fortify_test.cpp revision 9df70403d95f5cfe6824e38a9a6c35f9b9bbc76a
1/* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17#include <gtest/gtest.h> 18#include "BionicDeathTest.h" 19 20#include <fcntl.h> 21#include <malloc.h> 22#include <signal.h> 23#include <stdarg.h> 24#include <string.h> 25#include <sys/socket.h> 26#include <sys/stat.h> 27#include <sys/types.h> 28 29// Fortify test code needs to run multiple times, so TEST_NAME macro is used to 30// distinguish different tests. TEST_NAME is defined in compilation command. 31#define DEATHTEST_PASTER(name) name##_DeathTest 32#define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name) 33#define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME) 34 35class DEATHTEST : public BionicDeathTest {}; 36 37#if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2 38struct foo { 39 char empty[0]; 40 char one[1]; 41 char a[10]; 42 char b[10]; 43}; 44 45#ifndef __clang__ 46// This test is disabled in clang because clang doesn't properly detect 47// this buffer overflow. TODO: Fix clang. 48TEST_F(DEATHTEST, stpncpy_fortified2) { 49 foo myfoo; 50 int copy_amt = atoi("11"); 51 ASSERT_EXIT(stpncpy(myfoo.a, "01234567890", copy_amt), 52 testing::KilledBySignal(SIGABRT), ""); 53} 54#endif 55 56#ifndef __clang__ 57// This test is disabled in clang because clang doesn't properly detect 58// this buffer overflow. TODO: Fix clang. 59TEST_F(DEATHTEST, stpncpy2_fortified2) { 60 foo myfoo; 61 memset(&myfoo, 0, sizeof(myfoo)); 62 myfoo.one[0] = 'A'; // not null terminated string 63 ASSERT_EXIT(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)), 64 testing::KilledBySignal(SIGABRT), ""); 65} 66#endif 67 68#ifndef __clang__ 69// This test is disabled in clang because clang doesn't properly detect 70// this buffer overflow. TODO: Fix clang. 71TEST_F(DEATHTEST, strncpy_fortified2) { 72 foo myfoo; 73 int copy_amt = atoi("11"); 74 ASSERT_EXIT(strncpy(myfoo.a, "01234567890", copy_amt), 75 testing::KilledBySignal(SIGABRT), ""); 76} 77#endif 78 79#ifndef __clang__ 80// This test is disabled in clang because clang doesn't properly detect 81// this buffer overflow. TODO: Fix clang. 82TEST_F(DEATHTEST, strncpy2_fortified2) { 83 foo myfoo; 84 memset(&myfoo, 0, sizeof(myfoo)); 85 myfoo.one[0] = 'A'; // not null terminated string 86 ASSERT_EXIT(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)), 87 testing::KilledBySignal(SIGABRT), ""); 88} 89#endif 90 91#ifndef __clang__ 92// This test is disabled in clang because clang doesn't properly detect 93// this buffer overflow. TODO: Fix clang. 94TEST_F(DEATHTEST, sprintf_fortified2) { 95 foo myfoo; 96 char source_buf[15]; 97 memcpy(source_buf, "12345678901234", 15); 98 ASSERT_EXIT(sprintf(myfoo.a, "%s", source_buf), 99 testing::KilledBySignal(SIGABRT), ""); 100} 101#endif 102 103#ifndef __clang__ 104// This test is disabled in clang because clang doesn't properly detect 105// this buffer overflow. TODO: Fix clang. 106TEST_F(DEATHTEST, sprintf2_fortified2) { 107 foo myfoo; 108 ASSERT_EXIT(sprintf(myfoo.a, "0123456789"), 109 testing::KilledBySignal(SIGABRT), ""); 110} 111#endif 112 113#ifndef __clang__ 114// These tests are disabled in clang because clang doesn't properly detect 115// this buffer overflow. TODO: Fix clang. 