1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 // -Werror is on whether we like it or not, and we're intentionally doing awful
18 // things in this file. GCC is dumb and doesn't have a specific error class for
19 // the fortify failures (it's just -Werror), so we can't use anything more
20 // constrained than disabling all the warnings in the file :( It also won't let
21 // us use system_header in a .cpp file, so we have to #include this from
22 // fortify_test_main.cpp.
23 #pragma GCC system_header
24
25 #include <gtest/gtest.h>
26 #include "BionicDeathTest.h"
27
28 #include <fcntl.h>
29 #include <malloc.h>
30 #include <poll.h>
31 #include <signal.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <sys/socket.h>
35 #include <sys/stat.h>
36 #include <sys/types.h>
37 #include <time.h>
38
39 #if __BIONIC__
40 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
41 #else
42 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
43 #endif
44
45 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
46 // distinguish different tests. TEST_NAME is defined in compilation command.
47 #define DEATHTEST_PASTER(name) name##_DeathTest
48 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
49 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
50
51 class DEATHTEST : public BionicDeathTest {};
52
53 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
54 struct foo {
55 char empty[0];
56 char one[1];
57 char a[10];
58 char b[10];
59 };
60
61 #ifndef __clang__
62 // This test is disabled in clang because clang doesn't properly detect
63 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy_fortified2)64 TEST_F(DEATHTEST, stpncpy_fortified2) {
65 foo myfoo;
66 int copy_amt = atoi("11");
67 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
68 }
69 #endif
70
71 #ifndef __clang__
72 // This test is disabled in clang because clang doesn't properly detect
73 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy2_fortified2)74 TEST_F(DEATHTEST, stpncpy2_fortified2) {
75 foo myfoo;
76 memset(&myfoo, 0, sizeof(myfoo));
77 myfoo.one[0] = 'A'; // not null terminated string
78 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
79 }
80 #endif
81
82 #ifndef __clang__
83 // This test is disabled in clang because clang doesn't properly detect
84 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy_fortified2)85 TEST_F(DEATHTEST, strncpy_fortified2) {
86 foo myfoo;
87 int copy_amt = atoi("11");
88 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
89 }
90 #endif
91
92 #ifndef __clang__
93 // This test is disabled in clang because clang doesn't properly detect
94 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy2_fortified2)95 TEST_F(DEATHTEST, strncpy2_fortified2) {
96 foo myfoo;
97 memset(&myfoo, 0, sizeof(myfoo));
98 myfoo.one[0] = 'A'; // not null terminated string
99 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
100 }
101 #endif
102
103 #ifndef __clang__
104 // This test is disabled in clang because clang doesn't properly detect
105 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_fortified2)106 TEST_F(DEATHTEST, sprintf_fortified2) {
107 foo myfoo;
108 char source_buf[15];
109 memcpy(source_buf, "12345678901234", 15);
110 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
111 }
112 #endif
113
114 #ifndef __clang__
115 // This test is disabled in clang because clang doesn't properly detect
116 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf2_fortified2)117 TEST_F(DEATHTEST, sprintf2_fortified2) {
118 foo myfoo;
119 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
120 }
121 #endif
122
123 #ifndef __clang__
124 // These tests are disabled in clang because clang doesn't properly detect
125 // this buffer overflow. TODO: Fix clang.
vsprintf_helper2(const char * fmt,...)126 static int vsprintf_helper2(const char *fmt, ...) {
127 foo myfoo;
128 va_list va;
129 int result;
130
131 va_start(va, fmt);
132 result = vsprintf(myfoo.a, fmt, va); // should crash here
133 va_end(va);
134 return result;
135 }
136
TEST_F(DEATHTEST,vsprintf_fortified2)137 TEST_F(DEATHTEST, vsprintf_fortified2) {
138 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
139 }
140
TEST_F(DEATHTEST,vsprintf2_fortified2)141 TEST_F(DEATHTEST, vsprintf2_fortified2) {
142 ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
143 }
144 #endif
145
146 #ifndef __clang__
147 // These tests are disabled in clang because clang doesn't properly detect
148 // this buffer overflow. TODO: Fix clang.
