1/* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <gtest/gtest.h> 18#include <signal.h> 19#include <string.h> 20#include <stdarg.h> 21#include <sys/types.h> 22#include <sys/stat.h> 23#include <sys/socket.h> 24#include <malloc.h> 25#include <fcntl.h> 26#include <sys/prctl.h> 27 28// We have to say "DeathTest" here so gtest knows to run this test (which exits) 29// in its own process. Unfortunately, the C preprocessor doesn't give us an 30// easy way to concatenate strings, so we need to use the complicated method 31// below. *sigh* 32#define DEATHTEST_PASTER(name) name##_DeathTest 33#define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name) 34#define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME) 35 36class DEATHTEST : public testing::Test { 37 protected: 38 virtual void SetUp() { 39 old_dumpable_ = prctl(PR_GET_DUMPABLE, 0, 0, 0, 0); 40 // Suppress debuggerd stack traces. Too slow. 41 prctl(PR_SET_DUMPABLE, 0, 0, 0, 0); 42 } 43 44 virtual void TearDown() { 45 prctl(PR_SET_DUMPABLE, old_dumpable_, 0, 0, 0, 0); 46 } 47 private: 48 int old_dumpable_; 49}; 50 51#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2 52struct foo { 53 char empty[0]; 54 char one[1]; 55 char a[10]; 56 char b[10]; 57}; 58 59#ifndef __clang__ 60// This test is disabled in clang because clang doesn't properly detect 61// this buffer overflow. TODO: Fix clang. 62TEST_F(DEATHTEST, stpncpy_fortified2) { 63 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 64 foo myfoo; 65 int copy_amt = atoi("11"); 66 ASSERT_EXIT(stpncpy(myfoo.a, "01234567890", copy_amt), 67 testing::KilledBySignal(SIGABRT), ""); 68} 69#endif 70 71#ifndef __clang__ 72// This test is disabled in clang because clang doesn't properly detect 73// this buffer overflow. TODO: Fix clang. 74TEST_F(DEATHTEST, stpncpy2_fortified2) { 75 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 76 foo myfoo; 77 memset(&myfoo, 0, sizeof(myfoo)); 78 myfoo.one[0] = 'A'; // not null terminated string 79 ASSERT_EXIT(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)), 80 testing::KilledBySignal(SIGABRT), ""); 81} 82#endif 83 84#ifndef __clang__ 85// This test is disabled in clang because clang doesn't properly detect 86// this buffer overflow. TODO: Fix clang. 87TEST_F(DEATHTEST, strncpy_fortified2) { 88 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 89 foo myfoo; 90 int copy_amt = atoi("11"); 91 ASSERT_EXIT(strncpy(myfoo.a, "01234567890", copy_amt), 92 testing::KilledBySignal(SIGABRT), ""); 93} 94#endif 95 96#ifndef __clang__ 97// This test is disabled in clang because clang doesn't properly detect 98// this buffer overflow. TODO: Fix clang. 99TEST_F(DEATHTEST, strncpy2_fortified2) { 100 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 101 foo myfoo; 102 memset(&myfoo, 0, sizeof(myfoo)); 103 myfoo.one[0] = 'A'; // not null terminated string 104 ASSERT_EXIT(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)), 105 testing::KilledBySignal(SIGABRT), ""); 106} 107#endif 108 109#ifndef __clang__ 110// This test is disabled in clang because clang doesn't properly detect 111// this buffer overflow. TODO: Fix clang. 112TEST_F(DEATHTEST, sprintf_fortified2) { 113 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 114 foo myfoo; 115 char source_buf[15]; 116 memcpy(source_buf, "12345678901234", 15); 117 ASSERT_EXIT(sprintf(myfoo.a, "%s", source_buf), 118 testing::KilledBySignal(SIGABRT), ""); 119} 120#endif 121 122#ifndef __clang__ 123// This test is disabled in clang because clang doesn't properly detect 124// this buffer overflow. TODO: Fix clang. 125TEST_F(DEATHTEST, sprintf2_fortified2) { 126 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 127 foo myfoo; 128 ASSERT_EXIT(sprintf(myfoo.a, "0123456789"), 129 testing::KilledBySignal(SIGABRT), ""); 130} 131#endif 132 133#ifndef __clang__ 134// These tests are disabled in clang because clang doesn't properly detect 135// this buffer overflow. TODO: Fix clang. 