324 lines
8.6 KiB
C++
324 lines
8.6 KiB
C++
/*
|
|
* Copyright (C) 2014 The Android Open Source Project
|
|
*
|
|
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
* you may not use this file except in compliance with the License.
|
|
* You may obtain a copy of the License at
|
|
*
|
|
* http://www.apache.org/licenses/LICENSE-2.0
|
|
*
|
|
* Unless required by applicable law or agreed to in writing, software
|
|
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
* See the License for the specific language governing permissions and
|
|
* limitations under the License.
|
|
*/
|
|
|
|
/*
|
|
* If this test fails, you can see the compiler's output by erasing a few args from the failing
|
|
* command. Specifically, delete everything before the path/to/the/compiler, then delete the first
|
|
* arg after the path/to/the/compiler. For example, given the following command:
|
|
*
|
|
* bionic/tests/file-check-cxx out/host/linux-x86/bin/FileCheck \
|
|
* prebuilts/clang/host/linux-x86/clang-4053586/bin/clang++ CLANG -I bionic/tests -I ...
|
|
*
|
|
* If you delete everything before clang++ and delete "CLANG", then you'll end up with:
|
|
*
|
|
* prebuilts/clang/host/linux-x86/clang-4053586/bin/clang++ -I bionic/tests -I ...
|
|
*
|
|
* Which is the command that FileCheck executes.
|
|
*/
|
|
|
|
#undef _FORTIFY_SOURCE
|
|
#define _FORTIFY_SOURCE 2
|
|
#include <fcntl.h>
|
|
#include <netinet/in.h>
|
|
#include <poll.h>
|
|
#include <stdarg.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
#include <sys/socket.h>
|
|
#include <sys/stat.h>
|
|
#include <time.h>
|
|
#include <unistd.h>
|
|
|
|
void test_sprintf() {
|
|
char buf[4];
|
|
|
|
// NOLINTNEXTLINE(whitespace/line_length)
|
|
// CLANG: error: call to unavailable function 'sprintf': format string will always overflow destination buffer
|
|
sprintf(buf, "foobar"); // NOLINT(runtime/printf)
|
|
|
|
// TODO: clang should emit a warning, but doesn't
|
|
sprintf(buf, "%s", "foobar"); // NOLINT(runtime/printf)
|
|
}
|
|
|
|
void test_snprintf() {
|
|
char buf[4];
|
|
|
|
// NOLINTNEXTLINE(whitespace/line_length)
|
|
// CLANG: error: call to unavailable function 'snprintf': format string will always overflow destination buffer
|
|
snprintf(buf, 5, "foobar"); // NOLINT(runtime/printf)
|
|
|
|
// TODO: clang should emit a warning, but doesn't
|
|
snprintf(buf, 5, "%s", "foobar"); // NOLINT(runtime/printf)
|
|
|
|
// TODO: clang should emit a warning, but doesn't
|
|
snprintf(buf, 5, " %s ", "foobar"); // NOLINT(runtime/printf)
|
|
|
|
// TODO: clang should emit a warning, but doesn't
|
|
snprintf(buf, 5, "%d", 100000); // NOLINT(runtime/printf)
|
|
}
|
|
|
|
void test_memcpy() {
|
|
char buf[4];
|
|
|
|
// CLANG: error: 'memcpy' called with size bigger than buffer
|
|
memcpy(buf, "foobar", sizeof("foobar") + 100);
|
|
}
|
|
|
|
void test_memmove() {
|
|
char buf[4];
|
|
|
|
// CLANG: error: 'memmove' called with size bigger than buffer
|
|
memmove(buf, "foobar", sizeof("foobar"));
|
|
}
|
|
|
|
void test_memset() {
|
|
char buf[4];
|
|
|
|
// CLANG: error: 'memset' called with size bigger than buffer