116static int vsprintf_helper2(const char *fmt, ...) { 117 foo myfoo; 118 va_list va; 119 int result; 120 121 va_start(va, fmt); 122 result = vsprintf(myfoo.a, fmt, va); // should crash here 123 va_end(va); 124 return result; 125} 126 127TEST_F(DEATHTEST, vsprintf_fortified2) { 128 ASSERT_EXIT(vsprintf_helper2("%s", "0123456789"), testing::KilledBySignal(SIGABRT), ""); 129} 130 131TEST_F(DEATHTEST, vsprintf2_fortified2) { 132 ASSERT_EXIT(vsprintf_helper2("0123456789"), testing::KilledBySignal(SIGABRT), ""); 133} 134#endif 135 136#ifndef __clang__ 137// These tests are disabled in clang because clang doesn't properly detect 138// this buffer overflow. TODO: Fix clang. 139static int vsnprintf_helper2(const char *fmt, ...) { 140 foo myfoo; 141 va_list va; 142 int result; 143 size_t size = atoi("11"); 144 145 va_start(va, fmt); 146 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here 147 va_end(va); 148 return result; 149} 150 151TEST_F(DEATHTEST, vsnprintf_fortified2) { 152 ASSERT_EXIT(vsnprintf_helper2("%s", "0123456789"), testing::KilledBySignal(SIGABRT), ""); 153} 154 155TEST_F(DEATHTEST, vsnprintf2_fortified2) { 156 ASSERT_EXIT(vsnprintf_helper2("0123456789"), testing::KilledBySignal(SIGABRT), ""); 157} 158#endif 159 160#ifndef __clang__ 161// zero sized target with "\0" source (should fail) 162// This test is disabled in clang because clang doesn't properly detect 163// this buffer overflow. TODO: Fix clang. 164TEST_F(DEATHTEST, stpcpy_fortified2) { 165#if defined(__BIONIC__) 166 foo myfoo; 167 char* src = strdup(""); 168 ASSERT_EXIT(stpcpy(myfoo.empty, src), 169 testing::KilledBySignal(SIGABRT), ""); 170 free(src); 171#else // __BIONIC__ 172 GTEST_LOG_(INFO) << "This test does nothing.\n"; 173#endif // __BIONIC__ 174} 175#endif 176 177#ifndef __clang__ 178// zero sized target with "\0" source (should fail) 179// This test is disabled in clang because clang doesn't properly detect 180// this buffer overflow. TODO: Fix clang. 181TEST_F(DEATHTEST, strcpy_fortified2) { 182#if defined(__BIONIC__) 183 foo myfoo; 184 char* src = strdup(""); 185 ASSERT_EXIT(strcpy(myfoo.empty, src), 186 testing::KilledBySignal(SIGABRT), ""); 187 free(src); 188#else // __BIONIC__ 189 GTEST_LOG_(INFO) << "This test does nothing.\n"; 190#endif // __BIONIC__ 191} 192#endif 193 194#ifndef __clang__ 195// zero sized target with longer source (should fail) 196// This test is disabled in clang because clang doesn't properly detect 197// this buffer overflow. TODO: Fix clang. 198TEST_F(DEATHTEST, strcpy2_fortified2) { 199#if defined(__BIONIC__) 200 foo myfoo; 201 char* src = strdup("1"); 202 ASSERT_EXIT(strcpy(myfoo.empty, src), 203 testing::KilledBySignal(SIGABRT), ""); 204 free(src); 205#else // __BIONIC__ 206 GTEST_LOG_(INFO) << "This test does nothing.\n"; 207#endif // __BIONIC__ 208} 209#endif 210 211#ifndef __clang__ 212// one byte target with longer source (should fail) 213// This test is disabled in clang because clang doesn't properly detect 214// this buffer overflow. TODO: Fix clang. 215TEST_F(DEATHTEST, strcpy3_fortified2) { 216#if defined(__BIONIC__) 217 foo myfoo; 218 char* src = strdup("12"); 219 ASSERT_EXIT(strcpy(myfoo.one, src), 220 testing::KilledBySignal(SIGABRT), ""); 221 free(src); 222#else // __BIONIC__ 223 GTEST_LOG_(INFO) << "This test does nothing.\n"; 224#endif // __BIONIC__ 225} 226#endif 227 228#ifndef __clang__ 229// This test is disabled in clang because clang doesn't properly detect 230// this buffer overflow. TODO: Fix clang. 231TEST_F(DEATHTEST, strchr_fortified2) { 232#if defined(__BIONIC__) 233 foo myfoo; 234 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 235 myfoo.b[0] = '\0'; 236 ASSERT_EXIT(printf("%s", strchr(myfoo.a, 'a')), 237 testing::KilledBySignal(SIGABRT), ""); 238#else // __BIONIC__ 239 GTEST_LOG_(INFO) << "This test does nothing.