1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 // -Werror is on whether we like it or not, and we're intentionally doing awful
18 // things in this file. GCC is dumb and doesn't have a specific error class for
19 // the fortify failures (it's just -Werror), so we can't use anything more
20 // constrained than disabling all the warnings in the file :( It also won't let
21 // us use system_header in a .cpp file, so we have to #include this from
22 // fortify_test_main.cpp.
23 #pragma GCC system_header
24
25 #include <gtest/gtest.h>
26 #include "BionicDeathTest.h"
27
28 #include <fcntl.h>
29 #include <malloc.h>
30 #include <poll.h>
31 #include <signal.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <sys/socket.h>
35 #include <sys/stat.h>
36 #include <sys/types.h>
37 #include <time.h>
38
39 #if __BIONIC__
40 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
41 #else
42 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
43 #endif
44
45 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
46 // distinguish different tests. TEST_NAME is defined in compilation command.
47 #define DEATHTEST_PASTER(name) name##_DeathTest
48 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
49 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
50
51 class DEATHTEST : public BionicDeathTest {};
52
53 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
54 struct foo {
55 char empty[0];
56 char one[1];
57 char a[10];
58 char b[10];
59 };
60
61 #ifndef __clang__
62 // This test is disabled in clang because clang doesn't properly detect
63 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy_fortified2)64 TEST_F(DEATHTEST, stpncpy_fortified2) {
65 foo myfoo;
66 int copy_amt = atoi("11");
67 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
68 }
69 #endif
70
71 #ifndef __clang__
72 // This test is disabled in clang because clang doesn't properly detect
73 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy2_fortified2)74 TEST_F(DEATHTEST, stpncpy2_fortified2) {
75 foo myfoo;
76 memset(&myfoo, 0, sizeof(myfoo));
77 myfoo.one[0] = 'A'; // not null terminated string
78 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
79 }
80 #endif
81
82 #ifndef __clang__
83 // This test is disabled in clang because clang doesn't properly detect
84 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy_fortified2)85 TEST_F(DEATHTEST, strncpy_fortified2) {
86 foo myfoo;
87 int copy_amt = atoi("11");
88 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
89 }
90 #endif
91
92 #ifndef __clang__
93 // This test is disabled in clang because clang doesn't properly detect
94 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy2_fortified2)95 TEST_F(DEATHTEST, strncpy2_fortified2) {
96 foo myfoo;
97 memset(&myfoo, 0, sizeof(myfoo));
98 myfoo.one[0] = 'A'; // not null terminated string
99 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
100 }
101 #endif
102
103 #ifndef __clang__
104 // This test is disabled in clang because clang doesn't properly detect
105 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_fortified2)106 TEST_F(DEATHTEST, sprintf_fortified2) {
107 foo myfoo;
108 char source_buf[15];
109 memcpy(source_buf, "12345678901234", 15);
110 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
111 }
112 #endif
113
114 #ifndef __clang__
115 // This test is disabled in clang because clang doesn't properly detect
116 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf2_fortified2)117 TEST_F(DEATHTEST, sprintf2_fortified2) {
118 foo myfoo;
119 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
120 }
121 #endif
122
123 #ifndef __clang__
124 // These tests are disabled in clang because clang doesn't properly detect
125 // this buffer overflow. TODO: Fix clang.
vsprintf_helper2(const char * fmt,...)126 static int vsprintf_helper2(const char *fmt, ...) {
127 foo myfoo;
128 va_list va;
129 int result;
130
131 va_start(va, fmt);
132 result = vsprintf(myfoo.a, fmt, va); // should crash here
133 va_end(va);
134 return result;
135 }
136
TEST_F(DEATHTEST,vsprintf_fortified2)137 TEST_F(DEATHTEST, vsprintf_fortified2) {
138 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
139 }
140
TEST_F(DEATHTEST,vsprintf2_fortified2)141 TEST_F(DEATHTEST, vsprintf2_fortified2) {
142 ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
143 }
144 #endif
145
146 #ifndef __clang__
147 // These tests are disabled in clang because clang doesn't properly detect
148 // this buffer overflow. TODO: Fix clang.