136static int vsprintf_helper2(const char *fmt, ...) { 137 foo myfoo; 138 va_list va; 139 int result; 140 141 va_start(va, fmt); 142 result = vsprintf(myfoo.a, fmt, va); // should crash here 143 va_end(va); 144 return result; 145} 146 147TEST_F(DEATHTEST, vsprintf_fortified2) { 148 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 149 ASSERT_EXIT(vsprintf_helper2("%s", "0123456789"), testing::KilledBySignal(SIGABRT), ""); 150} 151 152TEST_F(DEATHTEST, vsprintf2_fortified2) { 153 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 154 ASSERT_EXIT(vsprintf_helper2("0123456789"), testing::KilledBySignal(SIGABRT), ""); 155} 156#endif 157 158#ifndef __clang__ 159// These tests are disabled in clang because clang doesn't properly detect 160// this buffer overflow. TODO: Fix clang. 161static int vsnprintf_helper2(const char *fmt, ...) { 162 foo myfoo; 163 va_list va; 164 int result; 165 size_t size = atoi("11"); 166 167 va_start(va, fmt); 168 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here 169 va_end(va); 170 return result; 171} 172 173TEST_F(DEATHTEST, vsnprintf_fortified2) { 174 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 175 ASSERT_EXIT(vsnprintf_helper2("%s", "0123456789"), testing::KilledBySignal(SIGABRT), ""); 176} 177 178TEST_F(DEATHTEST, vsnprintf2_fortified2) { 179 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 180 ASSERT_EXIT(vsnprintf_helper2("0123456789"), testing::KilledBySignal(SIGABRT), ""); 181} 182#endif 183 184#ifndef __clang__ 185// zero sized target with "\0" source (should fail) 186// This test is disabled in clang because clang doesn't properly detect 187// this buffer overflow. TODO: Fix clang. 188TEST_F(DEATHTEST, stpcpy_fortified2) { 189#if defined(__BIONIC__) 190 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 191 foo myfoo; 192 char* src = strdup(""); 193 ASSERT_EXIT(stpcpy(myfoo.empty, src), 194 testing::KilledBySignal(SIGABRT), ""); 195 free(src); 196#else // __BIONIC__ 197 GTEST_LOG_(INFO) << "This test does nothing.\n"; 198#endif // __BIONIC__ 199} 200#endif 201 202#ifndef __clang__ 203// zero sized target with "\0" source (should fail) 204// This test is disabled in clang because clang doesn't properly detect 205// this buffer overflow. TODO: Fix clang. 206TEST_F(DEATHTEST, strcpy_fortified2) { 207#if defined(__BIONIC__) 208 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 209 foo myfoo; 210 char* src = strdup(""); 211 ASSERT_EXIT(strcpy(myfoo.empty, src), 212 testing::KilledBySignal(SIGABRT), ""); 213 free(src); 214#else // __BIONIC__ 215 GTEST_LOG_(INFO) << "This test does nothing.\n"; 216#endif // __BIONIC__ 217} 218#endif 219 220#ifndef __clang__ 221// zero sized target with longer source (should fail) 222// This test is disabled in clang because clang doesn't properly detect 223// this buffer overflow. TODO: Fix clang. 224TEST_F(DEATHTEST, strcpy2_fortified2) { 225#if defined(__BIONIC__) 226 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 227 foo myfoo; 228 char* src = strdup("1"); 229 ASSERT_EXIT(strcpy(myfoo.empty, src), 230 testing::KilledBySignal(SIGABRT), ""); 231 free(src); 232#else // __BIONIC__ 233 GTEST_LOG_(INFO) << "This test does nothing.\n"; 234#endif // __BIONIC__ 235} 236#endif 237 238#ifndef __clang__ 239// one byte target with longer source (should fail) 240// This test is disabled in clang because clang doesn't properly detect 241// this buffer overflow. TODO: Fix clang. 242TEST_F(DEATHTEST, strcpy3_fortified2) { 243#if defined(__BIONIC__) 244 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 245 foo myfoo; 246 char* src = strdup("12"); 247 ASSERT_EXIT(strcpy(myfoo.one, src), 248 testing::KilledBySignal(SIGABRT), ""); 249 free(src); 250#else // __BIONIC__ 251 GTEST_LOG_(INFO) << "This test does nothing.\n"; 252#endif // __BIONIC__ 253} 254#endif 255 256#ifndef __clang__ 257// This test is disabled in clang because clang doesn't properly detect 258// this buffer overflow. TODO: Fix clang. 