1/* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17// -Werror is on whether we like it or not, and we're intentionally doing awful 18// things in this file. GCC is dumb and doesn't have a specific error class for 19// the fortify failures (it's just -Werror), so we can't use anything more 20// constrained than disabling all the warnings in the file :( It also won't let 21// us use system_header in a .cpp file, so we have to #include this from 22// fortify_test_main.cpp. 23#pragma GCC system_header 24 25#include <gtest/gtest.h> 26#include "BionicDeathTest.h" 27 28#include <fcntl.h> 29#include <malloc.h> 30#include <poll.h> 31#include <signal.h> 32#include <stdarg.h> 33#include <string.h> 34#include <sys/socket.h> 35#include <sys/stat.h> 36#include <sys/types.h> 37#include <time.h> 38 39#if __BIONIC__ 40#define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY") 41#else 42#define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "") 43#endif 44 45// Fortify test code needs to run multiple times, so TEST_NAME macro is used to 46// distinguish different tests. TEST_NAME is defined in compilation command. 47#define DEATHTEST_PASTER(name) name##_DeathTest 48#define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name) 49#define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME) 50 51class DEATHTEST : public BionicDeathTest {}; 52 53#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2 54struct foo { 55 char empty[0]; 56 char one[1]; 57 char a[10]; 58 char b[10]; 59}; 60 61#ifndef __clang__ 62// This test is disabled in clang because clang doesn't properly detect 63// this buffer overflow. TODO: Fix clang. 64TEST_F(DEATHTEST, stpncpy_fortified2) { 65 foo myfoo; 66 int copy_amt = atoi("11"); 67 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt)); 68} 69#endif 70 71#ifndef __clang__ 72// This test is disabled in clang because clang doesn't properly detect 73// this buffer overflow. TODO: Fix clang. 74TEST_F(DEATHTEST, stpncpy2_fortified2) { 75 foo myfoo; 76 memset(&myfoo, 0, sizeof(myfoo)); 77 myfoo.one[0] = 'A'; // not null terminated string 78 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b))); 79} 80#endif 81 82#ifndef __clang__ 83// This test is disabled in clang because clang doesn't properly detect 84// this buffer overflow. TODO: Fix clang. 85TEST_F(DEATHTEST, strncpy_fortified2) { 86 foo myfoo; 87 int copy_amt = atoi("11"); 88 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt)); 89} 90#endif 91 92#ifndef __clang__ 93// This test is disabled in clang because clang doesn't properly detect 94// this buffer overflow. TODO: Fix clang. 95TEST_F(DEATHTEST, strncpy2_fortified2) { 96 foo myfoo; 97 memset(&myfoo, 0, sizeof(myfoo)); 98 myfoo.one[0] = 'A'; // not null terminated string 99 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b))); 100} 101#endif 102 103#ifndef __clang__ 104// This test is disabled in clang because clang doesn't properly detect 105// this buffer overflow. TODO: Fix clang. 106TEST_F(DEATHTEST, sprintf_fortified2) { 107 foo myfoo; 108 char source_buf[15]; 109 memcpy(source_buf, "12345678901234", 15); 110 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf)); 111} 112#endif 113 114#ifndef __clang__ 115// This test is disabled in clang because clang doesn't properly detect 116// this buffer overflow. TODO: Fix clang. 117TEST_F(DEATHTEST, sprintf2_fortified2) { 118 foo myfoo; 119 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789")); 120} 121#endif 122 123#ifndef __clang__ 124// These tests are disabled in clang because clang doesn't properly detect 125// this buffer overflow. TODO: Fix clang. 