1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <gtest/gtest.h>
18
19 #include <fcntl.h>
20 #include <malloc.h>
21 #include <poll.h>
22 #include <signal.h>
23 #include <stdarg.h>
24 #include <string.h>
25 #include <sys/socket.h>
26 #include <sys/stat.h>
27 #include <sys/types.h>
28 #include <time.h>
29
30 #include <android-base/silent_death_test.h>
31
32 #if defined(__BIONIC__)
33 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
34 #else
35 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
36 #endif
37
38 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
39 // distinguish different tests. TEST_NAME is defined in compilation command.
40 #define DEATHTEST_PASTER(name) name##_DeathTest
41 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
42 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
43
44 using DEATHTEST = SilentDeathTest;
45
46 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
47 struct foo {
48 char empty[0];
49 char one[1];
50 char a[10];
51 char b[10];
52 };
53
TEST_F(DEATHTEST,stpncpy_fortified2)54 TEST_F(DEATHTEST, stpncpy_fortified2) {
55 foo myfoo;
56 int copy_amt = atoi("11");
57 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
58 }
59
TEST_F(DEATHTEST,stpncpy2_fortified2)60 TEST_F(DEATHTEST, stpncpy2_fortified2) {
61 foo myfoo;
62 memset(&myfoo, 0, sizeof(myfoo));
63 myfoo.one[0] = 'A'; // not null terminated string
64 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
65 }
66
TEST_F(DEATHTEST,strncpy_fortified2)67 TEST_F(DEATHTEST, strncpy_fortified2) {
68 foo myfoo;
69 int copy_amt = atoi("11");
70 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
71 }
72
TEST_F(DEATHTEST,strncpy2_fortified2)73 TEST_F(DEATHTEST, strncpy2_fortified2) {
74 foo myfoo;
75 memset(&myfoo, 0, sizeof(myfoo));
76 myfoo.one[0] = 'A'; // not null terminated string
77 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
78 }
79
TEST_F(DEATHTEST,sprintf_fortified2)80 TEST_F(DEATHTEST, sprintf_fortified2) {
81 foo myfoo;
82 char source_buf[15];
83 memcpy(source_buf, "12345678901234", 15);
84 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
85 }
86
TEST_F(DEATHTEST,sprintf2_fortified2)87 TEST_F(DEATHTEST, sprintf2_fortified2) {
88 foo myfoo;
89 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
90 }
91
vsprintf_helper2(const char * fmt,...)92 static int vsprintf_helper2(const char *fmt, ...) {
93 foo myfoo;
94 va_list va;
95 int result;
96
97 va_start(va, fmt);
98 result = vsprintf(myfoo.a, fmt, va); // should crash here
99 va_end(va);
100 return result;
101 }
102
TEST_F(DEATHTEST,vsprintf_fortified2)103 TEST_F(DEATHTEST, vsprintf_fortified2) {
104 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
105 }
106
TEST_F(DEATHTEST,vsprintf2_fortified2)107 TEST_F(DEATHTEST, vsprintf2_fortified2) {
108 ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
109 }
110
vsnprintf_helper2(const char * fmt,...)111 static int vsnprintf_helper2(const char *fmt, ...) {
112 foo myfoo;
113 va_list va;
114 int result;
115 size_t size = atoi("11");
116
117 va_start(va, fmt);
118 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
119 va_end(va);
120 return result;
121 }
122
TEST_F(DEATHTEST,vsnprintf_fortified2)123 TEST_F(DEATHTEST, vsnprintf_fortified2) {
124 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
125 }
126
TEST_F(DEATHTEST,vsnprintf2_fortified2)127 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
128 ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
129 }
130
131 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,stpcpy_fortified2)132 TEST_F(DEATHTEST, stpcpy_fortified2) {
133 #if defined(__BIONIC__)
134 foo myfoo;
135 char* src = strdup("");
136 ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
137 free(src);
138 #else // __BIONIC__
139 GTEST_SKIP() << "stpcpy not available";
140 #endif // __BIONIC__
141 }
142
143 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy_fortified2)144 TEST_F(DEATHTEST, strcpy_fortified2) {
145 #if defined(__BIONIC__)
146 foo myfoo;
147 char* src = strdup("");
148 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
149 free(src);
150 #else // __BIONIC__
151 GTEST_SKIP() << "glibc is broken";
152 #endif // __BIONIC__
153 }
154
155 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified2)156 TEST_F(DEATHTEST, strcpy2_fortified2) {
157 #if defined(__BIONIC__)
158 foo myfoo;
159 char* src = strdup("1");
160 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