259TEST_F(DEATHTEST, strchr_fortified2) { 260#if defined(__BIONIC__) 261 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 262 foo myfoo; 263 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 264 myfoo.b[0] = '\0'; 265 ASSERT_EXIT(printf("%s", strchr(myfoo.a, 'a')), 266 testing::KilledBySignal(SIGABRT), ""); 267#else // __BIONIC__ 268 GTEST_LOG_(INFO) << "This test does nothing.\n"; 269#endif // __BIONIC__ 270} 271#endif 272 273#ifndef __clang__ 274// This test is disabled in clang because clang doesn't properly detect 275// this buffer overflow. TODO: Fix clang. 276TEST_F(DEATHTEST, strrchr_fortified2) { 277#if defined(__BIONIC__) 278 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 279 foo myfoo; 280 memcpy(myfoo.a, "0123456789", 10); 281 memcpy(myfoo.b, "01234", 6); 282 ASSERT_EXIT(printf("%s", strrchr(myfoo.a, 'a')), 283 testing::KilledBySignal(SIGABRT), ""); 284#else // __BIONIC__ 285 GTEST_LOG_(INFO) << "This test does nothing.\n"; 286#endif // __BIONIC__ 287} 288#endif 289 290#ifndef __clang__ 291// This test is disabled in clang because clang doesn't properly detect 292// this buffer overflow. TODO: Fix clang. 293TEST_F(DEATHTEST, strlcpy_fortified2) { 294#if defined(__BIONIC__) 295 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 296 foo myfoo; 297 strcpy(myfoo.a, "01"); 298 size_t n = strlen(myfoo.a); 299 ASSERT_EXIT(strlcpy(myfoo.one, myfoo.a, n), 300 testing::KilledBySignal(SIGABRT), ""); 301#else // __BIONIC__ 302 GTEST_LOG_(INFO) << "This test does nothing.\n"; 303#endif // __BIONIC__ 304} 305#endif 306 307#ifndef __clang__ 308// This test is disabled in clang because clang doesn't properly detect 309// this buffer overflow. TODO: Fix clang. 310TEST_F(DEATHTEST, strlcat_fortified2) { 311#if defined(__BIONIC__) 312 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 313 foo myfoo; 314 strcpy(myfoo.a, "01"); 315 myfoo.one[0] = '\0'; 316 size_t n = strlen(myfoo.a); 317 ASSERT_EXIT(strlcat(myfoo.one, myfoo.a, n), 318 testing::KilledBySignal(SIGABRT), ""); 319#else // __BIONIC__ 320 GTEST_LOG_(INFO) << "This test does nothing.\n"; 321#endif // __BIONIC__ 322} 323#endif 324 325#ifndef __clang__ 326// This test is disabled in clang because clang doesn't properly detect 327// this buffer overflow. TODO: Fix clang. 328TEST_F(DEATHTEST, strncat_fortified2) { 329 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 330 foo myfoo; 331 size_t n = atoi("10"); // avoid compiler optimizations 332 strncpy(myfoo.a, "012345678", n); 333 ASSERT_EXIT(strncat(myfoo.a, "9", n), testing::KilledBySignal(SIGABRT), ""); 334} 335#endif 336 337#ifndef __clang__ 338// This test is disabled in clang because clang doesn't properly detect 339// this buffer overflow. TODO: Fix clang. 340TEST_F(DEATHTEST, strncat2_fortified2) { 341 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 342 foo myfoo; 343 myfoo.a[0] = '\0'; 344 size_t n = atoi("10"); // avoid compiler optimizations 345 ASSERT_EXIT(strncat(myfoo.a, "0123456789", n), testing::KilledBySignal(SIGABRT), ""); 346} 347#endif 348 349TEST_F(DEATHTEST, strncat3_fortified2) { 350 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 351 foo myfoo; 352 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 353 myfoo.b[0] = '\0'; 354 size_t n = atoi("10"); // avoid compiler optimizations 355 ASSERT_EXIT(strncat(myfoo.b, myfoo.a, n), testing::KilledBySignal(SIGABRT), ""); 356} 357 358#ifndef __clang__ 359// This test is disabled in clang because clang doesn't properly detect 360// this buffer overflow. TODO: Fix clang. 