126static int vsprintf_helper2(const char *fmt, ...) { 127 foo myfoo; 128 va_list va; 129 int result; 130 131 va_start(va, fmt); 132 result = vsprintf(myfoo.a, fmt, va); // should crash here 133 va_end(va); 134 return result; 135} 136 137TEST_F(DEATHTEST, vsprintf_fortified2) { 138 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789")); 139} 140 141TEST_F(DEATHTEST, vsprintf2_fortified2) { 142 ASSERT_FORTIFY(vsprintf_helper2("0123456789")); 143} 144#endif 145 146#ifndef __clang__ 147// These tests are disabled in clang because clang doesn't properly detect 148// this buffer overflow. TODO: Fix clang. 149static int vsnprintf_helper2(const char *fmt, ...) { 150 foo myfoo; 151 va_list va; 152 int result; 153 size_t size = atoi("11"); 154 155 va_start(va, fmt); 156 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here 157 va_end(va); 158 return result; 159} 160 161TEST_F(DEATHTEST, vsnprintf_fortified2) { 162 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789")); 163} 164 165TEST_F(DEATHTEST, vsnprintf2_fortified2) { 166 ASSERT_FORTIFY(vsnprintf_helper2("0123456789")); 167} 168#endif 169 170#ifndef __clang__ 171// zero sized target with "\0" source (should fail) 172// This test is disabled in clang because clang doesn't properly detect 173// this buffer overflow. TODO: Fix clang. 174TEST_F(DEATHTEST, stpcpy_fortified2) { 175#if defined(__BIONIC__) 176 foo myfoo; 177 char* src = strdup(""); 178 ASSERT_FORTIFY(stpcpy(myfoo.empty, src)); 179 free(src); 180#else // __BIONIC__ 181 GTEST_LOG_(INFO) << "This test does nothing.\n"; 182#endif // __BIONIC__ 183} 184#endif 185 186#ifndef __clang__ 187// zero sized target with "\0" source (should fail) 188// This test is disabled in clang because clang doesn't properly detect 189// this buffer overflow. TODO: Fix clang. 190TEST_F(DEATHTEST, strcpy_fortified2) { 191#if defined(__BIONIC__) 192 foo myfoo; 193 char* src = strdup(""); 194 ASSERT_FORTIFY(strcpy(myfoo.empty, src)); 195 free(src); 196#else // __BIONIC__ 197 GTEST_LOG_(INFO) << "This test does nothing.\n"; 198#endif // __BIONIC__ 199} 200#endif 201 202#ifndef __clang__ 203// zero sized target with longer source (should fail) 204// This test is disabled in clang because clang doesn't properly detect 205// this buffer overflow. TODO: Fix clang. 206TEST_F(DEATHTEST, strcpy2_fortified2) { 207#if defined(__BIONIC__) 208 foo myfoo; 209 char* src = strdup("1"); 210 ASSERT_FORTIFY(strcpy(myfoo.empty, src)); 211 free(src); 212#else // __BIONIC__ 213 GTEST_LOG_(INFO) << "This test does nothing.\n"; 214#endif // __BIONIC__ 215} 216#endif 217 218#ifndef __clang__ 219// one byte target with longer source (should fail) 220// This test is disabled in clang because clang doesn't properly detect 221// this buffer overflow. TODO: Fix clang. 222TEST_F(DEATHTEST, strcpy3_fortified2) { 223#if defined(__BIONIC__) 224 foo myfoo; 225 char* src = strdup("12"); 226 ASSERT_FORTIFY(strcpy(myfoo.one, src)); 227 free(src); 228#else // __BIONIC__ 229 GTEST_LOG_(INFO) << "This test does nothing.\n"; 230#endif // __BIONIC__ 231} 232#endif 233 234#ifndef __clang__ 235// This test is disabled in clang because clang doesn't properly detect 236// this buffer overflow. TODO: Fix clang. 237TEST_F(DEATHTEST, strchr_fortified2) { 238#if defined(__BIONIC__) 239 foo myfoo; 240 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 241 myfoo.b[0] = '\0'; 242 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a'))); 243#else // __BIONIC__ 244 GTEST_LOG_(INFO) << "This test does nothing.\n"; 245#endif // __BIONIC__ 246} 247#endif 248 249#ifndef __clang__ 250// This test is disabled in clang because clang doesn't properly detect 251// this buffer overflow. TODO: Fix clang. 