vsnprintf_helper2(const char * fmt,...)149 static int vsnprintf_helper2(const char *fmt, ...) {
150 foo myfoo;
151 va_list va;
152 int result;
153 size_t size = atoi("11");
154
155 va_start(va, fmt);
156 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
157 va_end(va);
158 return result;
159 }
160
TEST_F(DEATHTEST,vsnprintf_fortified2)161 TEST_F(DEATHTEST, vsnprintf_fortified2) {
162 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
163 }
164
TEST_F(DEATHTEST,vsnprintf2_fortified2)165 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
166 ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
167 }
168 #endif
169
170 #ifndef __clang__
171 // zero sized target with "\0" source (should fail)
172 // This test is disabled in clang because clang doesn't properly detect
173 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpcpy_fortified2)174 TEST_F(DEATHTEST, stpcpy_fortified2) {
175 #if defined(__BIONIC__)
176 foo myfoo;
177 char* src = strdup("");
178 ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
179 free(src);
180 #else // __BIONIC__
181 GTEST_LOG_(INFO) << "This test does nothing.\n";
182 #endif // __BIONIC__
183 }
184 #endif
185
186 #ifndef __clang__
187 // zero sized target with "\0" source (should fail)
188 // This test is disabled in clang because clang doesn't properly detect
189 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy_fortified2)190 TEST_F(DEATHTEST, strcpy_fortified2) {
191 #if defined(__BIONIC__)
192 foo myfoo;
193 char* src = strdup("");
194 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
195 free(src);
196 #else // __BIONIC__
197 GTEST_LOG_(INFO) << "This test does nothing.\n";
198 #endif // __BIONIC__
199 }
200 #endif
201
202 #ifndef __clang__
203 // zero sized target with longer source (should fail)
204 // This test is disabled in clang because clang doesn't properly detect
205 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy2_fortified2)206 TEST_F(DEATHTEST, strcpy2_fortified2) {
207 #if defined(__BIONIC__)
208 foo myfoo;
209 char* src = strdup("1");
210 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
211 free(src);
212 #else // __BIONIC__
213 GTEST_LOG_(INFO) << "This test does nothing.\n";
214 #endif // __BIONIC__
215 }
216 #endif
217
218 #ifndef __clang__
219 // one byte target with longer source (should fail)
220 // This test is disabled in clang because clang doesn't properly detect
221 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy3_fortified2)222 TEST_F(DEATHTEST, strcpy3_fortified2) {
223 #if defined(__BIONIC__)
224 foo myfoo;
225 char* src = strdup("12");
226 ASSERT_FORTIFY(strcpy(myfoo.one, src));
227 free(src);
228 #else // __BIONIC__
229 GTEST_LOG_(INFO) << "This test does nothing.\n";
230 #endif // __BIONIC__
231 }
232 #endif
233
234 #ifndef __clang__
235 // This test is disabled in clang because clang doesn't properly detect
236 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strchr_fortified2)237 TEST_F(DEATHTEST, strchr_fortified2) {
238 #if defined(__BIONIC__)
239 foo myfoo;
240 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
241 myfoo.b[0] = '\0';
242 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
243 #else // __BIONIC__
244 GTEST_LOG_(INFO) << "This test does nothing.\n";
245 #endif // __BIONIC__
246 }
247 #endif
248
249 #ifndef __clang__
250 // This test is disabled in clang because clang doesn't properly detect
251 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strrchr_fortified2)252 TEST_F(DEATHTEST, strrchr_fortified2) {
253 #if defined(__BIONIC__)
254 foo myfoo;
255 memcpy(myfoo.a, "0123456789", 10);
256 memcpy(myfoo.b, "01234", 6);
257 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
258 #else // __BIONIC__
259 GTEST_LOG_(INFO) << "This test does nothing.\n";
260 #endif // __BIONIC__
261 }
262 #endif
263
264 #ifndef __clang__
265 // This test is disabled in clang because clang doesn't properly detect
266 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcpy_fortified2)267 TEST_F(DEATHTEST, strlcpy_fortified2) {