361TEST_F(DEATHTEST, strcat_fortified2) { 362 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 363 char src[11]; 364 strcpy(src, "0123456789"); 365 foo myfoo; 366 myfoo.a[0] = '\0'; 367 ASSERT_EXIT(strcat(myfoo.a, src), testing::KilledBySignal(SIGABRT), ""); 368} 369#endif 370 371TEST_F(DEATHTEST, strcat2_fortified2) { 372 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 373 foo myfoo; 374 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 375 myfoo.b[0] = '\0'; 376 ASSERT_EXIT(strcat(myfoo.b, myfoo.a), testing::KilledBySignal(SIGABRT), ""); 377} 378 379TEST_F(DEATHTEST, snprintf_fortified2) { 380 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 381 foo myfoo; 382 strcpy(myfoo.a, "012345678"); 383 size_t n = strlen(myfoo.a) + 2; 384 ASSERT_EXIT(snprintf(myfoo.b, n, "a%s", myfoo.a), testing::KilledBySignal(SIGABRT), ""); 385} 386 387TEST_F(DEATHTEST, bzero_fortified2) { 388 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 389 foo myfoo; 390 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b)); 391 size_t n = atoi("11"); 392 ASSERT_EXIT(bzero(myfoo.b, n), testing::KilledBySignal(SIGABRT), ""); 393} 394 395#endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */ 396 397// multibyte target where we over fill (should fail) 398TEST_F(DEATHTEST, strcpy_fortified) { 399#if defined(__BIONIC__) 400 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 401 char buf[10]; 402 char *orig = strdup("0123456789"); 403 ASSERT_EXIT(strcpy(buf, orig), testing::KilledBySignal(SIGABRT), ""); 404 free(orig); 405#else // __BIONIC__ 406 GTEST_LOG_(INFO) << "This test does nothing.\n"; 407#endif // __BIONIC__ 408} 409 410// zero sized target with "\0" source (should fail) 411TEST_F(DEATHTEST, strcpy2_fortified) { 412#if defined(__BIONIC__) 413 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 414 char buf[0]; 415 char *orig = strdup(""); 416 ASSERT_EXIT(strcpy(buf, orig), testing::KilledBySignal(SIGABRT), ""); 417 free(orig); 418#else // __BIONIC__ 419 GTEST_LOG_(INFO) << "This test does nothing.\n"; 420#endif // __BIONIC__ 421} 422 423// zero sized target with longer source (should fail) 424TEST_F(DEATHTEST, strcpy3_fortified) { 425#if defined(__BIONIC__) 426 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 427 char buf[0]; 428 char *orig = strdup("1"); 429 ASSERT_EXIT(strcpy(buf, orig), testing::KilledBySignal(SIGABRT), ""); 430 free(orig); 431#else // __BIONIC__ 432 GTEST_LOG_(INFO) << "This test does nothing.\n"; 433#endif // __BIONIC__ 434} 435 436// one byte target with longer source (should fail) 437TEST_F(DEATHTEST, strcpy4_fortified) { 438#if defined(__BIONIC__) 439 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 440 char buf[1]; 441 char *orig = strdup("12"); 442 ASSERT_EXIT(strcpy(buf, orig), testing::KilledBySignal(SIGABRT), ""); 443 free(orig); 444#else // __BIONIC__ 445 GTEST_LOG_(INFO) << "This test does nothing.\n"; 446#endif // __BIONIC__ 447} 448 449TEST_F(DEATHTEST, strlen_fortified) { 450#if defined(__BIONIC__) 451 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 452 char buf[10]; 453 memcpy(buf, "0123456789", sizeof(buf)); 454 ASSERT_EXIT(printf("%zd", strlen(buf)), testing::KilledBySignal(SIGABRT), ""); 455#else // __BIONIC__ 456 GTEST_LOG_(INFO) << "This test does nothing.\n"; 457#endif // __BIONIC__ 458} 459 460TEST_F(DEATHTEST, strchr_fortified) { 461#if defined(__BIONIC__) 462 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 463 char buf[10]; 464 memcpy(buf, "0123456789", sizeof(buf)); 465 ASSERT_EXIT(printf("%s", strchr(buf, 'a')), testing::KilledBySignal(SIGABRT), ""); 466#else // __BIONIC__ 467 GTEST_LOG_(INFO) << "This test does nothing.\n"; 468#endif // __BIONIC__ 469} 470 471TEST_F(DEATHTEST, strrchr_fortified) { 472#if defined(__BIONIC__) 473 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 474 char buf[10]; 475 memcpy(buf, "0123456789", sizeof(buf)); 476 ASSERT_EXIT(printf("%s", strrchr(buf, 'a')), testing::KilledBySignal(SIGABRT), ""); 477#else // __BIONIC__ 478 GTEST_LOG_(INFO) << "This test does nothing.\n"; 479#endif // __BIONIC__ 480} 481 482TEST_F(DEATHTEST, strlcpy_fortified) { 483#if defined(__BIONIC__) 484 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 485 char bufa[15]; 486 char bufb[10]; 487 strcpy(bufa, "01234567890123"); 488 size_t n = strlen(bufa); 489 ASSERT_EXIT(strlcpy(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 490#else // __BIONIC__ 491 GTEST_LOG_(INFO) << "This test does nothing.