04 18:34:19 +02:00
|
|
|
|
|
|
|
TEST_F(DEATHTEST, open_O_CREAT_without_mode_fortified) {
|
|
|
|
int flags = O_CREAT; // Fool the compiler.
|
|
|
|
ASSERT_FORTIFY(open("", flags));
|
|
|
|
}
|
|
|
|
|
|
|
|
TEST_F(DEATHTEST, open_O_TMPFILE_without_mode_fortified) {
|
|
|
|
#if __BIONIC__ // Our glibc is too old for O_TMPFILE.
|
|
|
|
int flags = O_TMPFILE; // Fool the compiler.
|
|
|
|
ASSERT_FORTIFY(open("", flags));
|
|
|
|
#endif
|
|
|
|
}
|