1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <gtest/gtest.h>
18 #include "BionicDeathTest.h"
19
20 #include <fcntl.h>
21 #include <malloc.h>
22 #include <poll.h>
23 #include <signal.h>
24 #include <stdarg.h>
25 #include <string.h>
26 #include <sys/socket.h>
27 #include <sys/stat.h>
28 #include <sys/types.h>
29 #include <time.h>
30
31 #if __BIONIC__
32 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
33 #else
34 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
35 #endif
36
37 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
38 // distinguish different tests. TEST_NAME is defined in compilation command.
39 #define DEATHTEST_PASTER(name) name##_DeathTest
40 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
41 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
42
43 class DEATHTEST : public BionicDeathTest {};
44
45 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
46 struct foo {
47 char empty[0];
48 char one[1];
49 char a[10];
50 char b[10];
51 };
52
53 #ifndef __clang__
54 // This test is disabled in clang because clang doesn't properly detect
55 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy_fortified2)56 TEST_F(DEATHTEST, stpncpy_fortified2) {
57 foo myfoo;
58 int copy_amt = atoi("11");
59 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
60 }
61 #endif
62
63 #ifndef __clang__
64 // This test is disabled in clang because clang doesn't properly detect
65 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy2_fortified2)66 TEST_F(DEATHTEST, stpncpy2_fortified2) {
67 foo myfoo;
68 memset(&myfoo, 0, sizeof(myfoo));
69 myfoo.one[0] = 'A'; // not null terminated string
70 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
71 }
72 #endif
73
74 #ifndef __clang__
75 // This test is disabled in clang because clang doesn't properly detect
76 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy_fortified2)77 TEST_F(DEATHTEST, strncpy_fortified2) {
78 foo myfoo;
79 int copy_amt = atoi("11");
80 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
81 }
82 #endif
83
84 #ifndef __clang__
85 // This test is disabled in clang because clang doesn't properly detect
86 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy2_fortified2)87 TEST_F(DEATHTEST, strncpy2_fortified2) {
88 foo myfoo;
89 memset(&myfoo, 0, sizeof(myfoo));
90 myfoo.one[0] = 'A'; // not null terminated string
91 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
92 }
93 #endif
94
95 #ifndef __clang__
96 // This test is disabled in clang because clang doesn't properly detect
97 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_fortified2)98 TEST_F(DEATHTEST, sprintf_fortified2) {
99 foo myfoo;
100 char source_buf[15];
101 memcpy(source_buf, "12345678901234", 15);
102 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
103 }
104 #endif
105
106 #ifndef __clang__
107 // This test is disabled in clang because clang doesn't properly detect
108 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf2_fortified2)109 TEST_F(DEATHTEST, sprintf2_fortified2) {
110 foo myfoo;
111 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
112 }
113 #endif
114
115 #ifndef __clang__
116 // These tests are disabled in clang because clang doesn't properly detect
117 // this buffer overflow. TODO: Fix clang.
vsprintf_helper2(const char * fmt,...)118 static int vsprintf_helper2(const char *fmt, ...) {
119 foo myfoo;
120 va_list va;
121 int result;
122
123 va_start(va, fmt);
124 result = vsprintf(myfoo.a, fmt, va); // should crash here
125 va_end(va);
126 return result;
127 }
128
TEST_F(DEATHTEST,vsprintf_fortified2)129 TEST_F(DEATHTEST, vsprintf_fortified2) {
130 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
131 }
132
TEST_F(DEATHTEST,vsprintf2_fortified2)133 TEST_F(DEATHTEST, vsprintf2_fortified2) {
134 ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
135 }
136 #endif
137
138 #ifndef __clang__
139 // These tests are disabled in clang because clang doesn't properly detect
140 // this buffer overflow. TODO: Fix clang.