\n"; 492#endif // __BIONIC__ 493} 494 495TEST_F(DEATHTEST, strlcat_fortified) { 496#if defined(__BIONIC__) 497 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 498 char bufa[15]; 499 char bufb[10]; 500 bufb[0] = '\0'; 501 strcpy(bufa, "01234567890123"); 502 size_t n = strlen(bufa); 503 ASSERT_EXIT(strlcat(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 504#else // __BIONIC__ 505 GTEST_LOG_(INFO) << "This test does nothing.\n"; 506#endif // __BIONIC__ 507} 508 509TEST_F(DEATHTEST, sprintf_fortified) { 510 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 511 char buf[10]; 512 char source_buf[15]; 513 memcpy(source_buf, "12345678901234", 15); 514 ASSERT_EXIT(sprintf(buf, "%s", source_buf), testing::KilledBySignal(SIGABRT), ""); 515} 516 517#ifndef __clang__ 518// This test is disabled in clang because clang doesn't properly detect 519// this buffer overflow. TODO: Fix clang. 520TEST_F(DEATHTEST, sprintf_malloc_fortified) { 521 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 522 char* buf = (char *) malloc(10); 523 char source_buf[11]; 524 memcpy(source_buf, "1234567890", 11); 525 ASSERT_EXIT(sprintf(buf, "%s", source_buf), testing::KilledBySignal(SIGABRT), ""); 526 free(buf); 527} 528#endif 529 530TEST_F(DEATHTEST, sprintf2_fortified) { 531 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 532 char buf[5]; 533 ASSERT_EXIT(sprintf(buf, "aaaaa"), testing::KilledBySignal(SIGABRT), ""); 534} 535 536static int vsprintf_helper(const char *fmt, ...) { 537 char buf[10]; 538 va_list va; 539 int result; 540 541 va_start(va, fmt); 542 result = vsprintf(buf, fmt, va); // should crash here 543 va_end(va); 544 return result; 545} 546 547TEST_F(DEATHTEST, vsprintf_fortified) { 548 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 549 ASSERT_EXIT(vsprintf_helper("%s", "0123456789"), testing::KilledBySignal(SIGABRT), ""); 550} 551 552TEST_F(DEATHTEST, vsprintf2_fortified) { 553 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 554 ASSERT_EXIT(vsprintf_helper("0123456789"), testing::KilledBySignal(SIGABRT), ""); 555} 556 557static int vsnprintf_helper(const char *fmt, ...) { 558 char buf[10]; 559 va_list va; 560 int result; 561 size_t size = atoi("11"); 562 563 va_start(va, fmt); 564 result = vsnprintf(buf, size, fmt, va); // should crash here 565 va_end(va); 566 return result; 567} 568 569TEST_F(DEATHTEST, vsnprintf_fortified) { 570 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 571 ASSERT_EXIT(vsnprintf_helper("%s", "0123456789"), testing::KilledBySignal(SIGABRT), ""); 572} 573 574TEST_F(DEATHTEST, vsnprintf2_fortified) { 575 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 576 ASSERT_EXIT(vsnprintf_helper("0123456789"), testing::KilledBySignal(SIGABRT), ""); 577} 578 579TEST_F(DEATHTEST, strncat_fortified) { 580 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 581 char buf[10]; 582 size_t n = atoi("10"); // avoid compiler optimizations 583 strncpy(buf, "012345678", n); 584 ASSERT_EXIT(strncat(buf, "9", n), testing::KilledBySignal(SIGABRT), ""); 585} 586 587TEST_F(DEATHTEST, strncat2_fortified) { 588 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 589 char buf[10]; 590 buf[0] = '\0'; 591 size_t n = atoi("10"); // avoid compiler optimizations 592 ASSERT_EXIT(strncat(buf, "0123456789", n), testing::KilledBySignal(SIGABRT), ""); 593} 594 595TEST_F(DEATHTEST, strcat_fortified) { 596 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 597 char src[11]; 598 strcpy(src, "0123456789"); 599 char buf[10]; 600 buf[0] = '\0'; 601 ASSERT_EXIT(strcat(buf, src), testing::KilledBySignal(SIGABRT), ""); 602} 603 604TEST_F(DEATHTEST, memmove_fortified) { 605 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 606 char buf[20]; 607 strcpy(buf, "0123456789"); 608 size_t n = atoi("10"); 609 ASSERT_EXIT(memmove(buf + 11, buf, n), testing::KilledBySignal(SIGABRT), ""); 610} 611 612TEST_F(DEATHTEST, memcpy_fortified) { 613 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 614 char bufa[10]; 615 char bufb[10]; 616 strcpy(bufa, "012345678"); 