252TEST_F(DEATHTEST, strrchr_fortified2) { 253#if defined(__BIONIC__) 254 foo myfoo; 255 memcpy(myfoo.a, "0123456789", 10); 256 memcpy(myfoo.b, "01234", 6); 257 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a'))); 258#else // __BIONIC__ 259 GTEST_LOG_(INFO) << "This test does nothing.\n"; 260#endif // __BIONIC__ 261} 262#endif 263 264#ifndef __clang__ 265// This test is disabled in clang because clang doesn't properly detect 266// this buffer overflow. TODO: Fix clang. 267TEST_F(DEATHTEST, strlcpy_fortified2) { 268#if defined(__BIONIC__) 269 foo myfoo; 270 strcpy(myfoo.a, "01"); 271 size_t n = strlen(myfoo.a); 272 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n)); 273#else // __BIONIC__ 274 GTEST_LOG_(INFO) << "This test does nothing.\n"; 275#endif // __BIONIC__ 276} 277#endif 278 279#ifndef __clang__ 280// This test is disabled in clang because clang doesn't properly detect 281// this buffer overflow. TODO: Fix clang. 282TEST_F(DEATHTEST, strlcat_fortified2) { 283#if defined(__BIONIC__) 284 foo myfoo; 285 strcpy(myfoo.a, "01"); 286 myfoo.one[0] = '\0'; 287 size_t n = strlen(myfoo.a); 288 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n)); 289#else // __BIONIC__ 290 GTEST_LOG_(INFO) << "This test does nothing.\n"; 291#endif // __BIONIC__ 292} 293#endif 294 295#ifndef __clang__ 296// This test is disabled in clang because clang doesn't properly detect 297// this buffer overflow. TODO: Fix clang. 298TEST_F(DEATHTEST, strncat_fortified2) { 299 foo myfoo; 300 size_t n = atoi("10"); // avoid compiler optimizations 301 strncpy(myfoo.a, "012345678", n); 302 ASSERT_FORTIFY(strncat(myfoo.a, "9", n)); 303} 304#endif 305 306#ifndef __clang__ 307// This test is disabled in clang because clang doesn't properly detect 308// this buffer overflow. TODO: Fix clang. 309TEST_F(DEATHTEST, strncat2_fortified2) { 310 foo myfoo; 311 myfoo.a[0] = '\0'; 312 size_t n = atoi("10"); // avoid compiler optimizations 313 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n)); 314} 315#endif 316 317TEST_F(DEATHTEST, strncat3_fortified2) { 318 foo myfoo; 319 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 320 myfoo.b[0] = '\0'; 321 size_t n = atoi("10"); // avoid compiler optimizations 322 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n)); 323} 324 325#ifndef __clang__ 326// This test is disabled in clang because clang doesn't properly detect 327// this buffer overflow. TODO: Fix clang. 328TEST_F(DEATHTEST, strcat_fortified2) { 329 char src[11]; 330 strcpy(src, "0123456789"); 331 foo myfoo; 332 myfoo.a[0] = '\0'; 333 ASSERT_FORTIFY(strcat(myfoo.a, src)); 334} 335#endif 336 337TEST_F(DEATHTEST, strcat2_fortified2) { 338 foo myfoo; 339 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 340 myfoo.b[0] = '\0'; 341 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a)); 342} 343 344TEST_F(DEATHTEST, snprintf_fortified2) { 345 foo myfoo; 346 strcpy(myfoo.a, "012345678"); 347 size_t n = strlen(myfoo.a) + 2; 348 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a)); 349} 350 351TEST_F(DEATHTEST, bzero_fortified2) { 352 foo myfoo; 353 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b)); 354 size_t n = atoi("11"); 355 ASSERT_FORTIFY(bzero(myfoo.b, n)); 356} 357 358#endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */ 359 360// multibyte target where we over fill (should fail) 361TEST_F(DEATHTEST, strcpy_fortified) { 362#if defined(__BIONIC__) 363 char buf[10]; 364 char *orig = strdup("0123456789"); 365 ASSERT_FORTIFY(strcpy(buf, orig)); 366 free(orig); 367#else // __BIONIC__ 368 GTEST_LOG_(INFO) << "This test does nothing.