161 free(src);
162 #else // __BIONIC__
163 GTEST_SKIP() << "glibc is broken";
164 #endif // __BIONIC__
165 }
166
167 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified2)168 TEST_F(DEATHTEST, strcpy3_fortified2) {
169 #if defined(__BIONIC__)
170 foo myfoo;
171 char* src = strdup("12");
172 ASSERT_FORTIFY(strcpy(myfoo.one, src));
173 free(src);
174 #else // __BIONIC__
175 GTEST_SKIP() << "glibc is broken";
176 #endif // __BIONIC__
177 }
178
TEST_F(DEATHTEST,strchr_fortified2)179 TEST_F(DEATHTEST, strchr_fortified2) {
180 #if defined(__BIONIC__)
181 foo myfoo;
182 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
183 myfoo.b[0] = '\0';
184 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
185 ASSERT_FORTIFY(printf("%s", strchr(static_cast<const char*>(myfoo.a), 'a')));
186 #else // __BIONIC__
187 GTEST_SKIP() << "glibc is broken";
188 #endif // __BIONIC__
189 }
190
TEST_F(DEATHTEST,strrchr_fortified2)191 TEST_F(DEATHTEST, strrchr_fortified2) {
192 #if defined(__BIONIC__)
193 foo myfoo;
194 memcpy(myfoo.a, "0123456789", 10);
195 memcpy(myfoo.b, "01234", 6);
196 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
197 ASSERT_FORTIFY(printf("%s", strrchr(static_cast<const char*>(myfoo.a), 'a')));
198 #else // __BIONIC__
199 GTEST_SKIP() << "glibc is broken";
200 #endif // __BIONIC__
201 }
202
TEST_F(DEATHTEST,memchr_fortified2)203 TEST_F(DEATHTEST, memchr_fortified2) {
204 #if defined(__BIONIC__)
205 foo myfoo;
206 volatile int asize = sizeof(myfoo.a) + 1;
207 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
208 ASSERT_FORTIFY(printf("%s", static_cast<const char*>(memchr(myfoo.a, 'a', asize))));
209 ASSERT_FORTIFY(printf(
210 "%s", static_cast<const char*>(memchr(static_cast<const void*>(myfoo.a), 'a', asize))));
211 #else // __BIONIC__
212 GTEST_SKIP() << "glibc is broken";
213 #endif // __BIONIC__
214 }
215
TEST_F(DEATHTEST,memrchr_fortified2)216 TEST_F(DEATHTEST, memrchr_fortified2) {
217 #if defined(__BIONIC__)
218 foo myfoo;
219 volatile int asize = sizeof(myfoo.a) + 1;
220 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
221 ASSERT_FORTIFY(printf("%s", static_cast<const char*>(memrchr(myfoo.a, 'a', asize))));
222 ASSERT_FORTIFY(printf(
223 "%s", static_cast<const char*>(memrchr(static_cast<const void*>(myfoo.a), 'a', asize))));
224 #else // __BIONIC__
225 GTEST_SKIP() << "glibc is broken";
226 #endif // __BIONIC__
227 }
228
TEST_F(DEATHTEST,strlcpy_fortified2)229 TEST_F(DEATHTEST, strlcpy_fortified2) {
230 #if defined(__BIONIC__)
231 foo myfoo;
232 strcpy(myfoo.a, "01");
233 size_t n = strlen(myfoo.a);
234 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
235 #else // __BIONIC__
236 GTEST_SKIP() << "strlcpy not available";
237 #endif // __BIONIC__
238 }
239
TEST_F(DEATHTEST,strlcat_fortified2)240 TEST_F(DEATHTEST, strlcat_fortified2) {
241 #if defined(__BIONIC__)
242 foo myfoo;
243 strcpy(myfoo.a, "01");
244 myfoo.one[0] = '\0';
245 size_t n = strlen(myfoo.a);
246 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
247 #else // __BIONIC__
248 GTEST_SKIP() << "strlcat not available";
249 #endif // __BIONIC__
250 }
251
TEST_F(DEATHTEST,strncat_fortified2)252 TEST_F(DEATHTEST, strncat_fortified2) {
253 foo myfoo;
254 size_t n = atoi("10"); // avoid compiler optimizations
255 strncpy(myfoo.a, "012345678", n);
256 ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
257 }
258
TEST_F(DEATHTEST,strncat2_fortified2)259 TEST_F(DEATHTEST, strncat2_fortified2) {
260 foo myfoo;
261 myfoo.a[0] = '\0';
262 size_t n = atoi("10"); // avoid compiler optimizations
263 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
264 }
265
TEST_F(DEATHTEST,strncat3_fortified2)266 TEST_F(DEATHTEST, strncat3_fortified2) {
267 foo myfoo;
268 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
269 myfoo.b[0] = '\0';
270 size_t n = atoi("10"); // avoid compiler optimizations
271 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
272 }
273
TEST_F(DEATHTEST,strcat_fortified2)274 TEST_F(DEATHTEST, strcat_fortified2) {
275 char src[11];
276 strcpy(src, "0123456789");
277 foo myfoo;
278 myfoo.a[0] = '\0';
279 ASSERT_FORTIFY(strcat(myfoo.a, src));
280 }
281
TEST_F(DEATHTEST,strcat2_fortified2)282 TEST_F(DEATHTEST, strcat2_fortified2) {
283 foo myfoo;
284 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
285 myfoo.b[0] = '\0';
286 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
287 }
288
TEST_F(DEATHTEST,snprintf_fortified2)289 TEST_F(DEATHTEST, snprintf_fortified2) {