617 size_t n = atoi("11"); 618 ASSERT_EXIT(memcpy(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 619} 620 621TEST_F(DEATHTEST, stpncpy_fortified) { 622 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 623 char bufa[15]; 624 char bufb[10]; 625 strcpy(bufa, "01234567890123"); 626 size_t n = strlen(bufa); 627 ASSERT_EXIT(stpncpy(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 628} 629 630TEST_F(DEATHTEST, stpncpy2_fortified) { 631 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 632 char dest[11]; 633 char src[10]; 634 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 635 ASSERT_EXIT(stpncpy(dest, src, sizeof(dest)), testing::KilledBySignal(SIGABRT), ""); 636} 637 638TEST_F(DEATHTEST, strncpy_fortified) { 639 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 640 char bufa[15]; 641 char bufb[10]; 642 strcpy(bufa, "01234567890123"); 643 size_t n = strlen(bufa); 644 ASSERT_EXIT(strncpy(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 645} 646 647 648TEST_F(DEATHTEST, strncpy2_fortified) { 649 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 650 char dest[11]; 651 char src[10]; 652 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 653 ASSERT_EXIT(strncpy(dest, src, sizeof(dest)), testing::KilledBySignal(SIGABRT), ""); 654} 655 656TEST_F(DEATHTEST, snprintf_fortified) { 657 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 658 char bufa[15]; 659 char bufb[10]; 660 strcpy(bufa, "0123456789"); 661 size_t n = strlen(bufa) + 1; 662 ASSERT_EXIT(snprintf(bufb, n, "%s", bufa), testing::KilledBySignal(SIGABRT), ""); 663} 664 665TEST_F(DEATHTEST, bzero_fortified) { 666 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 667 char buf[10]; 668 memcpy(buf, "0123456789", sizeof(buf)); 669 size_t n = atoi("11"); 670 ASSERT_EXIT(bzero(buf, n), testing::KilledBySignal(SIGABRT), ""); 671} 672 673TEST_F(DEATHTEST, umask_fortified) { 674 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 675 mode_t mask = atoi("1023"); // 01777 in octal 676 ASSERT_EXIT(umask(mask), testing::KilledBySignal(SIGABRT), ""); 677} 678 679TEST_F(DEATHTEST, recv_fortified) { 680 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 681 size_t data_len = atoi("11"); // suppress compiler optimizations 682 char buf[10]; 683 ASSERT_EXIT(recv(0, buf, data_len, 0), testing::KilledBySignal(SIGABRT), ""); 684} 685 686TEST_F(DEATHTEST, FD_ISSET_fortified) { 687#if defined(__BIONIC__) // glibc catches this at compile-time. 688 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 689 fd_set set; 690 memset(&set, 0, sizeof(set)); 691 ASSERT_EXIT(FD_ISSET(-1, &set), testing::KilledBySignal(SIGABRT), ""); 692#endif 693} 694 695TEST_F(DEATHTEST, FD_ISSET_2_fortified) { 696 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 697 char buf[1]; 698 fd_set* set = (fd_set*) buf; 699 ASSERT_EXIT(FD_ISSET(0, set), testing::KilledBySignal(SIGABRT), ""); 700} 701 702// gtest's ASSERT_EXIT needs a valid expression, but glibc has a do-while macro. 703static void FD_ZERO_function(fd_set* s) { FD_ZERO(s); } 704 705TEST_F(DEATHTEST, FD_ZERO_fortified) { 706 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 707 char buf[1]; 708 fd_set* set = (fd_set*) buf; 709 ASSERT_EXIT(FD_ZERO_function(set), testing::KilledBySignal(SIGABRT), ""); 710} 711 712TEST_F(DEATHTEST, read_fortified) { 713 ::testing::FLAGS_gtest_death_test_style = "threadsafe"; 714 char buf[1]; 715 size_t ct = atoi("2"); // prevent optimizations 716 int fd = open("/dev/null", O_RDONLY); 717 ASSERT_EXIT(read(fd, buf, ct), testing::KilledBySignal(SIGABRT), ""); 718 close(fd); 719} 720 721extern "C" char* __strncat_chk(char*, const char*, size_t, size_t); 722extern "C" char* __strcat_chk(char*, const char*, size_t); 723 724TEST(TEST_NAME, strncat) { 725 char buf[10]; 726 memset(buf, 'A', sizeof(buf)); 727 buf[0] = 'a'; 728 buf[1] = '\0'; 729 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf)); 730 ASSERT_EQ(buf, res); 731 ASSERT_EQ('a', buf[0]); 732 ASSERT_EQ('0', buf[1]); 