268 #if defined(__BIONIC__)
269 foo myfoo;
270 strcpy(myfoo.a, "01");
271 size_t n = strlen(myfoo.a);
272 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
273 #else // __BIONIC__
274 GTEST_LOG_(INFO) << "This test does nothing.\n";
275 #endif // __BIONIC__
276 }
277 #endif
278
279 #ifndef __clang__
280 // This test is disabled in clang because clang doesn't properly detect
281 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcat_fortified2)282 TEST_F(DEATHTEST, strlcat_fortified2) {
283 #if defined(__BIONIC__)
284 foo myfoo;
285 strcpy(myfoo.a, "01");
286 myfoo.one[0] = '\0';
287 size_t n = strlen(myfoo.a);
288 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
289 #else // __BIONIC__
290 GTEST_LOG_(INFO) << "This test does nothing.\n";
291 #endif // __BIONIC__
292 }
293 #endif
294
295 #ifndef __clang__
296 // This test is disabled in clang because clang doesn't properly detect
297 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat_fortified2)298 TEST_F(DEATHTEST, strncat_fortified2) {
299 foo myfoo;
300 size_t n = atoi("10"); // avoid compiler optimizations
301 strncpy(myfoo.a, "012345678", n);
302 ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
303 }
304 #endif
305
306 #ifndef __clang__
307 // This test is disabled in clang because clang doesn't properly detect
308 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat2_fortified2)309 TEST_F(DEATHTEST, strncat2_fortified2) {
310 foo myfoo;
311 myfoo.a[0] = '\0';
312 size_t n = atoi("10"); // avoid compiler optimizations
313 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
314 }
315 #endif
316
TEST_F(DEATHTEST,strncat3_fortified2)317 TEST_F(DEATHTEST, strncat3_fortified2) {
318 foo myfoo;
319 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
320 myfoo.b[0] = '\0';
321 size_t n = atoi("10"); // avoid compiler optimizations
322 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
323 }
324
325 #ifndef __clang__
326 // This test is disabled in clang because clang doesn't properly detect
327 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcat_fortified2)328 TEST_F(DEATHTEST, strcat_fortified2) {
329 char src[11];
330 strcpy(src, "0123456789");
331 foo myfoo;
332 myfoo.a[0] = '\0';
333 ASSERT_FORTIFY(strcat(myfoo.a, src));
334 }
335 #endif
336
TEST_F(DEATHTEST,strcat2_fortified2)337 TEST_F(DEATHTEST, strcat2_fortified2) {
338 foo myfoo;
339 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
340 myfoo.b[0] = '\0';
341 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
342 }
343
TEST_F(DEATHTEST,snprintf_fortified2)344 TEST_F(DEATHTEST, snprintf_fortified2) {
345 foo myfoo;
346 strcpy(myfoo.a, "012345678");
347 size_t n = strlen(myfoo.a) + 2;
348 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
349 }
350
TEST_F(DEATHTEST,bzero_fortified2)351 TEST_F(DEATHTEST, bzero_fortified2) {
352 foo myfoo;
353 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
354 size_t n = atoi("11");
355 ASSERT_FORTIFY(bzero(myfoo.b, n));
356 }
357
358 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
359
360 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)361 TEST_F(DEATHTEST, strcpy_fortified) {
362 #if defined(__BIONIC__)
363 char buf[10];
364 char *orig = strdup("0123456789");
365 ASSERT_FORTIFY(strcpy(buf, orig));
366 free(orig);
367 #else // __BIONIC__
368 GTEST_LOG_(INFO) << "This test does nothing.\n";
369 #endif // __BIONIC__
370 }
371
372 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)373 TEST_F(DEATHTEST, strcpy2_fortified) {
374 #if defined(__BIONIC__)
375 char buf[0];
376 char *orig = strdup("");
377 ASSERT_FORTIFY(strcpy(buf, orig));
378 free(orig);
379 #else // __BIONIC__
380 GTEST_LOG_(INFO) << "This test does nothing.\n";
381 #endif // __BIONIC__
382 }
383
384 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)385 TEST_F(DEATHTEST, strcpy3_fortified) {
386 #if defined(__BIONIC__)
387 char buf[0];
388 char *orig = strdup("1");
389 ASSERT_FORTIFY(strcpy(buf, orig));