\n"; 369#endif // __BIONIC__ 370} 371 372// zero sized target with "\0" source (should fail) 373TEST_F(DEATHTEST, strcpy2_fortified) { 374#if defined(__BIONIC__) 375 char buf[0]; 376 char *orig = strdup(""); 377 ASSERT_FORTIFY(strcpy(buf, orig)); 378 free(orig); 379#else // __BIONIC__ 380 GTEST_LOG_(INFO) << "This test does nothing.\n"; 381#endif // __BIONIC__ 382} 383 384// zero sized target with longer source (should fail) 385TEST_F(DEATHTEST, strcpy3_fortified) { 386#if defined(__BIONIC__) 387 char buf[0]; 388 char *orig = strdup("1"); 389 ASSERT_FORTIFY(strcpy(buf, orig)); 390 free(orig); 391#else // __BIONIC__ 392 GTEST_LOG_(INFO) << "This test does nothing.\n"; 393#endif // __BIONIC__ 394} 395 396// one byte target with longer source (should fail) 397TEST_F(DEATHTEST, strcpy4_fortified) { 398#if defined(__BIONIC__) 399 char buf[1]; 400 char *orig = strdup("12"); 401 ASSERT_FORTIFY(strcpy(buf, orig)); 402 free(orig); 403#else // __BIONIC__ 404 GTEST_LOG_(INFO) << "This test does nothing.\n"; 405#endif // __BIONIC__ 406} 407 408TEST_F(DEATHTEST, strlen_fortified) { 409#if defined(__BIONIC__) 410 char buf[10]; 411 memcpy(buf, "0123456789", sizeof(buf)); 412 ASSERT_FORTIFY(printf("%zd", strlen(buf))); 413#else // __BIONIC__ 414 GTEST_LOG_(INFO) << "This test does nothing.\n"; 415#endif // __BIONIC__ 416} 417 418TEST_F(DEATHTEST, strchr_fortified) { 419#if defined(__BIONIC__) 420 char buf[10]; 421 memcpy(buf, "0123456789", sizeof(buf)); 422 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a'))); 423#else // __BIONIC__ 424 GTEST_LOG_(INFO) << "This test does nothing.\n"; 425#endif // __BIONIC__ 426} 427 428TEST_F(DEATHTEST, strrchr_fortified) { 429#if defined(__BIONIC__) 430 char buf[10]; 431 memcpy(buf, "0123456789", sizeof(buf)); 432 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a'))); 433#else // __BIONIC__ 434 GTEST_LOG_(INFO) << "This test does nothing.\n"; 435#endif // __BIONIC__ 436} 437 438TEST_F(DEATHTEST, strlcpy_fortified) { 439#if defined(__BIONIC__) 440 char bufa[15]; 441 char bufb[10]; 442 strcpy(bufa, "01234567890123"); 443 size_t n = strlen(bufa); 444 ASSERT_FORTIFY(strlcpy(bufb, bufa, n)); 445#else // __BIONIC__ 446 GTEST_LOG_(INFO) << "This test does nothing.\n"; 447#endif // __BIONIC__ 448} 449 450TEST_F(DEATHTEST, strlcat_fortified) { 451#if defined(__BIONIC__) 452 char bufa[15]; 453 char bufb[10]; 454 bufb[0] = '\0'; 455 strcpy(bufa, "01234567890123"); 456 size_t n = strlen(bufa); 457 ASSERT_FORTIFY(strlcat(bufb, bufa, n)); 458#else // __BIONIC__ 459 GTEST_LOG_(INFO) << "This test does nothing.\n"; 460#endif // __BIONIC__ 461} 462 463TEST_F(DEATHTEST, sprintf_fortified) { 464 char buf[10]; 465 char source_buf[15]; 466 memcpy(source_buf, "12345678901234", 15); 467 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf)); 468} 469 470#ifndef __clang__ 471// This test is disabled in clang because clang doesn't properly detect 472// this buffer overflow. TODO: Fix clang. 473TEST_F(DEATHTEST, sprintf_malloc_fortified) { 474 char* buf = (char *) malloc(10); 475 char source_buf[11]; 476 memcpy(source_buf, "1234567890", 11); 477 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf)); 478 free(buf); 479} 480#endif 481 482TEST_F(DEATHTEST, sprintf2_fortified) { 483 char buf[5]; 484 ASSERT_FORTIFY(sprintf(buf, "aaaaa")); 485} 486 487static int vsprintf_helper(const char *fmt, ...) { 488 char buf[10]; 489 va_list va; 490 int result; 491 492 va_start(va, fmt); 493 result = vsprintf(buf, fmt, va); // should crash here 494 va_end(va); 495 return result; 496} 497 498TEST_F(DEATHTEST, vsprintf_fortified) { 499 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789")); 500} 501 502TEST_F(DEATHTEST, vsprintf2_fortified) { 503 ASSERT_FORTIFY(vsprintf_helper("0123456789")); 504} 505 506static