290 foo myfoo;
291 strcpy(myfoo.a, "012345678");
292 size_t n = strlen(myfoo.a) + 2;
293 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
294 }
295
TEST_F(DEATHTEST,bzero_fortified2)296 TEST_F(DEATHTEST, bzero_fortified2) {
297 foo myfoo;
298 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
299 size_t n = atoi("11");
300 ASSERT_FORTIFY(bzero(myfoo.b, n));
301 }
302
303 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
304
305 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)306 TEST_F(DEATHTEST, strcpy_fortified) {
307 #if defined(__BIONIC__)
308 char buf[10];
309 char *orig = strdup("0123456789");
310 ASSERT_FORTIFY(strcpy(buf, orig));
311 free(orig);
312 #else // __BIONIC__
313 GTEST_SKIP() << "glibc is broken";
314 #endif // __BIONIC__
315 }
316
317 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)318 TEST_F(DEATHTEST, strcpy2_fortified) {
319 #if defined(__BIONIC__)
320 char buf[0];
321 char *orig = strdup("");
322 ASSERT_FORTIFY(strcpy(buf, orig));
323 free(orig);
324 #else // __BIONIC__
325 GTEST_SKIP() << "glibc is broken";
326 #endif // __BIONIC__
327 }
328
329 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)330 TEST_F(DEATHTEST, strcpy3_fortified) {
331 #if defined(__BIONIC__)
332 char buf[0];
333 char *orig = strdup("1");
334 ASSERT_FORTIFY(strcpy(buf, orig));
335 free(orig);
336 #else // __BIONIC__
337 GTEST_SKIP() << "glibc is broken";
338 #endif // __BIONIC__
339 }
340
341 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)342 TEST_F(DEATHTEST, strcpy4_fortified) {
343 #if defined(__BIONIC__)
344 char buf[1];
345 char *orig = strdup("12");
346 ASSERT_FORTIFY(strcpy(buf, orig));
347 free(orig);
348 #else // __BIONIC__
349 GTEST_SKIP() << "glibc is broken";
350 #endif // __BIONIC__
351 }
352
TEST_F(DEATHTEST,strlen_fortified)353 TEST_F(DEATHTEST, strlen_fortified) {
354 #if defined(__BIONIC__)
355 char buf[10];
356 memcpy(buf, "0123456789", sizeof(buf));
357 ASSERT_FORTIFY(printf("%zd", strlen(buf)));
358 #else // __BIONIC__
359 GTEST_SKIP() << "glibc is broken";
360 #endif // __BIONIC__
361 }
362
TEST_F(DEATHTEST,strchr_fortified)363 TEST_F(DEATHTEST, strchr_fortified) {
364 #if defined(__BIONIC__)
365 char buf[10];
366 memcpy(buf, "0123456789", sizeof(buf));
367 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
368 #else // __BIONIC__
369 GTEST_SKIP() << "glibc is broken";
370 #endif // __BIONIC__
371 }
372
TEST_F(DEATHTEST,strrchr_fortified)373 TEST_F(DEATHTEST, strrchr_fortified) {
374 #if defined(__BIONIC__)
375 char buf[10];
376 memcpy(buf, "0123456789", sizeof(buf));
377 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
378 #else // __BIONIC__
379 GTEST_SKIP() << "glibc is broken";
380 #endif // __BIONIC__
381 }
382
TEST_F(DEATHTEST,strlcpy_fortified)383 TEST_F(DEATHTEST, strlcpy_fortified) {
384 #if defined(__BIONIC__)
385 char bufa[15];
386 char bufb[10];
387 strcpy(bufa, "01234567890123");
388 size_t n = strlen(bufa);
389 ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
390 #else // __BIONIC__
391 GTEST_SKIP() << "strlcpy not available";
392 #endif // __BIONIC__
393 }
394
TEST_F(DEATHTEST,strlcat_fortified)395 TEST_F(DEATHTEST, strlcat_fortified) {
396 #if defined(__BIONIC__)
397 char bufa[15];
398 char bufb[10];
399 bufb[0] = '\0';
400 strcpy(bufa, "01234567890123");
401 size_t n = strlen(bufa);
402 ASSERT_FORTIFY(strlcat(bufb, bufa, n));
403 #else // __BIONIC__
404 GTEST_SKIP() << "strlcat not available";
405 #endif // __BIONIC__
406 }
407
TEST_F(DEATHTEST,sprintf_fortified)408 TEST_F(DEATHTEST, sprintf_fortified) {
409 char buf[10];
410 char source_buf[15];
411 memcpy(source_buf, "12345678901234", 15);
412 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
413 }
414
TEST_F(DEATHTEST,sprintf_malloc_fortified)415 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
416 char* buf = (char *) malloc(10);
417 char source_buf[11];
418 memcpy(source_buf, "1234567890", 11);
419 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
420 free(buf);
421 }
422
TEST_F(DEATHTEST,sprintf2_fortified)423 TEST_F(DEATHTEST, sprintf2_fortified) {
424 char buf[5];
425 ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
426 }
427
vsprintf_helper(const char * fmt,...)428 static int vsprintf_helper(const char *fmt, ...) {
429 char buf[10];
430 va_list va;
431 int result;
432
433 va_start(va, fmt);
434 result = vsprintf(buf, fmt, va); // should crash here