vsnprintf_helper2(const char * fmt,...)141 static int vsnprintf_helper2(const char *fmt, ...) {
142 foo myfoo;
143 va_list va;
144 int result;
145 size_t size = atoi("11");
146
147 va_start(va, fmt);
148 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
149 va_end(va);
150 return result;
151 }
152
TEST_F(DEATHTEST,vsnprintf_fortified2)153 TEST_F(DEATHTEST, vsnprintf_fortified2) {
154 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
155 }
156
TEST_F(DEATHTEST,vsnprintf2_fortified2)157 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
158 ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
159 }
160 #endif
161
162 #ifndef __clang__
163 // zero sized target with "\0" source (should fail)
164 // This test is disabled in clang because clang doesn't properly detect
165 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpcpy_fortified2)166 TEST_F(DEATHTEST, stpcpy_fortified2) {
167 #if defined(__BIONIC__)
168 foo myfoo;
169 char* src = strdup("");
170 ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
171 free(src);
172 #else // __BIONIC__
173 GTEST_LOG_(INFO) << "This test does nothing.\n";
174 #endif // __BIONIC__
175 }
176 #endif
177
178 #ifndef __clang__
179 // zero sized target with "\0" source (should fail)
180 // This test is disabled in clang because clang doesn't properly detect
181 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy_fortified2)182 TEST_F(DEATHTEST, strcpy_fortified2) {
183 #if defined(__BIONIC__)
184 foo myfoo;
185 char* src = strdup("");
186 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
187 free(src);
188 #else // __BIONIC__
189 GTEST_LOG_(INFO) << "This test does nothing.\n";
190 #endif // __BIONIC__
191 }
192 #endif
193
194 #ifndef __clang__
195 // zero sized target with longer source (should fail)
196 // This test is disabled in clang because clang doesn't properly detect
197 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy2_fortified2)198 TEST_F(DEATHTEST, strcpy2_fortified2) {
199 #if defined(__BIONIC__)
200 foo myfoo;
201 char* src = strdup("1");
202 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
203 free(src);
204 #else // __BIONIC__
205 GTEST_LOG_(INFO) << "This test does nothing.\n";
206 #endif // __BIONIC__
207 }
208 #endif
209
210 #ifndef __clang__
211 // one byte target with longer source (should fail)
212 // This test is disabled in clang because clang doesn't properly detect
213 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy3_fortified2)214 TEST_F(DEATHTEST, strcpy3_fortified2) {
215 #if defined(__BIONIC__)
216 foo myfoo;
217 char* src = strdup("12");
218 ASSERT_FORTIFY(strcpy(myfoo.one, src));
219 free(src);
220 #else // __BIONIC__
221 GTEST_LOG_(INFO) << "This test does nothing.\n";
222 #endif // __BIONIC__
223 }
224 #endif
225
226 #ifndef __clang__
227 // This test is disabled in clang because clang doesn't properly detect
228 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strchr_fortified2)229 TEST_F(DEATHTEST, strchr_fortified2) {
230 #if defined(__BIONIC__)
231 foo myfoo;
232 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
233 myfoo.b[0] = '\0';
234 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
235 #else // __BIONIC__
236 GTEST_LOG_(INFO) << "This test does nothing.\n";
237 #endif // __BIONIC__
238 }
239 #endif
240
241 #ifndef __clang__
242 // This test is disabled in clang because clang doesn't properly detect
243 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strrchr_fortified2)244 TEST_F(DEATHTEST, strrchr_fortified2) {
245 #if defined(__BIONIC__)
246 foo myfoo;
247 memcpy(myfoo.a, "0123456789", 10);
248 memcpy(myfoo.b, "01234", 6);
249 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
250 #else // __BIONIC__
251 GTEST_LOG_(INFO) << "This test does nothing.\n";