|
|
memset(buf, 0, 6);
|
|
}
|
|
|
|
void test_strcpy() {
|
|
char buf[4];
|
|
|
|
// CLANG: error: 'strcpy' called with string bigger than buffer
|
|
strcpy(buf, "foobar"); // NOLINT(runtime/printf)
|
|
|
|
// CLANG: error: 'strcpy' called with string bigger than buffer
|
|
strcpy(buf, "quux");
|
|
}
|
|
|
|
void test_stpcpy() {
|
|
char buf[4];
|
|
|
|
// CLANG: error: 'stpcpy' called with string bigger than buffer
|
|
stpcpy(buf, "foobar");
|
|
|
|
// CLANG: error: 'stpcpy' called with string bigger than buffer
|
|
stpcpy(buf, "quux");
|
|
}
|
|
|
|
void test_strncpy() {
|
|
char buf[4];
|
|
|
|
// TODO: clang should emit a warning, but doesn't
|
|
strncpy(buf, "foobar", sizeof("foobar"));
|
|
}
|
|
|
|
void test_strcat() {
|
|
char buf[4] = "";
|
|
|
|
// TODO: clang should emit a warning, but doesn't
|
|
strcat(buf, "foobar"); // NOLINT(runtime/printf)
|
|
}
|
|
|
|
void test_strncat() {
|
|
char buf[4] = "";
|
|
|
|
// TODO: clang should emit a warning, but doesn't
|
|
strncat(buf, "foobar", sizeof("foobar"));
|
|
}
|
|
|
|
void test_vsprintf(const char* fmt, ...) {
|
|
va_list va;
|
|
char buf[4];
|
|
va_start(va, fmt);
|
|
|
|
// clang should emit a warning, but doesn't
|
|
vsprintf(buf, "foobar", va);
|
|
va_end(va);
|
|
}
|
|
|
|
void test_vsnprintf(const char* fmt, ...) {
|
|
va_list va;
|
|
char buf[4];
|
|
va_start(va, fmt);
|
|
|
|
// clang should emit a warning, but doesn't
|
|
vsnprintf(buf, 5, "foobar", va); // NOLINT(runtime/printf)
|
|
|
|
va_end(va);
|
|
}
|
|
|
|
void test_fgets() {
|
|
char buf[4];
|
|
|
|
// CLANG: error: in call to 'fgets', size should not be negative
|
|
fgets(buf, -1, stdin);
|
|
|
|
// CLANG: error: in call to 'fgets', size is larger than the destination buffer
|
|
fgets(buf, 6, stdin);
|
|
}
|
|
|
|
void test_recvfrom() {
|
|
char buf[4];
|
|
sockaddr_in addr;
|
|
|
|
// CLANG: error: 'recvfrom' called with size bigger than buffer
|
|
recvfrom(0, buf, 6, 0, reinterpret_cast<sockaddr*>(&addr), nullptr);
|
|
}
|
|
|
|
void test_recv() {
|
|
char buf[4] = {0};
|
|
|
|
// CLANG: error: 'recv' called with size bigger than buffer
|
|
recv(0, buf, 6, 0);
|
|
}
|
|
|
|
void test_umask() {
|
|
// CLANG: error: 'umask' called with invalid mode
|
|
umask(01777);
|
|
}
|
|
|
|
void test_read() {
|
|
char buf[4];
|
|
// CLANG: error: in call to 'read', 'count' bytes overflows the given object
|
|
read(0, buf, 6);
|
|
}
|
|
|
|
void test_open() {
|
|
// CLANG: error: 'open' called with O_CREAT or O_TMPFILE, but missing mode
|
|
open("/dev/null", O_CREAT);
|
|
|
|
// CLANG: error: 'open' called with O_CREAT or O_TMPFILE, but missing mode
|
|
open("/dev/null", O_TMPFILE);
|
|
|
|
// CLANG: error: call to unavailable function 'open': too many arguments
|
|
open("/dev/null", O_CREAT, 0, 0);
|
|
|
|
// CLANG: error: call to unavailable function 'open': too many arguments
|
|
open("/dev/null", O_TMPFILE, 0, 0);
|
|
|
|
// CLANG: warning: 'open' has superfluous mode bits; missing O_CREAT?
|
|
open("/dev/null", O_RDONLY, 0644);
|
|
|
|
// CLANG: warning: 'open' has superfluous mode bits; missing O_CREAT?