435 va_end(va);
436 return result;
437 }
438
TEST_F(DEATHTEST,vsprintf_fortified)439 TEST_F(DEATHTEST, vsprintf_fortified) {
440 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
441 }
442
TEST_F(DEATHTEST,vsprintf2_fortified)443 TEST_F(DEATHTEST, vsprintf2_fortified) {
444 ASSERT_FORTIFY(vsprintf_helper("0123456789"));
445 }
446
vsnprintf_helper(const char * fmt,...)447 static int vsnprintf_helper(const char *fmt, ...) {
448 char buf[10];
449 va_list va;
450 int result;
451 size_t size = atoi("11");
452
453 va_start(va, fmt);
454 result = vsnprintf(buf, size, fmt, va); // should crash here
455 va_end(va);
456 return result;
457 }
458
TEST_F(DEATHTEST,vsnprintf_fortified)459 TEST_F(DEATHTEST, vsnprintf_fortified) {
460 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
461 }
462
TEST_F(DEATHTEST,vsnprintf2_fortified)463 TEST_F(DEATHTEST, vsnprintf2_fortified) {
464 ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
465 }
466
TEST_F(DEATHTEST,strncat_fortified)467 TEST_F(DEATHTEST, strncat_fortified) {
468 char buf[10];
469 size_t n = atoi("10"); // avoid compiler optimizations
470 strncpy(buf, "012345678", n);
471 ASSERT_FORTIFY(strncat(buf, "9", n));
472 }
473
TEST_F(DEATHTEST,strncat2_fortified)474 TEST_F(DEATHTEST, strncat2_fortified) {
475 char buf[10];
476 buf[0] = '\0';
477 size_t n = atoi("10"); // avoid compiler optimizations
478 ASSERT_FORTIFY(strncat(buf, "0123456789", n));
479 }
480
TEST_F(DEATHTEST,strcat_fortified)481 TEST_F(DEATHTEST, strcat_fortified) {
482 char src[11];
483 strcpy(src, "0123456789");
484 char buf[10];
485 buf[0] = '\0';
486 ASSERT_FORTIFY(strcat(buf, src));
487 }
488
TEST_F(DEATHTEST,memmove_fortified)489 TEST_F(DEATHTEST, memmove_fortified) {
490 char buf[20];
491 strcpy(buf, "0123456789");
492 size_t n = atoi("10");
493 ASSERT_FORTIFY(memmove(buf + 11, buf, n));
494 }
495
TEST_F(DEATHTEST,memcpy_fortified)496 TEST_F(DEATHTEST, memcpy_fortified) {
497 char bufa[10];
498 char bufb[10];
499 strcpy(bufa, "012345678");
500 size_t n = atoi("11");
501 ASSERT_FORTIFY(memcpy(bufb, bufa, n));
502 }
503
TEST_F(DEATHTEST,memset_fortified)504 TEST_F(DEATHTEST, memset_fortified) {
505 char buf[10];
506 size_t n = atoi("11");
507 ASSERT_FORTIFY(memset(buf, 0, n));
508 }
509
TEST_F(DEATHTEST,stpncpy_fortified)510 TEST_F(DEATHTEST, stpncpy_fortified) {
511 char bufa[15];
512 char bufb[10];
513 strcpy(bufa, "01234567890123");
514 size_t n = strlen(bufa);
515 ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
516 }
517
TEST_F(DEATHTEST,stpncpy2_fortified)518 TEST_F(DEATHTEST, stpncpy2_fortified) {
519 char dest[11];
520 char src[10];
521 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
522 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
523 }
524
TEST_F(DEATHTEST,strncpy_fortified)525 TEST_F(DEATHTEST, strncpy_fortified) {
526 char bufa[15];
527 char bufb[10];
528 strcpy(bufa, "01234567890123");
529 size_t n = strlen(bufa);
530 ASSERT_FORTIFY(strncpy(bufb, bufa, n));
531 }
532
533
TEST_F(DEATHTEST,strncpy2_fortified)534 TEST_F(DEATHTEST, strncpy2_fortified) {
535 char dest[11];
536 char src[10];
537 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
538 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
539 }
540
TEST_F(DEATHTEST,snprintf_fortified)541 TEST_F(DEATHTEST, snprintf_fortified) {
542 char bufa[15];
543 char bufb[10];
544 strcpy(bufa, "0123456789");
545 size_t n = strlen(bufa) + 1;
546 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
547 }
548
TEST_F(DEATHTEST,bzero_fortified)549 TEST_F(DEATHTEST, bzero_fortified) {
550 char buf[10];
551 memcpy(buf, "0123456789", sizeof(buf));
552 size_t n = atoi("11");
553 ASSERT_FORTIFY(bzero(buf, n));
554 }
555
TEST_F(DEATHTEST,umask_fortified)556 TEST_F(DEATHTEST, umask_fortified) {
557 mode_t mask = atoi("1023"); // 01777 in octal
558 ASSERT_FORTIFY(umask(mask));
559 }
560
TEST_F(DEATHTEST,recv_fortified)561 TEST_F(DEATHTEST, recv_fortified) {
562 size_t data_len = atoi("11"); // suppress compiler optimizations
563 char buf[10];
564 ASSERT_FORTIFY(recv(0, buf, data_len, 0));
565 }
566
TEST_F(DEATHTEST,send_fortified)567 TEST_F(DEATHTEST, send_fortified) {
568 size_t data_len = atoi("11"); // suppress compiler optimizations
569 char buf[10] = {0};
570 ASSERT_FORTIFY(send(0, buf, data_len, 0));
571 }
572
TEST_F(DEATHTEST,FD_ISSET_fortified)573 TEST_F(DEATHTEST, FD_ISSET_fortified) {
574 #if defined(__BIONIC__) // glibc catches this at compile-time.