\n"; 240#endif // __BIONIC__ 241} 242#endif 243 244#ifndef __clang__ 245// This test is disabled in clang because clang doesn't properly detect 246// this buffer overflow. TODO: Fix clang. 247TEST_F(DEATHTEST, strrchr_fortified2) { 248#if defined(__BIONIC__) 249 foo myfoo; 250 memcpy(myfoo.a, "0123456789", 10); 251 memcpy(myfoo.b, "01234", 6); 252 ASSERT_EXIT(printf("%s", strrchr(myfoo.a, 'a')), 253 testing::KilledBySignal(SIGABRT), ""); 254#else // __BIONIC__ 255 GTEST_LOG_(INFO) << "This test does nothing.\n"; 256#endif // __BIONIC__ 257} 258#endif 259 260#ifndef __clang__ 261// This test is disabled in clang because clang doesn't properly detect 262// this buffer overflow. TODO: Fix clang. 263TEST_F(DEATHTEST, strlcpy_fortified2) { 264#if defined(__BIONIC__) 265 foo myfoo; 266 strcpy(myfoo.a, "01"); 267 size_t n = strlen(myfoo.a); 268 ASSERT_EXIT(strlcpy(myfoo.one, myfoo.a, n), 269 testing::KilledBySignal(SIGABRT), ""); 270#else // __BIONIC__ 271 GTEST_LOG_(INFO) << "This test does nothing.\n"; 272#endif // __BIONIC__ 273} 274#endif 275 276#ifndef __clang__ 277// This test is disabled in clang because clang doesn't properly detect 278// this buffer overflow. TODO: Fix clang. 279TEST_F(DEATHTEST, strlcat_fortified2) { 280#if defined(__BIONIC__) 281 foo myfoo; 282 strcpy(myfoo.a, "01"); 283 myfoo.one[0] = '\0'; 284 size_t n = strlen(myfoo.a); 285 ASSERT_EXIT(strlcat(myfoo.one, myfoo.a, n), 286 testing::KilledBySignal(SIGABRT), ""); 287#else // __BIONIC__ 288 GTEST_LOG_(INFO) << "This test does nothing.\n"; 289#endif // __BIONIC__ 290} 291#endif 292 293#ifndef __clang__ 294// This test is disabled in clang because clang doesn't properly detect 295// this buffer overflow. TODO: Fix clang. 296TEST_F(DEATHTEST, strncat_fortified2) { 297 foo myfoo; 298 size_t n = atoi("10"); // avoid compiler optimizations 299 strncpy(myfoo.a, "012345678", n); 300 ASSERT_EXIT(strncat(myfoo.a, "9", n), testing::KilledBySignal(SIGABRT), ""); 301} 302#endif 303 304#ifndef __clang__ 305// This test is disabled in clang because clang doesn't properly detect 306// this buffer overflow. TODO: Fix clang. 307TEST_F(DEATHTEST, strncat2_fortified2) { 308 foo myfoo; 309 myfoo.a[0] = '\0'; 310 size_t n = atoi("10"); // avoid compiler optimizations 311 ASSERT_EXIT(strncat(myfoo.a, "0123456789", n), testing::KilledBySignal(SIGABRT), ""); 312} 313#endif 314 315TEST_F(DEATHTEST, strncat3_fortified2) { 316 foo myfoo; 317 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 318 myfoo.b[0] = '\0'; 319 size_t n = atoi("10"); // avoid compiler optimizations 320 ASSERT_EXIT(strncat(myfoo.b, myfoo.a, n), testing::KilledBySignal(SIGABRT), ""); 321} 322 323#ifndef __clang__ 324// This test is disabled in clang because clang doesn't properly detect 325// this buffer overflow. TODO: Fix clang. 326TEST_F(DEATHTEST, strcat_fortified2) { 327 char src[11]; 328 strcpy(src, "0123456789"); 329 foo myfoo; 330 myfoo.a[0] = '\0'; 331 ASSERT_EXIT(strcat(myfoo.a, src), testing::KilledBySignal(SIGABRT), ""); 332} 333#endif 334 335TEST_F(DEATHTEST, strcat2_fortified2) { 336 foo myfoo; 337 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 338 myfoo.b[0] = '\0'; 339 ASSERT_EXIT(strcat(myfoo.b, myfoo.a), testing::KilledBySignal(SIGABRT), ""); 340} 341 342TEST_F(DEATHTEST, snprintf_fortified2) { 343 foo myfoo; 344 strcpy(myfoo.a, "012345678"); 345 size_t n = strlen(myfoo.a) + 2; 346 ASSERT_EXIT(snprintf(myfoo.b, n, "a%s", myfoo.a), testing::KilledBySignal(SIGABRT), ""); 347} 348 