252 #endif // __BIONIC__
253 }
254 #endif
255
256 #ifndef __clang__
257 // This test is disabled in clang because clang doesn't properly detect
258 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcpy_fortified2)259 TEST_F(DEATHTEST, strlcpy_fortified2) {
260 #if defined(__BIONIC__)
261 foo myfoo;
262 strcpy(myfoo.a, "01");
263 size_t n = strlen(myfoo.a);
264 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
265 #else // __BIONIC__
266 GTEST_LOG_(INFO) << "This test does nothing.\n";
267 #endif // __BIONIC__
268 }
269 #endif
270
271 #ifndef __clang__
272 // This test is disabled in clang because clang doesn't properly detect
273 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcat_fortified2)274 TEST_F(DEATHTEST, strlcat_fortified2) {
275 #if defined(__BIONIC__)
276 foo myfoo;
277 strcpy(myfoo.a, "01");
278 myfoo.one[0] = '\0';
279 size_t n = strlen(myfoo.a);
280 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
281 #else // __BIONIC__
282 GTEST_LOG_(INFO) << "This test does nothing.\n";
283 #endif // __BIONIC__
284 }
285 #endif
286
287 #ifndef __clang__
288 // This test is disabled in clang because clang doesn't properly detect
289 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat_fortified2)290 TEST_F(DEATHTEST, strncat_fortified2) {
291 foo myfoo;
292 size_t n = atoi("10"); // avoid compiler optimizations
293 strncpy(myfoo.a, "012345678", n);
294 ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
295 }
296 #endif
297
298 #ifndef __clang__
299 // This test is disabled in clang because clang doesn't properly detect
300 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat2_fortified2)301 TEST_F(DEATHTEST, strncat2_fortified2) {
302 foo myfoo;
303 myfoo.a[0] = '\0';
304 size_t n = atoi("10"); // avoid compiler optimizations
305 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
306 }
307 #endif
308
TEST_F(DEATHTEST,strncat3_fortified2)309 TEST_F(DEATHTEST, strncat3_fortified2) {
310 foo myfoo;
311 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
312 myfoo.b[0] = '\0';
313 size_t n = atoi("10"); // avoid compiler optimizations
314 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
315 }
316
317 #ifndef __clang__
318 // This test is disabled in clang because clang doesn't properly detect
319 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcat_fortified2)320 TEST_F(DEATHTEST, strcat_fortified2) {
321 char src[11];
322 strcpy(src, "0123456789");
323 foo myfoo;
324 myfoo.a[0] = '\0';
325 ASSERT_FORTIFY(strcat(myfoo.a, src));
326 }
327 #endif
328
TEST_F(DEATHTEST,strcat2_fortified2)329 TEST_F(DEATHTEST, strcat2_fortified2) {
330 foo myfoo;
331 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
332 myfoo.b[0] = '\0';
333 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
334 }
335
TEST_F(DEATHTEST,snprintf_fortified2)336 TEST_F(DEATHTEST, snprintf_fortified2) {
337 foo myfoo;
338 strcpy(myfoo.a, "012345678");
339 size_t n = strlen(myfoo.a) + 2;
340 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
341 }
342
TEST_F(DEATHTEST,bzero_fortified2)343 TEST_F(DEATHTEST, bzero_fortified2) {
344 foo myfoo;
345 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
346 size_t n = atoi("11");
347 ASSERT_FORTIFY(bzero(myfoo.b, n));
348 }
349
350 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
351
352 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)353 TEST_F(DEATHTEST, strcpy_fortified) {
354 #if defined(__BIONIC__)
355 char buf[10];
356 char *orig = strdup("0123456789");
357 ASSERT_FORTIFY(strcpy(buf, orig));
358 free(orig);
359 #else // __BIONIC__
360 GTEST_LOG_(INFO) << "This test does nothing.\n";
361 #endif // __BIONIC__
362 }
363
364 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)365 TEST_F(DEATHTEST, strcpy2_fortified) {