|
|
open("/dev/null", O_DIRECTORY, 0644);
|
|
}
|
|
|
|
void test_poll() {
|
|
pollfd fds[1];
|
|
// CLANG: error: in call to 'poll', fd_count is larger than the given buffer
|
|
poll(fds, 2, 0);
|
|
}
|
|
|
|
void test_ppoll() {
|
|
pollfd fds[1];
|
|
timespec timeout;
|
|
// CLANG: error: in call to 'ppoll', fd_count is larger than the given buffer
|
|
ppoll(fds, 2, &timeout, nullptr);
|
|
}
|
|
|
|
void test_ppoll64() {
|
|
pollfd fds[1];
|
|
timespec timeout;
|
|
// NOLINTNEXTLINE(whitespace/line_length)
|
|
// CLANG: error: in call to 'ppoll64', fd_count is larger than the given buffer
|
|
ppoll64(fds, 2, &timeout, nullptr);
|
|
}
|
|
|
|
void test_fread_overflow() {
|
|
char buf[4];
|
|
// CLANG: error: in call to 'fread', size * count overflows
|
|
fread(buf, 2, (size_t)-1, stdin);
|
|
}
|
|
|
|
void test_fread_too_big() {
|
|
char buf[4];
|
|
// NOLINTNEXTLINE(whitespace/line_length)
|
|
// CLANG: error: in call to 'fread', size * count is too large for the given buffer
|
|
fread(buf, 1, 5, stdin);
|
|
}
|
|
|
|
void test_fwrite_overflow() {
|
|
char buf[4] = {0};
|
|
// CLANG: error: in call to 'fwrite', size * count overflows
|
|
fwrite(buf, 2, (size_t)-1, stdout);
|
|
}
|
|
|
|
void test_fwrite_too_big() {
|
|
char buf[4] = {0};
|
|
// NOLINTNEXTLINE(whitespace/line_length)
|
|
// CLANG: error: in call to 'fwrite', size * count is too large for the given buffer
|
|
fwrite(buf, 1, 5, stdout);
|
|
}
|
|
|
|
void test_getcwd() {
|
|
char buf[4];
|
|
// CLANG: error: in call to 'getcwd', 'size' bytes overflows the given object
|
|
getcwd(buf, 5);
|
|
}
|
|
|
|
void test_pwrite64_size() {
|
|
char buf[4] = {0};
|
|
// CLANG: error: in call to 'pwrite64', 'count' bytes overflows the given object
|
|
pwrite64(STDOUT_FILENO, buf, 5, 0);
|
|
}
|
|
|
|
void test_pwrite64_too_big_malloc() {
|
|
void *buf = calloc(atoi("5"), 1);
|
|
// clang should emit a warning, but probably never will.
|
|
pwrite64(STDOUT_FILENO, buf, SIZE_MAX, 0);
|
|
}
|
|
|
|
void test_pwrite64_too_big() {
|
|
char buf[4] = {0};
|
|
// CLANG: error: in call to 'pwrite64', 'count' must be <= SSIZE_MAX
|
|
pwrite64(STDOUT_FILENO, buf, SIZE_MAX, 0);
|
|
}
|
|
|
|
void test_write_size() {
|
|
char buf[4] = {0};
|
|
// CLANG: error: in call to 'write', 'count' bytes overflows the given object
|
|
write(STDOUT_FILENO, buf, 5);
|
|
}
|
|
|
|
void test_memset_args_flipped() {
|
|
char from[4] = {0};
|
|
// NOLINTNEXTLINE(whitespace/line_length)
|
|
// CLANG: 'memset' will set 0 bytes; maybe the arguments got flipped?
|
|
memset(from, sizeof(from), 0);
|
|
}
|
|
|
|
void test_sendto() {
|
|
char buf[4] = {0};
|
|
sockaddr_in addr;
|
|
|
|
// CLANG: error: 'sendto' called with size bigger than buffer
|
|
sendto(0, buf, 6, 0, reinterpret_cast<sockaddr*>(&addr), sizeof(sockaddr_in));
|
|
}
|
|
|
|
void test_send() {
|
|
char buf[4] = {0};
|
|
|
|
// CLANG: error: 'send' called with size bigger than buffer
|
|
send(0, buf, 6, 0);
|
|
}
|
|
|
|
void test_realpath() {
|
|
char buf[4] = {0};
|
|
// NOLINTNEXTLINE(whitespace/line_length)
|
|
// CLANG: error: 'realpath' output parameter must be NULL or a pointer to a buffer with >= PATH_MAX bytes
|
|
realpath(".", buf);
|
|
|
|
// This is fine.
|
|
realpath(".", nullptr);
|
|
|
|
char bigbuf[PATH_MAX];
|
|
// CLANG: error: 'realpath': NULL path is never correct; flipped arguments?
|
|
realpath(nullptr, bigbuf);
|
|
}
|