349TEST_F(DEATHTEST, bzero_fortified2) { 350 foo myfoo; 351 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b)); 352 size_t n = atoi("11"); 353 ASSERT_EXIT(bzero(myfoo.b, n), testing::KilledBySignal(SIGABRT), ""); 354} 355 356#endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */ 357 358// multibyte target where we over fill (should fail) 359TEST_F(DEATHTEST, strcpy_fortified) { 360#if defined(__BIONIC__) 361 char buf[10]; 362 char *orig = strdup("0123456789"); 363 ASSERT_EXIT(strcpy(buf, orig), testing::KilledBySignal(SIGABRT), ""); 364 free(orig); 365#else // __BIONIC__ 366 GTEST_LOG_(INFO) << "This test does nothing.\n"; 367#endif // __BIONIC__ 368} 369 370// zero sized target with "\0" source (should fail) 371TEST_F(DEATHTEST, strcpy2_fortified) { 372#if defined(__BIONIC__) 373 char buf[0]; 374 char *orig = strdup(""); 375 ASSERT_EXIT(strcpy(buf, orig), testing::KilledBySignal(SIGABRT), ""); 376 free(orig); 377#else // __BIONIC__ 378 GTEST_LOG_(INFO) << "This test does nothing.\n"; 379#endif // __BIONIC__ 380} 381 382// zero sized target with longer source (should fail) 383TEST_F(DEATHTEST, strcpy3_fortified) { 384#if defined(__BIONIC__) 385 char buf[0]; 386 char *orig = strdup("1"); 387 ASSERT_EXIT(strcpy(buf, orig), testing::KilledBySignal(SIGABRT), ""); 388 free(orig); 389#else // __BIONIC__ 390 GTEST_LOG_(INFO) << "This test does nothing.\n"; 391#endif // __BIONIC__ 392} 393 394// one byte target with longer source (should fail) 395TEST_F(DEATHTEST, strcpy4_fortified) { 396#if defined(__BIONIC__) 397 char buf[1]; 398 char *orig = strdup("12"); 399 ASSERT_EXIT(strcpy(buf, orig), testing::KilledBySignal(SIGABRT), ""); 400 free(orig); 401#else // __BIONIC__ 402 GTEST_LOG_(INFO) << "This test does nothing.\n"; 403#endif // __BIONIC__ 404} 405 406TEST_F(DEATHTEST, strlen_fortified) { 407#if defined(__BIONIC__) 408 char buf[10]; 409 memcpy(buf, "0123456789", sizeof(buf)); 410 ASSERT_EXIT(printf("%zd", strlen(buf)), testing::KilledBySignal(SIGABRT), ""); 411#else // __BIONIC__ 412 GTEST_LOG_(INFO) << "This test does nothing.\n"; 413#endif // __BIONIC__ 414} 415 416TEST_F(DEATHTEST, strchr_fortified) { 417#if defined(__BIONIC__) 418 char buf[10]; 419 memcpy(buf, "0123456789", sizeof(buf)); 420 ASSERT_EXIT(printf("%s", strchr(buf, 'a')), testing::KilledBySignal(SIGABRT), ""); 421#else // __BIONIC__ 422 GTEST_LOG_(INFO) << "This test does nothing.\n"; 423#endif // __BIONIC__ 424} 425 426TEST_F(DEATHTEST, strrchr_fortified) { 427#if defined(__BIONIC__) 428 char buf[10]; 429 memcpy(buf, "0123456789", sizeof(buf)); 430 ASSERT_EXIT(printf("%s", strrchr(buf, 'a')), testing::KilledBySignal(SIGABRT), ""); 431#else // __BIONIC__ 432 GTEST_LOG_(INFO) << "This test does nothing.\n"; 433#endif // __BIONIC__ 434} 435 436TEST_F(DEATHTEST, strlcpy_fortified) { 437#if defined(__BIONIC__) 438 char bufa[15]; 439 char bufb[10]; 440 strcpy(bufa, "01234567890123"); 441 size_t n = strlen(bufa); 442 ASSERT_EXIT(strlcpy(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 443#else // __BIONIC__ 444 GTEST_LOG_(INFO) << "This test does nothing.\n"; 445#endif // __BIONIC__ 446} 447 448TEST_F(DEATHTEST, strlcat_fortified) { 449#if defined(__BIONIC__) 450 char bufa[15]; 451 char bufb[10]; 452 bufb[0] = '\0'; 453 strcpy(bufa, "01234567890123"); 454 size_t n = strlen(bufa); 455 ASSERT_EXIT(strlcat(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 456#else // __BIONIC__ 457 GTEST_LOG_(INFO) << "This test does nothing.