366 #if defined(__BIONIC__)
367 char buf[0];
368 char *orig = strdup("");
369 ASSERT_FORTIFY(strcpy(buf, orig));
370 free(orig);
371 #else // __BIONIC__
372 GTEST_LOG_(INFO) << "This test does nothing.\n";
373 #endif // __BIONIC__
374 }
375
376 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)377 TEST_F(DEATHTEST, strcpy3_fortified) {
378 #if defined(__BIONIC__)
379 char buf[0];
380 char *orig = strdup("1");
381 ASSERT_FORTIFY(strcpy(buf, orig));
382 free(orig);
383 #else // __BIONIC__
384 GTEST_LOG_(INFO) << "This test does nothing.\n";
385 #endif // __BIONIC__
386 }
387
388 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)389 TEST_F(DEATHTEST, strcpy4_fortified) {
390 #if defined(__BIONIC__)
391 char buf[1];
392 char *orig = strdup("12");
393 ASSERT_FORTIFY(strcpy(buf, orig));
394 free(orig);
395 #else // __BIONIC__
396 GTEST_LOG_(INFO) << "This test does nothing.\n";
397 #endif // __BIONIC__
398 }
399
TEST_F(DEATHTEST,strlen_fortified)400 TEST_F(DEATHTEST, strlen_fortified) {
401 #if defined(__BIONIC__)
402 char buf[10];
403 memcpy(buf, "0123456789", sizeof(buf));
404 ASSERT_FORTIFY(printf("%zd", strlen(buf)));
405 #else // __BIONIC__
406 GTEST_LOG_(INFO) << "This test does nothing.\n";
407 #endif // __BIONIC__
408 }
409
TEST_F(DEATHTEST,strchr_fortified)410 TEST_F(DEATHTEST, strchr_fortified) {
411 #if defined(__BIONIC__)
412 char buf[10];
413 memcpy(buf, "0123456789", sizeof(buf));
414 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
415 #else // __BIONIC__
416 GTEST_LOG_(INFO) << "This test does nothing.\n";
417 #endif // __BIONIC__
418 }
419
TEST_F(DEATHTEST,strrchr_fortified)420 TEST_F(DEATHTEST, strrchr_fortified) {
421 #if defined(__BIONIC__)
422 char buf[10];
423 memcpy(buf, "0123456789", sizeof(buf));
424 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
425 #else // __BIONIC__
426 GTEST_LOG_(INFO) << "This test does nothing.\n";
427 #endif // __BIONIC__
428 }
429
TEST_F(DEATHTEST,strlcpy_fortified)430 TEST_F(DEATHTEST, strlcpy_fortified) {
431 #if defined(__BIONIC__)
432 char bufa[15];
433 char bufb[10];
434 strcpy(bufa, "01234567890123");
435 size_t n = strlen(bufa);
436 ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
437 #else // __BIONIC__
438 GTEST_LOG_(INFO) << "This test does nothing.\n";
439 #endif // __BIONIC__
440 }
441
TEST_F(DEATHTEST,strlcat_fortified)442 TEST_F(DEATHTEST, strlcat_fortified) {
443 #if defined(__BIONIC__)
444 char bufa[15];
445 char bufb[10];
446 bufb[0] = '\0';
447 strcpy(bufa, "01234567890123");
448 size_t n = strlen(bufa);
449 ASSERT_FORTIFY(strlcat(bufb, bufa, n));
450 #else // __BIONIC__
451 GTEST_LOG_(INFO) << "This test does nothing.\n";
452 #endif // __BIONIC__
453 }
454
TEST_F(DEATHTEST,sprintf_fortified)455 TEST_F(DEATHTEST, sprintf_fortified) {
456 char buf[10];
457 char source_buf[15];
458 memcpy(source_buf, "12345678901234", 15);
459 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
460 }
461
462 #ifndef __clang__
463 // This test is disabled in clang because clang doesn't properly detect
464 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_malloc_fortified)465 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
466 char* buf = (char *) malloc(10);
467 char source_buf[11];
468 memcpy(source_buf, "1234567890", 11);
469 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
470 free(buf);
471 }
472 #endif
473
TEST_F(DEATHTEST,sprintf2_fortified)474 TEST_F(DEATHTEST, sprintf2_fortified) {
475 char buf[5];
476 ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
477 }
478
vsprintf_helper(const char * fmt,...)479 static int vsprintf_helper(const char *fmt, ...) {
480 char buf[10];
481 va_list va;
482 int result;
483
484 va_start(va, fmt);
485 result = vsprintf(buf, fmt, va); // should crash here
