I've never been able to repro the flake myself (in hundreds of thousands
of runs), but it's certainly possible that a byte of the cookie is
already zero. So let's invert the byte we plan to corrupt rather than
set it to zero.
Bug: http://b/202948861
Test: treehugger
Change-Id: Iccd552fe302d6c01e376819d23c11a308e03acdb
Before, the helper method for this test had two local variables:
char buf[128];
volatile char* p;
Then the test wrote zeros into the buffer and one past the buffer end.
This relied on the fact that the compiler constructed the stack frame
with 'p' first and then the buffer (and also optimized away the 'size'
variable).
However, some compiler options (namely -ftrivial-auto-var-init=pattern)
result in the stack frame being reordered so that 'p' is actually after
buf, and the test cannot pass.
Fixes: 132780819
Test: bionic-unit-tests-static (w/ w/o flag)
Change-Id: Icc87c02add211c2afb7c96ae22701ec27990364c
The previous test would fail to crash if the first byte of the canary was
already NUL (1 of 256 runs assuming uniform canary distribution).
Bug: http://b/121156651
Test: bionic unit tests
The compiler in master doesn't leave a gap between the buffer and the stack
guard canary.
Bug: http://b/27815668
Change-Id: Iae6681683881055c2719d661a2179f5305c23135
Built for fugu this was working fine, but built for generic x86/x86-64
the compiler was (a) optimizing out all the stack writes and (b) inserting
enough padding on x86-64 for the canary to be safely out of the way.
While here, let's tighten up this test so we test that it's sufficient to
only overwrite the buffer by one byte...
(cherry-pick of 6f90c1ac59eb4e7811b7b0e408615049c935c0a9.)
Bug: http://b/27815668
Change-Id: I80a646de4b30fd5c78df20fdaa7e3eb163585caf