\n"; 458#endif // __BIONIC__ 459} 460 461TEST_F(DEATHTEST, sprintf_fortified) { 462 char buf[10]; 463 char source_buf[15]; 464 memcpy(source_buf, "12345678901234", 15); 465 ASSERT_EXIT(sprintf(buf, "%s", source_buf), testing::KilledBySignal(SIGABRT), ""); 466} 467 468#ifndef __clang__ 469// This test is disabled in clang because clang doesn't properly detect 470// this buffer overflow. TODO: Fix clang. 471TEST_F(DEATHTEST, sprintf_malloc_fortified) { 472 char* buf = (char *) malloc(10); 473 char source_buf[11]; 474 memcpy(source_buf, "1234567890", 11); 475 ASSERT_EXIT(sprintf(buf, "%s", source_buf), testing::KilledBySignal(SIGABRT), ""); 476 free(buf); 477} 478#endif 479 480TEST_F(DEATHTEST, sprintf2_fortified) { 481 char buf[5]; 482 ASSERT_EXIT(sprintf(buf, "aaaaa"), testing::KilledBySignal(SIGABRT), ""); 483} 484 485static int vsprintf_helper(const char *fmt, ...) { 486 char buf[10]; 487 va_list va; 488 int result; 489 490 va_start(va, fmt); 491 result = vsprintf(buf, fmt, va); // should crash here 492 va_end(va); 493 return result; 494} 495 496TEST_F(DEATHTEST, vsprintf_fortified) { 497 ASSERT_EXIT(vsprintf_helper("%s", "0123456789"), testing::KilledBySignal(SIGABRT), ""); 498} 499 500TEST_F(DEATHTEST, vsprintf2_fortified) { 501 ASSERT_EXIT(vsprintf_helper("0123456789"), testing::KilledBySignal(SIGABRT), ""); 502} 503 504static int vsnprintf_helper(const char *fmt, ...) { 505 char buf[10]; 506 va_list va; 507 int result; 508 size_t size = atoi("11"); 509 510 va_start(va, fmt); 511 result = vsnprintf(buf, size, fmt, va); // should crash here 512 va_end(va); 513 return result; 514} 515 516TEST_F(DEATHTEST, vsnprintf_fortified) { 517 ASSERT_EXIT(vsnprintf_helper("%s", "0123456789"), testing::KilledBySignal(SIGABRT), ""); 518} 519 520TEST_F(DEATHTEST, vsnprintf2_fortified) { 521 ASSERT_EXIT(vsnprintf_helper("0123456789"), testing::KilledBySignal(SIGABRT), ""); 522} 523 524TEST_F(DEATHTEST, strncat_fortified) { 525 char buf[10]; 526 size_t n = atoi("10"); // avoid compiler optimizations 527 strncpy(buf, "012345678", n); 528 ASSERT_EXIT(strncat(buf, "9", n), testing::KilledBySignal(SIGABRT), ""); 529} 530 531TEST_F(DEATHTEST, strncat2_fortified) { 532 char buf[10]; 533 buf[0] = '\0'; 534 size_t n = atoi("10"); // avoid compiler optimizations 535 ASSERT_EXIT(strncat(buf, "0123456789", n), testing::KilledBySignal(SIGABRT), ""); 536} 537 538TEST_F(DEATHTEST, strcat_fortified) { 539 char src[11]; 540 strcpy(src, "0123456789"); 541 char buf[10]; 542 buf[0] = '\0'; 543 ASSERT_EXIT(strcat(buf, src), testing::KilledBySignal(SIGABRT), ""); 544} 545 546TEST_F(DEATHTEST, memmove_fortified) { 547 char buf[20]; 548 strcpy(buf, "0123456789"); 549 size_t n = atoi("10"); 550 ASSERT_EXIT(memmove(buf + 11, buf, n), testing::KilledBySignal(SIGABRT), ""); 551} 552 553TEST_F(DEATHTEST, memcpy_fortified) { 554 char bufa[10]; 555 char bufb[10]; 556 strcpy(bufa, "012345678"); 557 size_t n = atoi("11"); 558 ASSERT_EXIT(memcpy(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 559} 560 561TEST_F(DEATHTEST, stpncpy_fortified) { 562 char bufa[15]; 563 char bufb[10]; 564 strcpy(bufa, "01234567890123"); 565 size_t n = strlen(bufa); 566 ASSERT_EXIT(stpncpy(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 567} 568 569TEST_F(DEATHTEST, stpncpy2_fortified) { 570 char dest[11]; 571 char src[10]; 572 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 573 ASSERT_EXIT(stpncpy(dest, src, sizeof(dest)), testing::KilledBySignal(SIGABRT), ""); 574} 575 576TEST_F(DEATHTEST, strncpy_fortified) { 577 char bufa[15]; 578 char bufb[10]; 579 