486 va_end(va);
487 return result;
488 }
489
TEST_F(DEATHTEST,vsprintf_fortified)490 TEST_F(DEATHTEST, vsprintf_fortified) {
491 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
492 }
493
TEST_F(DEATHTEST,vsprintf2_fortified)494 TEST_F(DEATHTEST, vsprintf2_fortified) {
495 ASSERT_FORTIFY(vsprintf_helper("0123456789"));
496 }
497
vsnprintf_helper(const char * fmt,...)498 static int vsnprintf_helper(const char *fmt, ...) {
499 char buf[10];
500 va_list va;
501 int result;
502 size_t size = atoi("11");
503
504 va_start(va, fmt);
505 result = vsnprintf(buf, size, fmt, va); // should crash here
506 va_end(va);
507 return result;
508 }
509
TEST_F(DEATHTEST,vsnprintf_fortified)510 TEST_F(DEATHTEST, vsnprintf_fortified) {
511 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
512 }
513
TEST_F(DEATHTEST,vsnprintf2_fortified)514 TEST_F(DEATHTEST, vsnprintf2_fortified) {
515 ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
516 }
517
TEST_F(DEATHTEST,strncat_fortified)518 TEST_F(DEATHTEST, strncat_fortified) {
519 char buf[10];
520 size_t n = atoi("10"); // avoid compiler optimizations
521 strncpy(buf, "012345678", n);
522 ASSERT_FORTIFY(strncat(buf, "9", n));
523 }
524
TEST_F(DEATHTEST,strncat2_fortified)525 TEST_F(DEATHTEST, strncat2_fortified) {
526 char buf[10];
527 buf[0] = '\0';
528 size_t n = atoi("10"); // avoid compiler optimizations
529 ASSERT_FORTIFY(strncat(buf, "0123456789", n));
530 }
531
TEST_F(DEATHTEST,strcat_fortified)532 TEST_F(DEATHTEST, strcat_fortified) {
533 char src[11];
534 strcpy(src, "0123456789");
535 char buf[10];
536 buf[0] = '\0';
537 ASSERT_FORTIFY(strcat(buf, src));
538 }
539
TEST_F(DEATHTEST,memmove_fortified)540 TEST_F(DEATHTEST, memmove_fortified) {
541 char buf[20];
542 strcpy(buf, "0123456789");
543 size_t n = atoi("10");
544 ASSERT_FORTIFY(memmove(buf + 11, buf, n));
545 }
546
TEST_F(DEATHTEST,memcpy_fortified)547 TEST_F(DEATHTEST, memcpy_fortified) {
548 char bufa[10];
549 char bufb[10];
550 strcpy(bufa, "012345678");
551 size_t n = atoi("11");
552 ASSERT_FORTIFY(memcpy(bufb, bufa, n));
553 }
554
TEST_F(DEATHTEST,stpncpy_fortified)555 TEST_F(DEATHTEST, stpncpy_fortified) {
556 char bufa[15];
557 char bufb[10];
558 strcpy(bufa, "01234567890123");
559 size_t n = strlen(bufa);
560 ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
561 }
562
TEST_F(DEATHTEST,stpncpy2_fortified)563 TEST_F(DEATHTEST, stpncpy2_fortified) {
564 char dest[11];
565 char src[10];
566 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
567 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
568 }
569
TEST_F(DEATHTEST,strncpy_fortified)570 TEST_F(DEATHTEST, strncpy_fortified) {
571 char bufa[15];
572 char bufb[10];
573 strcpy(bufa, "01234567890123");
574 size_t n = strlen(bufa);
575 ASSERT_FORTIFY(strncpy(bufb, bufa, n));
576 }
577
578
TEST_F(DEATHTEST,strncpy2_fortified)579 TEST_F(DEATHTEST, strncpy2_fortified) {
580 char dest[11];
581 char src[10];
582 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
583 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
584 }
585
TEST_F(DEATHTEST,snprintf_fortified)586 TEST_F(DEATHTEST, snprintf_fortified) {
587 char bufa[15];
588 char bufb[10];
589 strcpy(bufa, "0123456789");
590 size_t n = strlen(bufa) + 1;
591 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
592 }
593
TEST_F(DEATHTEST,bzero_fortified)594 TEST_F(DEATHTEST, bzero_fortified) {
595 char buf[10];
596 memcpy(buf, "0123456789", sizeof(buf));
597 size_t n = atoi("11");
598 ASSERT_FORTIFY(bzero(buf, n));
599 }
600
TEST_F(DEATHTEST,umask_fortified)601 TEST_F(DEATHTEST, umask_fortified) {
602 mode_t mask = atoi("1023"); // 01777 in octal
603 ASSERT_FORTIFY(umask(mask));
604 }
605
TEST_F(DEATHTEST,recv_fortified)606 TEST_F(DEATHTEST, recv_fortified) {