vsnprintf_helper2(const char * fmt,...)149 static int vsnprintf_helper2(const char *fmt, ...) {
150 foo myfoo;
151 va_list va;
152 int result;
153 size_t size = atoi("11");
154
155 va_start(va, fmt);
156 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
157 va_end(va);
158 return result;
159 }
160
TEST_F(DEATHTEST,vsnprintf_fortified2)161 TEST_F(DEATHTEST, vsnprintf_fortified2) {
162 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
163 }
164
TEST_F(DEATHTEST,vsnprintf2_fortified2)165 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
166 ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
167 }
168 #endif
169
170 #ifndef __clang__
171 // zero sized target with "\0" source (should fail)
172 // This test is disabled in clang because clang doesn't properly detect
173 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpcpy_fortified2)174 TEST_F(DEATHTEST, stpcpy_fortified2) {
175 #if defined(__BIONIC__)
176 foo myfoo;
177 char* src = strdup("");
178 ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
179 free(src);
180 #else // __BIONIC__
181 GTEST_LOG_(INFO) << "This test does nothing.\n";
182 #endif // __BIONIC__
183 }
184 #endif
185
186 #ifndef __clang__
187 // zero sized target with "\0" source (should fail)
188 // This test is disabled in clang because clang doesn't properly detect
189 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy_fortified2)190 TEST_F(DEATHTEST, strcpy_fortified2) {
191 #if defined(__BIONIC__)
192 foo myfoo;
193 char* src = strdup("");
194 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
195 free(src);
196 #else // __BIONIC__
197 GTEST_LOG_(INFO) << "This test does nothing.\n";
198 #endif // __BIONIC__
199 }
200 #endif
201
202 #ifndef __clang__
203 // zero sized target with longer source (should fail)
204 // This test is disabled in clang because clang doesn't properly detect
205 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy2_fortified2)206 TEST_F(DEATHTEST, strcpy2_fortified2) {
207 #if defined(__BIONIC__)
208 foo myfoo;
209 char* src = strdup("1");
210 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
211 free(src);
212 #else // __BIONIC__
213 GTEST_LOG_(INFO) << "This test does nothing.\n";
214 #endif // __BIONIC__
215 }
216 #endif
217
218 #ifndef __clang__
219 // one byte target with longer source (should fail)
220 // This test is disabled in clang because clang doesn't properly detect
221 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy3_fortified2)222 TEST_F(DEATHTEST, strcpy3_fortified2) {
223 #if defined(__BIONIC__)
224 foo myfoo;
225 char* src = strdup("12");
226 ASSERT_FORTIFY(strcpy(myfoo.one, src));
227 free(src);
228 #else // __BIONIC__
229 GTEST_LOG_(INFO) << "This test does nothing.\n";
230 #endif // __BIONIC__
231 }
232 #endif
233
234 #ifndef __clang__
235 // This test is disabled in clang because clang doesn't properly detect
236 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strchr_fortified2)237 TEST_F(DEATHTEST, strchr_fortified2) {
238 #if defined(__BIONIC__)
239 foo myfoo;
240 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
241 myfoo.b[0] = '\0';
242 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
243 #else // __BIONIC__
244 GTEST_LOG_(INFO) << "This test does nothing.\n";
245 #endif // __BIONIC__
246 }
247 #endif
248
249 #ifndef __clang__
250 // This test is disabled in clang because clang doesn't properly detect
251 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strrchr_fortified2)252 TEST_F(DEATHTEST, strrchr_fortified2) {
253 #if defined(__BIONIC__)
254 foo myfoo;
255 memcpy(myfoo.a, "0123456789", 10);
256 memcpy(myfoo.b, "01234", 6);
257 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