strcpy(bufa, "01234567890123"); 580 size_t n = strlen(bufa); 581 ASSERT_EXIT(strncpy(bufb, bufa, n), testing::KilledBySignal(SIGABRT), ""); 582} 583 584 585TEST_F(DEATHTEST, strncpy2_fortified) { 586 char dest[11]; 587 char src[10]; 588 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 589 ASSERT_EXIT(strncpy(dest, src, sizeof(dest)), testing::KilledBySignal(SIGABRT), ""); 590} 591 592TEST_F(DEATHTEST, snprintf_fortified) { 593 char bufa[15]; 594 char bufb[10]; 595 strcpy(bufa, "0123456789"); 596 size_t n = strlen(bufa) + 1; 597 ASSERT_EXIT(snprintf(bufb, n, "%s", bufa), testing::KilledBySignal(SIGABRT), ""); 598} 599 600TEST_F(DEATHTEST, bzero_fortified) { 601 char buf[10]; 602 memcpy(buf, "0123456789", sizeof(buf)); 603 size_t n = atoi("11"); 604 ASSERT_EXIT(bzero(buf, n), testing::KilledBySignal(SIGABRT), ""); 605} 606 607TEST_F(DEATHTEST, umask_fortified) { 608 mode_t mask = atoi("1023"); // 01777 in octal 609 ASSERT_EXIT(umask(mask), testing::KilledBySignal(SIGABRT), ""); 610} 611 612TEST_F(DEATHTEST, recv_fortified) { 613 size_t data_len = atoi("11"); // suppress compiler optimizations 614 char buf[10]; 615 ASSERT_EXIT(recv(0, buf, data_len, 0), testing::KilledBySignal(SIGABRT), ""); 616} 617 618TEST_F(DEATHTEST, FD_ISSET_fortified) { 619#if defined(__BIONIC__) // glibc catches this at compile-time. 620 fd_set set; 621 memset(&set, 0, sizeof(set)); 622 ASSERT_EXIT(FD_ISSET(-1, &set), testing::KilledBySignal(SIGABRT), ""); 623#endif 624} 625 626TEST_F(DEATHTEST, FD_ISSET_2_fortified) { 627 char buf[1]; 628 fd_set* set = (fd_set*) buf; 629 ASSERT_EXIT(FD_ISSET(0, set), testing::KilledBySignal(SIGABRT), ""); 630} 631 632// gtest's ASSERT_EXIT needs a valid expression, but glibc has a do-while macro. 633static void FD_ZERO_function(fd_set* s) { FD_ZERO(s); } 634 635TEST_F(DEATHTEST, FD_ZERO_fortified) { 636 char buf[1]; 637 fd_set* set = (fd_set*) buf; 638 ASSERT_EXIT(FD_ZERO_function(set), testing::KilledBySignal(SIGABRT), ""); 639} 640 641TEST_F(DEATHTEST, read_fortified) { 642 char buf[1]; 643 size_t ct = atoi("2"); // prevent optimizations 644 int fd = open("/dev/null", O_RDONLY); 645 ASSERT_EXIT(read(fd, buf, ct), testing::KilledBySignal(SIGABRT), ""); 646 close(fd); 647} 648 649extern "C" char* __strncat_chk(char*, const char*, size_t, size_t); 650extern "C" char* __strcat_chk(char*, const char*, size_t); 651 652TEST(TEST_NAME, strncat) { 653 char buf[10]; 654 memset(buf, 'A', sizeof(buf)); 655 buf[0] = 'a'; 656 buf[1] = '\0'; 657 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf)); 658 ASSERT_EQ(buf, res); 659 ASSERT_EQ('a', buf[0]); 660 ASSERT_EQ('0', buf[1]); 661 ASSERT_EQ('1', buf[2]); 662 ASSERT_EQ('2', buf[3]); 663 ASSERT_EQ('3', buf[4]); 664 ASSERT_EQ('4', buf[5]); 665 ASSERT_EQ('\0', buf[6]); 666 ASSERT_EQ('A', buf[7]); 667 ASSERT_EQ('A', buf[8]); 668 ASSERT_EQ('A', buf[9]); 669} 670 671TEST(TEST_NAME, strncat2) { 672 char buf[10]; 673 memset(buf, 'A', sizeof(buf)); 674 buf[0] = 'a'; 675 buf[1] = '\0'; 676 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 677 ASSERT_EQ(buf, res); 678 ASSERT_EQ('a', buf[0]); 679 ASSERT_EQ('0', buf[1]); 680 ASSERT_EQ('1', buf[2]); 681 ASSERT_EQ('2', buf[3]); 682 ASSERT_EQ('3', buf[4]); 683 ASSERT_EQ('4', buf[5]); 684 ASSERT_EQ('\0', buf[6]); 685 ASSERT_EQ('A', buf[7]); 686 ASSERT_EQ('A', buf[8]); 687 ASSERT_EQ('A', buf[9]); 688} 689 690TEST(TEST_NAME, strncat3) { 691 char buf[10]; 692 memset(buf, 'A', sizeof(buf)); 693 buf[0] = '\0'; 694 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 695 ASSERT_EQ(buf, res); 