607 size_t data_len = atoi("11"); // suppress compiler optimizations
608 char buf[10];
609 ASSERT_FORTIFY(recv(0, buf, data_len, 0));
610 }
611
TEST_F(DEATHTEST,FD_ISSET_fortified)612 TEST_F(DEATHTEST, FD_ISSET_fortified) {
613 #if defined(__BIONIC__) // glibc catches this at compile-time.
614 fd_set set;
615 memset(&set, 0, sizeof(set));
616 ASSERT_FORTIFY(FD_ISSET(-1, &set));
617 #endif
618 }
619
TEST_F(DEATHTEST,FD_ISSET_2_fortified)620 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
621 char buf[1];
622 fd_set* set = (fd_set*) buf;
623 ASSERT_FORTIFY(FD_ISSET(0, set));
624 }
625
TEST_F(DEATHTEST,pread_fortified)626 TEST_F(DEATHTEST, pread_fortified) {
627 char buf[1];
628 size_t ct = atoi("2"); // prevent optimizations
629 int fd = open("/dev/null", O_RDONLY);
630 ASSERT_FORTIFY(pread(fd, buf, ct, 0));
631 close(fd);
632 }
633
TEST_F(DEATHTEST,pread64_fortified)634 TEST_F(DEATHTEST, pread64_fortified) {
635 char buf[1];
636 size_t ct = atoi("2"); // prevent optimizations
637 int fd = open("/dev/null", O_RDONLY);
638 ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
639 close(fd);
640 }
641
TEST_F(DEATHTEST,read_fortified)642 TEST_F(DEATHTEST, read_fortified) {
643 char buf[1];
644 size_t ct = atoi("2"); // prevent optimizations
645 int fd = open("/dev/null", O_RDONLY);
646 ASSERT_FORTIFY(read(fd, buf, ct));
647 close(fd);
648 }
649
TEST_F(DEATHTEST,readlink_fortified)650 TEST_F(DEATHTEST, readlink_fortified) {
651 char buf[1];
652 size_t ct = atoi("2"); // prevent optimizations
653 ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
654 }
655
TEST_F(DEATHTEST,readlinkat_fortified)656 TEST_F(DEATHTEST, readlinkat_fortified) {
657 char buf[1];
658 size_t ct = atoi("2"); // prevent optimizations
659 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
660 }
661
662 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
663 extern "C" char* __strcat_chk(char*, const char*, size_t);
664
TEST(TEST_NAME,strncat)665 TEST(TEST_NAME, strncat) {
666 char buf[10];
667 memset(buf, 'A', sizeof(buf));
668 buf[0] = 'a';
669 buf[1] = '\0';
670 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
671 ASSERT_EQ(buf, res);
672 ASSERT_EQ('a', buf[0]);
673 ASSERT_EQ('0', buf[1]);
674 ASSERT_EQ('1', buf[2]);
675 ASSERT_EQ('2', buf[3]);
676 ASSERT_EQ('3', buf[4]);
677 ASSERT_EQ('4', buf[5]);
678 ASSERT_EQ('\0', buf[6]);
679 ASSERT_EQ('A', buf[7]);
680 ASSERT_EQ('A', buf[8]);
681 ASSERT_EQ('A', buf[9]);
682 }
683
TEST(TEST_NAME,strncat2)684 TEST(TEST_NAME, strncat2) {
685 char buf[10];
686 memset(buf, 'A', sizeof(buf));
687 buf[0] = 'a';
688 buf[1] = '\0';
689 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
690 ASSERT_EQ(buf, res);
691 ASSERT_EQ('a', buf[0]);
692 ASSERT_EQ('0', buf[1]);
693 ASSERT_EQ('1', buf[2]);
694 ASSERT_EQ('2', buf[3]);
695 ASSERT_EQ('3', buf[4]);
696 ASSERT_EQ('4', buf[5]);
697 ASSERT_EQ('\0', buf[6]);
698 ASSERT_EQ('A', buf[7]);
699 ASSERT_EQ('A', buf[8]);
700 ASSERT_EQ('A', buf[9]);
701 }
702
TEST(TEST_NAME,strncat3)703 TEST(TEST_NAME, strncat3) {
704 char buf[10];
705 memset(buf, 'A', sizeof(buf));
706 buf[0] = '\0';
707 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
708 ASSERT_EQ(buf, res);
709 ASSERT_EQ('0', buf[0]);
710 ASSERT_EQ('1', buf[1]);
711 ASSERT_EQ('2', buf[2]);
712 ASSERT_EQ('3', buf[3]);
713 ASSERT_EQ('4', buf[4]);
714 ASSERT_EQ('\0', buf[5]);
715 ASSERT_EQ('A', buf[6]);
716 ASSERT_EQ('A', buf[7]);
717 ASSERT_EQ('A', buf[8]);
718 ASSERT_EQ('A', buf[9]);
719 }
720
TEST(TEST_NAME,strncat4)721 TEST(TEST_NAME, strncat4) {
722 char buf[10];
723 memset(buf, 'A', sizeof(buf));
724 buf[9] = '\0';
725 char* res = __strncat_chk(buf, "", 5, sizeof(buf));
726 ASSERT_EQ(buf, res);
727 ASSERT_EQ('A', buf[0]);
728 ASSERT_EQ('A', buf[1]);
729 ASSERT_EQ('A', buf[2]);