733 ASSERT_EQ('1', buf[2]); 734 ASSERT_EQ('2', buf[3]); 735 ASSERT_EQ('3', buf[4]); 736 ASSERT_EQ('4', buf[5]); 737 ASSERT_EQ('\0', buf[6]); 738 ASSERT_EQ('A', buf[7]); 739 ASSERT_EQ('A', buf[8]); 740 ASSERT_EQ('A', buf[9]); 741} 742 743TEST(TEST_NAME, strncat2) { 744 char buf[10]; 745 memset(buf, 'A', sizeof(buf)); 746 buf[0] = 'a'; 747 buf[1] = '\0'; 748 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 749 ASSERT_EQ(buf, res); 750 ASSERT_EQ('a', buf[0]); 751 ASSERT_EQ('0', buf[1]); 752 ASSERT_EQ('1', buf[2]); 753 ASSERT_EQ('2', buf[3]); 754 ASSERT_EQ('3', buf[4]); 755 ASSERT_EQ('4', buf[5]); 756 ASSERT_EQ('\0', buf[6]); 757 ASSERT_EQ('A', buf[7]); 758 ASSERT_EQ('A', buf[8]); 759 ASSERT_EQ('A', buf[9]); 760} 761 762TEST(TEST_NAME, strncat3) { 763 char buf[10]; 764 memset(buf, 'A', sizeof(buf)); 765 buf[0] = '\0'; 766 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 767 ASSERT_EQ(buf, res); 768 ASSERT_EQ('0', buf[0]); 769 ASSERT_EQ('1', buf[1]); 770 ASSERT_EQ('2', buf[2]); 771 ASSERT_EQ('3', buf[3]); 772 ASSERT_EQ('4', buf[4]); 773 ASSERT_EQ('\0', buf[5]); 774 ASSERT_EQ('A', buf[6]); 775 ASSERT_EQ('A', buf[7]); 776 ASSERT_EQ('A', buf[8]); 777 ASSERT_EQ('A', buf[9]); 778} 779 780TEST(TEST_NAME, strncat4) { 781 char buf[10]; 782 memset(buf, 'A', sizeof(buf)); 783 buf[9] = '\0'; 784 char* res = __strncat_chk(buf, "", 5, sizeof(buf)); 785 ASSERT_EQ(buf, res); 786 ASSERT_EQ('A', buf[0]); 787 ASSERT_EQ('A', buf[1]); 788 ASSERT_EQ('A', buf[2]); 789 ASSERT_EQ('A', buf[3]); 790 ASSERT_EQ('A', buf[4]); 791 ASSERT_EQ('A', buf[5]); 792 ASSERT_EQ('A', buf[6]); 793 ASSERT_EQ('A', buf[7]); 794 ASSERT_EQ('A', buf[8]); 795 ASSERT_EQ('\0', buf[9]); 796} 797 798TEST(TEST_NAME, strncat5) { 799 char buf[10]; 800 memset(buf, 'A', sizeof(buf)); 801 buf[0] = 'a'; 802 buf[1] = '\0'; 803 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf)); 804 ASSERT_EQ(buf, res); 805 ASSERT_EQ('a', buf[0]); 806 ASSERT_EQ('0', buf[1]); 807 ASSERT_EQ('1', buf[2]); 808 ASSERT_EQ('2', buf[3]); 809 ASSERT_EQ('3', buf[4]); 810 ASSERT_EQ('4', buf[5]); 811 ASSERT_EQ('5', buf[6]); 812 ASSERT_EQ('6', buf[7]); 813 ASSERT_EQ('7', buf[8]); 814 ASSERT_EQ('\0', buf[9]); 815} 816 817TEST(TEST_NAME, strncat6) { 818 char buf[10]; 819 memset(buf, 'A', sizeof(buf)); 820 buf[0] = 'a'; 821 buf[1] = '\0'; 822 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf)); 823 ASSERT_EQ(buf, res); 824 ASSERT_EQ('a', buf[0]); 825 ASSERT_EQ('0', buf[1]); 826 ASSERT_EQ('1', buf[2]); 827 ASSERT_EQ('2', buf[3]); 828 ASSERT_EQ('3', buf[4]); 829 ASSERT_EQ('4', buf[5]); 830 ASSERT_EQ('5', buf[6]); 831 ASSERT_EQ('6', buf[7]); 832 ASSERT_EQ('7', buf[8]); 833 ASSERT_EQ('\0', buf[9]); 834} 835 836 837TEST(TEST_NAME, strcat) { 838 char buf[10]; 839 memset(buf, 'A', sizeof(buf)); 840 buf[0] = 'a'; 841 buf[1] = '\0'; 842 char* res = __strcat_chk(buf, "01234", sizeof(buf)); 843 ASSERT_EQ(buf, res); 844 ASSERT_EQ('a', buf[0]); 845 ASSERT_EQ('0', buf[1]); 846 ASSERT_EQ('1', buf[2]); 847 ASSERT_EQ('2', buf[3]); 848 ASSERT_EQ('3', buf[4]); 849 ASSERT_EQ('4', buf[5]); 850 ASSERT_EQ('\0', buf[6]); 851 ASSERT_EQ('A', buf[7]); 852 ASSERT_EQ('A', buf[8]); 853 ASSERT_EQ('A', buf[9]); 854} 855 856TEST(TEST_NAME, strcat2) { 857 char buf[10]; 858 memset(buf, 'A', sizeof(buf)); 859 buf[0] = 'a'; 860 buf[1] = '\0'; 861 char* res = __strcat_chk(buf, "01234567", sizeof(buf)); 862 ASSERT_EQ(buf, res); 863 ASSERT_EQ('a', buf[0]); 864 ASSERT_EQ('0', buf[1]); 865 ASSERT_EQ('1', buf[2]); 866 ASSERT_EQ('2', buf[3]); 867 ASSERT_EQ('3', buf[4]); 868 ASSERT_EQ('4', buf[5]); 869 ASSERT_EQ('5', buf[6]); 870 ASSERT_EQ('6', buf[7]); 871 ASSERT_EQ('7', buf[8]); 872 ASSERT_EQ('\0', buf[9]); 873} 874 875TEST(TEST_NAME, stpncpy) { 876 char src[10]; 877 char dst[10]; 878 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 879 stpncpy(dst, src, sizeof(dst)); 880 ASSERT_EQ('0', dst[0]); 881 ASSERT_EQ('1', dst[1]); 882 ASSERT_EQ('2', dst[2]); 883 ASSERT_EQ('3', dst[3]); 884 ASSERT_EQ('4', dst[4]); 885 ASSERT_EQ('5', dst[5]); 