696 ASSERT_EQ('0', buf[0]); 697 ASSERT_EQ('1', buf[1]); 698 ASSERT_EQ('2', buf[2]); 699 ASSERT_EQ('3', buf[3]); 700 ASSERT_EQ('4', buf[4]); 701 ASSERT_EQ('\0', buf[5]); 702 ASSERT_EQ('A', buf[6]); 703 ASSERT_EQ('A', buf[7]); 704 ASSERT_EQ('A', buf[8]); 705 ASSERT_EQ('A', buf[9]); 706} 707 708TEST(TEST_NAME, strncat4) { 709 char buf[10]; 710 memset(buf, 'A', sizeof(buf)); 711 buf[9] = '\0'; 712 char* res = __strncat_chk(buf, "", 5, sizeof(buf)); 713 ASSERT_EQ(buf, res); 714 ASSERT_EQ('A', buf[0]); 715 ASSERT_EQ('A', buf[1]); 716 ASSERT_EQ('A', buf[2]); 717 ASSERT_EQ('A', buf[3]); 718 ASSERT_EQ('A', buf[4]); 719 ASSERT_EQ('A', buf[5]); 720 ASSERT_EQ('A', buf[6]); 721 ASSERT_EQ('A', buf[7]); 722 ASSERT_EQ('A', buf[8]); 723 ASSERT_EQ('\0', buf[9]); 724} 725 726TEST(TEST_NAME, strncat5) { 727 char buf[10]; 728 memset(buf, 'A', sizeof(buf)); 729 buf[0] = 'a'; 730 buf[1] = '\0'; 731 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf)); 732 ASSERT_EQ(buf, res); 733 ASSERT_EQ('a', buf[0]); 734 ASSERT_EQ('0', buf[1]); 735 ASSERT_EQ('1', buf[2]); 736 ASSERT_EQ('2', buf[3]); 737 ASSERT_EQ('3', buf[4]); 738 ASSERT_EQ('4', buf[5]); 739 ASSERT_EQ('5', buf[6]); 740 ASSERT_EQ('6', buf[7]); 741 ASSERT_EQ('7', buf[8]); 742 ASSERT_EQ('\0', buf[9]); 743} 744 745TEST(TEST_NAME, strncat6) { 746 char buf[10]; 747 memset(buf, 'A', sizeof(buf)); 748 buf[0] = 'a'; 749 buf[1] = '\0'; 750 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf)); 751 ASSERT_EQ(buf, res); 752 ASSERT_EQ('a', buf[0]); 753 ASSERT_EQ('0', buf[1]); 754 ASSERT_EQ('1', buf[2]); 755 ASSERT_EQ('2', buf[3]); 756 ASSERT_EQ('3', buf[4]); 757 ASSERT_EQ('4', buf[5]); 758 ASSERT_EQ('5', buf[6]); 759 ASSERT_EQ('6', buf[7]); 760 ASSERT_EQ('7', buf[8]); 761 ASSERT_EQ('\0', buf[9]); 762} 763 764 765TEST(TEST_NAME, strcat) { 766 char buf[10]; 767 memset(buf, 'A', sizeof(buf)); 768 buf[0] = 'a'; 769 buf[1] = '\0'; 770 char* res = __strcat_chk(buf, "01234", sizeof(buf)); 771 ASSERT_EQ(buf, res); 772 ASSERT_EQ('a', buf[0]); 773 ASSERT_EQ('0', buf[1]); 774 ASSERT_EQ('1', buf[2]); 775 ASSERT_EQ('2', buf[3]); 776 ASSERT_EQ('3', buf[4]); 777 ASSERT_EQ('4', buf[5]); 778 ASSERT_EQ('\0', buf[6]); 779 ASSERT_EQ('A', buf[7]); 780 ASSERT_EQ('A', buf[8]); 781 ASSERT_EQ('A', buf[9]); 782} 783 784TEST(TEST_NAME, strcat2) { 785 char buf[10]; 786 memset(buf, 'A', sizeof(buf)); 787 buf[0] = 'a'; 788 buf[1] = '\0'; 789 char* res = __strcat_chk(buf, "01234567", sizeof(buf)); 790 ASSERT_EQ(buf, res); 791 ASSERT_EQ('a', buf[0]); 792 ASSERT_EQ('0', buf[1]); 793 ASSERT_EQ('1', buf[2]); 794 ASSERT_EQ('2', buf[3]); 795 ASSERT_EQ('3', buf[4]); 796 ASSERT_EQ('4', buf[5]); 797 ASSERT_EQ('5', buf[6]); 798 ASSERT_EQ('6', buf[7]); 799 ASSERT_EQ('7', buf[8]); 800 ASSERT_EQ('\0', buf[9]); 801} 802 803TEST(TEST_NAME, stpncpy) { 804 char src[10]; 805 char dst[10]; 806 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 807 stpncpy(dst, src, sizeof(dst)); 808 ASSERT_EQ('0', dst[0]); 809 ASSERT_EQ('1', dst[1]); 810 ASSERT_EQ('2', dst[2]); 811 ASSERT_EQ('3', dst[3]); 812 ASSERT_EQ('4', dst[4]); 813 ASSERT_EQ('5', dst[5]); 814 ASSERT_EQ('6', dst[6]); 815 ASSERT_EQ('7', dst[7]); 816 ASSERT_EQ('8', dst[8]); 817 ASSERT_EQ('9', dst[9]); 818} 819 820TEST(TEST_NAME, stpncpy2) { 821 char src[10]; 822 char dst[15]; 823 memcpy(src, "012345678\0", sizeof(src)); 824 stpncpy(dst, src, sizeof(dst)); 825 ASSERT_EQ('0', dst[0]); 826 ASSERT_EQ('1', dst[1]); 827 ASSERT_EQ('2', dst[2]); 828 ASSERT_EQ('3', dst[3]); 829 ASSERT_EQ('4', dst[4]); 830 ASSERT_EQ('5', dst[5]); 