390 free(orig);
391 #else // __BIONIC__
392 GTEST_LOG_(INFO) << "This test does nothing.\n";
393 #endif // __BIONIC__
394 }
395
396 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)397 TEST_F(DEATHTEST, strcpy4_fortified) {
398 #if defined(__BIONIC__)
399 char buf[1];
400 char *orig = strdup("12");
401 ASSERT_FORTIFY(strcpy(buf, orig));
402 free(orig);
403 #else // __BIONIC__
404 GTEST_LOG_(INFO) << "This test does nothing.\n";
405 #endif // __BIONIC__
406 }
407
TEST_F(DEATHTEST,strlen_fortified)408 TEST_F(DEATHTEST, strlen_fortified) {
409 #if defined(__BIONIC__)
410 char buf[10];
411 memcpy(buf, "0123456789", sizeof(buf));
412 ASSERT_FORTIFY(printf("%zd", strlen(buf)));
413 #else // __BIONIC__
414 GTEST_LOG_(INFO) << "This test does nothing.\n";
415 #endif // __BIONIC__
416 }
417
TEST_F(DEATHTEST,strchr_fortified)418 TEST_F(DEATHTEST, strchr_fortified) {
419 #if defined(__BIONIC__)
420 char buf[10];
421 memcpy(buf, "0123456789", sizeof(buf));
422 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
423 #else // __BIONIC__
424 GTEST_LOG_(INFO) << "This test does nothing.\n";
425 #endif // __BIONIC__
426 }
427
TEST_F(DEATHTEST,strrchr_fortified)428 TEST_F(DEATHTEST, strrchr_fortified) {
429 #if defined(__BIONIC__)
430 char buf[10];
431 memcpy(buf, "0123456789", sizeof(buf));
432 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
433 #else // __BIONIC__
434 GTEST_LOG_(INFO) << "This test does nothing.\n";
435 #endif // __BIONIC__
436 }
437
TEST_F(DEATHTEST,strlcpy_fortified)438 TEST_F(DEATHTEST, strlcpy_fortified) {
439 #if defined(__BIONIC__)
440 char bufa[15];
441 char bufb[10];
442 strcpy(bufa, "01234567890123");
443 size_t n = strlen(bufa);
444 ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
445 #else // __BIONIC__
446 GTEST_LOG_(INFO) << "This test does nothing.\n";
447 #endif // __BIONIC__
448 }
449
TEST_F(DEATHTEST,strlcat_fortified)450 TEST_F(DEATHTEST, strlcat_fortified) {
451 #if defined(__BIONIC__)
452 char bufa[15];
453 char bufb[10];
454 bufb[0] = '\0';
455 strcpy(bufa, "01234567890123");
456 size_t n = strlen(bufa);
457 ASSERT_FORTIFY(strlcat(bufb, bufa, n));
458 #else // __BIONIC__
459 GTEST_LOG_(INFO) << "This test does nothing.\n";
460 #endif // __BIONIC__
461 }
462
TEST_F(DEATHTEST,sprintf_fortified)463 TEST_F(DEATHTEST, sprintf_fortified) {
464 char buf[10];
465 char source_buf[15];
466 memcpy(source_buf, "12345678901234", 15);
467 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
468 }
469
470 #ifndef __clang__
471 // This test is disabled in clang because clang doesn't properly detect
472 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_malloc_fortified)473 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
474 char* buf = (char *) malloc(10);
475 char source_buf[11];
476 memcpy(source_buf, "1234567890", 11);
477 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
478 free(buf);
479 }
480 #endif
481
TEST_F(DEATHTEST,sprintf2_fortified)482 TEST_F(DEATHTEST, sprintf2_fortified) {
483 char buf[5];
484 ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
485 }
486
vsprintf_helper(const char * fmt,...)487 static int vsprintf_helper(const char *fmt, ...) {
488 char buf[10];
489 va_list va;
490 int result;
491
492 va_start(va, fmt);
493 result = vsprintf(buf, fmt, va); // should crash here
494 va_end(va);
495 return result;
496 }
497
TEST_F(DEATHTEST,vsprintf_fortified)498 TEST_F(DEATHTEST, vsprintf_fortified) {
499 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
500 }
501
TEST_F(DEATHTEST,vsprintf2_fortified)502 TEST_F(DEATHTEST, vsprintf2_fortified) {
503 ASSERT_FORTIFY(vsprintf_helper("0123456789"));
504 }
505
vsnprintf_helper(const char * fmt,...)506 static int vsnprintf_helper(const char *fmt, ...) {
507 char buf[10];
508 va_list va;
509 int result;
510 size_t size = atoi("11");
511
512 va_start(va, fmt);
513 result = vsnprintf(buf, size, fmt, va); // should crash here
514 va_end(va);
515 return result;
516 }
517