258 #else // __BIONIC__
259 GTEST_LOG_(INFO) << "This test does nothing.\n";
260 #endif // __BIONIC__
261 }
262 #endif
263
264 #ifndef __clang__
265 // This test is disabled in clang because clang doesn't properly detect
266 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcpy_fortified2)267 TEST_F(DEATHTEST, strlcpy_fortified2) {
268 #if defined(__BIONIC__)
269 foo myfoo;
270 strcpy(myfoo.a, "01");
271 size_t n = strlen(myfoo.a);
272 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
273 #else // __BIONIC__
274 GTEST_LOG_(INFO) << "This test does nothing.\n";
275 #endif // __BIONIC__
276 }
277 #endif
278
279 #ifndef __clang__
280 // This test is disabled in clang because clang doesn't properly detect
281 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcat_fortified2)282 TEST_F(DEATHTEST, strlcat_fortified2) {
283 #if defined(__BIONIC__)
284 foo myfoo;
285 strcpy(myfoo.a, "01");
286 myfoo.one[0] = '\0';
287 size_t n = strlen(myfoo.a);
288 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
289 #else // __BIONIC__
290 GTEST_LOG_(INFO) << "This test does nothing.\n";
291 #endif // __BIONIC__
292 }
293 #endif
294
295 #ifndef __clang__
296 // This test is disabled in clang because clang doesn't properly detect
297 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat_fortified2)298 TEST_F(DEATHTEST, strncat_fortified2) {
299 foo myfoo;
300 size_t n = atoi("10"); // avoid compiler optimizations
301 strncpy(myfoo.a, "012345678", n);
302 ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
303 }
304 #endif
305
306 #ifndef __clang__
307 // This test is disabled in clang because clang doesn't properly detect
308 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat2_fortified2)309 TEST_F(DEATHTEST, strncat2_fortified2) {
310 foo myfoo;
311 myfoo.a[0] = '\0';
312 size_t n = atoi("10"); // avoid compiler optimizations
313 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
314 }
315 #endif
316
TEST_F(DEATHTEST,strncat3_fortified2)317 TEST_F(DEATHTEST, strncat3_fortified2) {
318 foo myfoo;
319 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
320 myfoo.b[0] = '\0';
321 size_t n = atoi("10"); // avoid compiler optimizations
322 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
323 }
324
325 #ifndef __clang__
326 // This test is disabled in clang because clang doesn't properly detect
327 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcat_fortified2)328 TEST_F(DEATHTEST, strcat_fortified2) {
329 char src[11];
330 strcpy(src, "0123456789");
331 foo myfoo;
332 myfoo.a[0] = '\0';
333 ASSERT_FORTIFY(strcat(myfoo.a, src));
334 }
335 #endif
336
TEST_F(DEATHTEST,strcat2_fortified2)337 TEST_F(DEATHTEST, strcat2_fortified2) {
338 foo myfoo;
339 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
340 myfoo.b[0] = '\0';
341 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
342 }
343
TEST_F(DEATHTEST,snprintf_fortified2)344 TEST_F(DEATHTEST, snprintf_fortified2) {
345 foo myfoo;
346 strcpy(myfoo.a, "012345678");
347 size_t n = strlen(myfoo.a) + 2;
348 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
349 }
350
TEST_F(DEATHTEST,bzero_fortified2)351 TEST_F(DEATHTEST, bzero_fortified2) {
352 foo myfoo;
353 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
354 size_t n = atoi("11");
355 ASSERT_FORTIFY(bzero(myfoo.b, n));
356 }
357
358 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
359
360 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)361 TEST_F(DEATHTEST, strcpy_fortified) {
362 #if defined(__BIONIC__)
363 char buf[10];
364 char *orig = strdup("0123456789");
365 ASSERT_FORTIFY(strcpy(buf, orig));
366 free(orig);
367 #else // __BIONIC__
368 GTEST_LOG_(INFO) << "This test does nothing.\n";