831 ASSERT_EQ('6', dst[6]); 832 ASSERT_EQ('7', dst[7]); 833 ASSERT_EQ('8', dst[8]); 834 ASSERT_EQ('\0', dst[9]); 835 ASSERT_EQ('\0', dst[10]); 836 ASSERT_EQ('\0', dst[11]); 837 ASSERT_EQ('\0', dst[12]); 838 ASSERT_EQ('\0', dst[13]); 839 ASSERT_EQ('\0', dst[14]); 840} 841 842TEST(TEST_NAME, strncpy) { 843 char src[10]; 844 char dst[10]; 845 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 846 strncpy(dst, src, sizeof(dst)); 847 ASSERT_EQ('0', dst[0]); 848 ASSERT_EQ('1', dst[1]); 849 ASSERT_EQ('2', dst[2]); 850 ASSERT_EQ('3', dst[3]); 851 ASSERT_EQ('4', dst[4]); 852 ASSERT_EQ('5', dst[5]); 853 ASSERT_EQ('6', dst[6]); 854 ASSERT_EQ('7', dst[7]); 855 ASSERT_EQ('8', dst[8]); 856 ASSERT_EQ('9', dst[9]); 857} 858 859TEST(TEST_NAME, strncpy2) { 860 char src[10]; 861 char dst[15]; 862 memcpy(src, "012345678\0", sizeof(src)); 863 strncpy(dst, src, sizeof(dst)); 864 ASSERT_EQ('0', dst[0]); 865 ASSERT_EQ('1', dst[1]); 866 ASSERT_EQ('2', dst[2]); 867 ASSERT_EQ('3', dst[3]); 868 ASSERT_EQ('4', dst[4]); 869 ASSERT_EQ('5', dst[5]); 870 ASSERT_EQ('6', dst[6]); 871 ASSERT_EQ('7', dst[7]); 872 ASSERT_EQ('8', dst[8]); 873 ASSERT_EQ('\0', dst[9]); 874 ASSERT_EQ('\0', dst[10]); 875 ASSERT_EQ('\0', dst[11]); 876 ASSERT_EQ('\0', dst[12]); 877 ASSERT_EQ('\0', dst[13]); 878 ASSERT_EQ('\0', dst[14]); 879} 880 881TEST(TEST_NAME, strcat_chk_max_int_size) { 882 char buf[10]; 883 memset(buf, 'A', sizeof(buf)); 884 buf[0] = 'a'; 885 buf[1] = '\0'; 886 char* res = __strcat_chk(buf, "01234567", (size_t)-1); 887 ASSERT_EQ(buf, res); 888 ASSERT_EQ('a', buf[0]); 889 ASSERT_EQ('0', buf[1]); 890 ASSERT_EQ('1', buf[2]); 891 ASSERT_EQ('2', buf[3]); 892 ASSERT_EQ('3', buf[4]); 893 ASSERT_EQ('4', buf[5]); 894 ASSERT_EQ('5', buf[6]); 895 ASSERT_EQ('6', buf[7]); 896 ASSERT_EQ('7', buf[8]); 897 ASSERT_EQ('\0', buf[9]); 898} 899 900extern "C" char* __stpcpy_chk(char*, const char*, size_t); 901 902TEST(TEST_NAME, stpcpy_chk_max_int_size) { 903 char buf[10]; 904 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1); 905 ASSERT_EQ(buf + strlen("012345678"), res); 906 ASSERT_STREQ("012345678", buf); 907} 908 909extern "C" char* __strcpy_chk(char*, const char*, size_t); 910 911TEST(TEST_NAME, strcpy_chk_max_int_size) { 912 char buf[10]; 913 char* res = __strcpy_chk(buf, "012345678", (size_t)-1); 914 ASSERT_EQ(buf, res); 915 ASSERT_STREQ("012345678", buf); 916} 917 918extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t); 919 920TEST(TEST_NAME, memcpy_chk_max_int_size) { 921 char buf[10]; 922 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1); 923 ASSERT_EQ((void*)buf, res); 924 ASSERT_EQ('0', buf[0]); 925 ASSERT_EQ('1', buf[1]); 926 ASSERT_EQ('2', buf[2]); 927 ASSERT_EQ('3', buf[3]); 928 ASSERT_EQ('4', buf[4]); 929 ASSERT_EQ('5', buf[5]); 930 ASSERT_EQ('6', buf[6]); 931 ASSERT_EQ('7', buf[7]); 932 ASSERT_EQ('8', buf[8]); 933 ASSERT_EQ('\0', buf[9]); 934} 935 936// Verify that macro expansion is done properly for sprintf/snprintf (which 937// are defined as macros in stdio.h under clang). 938#define CONTENTS "macro expansion" 939#define BUF_AND_SIZE(A) A, sizeof(A) 940#define BUF_AND_CONTENTS(A) A, CONTENTS 941#define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS 942TEST(TEST_NAME, s_n_printf_macro_expansion) { 943 char buf[BUFSIZ]; 944 snprintf(BUF_AND_SIZE(buf), CONTENTS); 945 EXPECT_STREQ(CONTENTS, buf); 946 947 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf)); 948 EXPECT_STREQ(CONTENTS, buf); 949 950 sprintf(BUF_AND_CONTENTS(buf)); 951 EXPECT_STREQ(CONTENTS, buf); 952} 953