730 ASSERT_EQ('A', buf[3]);
731 ASSERT_EQ('A', buf[4]);
732 ASSERT_EQ('A', buf[5]);
733 ASSERT_EQ('A', buf[6]);
734 ASSERT_EQ('A', buf[7]);
735 ASSERT_EQ('A', buf[8]);
736 ASSERT_EQ('\0', buf[9]);
737 }
738
TEST(TEST_NAME,strncat5)739 TEST(TEST_NAME, strncat5) {
740 char buf[10];
741 memset(buf, 'A', sizeof(buf));
742 buf[0] = 'a';
743 buf[1] = '\0';
744 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
745 ASSERT_EQ(buf, res);
746 ASSERT_EQ('a', buf[0]);
747 ASSERT_EQ('0', buf[1]);
748 ASSERT_EQ('1', buf[2]);
749 ASSERT_EQ('2', buf[3]);
750 ASSERT_EQ('3', buf[4]);
751 ASSERT_EQ('4', buf[5]);
752 ASSERT_EQ('5', buf[6]);
753 ASSERT_EQ('6', buf[7]);
754 ASSERT_EQ('7', buf[8]);
755 ASSERT_EQ('\0', buf[9]);
756 }
757
TEST(TEST_NAME,strncat6)758 TEST(TEST_NAME, strncat6) {
759 char buf[10];
760 memset(buf, 'A', sizeof(buf));
761 buf[0] = 'a';
762 buf[1] = '\0';
763 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
764 ASSERT_EQ(buf, res);
765 ASSERT_EQ('a', buf[0]);
766 ASSERT_EQ('0', buf[1]);
767 ASSERT_EQ('1', buf[2]);
768 ASSERT_EQ('2', buf[3]);
769 ASSERT_EQ('3', buf[4]);
770 ASSERT_EQ('4', buf[5]);
771 ASSERT_EQ('5', buf[6]);
772 ASSERT_EQ('6', buf[7]);
773 ASSERT_EQ('7', buf[8]);
774 ASSERT_EQ('\0', buf[9]);
775 }
776
777
TEST(TEST_NAME,strcat)778 TEST(TEST_NAME, strcat) {
779 char buf[10];
780 memset(buf, 'A', sizeof(buf));
781 buf[0] = 'a';
782 buf[1] = '\0';
783 char* res = __strcat_chk(buf, "01234", sizeof(buf));
784 ASSERT_EQ(buf, res);
785 ASSERT_EQ('a', buf[0]);
786 ASSERT_EQ('0', buf[1]);
787 ASSERT_EQ('1', buf[2]);
788 ASSERT_EQ('2', buf[3]);
789 ASSERT_EQ('3', buf[4]);
790 ASSERT_EQ('4', buf[5]);
791 ASSERT_EQ('\0', buf[6]);
792 ASSERT_EQ('A', buf[7]);
793 ASSERT_EQ('A', buf[8]);
794 ASSERT_EQ('A', buf[9]);
795 }
796
TEST(TEST_NAME,strcat2)797 TEST(TEST_NAME, strcat2) {
798 char buf[10];
799 memset(buf, 'A', sizeof(buf));
800 buf[0] = 'a';
801 buf[1] = '\0';
802 char* res = __strcat_chk(buf, "01234567", sizeof(buf));
803 ASSERT_EQ(buf, res);
804 ASSERT_EQ('a', buf[0]);
805 ASSERT_EQ('0', buf[1]);
806 ASSERT_EQ('1', buf[2]);
807 ASSERT_EQ('2', buf[3]);
808 ASSERT_EQ('3', buf[4]);
809 ASSERT_EQ('4', buf[5]);
810 ASSERT_EQ('5', buf[6]);
811 ASSERT_EQ('6', buf[7]);
812 ASSERT_EQ('7', buf[8]);
813 ASSERT_EQ('\0', buf[9]);
814 }
815
TEST(TEST_NAME,stpncpy)816 TEST(TEST_NAME, stpncpy) {
817 char src[10];
818 char dst[10];
819 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
820 stpncpy(dst, src, sizeof(dst));
821 ASSERT_EQ('0', dst[0]);
822 ASSERT_EQ('1', dst[1]);
823 ASSERT_EQ('2', dst[2]);
824 ASSERT_EQ('3', dst[3]);
825 ASSERT_EQ('4', dst[4]);
826 ASSERT_EQ('5', dst[5]);
827 ASSERT_EQ('6', dst[6]);
828 ASSERT_EQ('7', dst[7]);
829 ASSERT_EQ('8', dst[8]);
830 ASSERT_EQ('9', dst[9]);
831 }
832
TEST(TEST_NAME,stpncpy2)833 TEST(TEST_NAME, stpncpy2) {
834 char src[10];
835 char dst[15];
836 memcpy(src, "012345678\0", sizeof(src));
837 stpncpy(dst, src, sizeof(dst));
838 ASSERT_EQ('0', dst[0]);
839 ASSERT_EQ('1', dst[1]);
840 ASSERT_EQ('2', dst[2]);
841 ASSERT_EQ('3', dst[3]);
842 ASSERT_EQ('4', dst[4]);
843 ASSERT_EQ('5', dst[5]);
844 ASSERT_EQ('6', dst[6]);
845 ASSERT_EQ('7', dst[7]);
846 ASSERT_EQ('8', dst[8]);
847 ASSERT_EQ('\0', dst[9]);
848 ASSERT_EQ('\0', dst[10]);
849 ASSERT_EQ('\0', dst[11]);
850 ASSERT_EQ('\0', dst[12]);
851 ASSERT_EQ('\0', dst[13]);
852 ASSERT_EQ('\0', dst[14]);
853 }
854
TEST(TEST_NAME,strncpy)855 TEST(TEST_NAME, strncpy) {
856 char src[10];
857 char dst[10];
858 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
859 strncpy(dst, src, sizeof(dst));
860 ASSERT_EQ('0', dst[0]);
861 ASSERT_EQ('1', dst[1]);
862 ASSERT_EQ('2', dst[2]);
863 ASSERT_EQ('3', dst[3]);
864 ASSERT_EQ('4', dst[4]);
865 ASSERT_EQ('5', dst[5]);
866 ASSERT_EQ('6', dst[6]);