TEST_F(DEATHTEST,vsnprintf_fortified)518 TEST_F(DEATHTEST, vsnprintf_fortified) {
519 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
520 }
521
TEST_F(DEATHTEST,vsnprintf2_fortified)522 TEST_F(DEATHTEST, vsnprintf2_fortified) {
523 ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
524 }
525
TEST_F(DEATHTEST,strncat_fortified)526 TEST_F(DEATHTEST, strncat_fortified) {
527 char buf[10];
528 size_t n = atoi("10"); // avoid compiler optimizations
529 strncpy(buf, "012345678", n);
530 ASSERT_FORTIFY(strncat(buf, "9", n));
531 }
532
TEST_F(DEATHTEST,strncat2_fortified)533 TEST_F(DEATHTEST, strncat2_fortified) {
534 char buf[10];
535 buf[0] = '\0';
536 size_t n = atoi("10"); // avoid compiler optimizations
537 ASSERT_FORTIFY(strncat(buf, "0123456789", n));
538 }
539
TEST_F(DEATHTEST,strcat_fortified)540 TEST_F(DEATHTEST, strcat_fortified) {
541 char src[11];
542 strcpy(src, "0123456789");
543 char buf[10];
544 buf[0] = '\0';
545 ASSERT_FORTIFY(strcat(buf, src));
546 }
547
TEST_F(DEATHTEST,memmove_fortified)548 TEST_F(DEATHTEST, memmove_fortified) {
549 char buf[20];
550 strcpy(buf, "0123456789");
551 size_t n = atoi("10");
552 ASSERT_FORTIFY(memmove(buf + 11, buf, n));
553 }
554
TEST_F(DEATHTEST,memcpy_fortified)555 TEST_F(DEATHTEST, memcpy_fortified) {
556 char bufa[10];
557 char bufb[10];
558 strcpy(bufa, "012345678");
559 size_t n = atoi("11");
560 ASSERT_FORTIFY(memcpy(bufb, bufa, n));
561 }
562
TEST_F(DEATHTEST,stpncpy_fortified)563 TEST_F(DEATHTEST, stpncpy_fortified) {
564 char bufa[15];
565 char bufb[10];
566 strcpy(bufa, "01234567890123");
567 size_t n = strlen(bufa);
568 ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
569 }
570
TEST_F(DEATHTEST,stpncpy2_fortified)571 TEST_F(DEATHTEST, stpncpy2_fortified) {
572 char dest[11];
573 char src[10];
574 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
575 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
576 }
577
TEST_F(DEATHTEST,strncpy_fortified)578 TEST_F(DEATHTEST, strncpy_fortified) {
579 char bufa[15];
580 char bufb[10];
581 strcpy(bufa, "01234567890123");
582 size_t n = strlen(bufa);
583 ASSERT_FORTIFY(strncpy(bufb, bufa, n));
584 }
585
586
TEST_F(DEATHTEST,strncpy2_fortified)587 TEST_F(DEATHTEST, strncpy2_fortified) {
588 char dest[11];
589 char src[10];
590 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
591 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
592 }
593
TEST_F(DEATHTEST,snprintf_fortified)594 TEST_F(DEATHTEST, snprintf_fortified) {
595 char bufa[15];
596 char bufb[10];
597 strcpy(bufa, "0123456789");
598 size_t n = strlen(bufa) + 1;
599 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
600 }
601
TEST_F(DEATHTEST,bzero_fortified)602 TEST_F(DEATHTEST, bzero_fortified) {
603 char buf[10];
604 memcpy(buf, "0123456789", sizeof(buf));
605 size_t n = atoi("11");
606 ASSERT_FORTIFY(bzero(buf, n));
607 }
608
TEST_F(DEATHTEST,umask_fortified)609 TEST_F(DEATHTEST, umask_fortified) {
610 mode_t mask = atoi("1023"); // 01777 in octal
611 ASSERT_FORTIFY(umask(mask));
612 }
613
TEST_F(DEATHTEST,recv_fortified)614 TEST_F(DEATHTEST, recv_fortified) {
615 size_t data_len = atoi("11"); // suppress compiler optimizations
616 char buf[10];
617 ASSERT_FORTIFY(recv(0, buf, data_len, 0));
618 }
619
TEST_F(DEATHTEST,FD_ISSET_fortified)620 TEST_F(DEATHTEST, FD_ISSET_fortified) {
621 #if defined(__BIONIC__) // glibc catches this at compile-time.
622 fd_set set;
623 memset(&set, 0, sizeof(set));
624 ASSERT_FORTIFY(FD_ISSET(-1, &set));
625 #endif
626 }
627
TEST_F(DEATHTEST,FD_ISSET_2_fortified)628 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
629 char buf[1];
630 fd_set* set = (fd_set*) buf;
631 ASSERT_FORTIFY(FD_ISSET(0, set));
632 }
633
TEST_F(DEATHTEST,getcwd_fortified)634 TEST_F(DEATHTEST, getcwd_fortified) {
635 char buf[1];
636 size_t ct = atoi("2"); // prevent optimizations
637 ASSERT_FORTIFY(getcwd(buf, ct));
638 }
639
TEST_F(DEATHTEST,pread_fortified)640 TEST_F(DEATHTEST, pread_fortified) {
641 char buf[1];
642 size_t ct = atoi("2"); // prevent optimizations