int vsnprintf_helper(const char *fmt, ...) { 507 char buf[10]; 508 va_list va; 509 int result; 510 size_t size = atoi("11"); 511 512 va_start(va, fmt); 513 result = vsnprintf(buf, size, fmt, va); // should crash here 514 va_end(va); 515 return result; 516} 517 518TEST_F(DEATHTEST, vsnprintf_fortified) { 519 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789")); 520} 521 522TEST_F(DEATHTEST, vsnprintf2_fortified) { 523 ASSERT_FORTIFY(vsnprintf_helper("0123456789")); 524} 525 526TEST_F(DEATHTEST, strncat_fortified) { 527 char buf[10]; 528 size_t n = atoi("10"); // avoid compiler optimizations 529 strncpy(buf, "012345678", n); 530 ASSERT_FORTIFY(strncat(buf, "9", n)); 531} 532 533TEST_F(DEATHTEST, strncat2_fortified) { 534 char buf[10]; 535 buf[0] = '\0'; 536 size_t n = atoi("10"); // avoid compiler optimizations 537 ASSERT_FORTIFY(strncat(buf, "0123456789", n)); 538} 539 540TEST_F(DEATHTEST, strcat_fortified) { 541 char src[11]; 542 strcpy(src, "0123456789"); 543 char buf[10]; 544 buf[0] = '\0'; 545 ASSERT_FORTIFY(strcat(buf, src)); 546} 547 548TEST_F(DEATHTEST, memmove_fortified) { 549 char buf[20]; 550 strcpy(buf, "0123456789"); 551 size_t n = atoi("10"); 552 ASSERT_FORTIFY(memmove(buf + 11, buf, n)); 553} 554 555TEST_F(DEATHTEST, memcpy_fortified) { 556 char bufa[10]; 557 char bufb[10]; 558 strcpy(bufa, "012345678"); 559 size_t n = atoi("11"); 560 ASSERT_FORTIFY(memcpy(bufb, bufa, n)); 561} 562 563TEST_F(DEATHTEST, stpncpy_fortified) { 564 char bufa[15]; 565 char bufb[10]; 566 strcpy(bufa, "01234567890123"); 567 size_t n = strlen(bufa); 568 ASSERT_FORTIFY(stpncpy(bufb, bufa, n)); 569} 570 571TEST_F(DEATHTEST, stpncpy2_fortified) { 572 char dest[11]; 573 char src[10]; 574 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 575 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest))); 576} 577 578TEST_F(DEATHTEST, strncpy_fortified) { 579 char bufa[15]; 580 char bufb[10]; 581 strcpy(bufa, "01234567890123"); 582 size_t n = strlen(bufa); 583 ASSERT_FORTIFY(strncpy(bufb, bufa, n)); 584} 585 586 587TEST_F(DEATHTEST, strncpy2_fortified) { 588 char dest[11]; 589 char src[10]; 590 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 591 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest))); 592} 593 594TEST_F(DEATHTEST, snprintf_fortified) { 595 char bufa[15]; 596 char bufb[10]; 597 strcpy(bufa, "0123456789"); 598 size_t n = strlen(bufa) + 1; 599 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa)); 600} 601 602TEST_F(DEATHTEST, bzero_fortified) { 603 char buf[10]; 604 memcpy(buf, "0123456789", sizeof(buf)); 605 size_t n = atoi("11"); 606 ASSERT_FORTIFY(bzero(buf, n)); 607} 608 609TEST_F(DEATHTEST, umask_fortified) { 610 mode_t mask = atoi("1023"); // 01777 in octal 611 ASSERT_FORTIFY(umask(mask)); 612} 613 614TEST_F(DEATHTEST, recv_fortified) { 615 size_t data_len = atoi("11"); // suppress compiler optimizations 616 char buf[10]; 617 ASSERT_FORTIFY(recv(0, buf, data_len, 0)); 618} 619 620TEST_F(DEATHTEST, FD_ISSET_fortified) { 621#if defined(__BIONIC__) // glibc catches this at compile-time. 622 fd_set set; 623 memset(&set, 0, sizeof(set)); 624 ASSERT_FORTIFY(FD_ISSET(-1, &set)); 625#endif 626} 627 628TEST_F(DEATHTEST, FD_ISSET_2_fortified) { 629 char buf[1]; 630 fd_set* set = (fd_set*) buf; 631 ASSERT_FORTIFY(FD_ISSET(0, set)); 632} 633 634TEST_F(DEATHTEST, getcwd_fortified) { 635 char buf[1]; 636 size_t ct = atoi("2"); // prevent optimizations 637 ASSERT_FORTIFY(getcwd(buf, ct)); 638} 639 640TEST_F(DEATHTEST, pread_fortified) { 641 char buf[1]; 642 size_t ct = atoi("2"); // prevent optimizations 643 int fd = open("/dev/null", O_RDONLY); 644 ASSERT_FORTIFY(pread(fd, buf, ct, 0)); 645 close(fd); 