886 ASSERT_EQ('6', dst[6]); 887 ASSERT_EQ('7', dst[7]); 888 ASSERT_EQ('8', dst[8]); 889 ASSERT_EQ('9', dst[9]); 890} 891 892TEST(TEST_NAME, stpncpy2) { 893 char src[10]; 894 char dst[15]; 895 memcpy(src, "012345678\0", sizeof(src)); 896 stpncpy(dst, src, sizeof(dst)); 897 ASSERT_EQ('0', dst[0]); 898 ASSERT_EQ('1', dst[1]); 899 ASSERT_EQ('2', dst[2]); 900 ASSERT_EQ('3', dst[3]); 901 ASSERT_EQ('4', dst[4]); 902 ASSERT_EQ('5', dst[5]); 903 ASSERT_EQ('6', dst[6]); 904 ASSERT_EQ('7', dst[7]); 905 ASSERT_EQ('8', dst[8]); 906 ASSERT_EQ('\0', dst[9]); 907 ASSERT_EQ('\0', dst[10]); 908 ASSERT_EQ('\0', dst[11]); 909 ASSERT_EQ('\0', dst[12]); 910 ASSERT_EQ('\0', dst[13]); 911 ASSERT_EQ('\0', dst[14]); 912} 913 914TEST(TEST_NAME, strncpy) { 915 char src[10]; 916 char dst[10]; 917 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 918 strncpy(dst, src, sizeof(dst)); 919 ASSERT_EQ('0', dst[0]); 920 ASSERT_EQ('1', dst[1]); 921 ASSERT_EQ('2', dst[2]); 922 ASSERT_EQ('3', dst[3]); 923 ASSERT_EQ('4', dst[4]); 924 ASSERT_EQ('5', dst[5]); 925 ASSERT_EQ('6', dst[6]); 926 ASSERT_EQ('7', dst[7]); 927 ASSERT_EQ('8', dst[8]); 928 ASSERT_EQ('9', dst[9]); 929} 930 931TEST(TEST_NAME, strncpy2) { 932 char src[10]; 933 char dst[15]; 934 memcpy(src, "012345678\0", sizeof(src)); 935 strncpy(dst, src, sizeof(dst)); 936 ASSERT_EQ('0', dst[0]); 937 ASSERT_EQ('1', dst[1]); 938 ASSERT_EQ('2', dst[2]); 939 ASSERT_EQ('3', dst[3]); 940 ASSERT_EQ('4', dst[4]); 941 ASSERT_EQ('5', dst[5]); 942 ASSERT_EQ('6', dst[6]); 943 ASSERT_EQ('7', dst[7]); 944 ASSERT_EQ('8', dst[8]); 945 ASSERT_EQ('\0', dst[9]); 946 ASSERT_EQ('\0', dst[10]); 947 ASSERT_EQ('\0', dst[11]); 948 ASSERT_EQ('\0', dst[12]); 949 ASSERT_EQ('\0', dst[13]); 950 ASSERT_EQ('\0', dst[14]); 951} 952 953TEST(TEST_NAME, strcat_chk_max_int_size) { 954 char buf[10]; 955 memset(buf, 'A', sizeof(buf)); 956 buf[0] = 'a'; 957 buf[1] = '\0'; 958 char* res = __strcat_chk(buf, "01234567", (size_t)-1); 959 ASSERT_EQ(buf, res); 960 ASSERT_EQ('a', buf[0]); 961 ASSERT_EQ('0', buf[1]); 962 ASSERT_EQ('1', buf[2]); 963 ASSERT_EQ('2', buf[3]); 964 ASSERT_EQ('3', buf[4]); 965 ASSERT_EQ('4', buf[5]); 966 ASSERT_EQ('5', buf[6]); 967 ASSERT_EQ('6', buf[7]); 968 ASSERT_EQ('7', buf[8]); 969 ASSERT_EQ('\0', buf[9]); 970} 971 972extern "C" char* __stpcpy_chk(char*, const char*, size_t); 973 974TEST(TEST_NAME, stpcpy_chk_max_int_size) { 975 char buf[10]; 976 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1); 977 ASSERT_EQ(buf + strlen("012345678"), res); 978 ASSERT_STREQ("012345678", buf); 979} 980 981extern "C" char* __strcpy_chk(char*, const char*, size_t); 982 983TEST(TEST_NAME, strcpy_chk_max_int_size) { 984 char buf[10]; 985 char* res = __strcpy_chk(buf, "012345678", (size_t)-1); 986 ASSERT_EQ(buf, res); 987 ASSERT_STREQ("012345678", buf); 988} 989 990extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t); 991 992TEST(TEST_NAME, memcpy_chk_max_int_size) { 993 char buf[10]; 994 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1); 995 ASSERT_EQ((void*)buf, res); 996 ASSERT_EQ('0', buf[0]); 997 ASSERT_EQ('1', buf[1]); 998 ASSERT_EQ('2', buf[2]); 999 ASSERT_EQ('3', buf[3]); 1000 ASSERT_EQ('4', buf[4]); 1001 ASSERT_EQ('5', buf[5]); 1002 ASSERT_EQ('6', buf[6]); 1003 ASSERT_EQ('7', buf[7]); 1004 ASSERT_EQ('8', buf[8]); 1005 ASSERT_EQ('\0', buf[9]); 1006} 1007 1008// Verify that macro expansion is done properly for sprintf/snprintf (which 1009// are defined as macros in stdio.h under clang). 1010#define CONTENTS "macro expansion" 1011#define BUF_AND_SIZE(A) A, sizeof(A) 1012#define BUF_AND_CONTENTS(A) A, CONTENTS 1013#define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS 1014TEST(TEST_NAME, s_n_printf_macro_expansion) { 1015 char buf[BUFSIZ]; 1016 snprintf(BUF_AND_SIZE(buf), CONTENTS); 1017 EXPECT_STREQ(CONTENTS, buf); 1018 1019 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf)); 1020 EXPECT_STREQ(CONTENTS, buf); 1021 1022 sprintf(BUF_AND_CONTENTS(buf)); 1023 EXPECT_STREQ(CONTENTS, buf); 1024} 1025