575 fd_set set;
576 memset(&set, 0, sizeof(set));
577 ASSERT_FORTIFY(FD_ISSET(-1, &set));
578 #endif
579 }
580
TEST_F(DEATHTEST,FD_ISSET_2_fortified)581 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
582 char buf[1];
583 fd_set* set = (fd_set*) buf;
584 ASSERT_FORTIFY(FD_ISSET(0, set));
585 }
586
TEST_F(DEATHTEST,getcwd_fortified)587 TEST_F(DEATHTEST, getcwd_fortified) {
588 char buf[1];
589 size_t ct = atoi("2"); // prevent optimizations
590 ASSERT_FORTIFY(getcwd(buf, ct));
591 }
592
TEST_F(DEATHTEST,pread_fortified)593 TEST_F(DEATHTEST, pread_fortified) {
594 char buf[1];
595 size_t ct = atoi("2"); // prevent optimizations
596 int fd = open("/dev/null", O_RDONLY);
597 ASSERT_FORTIFY(pread(fd, buf, ct, 0));
598 close(fd);
599 }
600
TEST_F(DEATHTEST,pread64_fortified)601 TEST_F(DEATHTEST, pread64_fortified) {
602 char buf[1];
603 size_t ct = atoi("2"); // prevent optimizations
604 int fd = open("/dev/null", O_RDONLY);
605 ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
606 close(fd);
607 }
608
TEST_F(DEATHTEST,pwrite_fortified)609 TEST_F(DEATHTEST, pwrite_fortified) {
610 char buf[1] = {0};
611 size_t ct = atoi("2"); // prevent optimizations
612 int fd = open("/dev/null", O_WRONLY);
613 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
614 close(fd);
615 }
616
TEST_F(DEATHTEST,pwrite64_fortified)617 TEST_F(DEATHTEST, pwrite64_fortified) {
618 char buf[1] = {0};
619 size_t ct = atoi("2"); // prevent optimizations
620 int fd = open("/dev/null", O_WRONLY);
621 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
622 close(fd);
623 }
624
TEST_F(DEATHTEST,read_fortified)625 TEST_F(DEATHTEST, read_fortified) {
626 char buf[1];
627 size_t ct = atoi("2"); // prevent optimizations
628 int fd = open("/dev/null", O_RDONLY);
629 ASSERT_FORTIFY(read(fd, buf, ct));
630 close(fd);
631 }
632
TEST_F(DEATHTEST,write_fortified)633 TEST_F(DEATHTEST, write_fortified) {
634 char buf[1] = {0};
635 size_t ct = atoi("2"); // prevent optimizations
636 int fd = open("/dev/null", O_WRONLY);
637 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
638 close(fd);
639 }
640
TEST_F(DEATHTEST,fread_fortified)641 TEST_F(DEATHTEST, fread_fortified) {
642 char buf[1];
643 size_t ct = atoi("2"); // prevent optimizations
644 FILE* fp = fopen("/dev/null", "r");
645 ASSERT_FORTIFY(fread(buf, 1, ct, fp));
646 fclose(fp);
647 }
648
TEST_F(DEATHTEST,fwrite_fortified)649 TEST_F(DEATHTEST, fwrite_fortified) {
650 char buf[1] = {0};
651 size_t ct = atoi("2"); // prevent optimizations
652 FILE* fp = fopen("/dev/null", "w");
653 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
654 fclose(fp);
655 }
656
TEST_F(DEATHTEST,readlink_fortified)657 TEST_F(DEATHTEST, readlink_fortified) {
658 char buf[1];
659 size_t ct = atoi("2"); // prevent optimizations
660 ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
661 }
662
TEST_F(DEATHTEST,readlinkat_fortified)663 TEST_F(DEATHTEST, readlinkat_fortified) {
664 char buf[1];
665 size_t ct = atoi("2"); // prevent optimizations
666 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
667 }
668
TEST(TEST_NAME,snprintf_nullptr_valid)669 TEST(TEST_NAME, snprintf_nullptr_valid) {
670 ASSERT_EQ(10, snprintf(nullptr, 0, "0123456789"));
671 }
672
673 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
674 extern "C" char* __strcat_chk(char*, const char*, size_t);
675
TEST(TEST_NAME,strncat)676 TEST(TEST_NAME, strncat) {
677 char buf[10];
678 memset(buf, 'A', sizeof(buf));
679 buf[0] = 'a';
680 buf[1] = '\0';
681 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