643 int fd = open("/dev/null", O_RDONLY);
644 ASSERT_FORTIFY(pread(fd, buf, ct, 0));
645 close(fd);
646 }
647
TEST_F(DEATHTEST,pread64_fortified)648 TEST_F(DEATHTEST, pread64_fortified) {
649 char buf[1];
650 size_t ct = atoi("2"); // prevent optimizations
651 int fd = open("/dev/null", O_RDONLY);
652 ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
653 close(fd);
654 }
655
TEST_F(DEATHTEST,pwrite_fortified)656 TEST_F(DEATHTEST, pwrite_fortified) {
657 char buf[1] = {0};
658 size_t ct = atoi("2"); // prevent optimizations
659 int fd = open("/dev/null", O_WRONLY);
660 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
661 close(fd);
662 }
663
TEST_F(DEATHTEST,pwrite64_fortified)664 TEST_F(DEATHTEST, pwrite64_fortified) {
665 char buf[1] = {0};
666 size_t ct = atoi("2"); // prevent optimizations
667 int fd = open("/dev/null", O_WRONLY);
668 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
669 close(fd);
670 }
671
TEST_F(DEATHTEST,read_fortified)672 TEST_F(DEATHTEST, read_fortified) {
673 char buf[1];
674 size_t ct = atoi("2"); // prevent optimizations
675 int fd = open("/dev/null", O_RDONLY);
676 ASSERT_FORTIFY(read(fd, buf, ct));
677 close(fd);
678 }
679
TEST_F(DEATHTEST,write_fortified)680 TEST_F(DEATHTEST, write_fortified) {
681 char buf[1] = {0};
682 size_t ct = atoi("2"); // prevent optimizations
683 int fd = open("/dev/null", O_WRONLY);
684 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
685 close(fd);
686 }
687
TEST_F(DEATHTEST,fread_fortified)688 TEST_F(DEATHTEST, fread_fortified) {
689 char buf[1];
690 size_t ct = atoi("2"); // prevent optimizations
691 FILE* fp = fopen("/dev/null", "r");
692 ASSERT_FORTIFY(fread(buf, 1, ct, fp));
693 fclose(fp);
694 }
695
TEST_F(DEATHTEST,fwrite_fortified)696 TEST_F(DEATHTEST, fwrite_fortified) {
697 char buf[1] = {0};
698 size_t ct = atoi("2"); // prevent optimizations
699 FILE* fp = fopen("/dev/null", "w");
700 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
701 fclose(fp);
702 }
703
TEST_F(DEATHTEST,readlink_fortified)704 TEST_F(DEATHTEST, readlink_fortified) {
705 char buf[1];
706 size_t ct = atoi("2"); // prevent optimizations
707 ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
708 }
709
TEST_F(DEATHTEST,readlinkat_fortified)710 TEST_F(DEATHTEST, readlinkat_fortified) {
711 char buf[1];
712 size_t ct = atoi("2"); // prevent optimizations
713 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
714 }
715
716 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
717 extern "C" char* __strcat_chk(char*, const char*, size_t);
718
TEST(TEST_NAME,strncat)719 TEST(TEST_NAME, strncat) {
720 char buf[10];
721 memset(buf, 'A', sizeof(buf));
722 buf[0] = 'a';
723 buf[1] = '\0';
724 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
725 ASSERT_EQ(buf, res);
726 ASSERT_EQ('a', buf[0]);
727 ASSERT_EQ('0', buf[1]);
728 ASSERT_EQ('1', buf[2]);
729 ASSERT_EQ('2', buf[3]);
730 ASSERT_EQ('3', buf[4]);
731 ASSERT_EQ('4', buf[5]);
732 ASSERT_EQ('\0', buf[6]);
733 ASSERT_EQ('A', buf[7]);
734 ASSERT_EQ('A', buf[8]);
735 ASSERT_EQ('A', buf[9]);
736 }
737
TEST(TEST_NAME,strncat2)738 TEST(TEST_NAME, strncat2) {
739 char buf[10];
740 memset(buf, 'A', sizeof(buf));
741 buf[0] = 'a';
742 buf[1] = '\0';
743 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
744 ASSERT_EQ(buf, res);
745 ASSERT_EQ('a', buf[0]);
746 ASSERT_EQ('0', buf[1]);
747 ASSERT_EQ('1', buf[2]);
748 ASSERT_EQ('2', buf[3]);
749 ASSERT_EQ('3', buf[4]);
750 ASSERT_EQ('4', buf[5]);
751 ASSERT_EQ('\0', buf[6]);
752 ASSERT_EQ('A', buf[7]);
753 ASSERT_EQ('A', buf[8]);
754 ASSERT_EQ('A', buf[9]);
755 }
756
TEST(TEST_NAME,strncat3)757 TEST(TEST_NAME, strncat3) {
758 char buf[10];
759 memset(buf, 'A', sizeof(buf));
760 buf[0] = '\0';
761 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
762 ASSERT_EQ(buf, res);
763 ASSERT_EQ('0', buf[0]);
764 ASSERT_EQ('1', buf[1]);
765 ASSERT_EQ('2', buf[2]);
766 ASSERT_EQ('3', buf[3]);
767 ASSERT_EQ('4', buf[4]);
768 ASSERT_EQ('\0', buf[5]);