646} 647 648TEST_F(DEATHTEST, pread64_fortified) { 649 char buf[1]; 650 size_t ct = atoi("2"); // prevent optimizations 651 int fd = open("/dev/null", O_RDONLY); 652 ASSERT_FORTIFY(pread64(fd, buf, ct, 0)); 653 close(fd); 654} 655 656TEST_F(DEATHTEST, pwrite_fortified) { 657 char buf[1] = {0}; 658 size_t ct = atoi("2"); // prevent optimizations 659 int fd = open("/dev/null", O_WRONLY); 660 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0)); 661 close(fd); 662} 663 664TEST_F(DEATHTEST, pwrite64_fortified) { 665 char buf[1] = {0}; 666 size_t ct = atoi("2"); // prevent optimizations 667 int fd = open("/dev/null", O_WRONLY); 668 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0)); 669 close(fd); 670} 671 672TEST_F(DEATHTEST, read_fortified) { 673 char buf[1]; 674 size_t ct = atoi("2"); // prevent optimizations 675 int fd = open("/dev/null", O_RDONLY); 676 ASSERT_FORTIFY(read(fd, buf, ct)); 677 close(fd); 678} 679 680TEST_F(DEATHTEST, write_fortified) { 681 char buf[1] = {0}; 682 size_t ct = atoi("2"); // prevent optimizations 683 int fd = open("/dev/null", O_WRONLY); 684 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), ""); 685 close(fd); 686} 687 688TEST_F(DEATHTEST, fread_fortified) { 689 char buf[1]; 690 size_t ct = atoi("2"); // prevent optimizations 691 FILE* fp = fopen("/dev/null", "r"); 692 ASSERT_FORTIFY(fread(buf, 1, ct, fp)); 693 fclose(fp); 694} 695 696TEST_F(DEATHTEST, fwrite_fortified) { 697 char buf[1] = {0}; 698 size_t ct = atoi("2"); // prevent optimizations 699 FILE* fp = fopen("/dev/null", "w"); 700 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp)); 701 fclose(fp); 702} 703 704TEST_F(DEATHTEST, readlink_fortified) { 705 char buf[1]; 706 size_t ct = atoi("2"); // prevent optimizations 707 ASSERT_FORTIFY(readlink("/dev/null", buf, ct)); 708} 709 710TEST_F(DEATHTEST, readlinkat_fortified) { 711 char buf[1]; 712 size_t ct = atoi("2"); // prevent optimizations 713 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct)); 714} 715 716extern "C" char* __strncat_chk(char*, const char*, size_t, size_t); 717extern "C" char* __strcat_chk(char*, const char*, size_t); 718 719TEST(TEST_NAME, strncat) { 720 char buf[10]; 721 memset(buf, 'A', sizeof(buf)); 722 buf[0] = 'a'; 723 buf[1] = '\0'; 724 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf)); 725 ASSERT_EQ(buf, res); 726 ASSERT_EQ('a', buf[0]); 727 ASSERT_EQ('0', buf[1]); 728 ASSERT_EQ('1', buf[2]); 729 ASSERT_EQ('2', buf[3]); 730 ASSERT_EQ('3', buf[4]); 731 ASSERT_EQ('4', buf[5]); 732 ASSERT_EQ('\0', buf[6]); 733 ASSERT_EQ('A', buf[7]); 734 ASSERT_EQ('A', buf[8]); 735 ASSERT_EQ('A', buf[9]); 736} 737 738TEST(TEST_NAME, strncat2) { 739 char buf[10]; 740 memset(buf, 'A', sizeof(buf)); 741 buf[0] = 'a'; 742 buf[1] = '\0'; 743 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 744 ASSERT_EQ(buf, res); 745 ASSERT_EQ('a', buf[0]); 746 ASSERT_EQ('0', buf[1]); 747 ASSERT_EQ('1', buf[2]); 748 ASSERT_EQ('2', buf[3]); 749 ASSERT_EQ('3', buf[4]); 750 ASSERT_EQ('4', buf[5]); 751 ASSERT_EQ('\0', buf[6]); 752 ASSERT_EQ('A', buf[7]); 753 ASSERT_EQ('A', buf[8]); 754 ASSERT_EQ('A', buf[9]); 755} 756 757TEST(TEST_NAME, strncat3) { 758 char buf[10]; 759 memset(buf, 'A', sizeof(buf)); 760 buf[0] = '\0'; 761 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 762 ASSERT_EQ(buf, res); 763 ASSERT_EQ('0', buf[0]); 764 ASSERT_EQ('1', buf[1]); 765 ASSERT_EQ('2', buf[2]); 766 ASSERT_EQ('3', buf[3]); 767 ASSERT_EQ('4', buf[4]); 768 ASSERT_EQ('\0', buf[5]); 769 ASSERT_EQ('A', buf[6]); 770 ASSERT_EQ('A', buf[7]); 771 ASSERT_EQ('A', buf[8]); 772 ASSERT_EQ('A', buf[9]); 773} 774 775TEST(TEST_NAME, strncat4) { 776 char buf[10]; 777 memset(buf, 