682 ASSERT_EQ(buf, res);
683 ASSERT_EQ('a', buf[0]);
684 ASSERT_EQ('0', buf[1]);
685 ASSERT_EQ('1', buf[2]);
686 ASSERT_EQ('2', buf[3]);
687 ASSERT_EQ('3', buf[4]);
688 ASSERT_EQ('4', buf[5]);
689 ASSERT_EQ('\0', buf[6]);
690 ASSERT_EQ('A', buf[7]);
691 ASSERT_EQ('A', buf[8]);
692 ASSERT_EQ('A', buf[9]);
693 }
694
TEST(TEST_NAME,strncat2)695 TEST(TEST_NAME, strncat2) {
696 char buf[10];
697 memset(buf, 'A', sizeof(buf));
698 buf[0] = 'a';
699 buf[1] = '\0';
700 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
701 ASSERT_EQ(buf, res);
702 ASSERT_EQ('a', buf[0]);
703 ASSERT_EQ('0', buf[1]);
704 ASSERT_EQ('1', buf[2]);
705 ASSERT_EQ('2', buf[3]);
706 ASSERT_EQ('3', buf[4]);
707 ASSERT_EQ('4', buf[5]);
708 ASSERT_EQ('\0', buf[6]);
709 ASSERT_EQ('A', buf[7]);
710 ASSERT_EQ('A', buf[8]);
711 ASSERT_EQ('A', buf[9]);
712 }
713
TEST(TEST_NAME,strncat3)714 TEST(TEST_NAME, strncat3) {
715 char buf[10];
716 memset(buf, 'A', sizeof(buf));
717 buf[0] = '\0';
718 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
719 ASSERT_EQ(buf, res);
720 ASSERT_EQ('0', buf[0]);
721 ASSERT_EQ('1', buf[1]);
722 ASSERT_EQ('2', buf[2]);
723 ASSERT_EQ('3', buf[3]);
724 ASSERT_EQ('4', buf[4]);
725 ASSERT_EQ('\0', buf[5]);
726 ASSERT_EQ('A', buf[6]);
727 ASSERT_EQ('A', buf[7]);
728 ASSERT_EQ('A', buf[8]);
729 ASSERT_EQ('A', buf[9]);
730 }
731
TEST(TEST_NAME,strncat4)732 TEST(TEST_NAME, strncat4) {
733 char buf[10];
734 memset(buf, 'A', sizeof(buf));
735 buf[9] = '\0';
736 char* res = __strncat_chk(buf, "", 5, sizeof(buf));
737 ASSERT_EQ(buf, res);
738 ASSERT_EQ('A', buf[0]);
739 ASSERT_EQ('A', buf[1]);
740 ASSERT_EQ('A', buf[2]);
741 ASSERT_EQ('A', buf[3]);
742 ASSERT_EQ('A', buf[4]);
743 ASSERT_EQ('A', buf[5]);
744 ASSERT_EQ('A', buf[6]);
745 ASSERT_EQ('A', buf[7]);
746 ASSERT_EQ('A', buf[8]);
747 ASSERT_EQ('\0', buf[9]);
748 }
749
TEST(TEST_NAME,strncat5)750 TEST(TEST_NAME, strncat5) {
751 char buf[10];
752 memset(buf, 'A', sizeof(buf));
753 buf[0] = 'a';
754 buf[1] = '\0';
755 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
756 ASSERT_EQ(buf, res);
757 ASSERT_EQ('a', buf[0]);
758 ASSERT_EQ('0', buf[1]);
759 ASSERT_EQ('1', buf[2]);
760 ASSERT_EQ('2', buf[3]);
761 ASSERT_EQ('3', buf[4]);
762 ASSERT_EQ('4', buf[5]);
763 ASSERT_EQ('5', buf[6]);
764 ASSERT_EQ('6', buf[7]);
765 ASSERT_EQ('7', buf[8]);
766 ASSERT_EQ('\0', buf[9]);
767 }
768
TEST(TEST_NAME,strncat6)769 TEST(TEST_NAME, strncat6) {
770 char buf[10];
771 memset(buf, 'A', sizeof(buf));
772 buf[0] = 'a';
773 buf[1] = '\0';
774 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
775 ASSERT_EQ(buf, res);
776 ASSERT_EQ('a', buf[0]);
777 ASSERT_EQ('0', buf[1]);
778 ASSERT_EQ('1', buf[2]);
779 ASSERT_EQ('2', buf[3]);
780 ASSERT_EQ('3', buf[4]);
781 ASSERT_EQ('4', buf[5]);
782 ASSERT_EQ('5', buf[6]);
783 ASSERT_EQ('6', buf[7]);
784 ASSERT_EQ('7', buf[8]);
785 ASSERT_EQ('\0', buf[9]);
786 }
787
788
TEST(TEST_NAME,strcat)789 TEST(TEST_NAME, strcat) {
790 char buf[10];
791 memset(buf, 'A', sizeof(buf));
792 buf[0] = 'a';
793 buf[1] = '\0';
794 char* res = __strcat_chk(buf, "01234", sizeof(buf));
795 ASSERT_EQ(buf, res);
796 ASSERT_EQ('a', buf[0]);
797 ASSERT_EQ('0', buf[1]);
798 ASSERT_EQ('1', buf[2]);
799 ASSERT_EQ('2', buf[3]);
800 ASSERT_EQ('3', buf[4]);
801 ASSERT_EQ('4', buf[5]);
802 ASSERT_EQ('\0', buf[6]);
803 ASSERT_EQ('A', buf[7]);
804 ASSERT_EQ('A', buf[8]);
805 ASSERT_EQ('A', buf[9]);
806 }
807
TEST(TEST_NAME,strcat2)808 TEST(TEST_NAME, strcat2) {
809 char buf[10];
810 memset(buf, 'A', sizeof(buf));
811 buf[0] = 'a';
812 buf[1] = '\0';