769 ASSERT_EQ('A', buf[6]);
770 ASSERT_EQ('A', buf[7]);
771 ASSERT_EQ('A', buf[8]);
772 ASSERT_EQ('A', buf[9]);
773 }
774
TEST(TEST_NAME,strncat4)775 TEST(TEST_NAME, strncat4) {
776 char buf[10];
777 memset(buf, 'A', sizeof(buf));
778 buf[9] = '\0';
779 char* res = __strncat_chk(buf, "", 5, sizeof(buf));
780 ASSERT_EQ(buf, res);
781 ASSERT_EQ('A', buf[0]);
782 ASSERT_EQ('A', buf[1]);
783 ASSERT_EQ('A', buf[2]);
784 ASSERT_EQ('A', buf[3]);
785 ASSERT_EQ('A', buf[4]);
786 ASSERT_EQ('A', buf[5]);
787 ASSERT_EQ('A', buf[6]);
788 ASSERT_EQ('A', buf[7]);
789 ASSERT_EQ('A', buf[8]);
790 ASSERT_EQ('\0', buf[9]);
791 }
792
TEST(TEST_NAME,strncat5)793 TEST(TEST_NAME, strncat5) {
794 char buf[10];
795 memset(buf, 'A', sizeof(buf));
796 buf[0] = 'a';
797 buf[1] = '\0';
798 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
799 ASSERT_EQ(buf, res);
800 ASSERT_EQ('a', buf[0]);
801 ASSERT_EQ('0', buf[1]);
802 ASSERT_EQ('1', buf[2]);
803 ASSERT_EQ('2', buf[3]);
804 ASSERT_EQ('3', buf[4]);
805 ASSERT_EQ('4', buf[5]);
806 ASSERT_EQ('5', buf[6]);
807 ASSERT_EQ('6', buf[7]);
808 ASSERT_EQ('7', buf[8]);
809 ASSERT_EQ('\0', buf[9]);
810 }
811
TEST(TEST_NAME,strncat6)812 TEST(TEST_NAME, strncat6) {
813 char buf[10];
814 memset(buf, 'A', sizeof(buf));
815 buf[0] = 'a';
816 buf[1] = '\0';
817 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
818 ASSERT_EQ(buf, res);
819 ASSERT_EQ('a', buf[0]);
820 ASSERT_EQ('0', buf[1]);
821 ASSERT_EQ('1', buf[2]);
822 ASSERT_EQ('2', buf[3]);
823 ASSERT_EQ('3', buf[4]);
824 ASSERT_EQ('4', buf[5]);
825 ASSERT_EQ('5', buf[6]);
826 ASSERT_EQ('6', buf[7]);
827 ASSERT_EQ('7', buf[8]);
828 ASSERT_EQ('\0', buf[9]);
829 }
830
831
TEST(TEST_NAME,strcat)832 TEST(TEST_NAME, strcat) {
833 char buf[10];
834 memset(buf, 'A', sizeof(buf));
835 buf[0] = 'a';
836 buf[1] = '\0';
837 char* res = __strcat_chk(buf, "01234", sizeof(buf));
838 ASSERT_EQ(buf, res);
839 ASSERT_EQ('a', buf[0]);
840 ASSERT_EQ('0', buf[1]);
841 ASSERT_EQ('1', buf[2]);
842 ASSERT_EQ('2', buf[3]);
843 ASSERT_EQ('3', buf[4]);
844 ASSERT_EQ('4', buf[5]);
845 ASSERT_EQ('\0', buf[6]);
846 ASSERT_EQ('A', buf[7]);
847 ASSERT_EQ('A', buf[8]);
848 ASSERT_EQ('A', buf[9]);
849 }
850
TEST(TEST_NAME,strcat2)851 TEST(TEST_NAME, strcat2) {
852 char buf[10];
853 memset(buf, 'A', sizeof(buf));
854 buf[0] = 'a';
855 buf[1] = '\0';
856 char* res = __strcat_chk(buf, "01234567", sizeof(buf));
857 ASSERT_EQ(buf, res);
858 ASSERT_EQ('a', buf[0]);
859 ASSERT_EQ('0', buf[1]);
860 ASSERT_EQ('1', buf[2]);
861 ASSERT_EQ('2', buf[3]);
862 ASSERT_EQ('3', buf[4]);
863 ASSERT_EQ('4', buf[5]);
864 ASSERT_EQ('5', buf[6]);
865 ASSERT_EQ('6', buf[7]);
866 ASSERT_EQ('7', buf[8]);
867 ASSERT_EQ('\0', buf[9]);
868 }
869
TEST(TEST_NAME,stpncpy)870 TEST(TEST_NAME, stpncpy) {
871 char src[10];
872 char dst[10];
873 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
874 stpncpy(dst, src, sizeof(dst));
875 ASSERT_EQ('0', dst[0]);
876 ASSERT_EQ('1', dst[1]);
877 ASSERT_EQ('2', dst[2]);
878 ASSERT_EQ('3', dst[3]);
879 ASSERT_EQ('4', dst[4]);
880 ASSERT_EQ('5', dst[5]);
881 ASSERT_EQ('6', dst[6]);
882 ASSERT_EQ('7', dst[7]);
883 ASSERT_EQ('8', dst[8]);
884 ASSERT_EQ('9', dst[9]);
885 }
886
TEST(TEST_NAME,stpncpy2)887 TEST(TEST_NAME, stpncpy2) {
888 char src[10];
889 char dst[15];
890 memcpy(src, "012345678\0", sizeof(src));
891 stpncpy(dst, src, sizeof(dst));
892 ASSERT_EQ('0', dst[0]);
893 ASSERT_EQ('1', dst[1]);
894 ASSERT_EQ('2', dst[2]);
895 ASSERT_EQ('3', dst[3]);
896 ASSERT_EQ('4', dst[4]);
897 ASSERT_EQ('5', dst[5]);
898 ASSERT_EQ('6', dst[6]);
899 ASSERT_EQ('7', dst[7]);
900 ASSERT_EQ('8', dst[8]);
901 ASSERT_EQ('\0', dst[9]);
902 ASSERT_EQ('\0', dst[10]);
903 ASSERT_EQ('\0', dst[11]);
904 ASSERT_EQ('\0', dst[12]);
905 ASSERT_EQ('\0', dst[13]);
906 ASSERT_EQ('\0', dst[14]);
907 }
908
TEST(TEST_NAME,strncpy)909 TEST(TEST_NAME, strncpy) {
910 char src[10];
911 char dst[10];
912 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
913 strncpy(dst, src, sizeof(dst));