'A', sizeof(buf)); 778 buf[9] = '\0'; 779 char* res = __strncat_chk(buf, "", 5, sizeof(buf)); 780 ASSERT_EQ(buf, res); 781 ASSERT_EQ('A', buf[0]); 782 ASSERT_EQ('A', buf[1]); 783 ASSERT_EQ('A', buf[2]); 784 ASSERT_EQ('A', buf[3]); 785 ASSERT_EQ('A', buf[4]); 786 ASSERT_EQ('A', buf[5]); 787 ASSERT_EQ('A', buf[6]); 788 ASSERT_EQ('A', buf[7]); 789 ASSERT_EQ('A', buf[8]); 790 ASSERT_EQ('\0', buf[9]); 791} 792 793TEST(TEST_NAME, strncat5) { 794 char buf[10]; 795 memset(buf, 'A', sizeof(buf)); 796 buf[0] = 'a'; 797 buf[1] = '\0'; 798 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf)); 799 ASSERT_EQ(buf, res); 800 ASSERT_EQ('a', buf[0]); 801 ASSERT_EQ('0', buf[1]); 802 ASSERT_EQ('1', buf[2]); 803 ASSERT_EQ('2', buf[3]); 804 ASSERT_EQ('3', buf[4]); 805 ASSERT_EQ('4', buf[5]); 806 ASSERT_EQ('5', buf[6]); 807 ASSERT_EQ('6', buf[7]); 808 ASSERT_EQ('7', buf[8]); 809 ASSERT_EQ('\0', buf[9]); 810} 811 812TEST(TEST_NAME, strncat6) { 813 char buf[10]; 814 memset(buf, 'A', sizeof(buf)); 815 buf[0] = 'a'; 816 buf[1] = '\0'; 817 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf)); 818 ASSERT_EQ(buf, res); 819 ASSERT_EQ('a', buf[0]); 820 ASSERT_EQ('0', buf[1]); 821 ASSERT_EQ('1', buf[2]); 822 ASSERT_EQ('2', buf[3]); 823 ASSERT_EQ('3', buf[4]); 824 ASSERT_EQ('4', buf[5]); 825 ASSERT_EQ('5', buf[6]); 826 ASSERT_EQ('6', buf[7]); 827 ASSERT_EQ('7', buf[8]); 828 ASSERT_EQ('\0', buf[9]); 829} 830 831 832TEST(TEST_NAME, strcat) { 833 char buf[10]; 834 memset(buf, 'A', sizeof(buf)); 835 buf[0] = 'a'; 836 buf[1] = '\0'; 837 char* res = __strcat_chk(buf, "01234", sizeof(buf)); 838 ASSERT_EQ(buf, res); 839 ASSERT_EQ('a', buf[0]); 840 ASSERT_EQ('0', buf[1]); 841 ASSERT_EQ('1', buf[2]); 842 ASSERT_EQ('2', buf[3]); 843 ASSERT_EQ('3', buf[4]); 844 ASSERT_EQ('4', buf[5]); 845 ASSERT_EQ('\0', buf[6]); 846 ASSERT_EQ('A', buf[7]); 847 ASSERT_EQ('A', buf[8]); 848 ASSERT_EQ('A', buf[9]); 849} 850 851TEST(TEST_NAME, strcat2) { 852 char buf[10]; 853 memset(buf, 'A', sizeof(buf)); 854 buf[0] = 'a'; 855 buf[1] = '\0'; 856 char* res = __strcat_chk(buf, "01234567", sizeof(buf)); 857 ASSERT_EQ(buf, res); 858 ASSERT_EQ('a', buf[0]); 859 ASSERT_EQ('0', buf[1]); 860 ASSERT_EQ('1', buf[2]); 861 ASSERT_EQ('2', buf[3]); 862 ASSERT_EQ('3', buf[4]); 863 ASSERT_EQ('4', buf[5]); 864 ASSERT_EQ('5', buf[6]); 865 ASSERT_EQ('6', buf[7]); 866 ASSERT_EQ('7', buf[8]); 867 ASSERT_EQ('\0', buf[9]); 868} 869 870TEST(TEST_NAME, stpncpy) { 871 char src[10]; 872 char dst[10]; 873 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 874 stpncpy(dst, src, sizeof(dst)); 875 ASSERT_EQ('0', dst[0]); 876 ASSERT_EQ('1', dst[1]); 877 ASSERT_EQ('2', dst[2]); 878 ASSERT_EQ('3', dst[3]); 879 ASSERT_EQ('4', dst[4]); 880 ASSERT_EQ('5', dst[5]); 881 ASSERT_EQ('6', dst[6]); 882 ASSERT_EQ('7', dst[7]); 883 ASSERT_EQ('8', dst[8]); 884 ASSERT_EQ('9', dst[9]); 885} 886 887TEST(TEST_NAME, stpncpy2) { 888 char src[10]; 889 char dst[15]; 890 memcpy(src, "012345678\0", sizeof(src)); 891 stpncpy(dst, src, sizeof(dst)); 892 ASSERT_EQ('0', dst[0]); 893 ASSERT_EQ('1', dst[1]); 894 ASSERT_EQ('2', dst[2]); 895 ASSERT_EQ('3', dst[3]); 896 ASSERT_EQ('4', dst[4]); 897 ASSERT_EQ('5', dst[5]); 898 ASSERT_EQ('6', dst[6]); 899 ASSERT_EQ('7', dst[7]); 900 ASSERT_EQ('8', dst[8]); 901 ASSERT_EQ('\0', dst[9]); 902 ASSERT_EQ('\0', dst[10]); 903 ASSERT_EQ('\0', dst[11]); 904 ASSERT_EQ('\0', dst[12]); 905 ASSERT_EQ('\0', dst[13]); 906 ASSERT_EQ('\0', dst[14]); 907} 908 909TEST(TEST_NAME, strncpy) { 910 char src[10]; 911 char dst[10]; 912 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 913 strncpy(dst, src, sizeof(dst)); 914 ASSERT_EQ('0', dst[0]); 915 ASSERT_EQ('1', dst[1]); 916 ASSERT_EQ('2', dst[2]); 917 