867 ASSERT_EQ('7', dst[7]);
868 ASSERT_EQ('8', dst[8]);
869 ASSERT_EQ('9', dst[9]);
870 }
871
TEST(TEST_NAME,strncpy2)872 TEST(TEST_NAME, strncpy2) {
873 char src[10];
874 char dst[15];
875 memcpy(src, "012345678\0", sizeof(src));
876 strncpy(dst, src, sizeof(dst));
877 ASSERT_EQ('0', dst[0]);
878 ASSERT_EQ('1', dst[1]);
879 ASSERT_EQ('2', dst[2]);
880 ASSERT_EQ('3', dst[3]);
881 ASSERT_EQ('4', dst[4]);
882 ASSERT_EQ('5', dst[5]);
883 ASSERT_EQ('6', dst[6]);
884 ASSERT_EQ('7', dst[7]);
885 ASSERT_EQ('8', dst[8]);
886 ASSERT_EQ('\0', dst[9]);
887 ASSERT_EQ('\0', dst[10]);
888 ASSERT_EQ('\0', dst[11]);
889 ASSERT_EQ('\0', dst[12]);
890 ASSERT_EQ('\0', dst[13]);
891 ASSERT_EQ('\0', dst[14]);
892 }
893
TEST(TEST_NAME,strcat_chk_max_int_size)894 TEST(TEST_NAME, strcat_chk_max_int_size) {
895 char buf[10];
896 memset(buf, 'A', sizeof(buf));
897 buf[0] = 'a';
898 buf[1] = '\0';
899 char* res = __strcat_chk(buf, "01234567", (size_t)-1);
900 ASSERT_EQ(buf, res);
901 ASSERT_EQ('a', buf[0]);
902 ASSERT_EQ('0', buf[1]);
903 ASSERT_EQ('1', buf[2]);
904 ASSERT_EQ('2', buf[3]);
905 ASSERT_EQ('3', buf[4]);
906 ASSERT_EQ('4', buf[5]);
907 ASSERT_EQ('5', buf[6]);
908 ASSERT_EQ('6', buf[7]);
909 ASSERT_EQ('7', buf[8]);
910 ASSERT_EQ('\0', buf[9]);
911 }
912
913 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
914
TEST(TEST_NAME,stpcpy_chk_max_int_size)915 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
916 char buf[10];
917 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
918 ASSERT_EQ(buf + strlen("012345678"), res);
919 ASSERT_STREQ("012345678", buf);
920 }
921
922 extern "C" char* __strcpy_chk(char*, const char*, size_t);
923
TEST(TEST_NAME,strcpy_chk_max_int_size)924 TEST(TEST_NAME, strcpy_chk_max_int_size) {
925 char buf[10];
926 char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
927 ASSERT_EQ(buf, res);
928 ASSERT_STREQ("012345678", buf);
929 }
930
931 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
932
TEST(TEST_NAME,memcpy_chk_max_int_size)933 TEST(TEST_NAME, memcpy_chk_max_int_size) {
934 char buf[10];
935 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
936 ASSERT_EQ((void*)buf, res);
937 ASSERT_EQ('0', buf[0]);
938 ASSERT_EQ('1', buf[1]);
939 ASSERT_EQ('2', buf[2]);
940 ASSERT_EQ('3', buf[3]);
941 ASSERT_EQ('4', buf[4]);
942 ASSERT_EQ('5', buf[5]);
943 ASSERT_EQ('6', buf[6]);
944 ASSERT_EQ('7', buf[7]);
945 ASSERT_EQ('8', buf[8]);
946 ASSERT_EQ('\0', buf[9]);
947 }
948
949 // Verify that macro expansion is done properly for sprintf/snprintf (which
950 // are defined as macros in stdio.h under clang).
951 #define CONTENTS "macro expansion"
952 #define BUF_AND_SIZE(A) A, sizeof(A)
953 #define BUF_AND_CONTENTS(A) A, CONTENTS
954 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)955 TEST(TEST_NAME, s_n_printf_macro_expansion) {
956 char buf[BUFSIZ];
957 snprintf(BUF_AND_SIZE(buf), CONTENTS);
958 EXPECT_STREQ(CONTENTS, buf);
959
960 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
961 EXPECT_STREQ(CONTENTS, buf);
962
963 sprintf(BUF_AND_CONTENTS(buf));
964 EXPECT_STREQ(CONTENTS, buf);
965 }
966
TEST_F(DEATHTEST,poll_fortified)967 TEST_F(DEATHTEST, poll_fortified) {
968 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
969 pollfd buf[1] = {{0, POLLIN, 0}};
970 // Set timeout to zero to prevent waiting in poll when fortify test fails.
971 ASSERT_FORTIFY(poll(buf, fd_count, 0));
972 }
973
TEST_F(DEATHTEST,ppoll_fortified)974 TEST_F(DEATHTEST, ppoll_fortified) {
975 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
976 pollfd buf[1] = {{0, POLLIN, 0}};
977 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
978 timespec timeout;
979 timeout.tv_sec = timeout.tv_nsec = 0;
980 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL));
981 }
982