914 ASSERT_EQ('0', dst[0]);
915 ASSERT_EQ('1', dst[1]);
916 ASSERT_EQ('2', dst[2]);
917 ASSERT_EQ('3', dst[3]);
918 ASSERT_EQ('4', dst[4]);
919 ASSERT_EQ('5', dst[5]);
920 ASSERT_EQ('6', dst[6]);
921 ASSERT_EQ('7', dst[7]);
922 ASSERT_EQ('8', dst[8]);
923 ASSERT_EQ('9', dst[9]);
924 }
925
TEST(TEST_NAME,strncpy2)926 TEST(TEST_NAME, strncpy2) {
927 char src[10];
928 char dst[15];
929 memcpy(src, "012345678\0", sizeof(src));
930 strncpy(dst, src, sizeof(dst));
931 ASSERT_EQ('0', dst[0]);
932 ASSERT_EQ('1', dst[1]);
933 ASSERT_EQ('2', dst[2]);
934 ASSERT_EQ('3', dst[3]);
935 ASSERT_EQ('4', dst[4]);
936 ASSERT_EQ('5', dst[5]);
937 ASSERT_EQ('6', dst[6]);
938 ASSERT_EQ('7', dst[7]);
939 ASSERT_EQ('8', dst[8]);
940 ASSERT_EQ('\0', dst[9]);
941 ASSERT_EQ('\0', dst[10]);
942 ASSERT_EQ('\0', dst[11]);
943 ASSERT_EQ('\0', dst[12]);
944 ASSERT_EQ('\0', dst[13]);
945 ASSERT_EQ('\0', dst[14]);
946 }
947
TEST(TEST_NAME,strcat_chk_max_int_size)948 TEST(TEST_NAME, strcat_chk_max_int_size) {
949 char buf[10];
950 memset(buf, 'A', sizeof(buf));
951 buf[0] = 'a';
952 buf[1] = '\0';
953 char* res = __strcat_chk(buf, "01234567", (size_t)-1);
954 ASSERT_EQ(buf, res);
955 ASSERT_EQ('a', buf[0]);
956 ASSERT_EQ('0', buf[1]);
957 ASSERT_EQ('1', buf[2]);
958 ASSERT_EQ('2', buf[3]);
959 ASSERT_EQ('3', buf[4]);
960 ASSERT_EQ('4', buf[5]);
961 ASSERT_EQ('5', buf[6]);
962 ASSERT_EQ('6', buf[7]);
963 ASSERT_EQ('7', buf[8]);
964 ASSERT_EQ('\0', buf[9]);
965 }
966
967 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
968
TEST(TEST_NAME,stpcpy_chk_max_int_size)969 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
970 char buf[10];
971 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
972 ASSERT_EQ(buf + strlen("012345678"), res);
973 ASSERT_STREQ("012345678", buf);
974 }
975
976 extern "C" char* __strcpy_chk(char*, const char*, size_t);
977
TEST(TEST_NAME,strcpy_chk_max_int_size)978 TEST(TEST_NAME, strcpy_chk_max_int_size) {
979 char buf[10];
980 char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
981 ASSERT_EQ(buf, res);
982 ASSERT_STREQ("012345678", buf);
983 }
984
985 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
986
TEST(TEST_NAME,memcpy_chk_max_int_size)987 TEST(TEST_NAME, memcpy_chk_max_int_size) {
988 char buf[10];
989 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
990 ASSERT_EQ((void*)buf, res);
991 ASSERT_EQ('0', buf[0]);
992 ASSERT_EQ('1', buf[1]);
993 ASSERT_EQ('2', buf[2]);
994 ASSERT_EQ('3', buf[3]);
995 ASSERT_EQ('4', buf[4]);
996 ASSERT_EQ('5', buf[5]);
997 ASSERT_EQ('6', buf[6]);
998 ASSERT_EQ('7', buf[7]);
999 ASSERT_EQ('8', buf[8]);
1000 ASSERT_EQ('\0', buf[9]);
1001 }
1002
1003 // Verify that macro expansion is done properly for sprintf/snprintf (which
1004 // are defined as macros in stdio.h under clang).
1005 #define CONTENTS "macro expansion"
1006 #define BUF_AND_SIZE(A) A, sizeof(A)
1007 #define BUF_AND_CONTENTS(A) A, CONTENTS
1008 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)1009 TEST(TEST_NAME, s_n_printf_macro_expansion) {
1010 char buf[BUFSIZ];
1011 snprintf(BUF_AND_SIZE(buf), CONTENTS);
1012 EXPECT_STREQ(CONTENTS, buf);
1013
1014 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
1015 EXPECT_STREQ(CONTENTS, buf);
1016
1017 sprintf(BUF_AND_CONTENTS(buf));
1018 EXPECT_STREQ(CONTENTS, buf);
1019 }
1020
TEST_F(DEATHTEST,poll_fortified)1021 TEST_F(DEATHTEST, poll_fortified) {
1022 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1023 pollfd buf[1] = {{0, POLLIN, 0}};
1024 // Set timeout to zero to prevent waiting in poll when fortify test fails.
1025 ASSERT_FORTIFY(poll(buf, fd_count, 0));
1026 }
1027
TEST_F(DEATHTEST,ppoll_fortified)1028 TEST_F(DEATHTEST, ppoll_fortified) {
1029 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1030 pollfd buf[1] = {{0, POLLIN, 0}};
1031 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1032 timespec timeout;
1033 timeout.tv_sec = timeout.tv_nsec = 0;
1034 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL));
1035 }
1036