ASSERT_EQ('3', dst[3]); 918 ASSERT_EQ('4', dst[4]); 919 ASSERT_EQ('5', dst[5]); 920 ASSERT_EQ('6', dst[6]); 921 ASSERT_EQ('7', dst[7]); 922 ASSERT_EQ('8', dst[8]); 923 ASSERT_EQ('9', dst[9]); 924} 925 926TEST(TEST_NAME, strncpy2) { 927 char src[10]; 928 char dst[15]; 929 memcpy(src, "012345678\0", sizeof(src)); 930 strncpy(dst, src, sizeof(dst)); 931 ASSERT_EQ('0', dst[0]); 932 ASSERT_EQ('1', dst[1]); 933 ASSERT_EQ('2', dst[2]); 934 ASSERT_EQ('3', dst[3]); 935 ASSERT_EQ('4', dst[4]); 936 ASSERT_EQ('5', dst[5]); 937 ASSERT_EQ('6', dst[6]); 938 ASSERT_EQ('7', dst[7]); 939 ASSERT_EQ('8', dst[8]); 940 ASSERT_EQ('\0', dst[9]); 941 ASSERT_EQ('\0', dst[10]); 942 ASSERT_EQ('\0', dst[11]); 943 ASSERT_EQ('\0', dst[12]); 944 ASSERT_EQ('\0', dst[13]); 945 ASSERT_EQ('\0', dst[14]); 946} 947 948TEST(TEST_NAME, strcat_chk_max_int_size) { 949 char buf[10]; 950 memset(buf, 'A', sizeof(buf)); 951 buf[0] = 'a'; 952 buf[1] = '\0'; 953 char* res = __strcat_chk(buf, "01234567", (size_t)-1); 954 ASSERT_EQ(buf, res); 955 ASSERT_EQ('a', buf[0]); 956 ASSERT_EQ('0', buf[1]); 957 ASSERT_EQ('1', buf[2]); 958 ASSERT_EQ('2', buf[3]); 959 ASSERT_EQ('3', buf[4]); 960 ASSERT_EQ('4', buf[5]); 961 ASSERT_EQ('5', buf[6]); 962 ASSERT_EQ('6', buf[7]); 963 ASSERT_EQ('7', buf[8]); 964 ASSERT_EQ('\0', buf[9]); 965} 966 967extern "C" char* __stpcpy_chk(char*, const char*, size_t); 968 969TEST(TEST_NAME, stpcpy_chk_max_int_size) { 970 char buf[10]; 971 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1); 972 ASSERT_EQ(buf + strlen("012345678"), res); 973 ASSERT_STREQ("012345678", buf); 974} 975 976extern "C" char* __strcpy_chk(char*, const char*, size_t); 977 978TEST(TEST_NAME, strcpy_chk_max_int_size) { 979 char buf[10]; 980 char* res = __strcpy_chk(buf, "012345678", (size_t)-1); 981 ASSERT_EQ(buf, res); 982 ASSERT_STREQ("012345678", buf); 983} 984 985extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t); 986 987TEST(TEST_NAME, memcpy_chk_max_int_size) { 988 char buf[10]; 989 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1); 990 ASSERT_EQ((void*)buf, res); 991 ASSERT_EQ('0', buf[0]); 992 ASSERT_EQ('1', buf[1]); 993 ASSERT_EQ('2', buf[2]); 994 ASSERT_EQ('3', buf[3]); 995 ASSERT_EQ('4', buf[4]); 996 ASSERT_EQ('5', buf[5]); 997 ASSERT_EQ('6', buf[6]); 998 ASSERT_EQ('7', buf[7]); 999 ASSERT_EQ('8', buf[8]); 1000 ASSERT_EQ('\0', buf[9]); 1001} 1002 1003// Verify that macro expansion is done properly for sprintf/snprintf (which 1004// are defined as macros in stdio.h under clang). 1005#define CONTENTS "macro expansion" 1006#define BUF_AND_SIZE(A) A, sizeof(A) 1007#define BUF_AND_CONTENTS(A) A, CONTENTS 1008#define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS 1009TEST(TEST_NAME, s_n_printf_macro_expansion) { 1010 char buf[BUFSIZ]; 1011 snprintf(BUF_AND_SIZE(buf), CONTENTS); 1012 EXPECT_STREQ(CONTENTS, buf); 1013 1014 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf)); 1015 EXPECT_STREQ(CONTENTS, buf); 1016 1017 sprintf(BUF_AND_CONTENTS(buf)); 1018 EXPECT_STREQ(CONTENTS, buf); 1019} 1020 1021TEST_F(DEATHTEST, poll_fortified) { 1022 nfds_t fd_count = atoi("2"); // suppress compiler optimizations 1023 pollfd buf[1] = {{0, POLLIN, 0}}; 1024 // Set timeout to zero to prevent waiting in poll when fortify test fails. 1025 ASSERT_FORTIFY(poll(buf, fd_count, 0)); 1026} 1027 1028TEST_F(DEATHTEST, ppoll_fortified) { 1029 nfds_t fd_count = atoi("2"); // suppress compiler optimizations 1030 pollfd buf[1] = {{0, POLLIN, 0}}; 1031 // Set timeout to zero to prevent waiting in ppoll when fortify test fails. 1032 timespec timeout; 1033 timeout.tv_sec = timeout.tv_nsec = 0; 1034 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL)); 1035} 1036