813 char* res = __strcat_chk(buf, "01234567", sizeof(buf));
814 ASSERT_EQ(buf, res);
815 ASSERT_EQ('a', buf[0]);
816 ASSERT_EQ('0', buf[1]);
817 ASSERT_EQ('1', buf[2]);
818 ASSERT_EQ('2', buf[3]);
819 ASSERT_EQ('3', buf[4]);
820 ASSERT_EQ('4', buf[5]);
821 ASSERT_EQ('5', buf[6]);
822 ASSERT_EQ('6', buf[7]);
823 ASSERT_EQ('7', buf[8]);
824 ASSERT_EQ('\0', buf[9]);
825 }
826
TEST(TEST_NAME,stpncpy)827 TEST(TEST_NAME, stpncpy) {
828 char src[10];
829 char dst[10];
830 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
831 stpncpy(dst, src, sizeof(dst));
832 ASSERT_EQ('0', dst[0]);
833 ASSERT_EQ('1', dst[1]);
834 ASSERT_EQ('2', dst[2]);
835 ASSERT_EQ('3', dst[3]);
836 ASSERT_EQ('4', dst[4]);
837 ASSERT_EQ('5', dst[5]);
838 ASSERT_EQ('6', dst[6]);
839 ASSERT_EQ('7', dst[7]);
840 ASSERT_EQ('8', dst[8]);
841 ASSERT_EQ('9', dst[9]);
842 }
843
TEST(TEST_NAME,stpncpy2)844 TEST(TEST_NAME, stpncpy2) {
845 char src[10];
846 char dst[15];
847 memcpy(src, "012345678\0", sizeof(src));
848 stpncpy(dst, src, sizeof(dst));
849 ASSERT_EQ('0', dst[0]);
850 ASSERT_EQ('1', dst[1]);
851 ASSERT_EQ('2', dst[2]);
852 ASSERT_EQ('3', dst[3]);
853 ASSERT_EQ('4', dst[4]);
854 ASSERT_EQ('5', dst[5]);
855 ASSERT_EQ('6', dst[6]);
856 ASSERT_EQ('7', dst[7]);
857 ASSERT_EQ('8', dst[8]);
858 ASSERT_EQ('\0', dst[9]);
859 ASSERT_EQ('\0', dst[10]);
860 ASSERT_EQ('\0', dst[11]);
861 ASSERT_EQ('\0', dst[12]);
862 ASSERT_EQ('\0', dst[13]);
863 ASSERT_EQ('\0', dst[14]);
864 }
865
TEST(TEST_NAME,strncpy)866 TEST(TEST_NAME, strncpy) {
867 char src[10];
868 char dst[10];
869 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
870 strncpy(dst, src, sizeof(dst));
871 ASSERT_EQ('0', dst[0]);
872 ASSERT_EQ('1', dst[1]);
873 ASSERT_EQ('2', dst[2]);
874 ASSERT_EQ('3', dst[3]);
875 ASSERT_EQ('4', dst[4]);
876 ASSERT_EQ('5', dst[5]);
877 ASSERT_EQ('6', dst[6]);
878 ASSERT_EQ('7', dst[7]);
879 ASSERT_EQ('8', dst[8]);
880 ASSERT_EQ('9', dst[9]);
881 }
882
TEST(TEST_NAME,strncpy2)883 TEST(TEST_NAME, strncpy2) {
884 char src[10];
885 char dst[15];
886 memcpy(src, "012345678\0", sizeof(src));
887 strncpy(dst, src, sizeof(dst));
888 ASSERT_EQ('0', dst[0]);
889 ASSERT_EQ('1', dst[1]);
890 ASSERT_EQ('2', dst[2]);
891 ASSERT_EQ('3', dst[3]);
892 ASSERT_EQ('4', dst[4]);
893 ASSERT_EQ('5', dst[5]);
894 ASSERT_EQ('6', dst[6]);
895 ASSERT_EQ('7', dst[7]);
896 ASSERT_EQ('8', dst[8]);
897 ASSERT_EQ('\0', dst[9]);
898 ASSERT_EQ('\0', dst[10]);
899 ASSERT_EQ('\0', dst[11]);
900 ASSERT_EQ('\0', dst[12]);
901 ASSERT_EQ('\0', dst[13]);
902 ASSERT_EQ('\0', dst[14]);
903 }
904
TEST(TEST_NAME,strcat_chk_max_int_size)905 TEST(TEST_NAME, strcat_chk_max_int_size) {
906 char buf[10];
907 memset(buf, 'A', sizeof(buf));
908 buf[0] = 'a';
909 buf[1] = '\0';
910 char* res = __strcat_chk(buf, "01234567", (size_t)-1);
911 ASSERT_EQ(buf, res);
912 ASSERT_EQ('a', buf[0]);
913 ASSERT_EQ('0', buf[1]);
914 ASSERT_EQ('1', buf[2]);
915 ASSERT_EQ('2', buf[3]);
916 ASSERT_EQ('3', buf[4]);
917 ASSERT_EQ('4', buf[5]);
918 ASSERT_EQ('5', buf[6]);
919 ASSERT_EQ('6', buf[7]);
920 ASSERT_EQ('7', buf[8]);
921 ASSERT_EQ('\0', buf[9]);
922 }
923
TEST(TEST_NAME,mempcpy_chk)924 TEST(TEST_NAME, mempcpy_chk) {
925 const char input_str[] = "abcdefg";
926 size_t input_str_size = strlen(input_str) + 1;
927
928 char buf1[10] = {};
929 char buf2[10] = {};
930
931 __builtin_mempcpy(buf1, input_str, input_str_size);
932 __builtin___mempcpy_chk(buf2, input_str, input_str_size, __bos0(buf2));
933
934 ASSERT_EQ(memcmp(buf1, buf2, sizeof(buf2)), 0);
935
936 void *builtin_ptr = __builtin_mempcpy(buf1, input_str, input_str_size);
937 void *fortify_ptr = __builtin___mempcpy_chk(buf1, input_str, input_str_size, __bos0(buf2));
938
939 ASSERT_EQ(builtin_ptr, fortify_ptr);
940 }
941
942 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
943
TEST(TEST_NAME,stpcpy_chk_max_int_size)944 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
945 char buf[10];
946 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
947 ASSERT_EQ(buf + strlen("012345678"), res);
948 ASSERT_STREQ("012345678", buf);
949 }
950
951 extern "C" char* __strcpy_chk(char*, const char*, size_t);
952
TEST(TEST_NAME,strcpy_chk_max_int_size)953 TEST(TEST_NAME, strcpy_chk_max_int_size) {
954 char buf[10];
955 char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
956 ASSERT_EQ(buf, res);
957 ASSERT_STREQ("012345678", buf);
958 }
959
960 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
961
TEST(TEST_NAME,memcpy_chk_max_int_size)962 TEST(TEST_NAME, memcpy_chk_max_int_size) {
963 char buf[10];
964 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
965 ASSERT_EQ((void*)buf, res);
966 ASSERT_EQ('0', buf[0]);
967 ASSERT_EQ('1', buf[1]);
968 ASSERT_EQ('2', buf[2]);
969 ASSERT_EQ('3', buf[3]);
970 ASSERT_EQ('4', buf[4]);
971 ASSERT_EQ('5', buf[5]);
972 ASSERT_EQ('6', buf[6]);
973 ASSERT_EQ('7', buf[7]);
974 ASSERT_EQ('8', buf[8]);
975 ASSERT_EQ('\0', buf[9]);
976 }
977
978 // Verify that macro expansion is done properly for sprintf/snprintf (which
979 // are defined as macros in stdio.h under clang).
980 #define CONTENTS "macro expansion"
981 #define BUF_AND_SIZE(A) A, sizeof(A)
982 #define BUF_AND_CONTENTS(A) A, CONTENTS
983 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)984 TEST(TEST_NAME, s_n_printf_macro_expansion) {
985 char buf[BUFSIZ];
986 snprintf(BUF_AND_SIZE(buf), CONTENTS);
987 EXPECT_STREQ(CONTENTS, buf);
988
989 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
990 EXPECT_STREQ(CONTENTS, buf);
991
992 sprintf(BUF_AND_CONTENTS(buf));
993 EXPECT_STREQ(CONTENTS, buf);
994 }
995
TEST_F(DEATHTEST,poll_fortified)996 TEST_F(DEATHTEST, poll_fortified) {
997 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
998 pollfd buf[1] = {{0, POLLIN, 0}};
999 // Set timeout to zero to prevent waiting in poll when fortify test fails.
1000 ASSERT_FORTIFY(poll(buf, fd_count, 0));
1001 }
1002
TEST_F(DEATHTEST,ppoll_fortified)1003 TEST_F(DEATHTEST, ppoll_fortified) {
1004 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1005 pollfd buf[1] = {{0, POLLIN, 0}};
1006 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1007 timespec timeout;
1008 timeout.tv_sec = timeout.tv_nsec = 0;
1009 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, nullptr));
1010 }
1011
TEST_F(DEATHTEST,ppoll64_fortified)1012 TEST_F(DEATHTEST, ppoll64_fortified) {
1013 #if defined(__BIONIC__) // glibc doesn't have ppoll64.
1014 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1015 pollfd buf[1] = {{0, POLLIN, 0}};
1016 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1017 timespec timeout;
1018 timeout.tv_sec = timeout.tv_nsec = 0;
1019 ASSERT_FORTIFY(ppoll64(buf, fd_count, &timeout, nullptr));
1020 #endif
1021 }
1022
TEST_F(DEATHTEST,open_O_CREAT_without_mode_fortified)1023 TEST_F(DEATHTEST, open_O_CREAT_without_mode_fortified) {
1024 int flags = O_CREAT; // Fool the compiler.
1025 ASSERT_FORTIFY(open("", flags));
1026 }
1027
TEST_F(DEATHTEST,open_O_TMPFILE_without_mode_fortified)1028 TEST_F(DEATHTEST, open_O_TMPFILE_without_mode_fortified) {
1029 int flags = O_TMPFILE; // Fool the compiler.
1030 ASSERT_FORTIFY(open("", flags));
1031 }
1032