369 #endif // __BIONIC__
370 }
371
372 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)373 TEST_F(DEATHTEST, strcpy2_fortified) {
374 #if defined(__BIONIC__)
375 char buf[0];
376 char *orig = strdup("");
377 ASSERT_FORTIFY(strcpy(buf, orig));
378 free(orig);
379 #else // __BIONIC__
380 GTEST_LOG_(INFO) << "This test does nothing.\n";
381 #endif // __BIONIC__
382 }
383
384 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)385 TEST_F(DEATHTEST, strcpy3_fortified) {
386 #if defined(__BIONIC__)
387 char buf[0];
388 char *orig = strdup("1");
389 ASSERT_FORTIFY(strcpy(buf, orig));
390 free(orig);
391 #else // __BIONIC__
392 GTEST_LOG_(INFO) << "This test does nothing.\n";
393 #endif // __BIONIC__
394 }
395
396 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)397 TEST_F(DEATHTEST, strcpy4_fortified) {
398 #if defined(__BIONIC__)
399 char buf[1];
400 char *orig = strdup("12");
401 ASSERT_FORTIFY(strcpy(buf, orig));
402 free(orig);
403 #else // __BIONIC__
404 GTEST_LOG_(INFO) << "This test does nothing.\n";
405 #endif // __BIONIC__
406 }
407
TEST_F(DEATHTEST,strlen_fortified)408 TEST_F(DEATHTEST, strlen_fortified) {
409 #if defined(__BIONIC__)
410 char buf[10];
411 memcpy(buf, "0123456789", sizeof(buf));
412 ASSERT_FORTIFY(printf("%zd", strlen(buf)));
413 #else // __BIONIC__
414 GTEST_LOG_(INFO) << "This test does nothing.\n";
415 #endif // __BIONIC__
416 }
417
TEST_F(DEATHTEST,strchr_fortified)418 TEST_F(DEATHTEST, strchr_fortified) {
419 #if defined(__BIONIC__)
420 char buf[10];
421 memcpy(buf, "0123456789", sizeof(buf));
422 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
423 #else // __BIONIC__
424 GTEST_LOG_(INFO) << "This test does nothing.\n";
425 #endif // __BIONIC__
426 }
427
TEST_F(DEATHTEST,strrchr_fortified)428 TEST_F(DEATHTEST, strrchr_fortified) {
429 #if defined(__BIONIC__)
430 char buf[10];
431 memcpy(buf, "0123456789", sizeof(buf));
432 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
433 #else // __BIONIC__
434 GTEST_LOG_(INFO) << "This test does nothing.\n";
435 #endif // __BIONIC__
436 }
437
TEST_F(DEATHTEST,strlcpy_fortified)438 TEST_F(DEATHTEST, strlcpy_fortified) {
439 #if defined(__BIONIC__)
440 char bufa[15];
441 char bufb[10];
442 strcpy(bufa, "01234567890123");
443 size_t n = strlen(bufa);
444 ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
445 #else // __BIONIC__
446 GTEST_LOG_(INFO) << "This test does nothing.\n";
447 #endif // __BIONIC__
448 }
449
TEST_F(DEATHTEST,strlcat_fortified)450 TEST_F(DEATHTEST, strlcat_fortified) {
451 #if defined(__BIONIC__)
452 char bufa[15];
453 char bufb[10];
454 bufb[0] = '\0';
455 strcpy(bufa, "01234567890123");
456 size_t n = strlen(bufa);
457 ASSERT_FORTIFY(strlcat(bufb, bufa, n));
458 #else // __BIONIC__
459 GTEST_LOG_(INFO) << "This test does nothing.\n";
460 #endif // __BIONIC__
461 }
462
TEST_F(DEATHTEST,sprintf_fortified)463 TEST_F(DEATHTEST, sprintf_fortified) {
464 char buf[10];
465 char source_buf[15];
466 memcpy(source_buf, "12345678901234", 15);
467 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
468 }
469
470 #ifndef __clang__
471 // This test is disabled in clang because clang doesn't properly detect
472 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_malloc_fortified)473 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
474 char* buf = (char *) malloc(10);
475 char source_buf[11];
476 memcpy(source_buf, "1234567890", 11);
477 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
478 free(buf);
479 }
480 #endif
481
TEST_F(DEATHTEST,sprintf2_fortified)482 TEST_F(DEATHTEST, sprintf2_fortified) {
483 char buf[5];
484 ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
485 }
486
vsprintf_helper(const char * fmt,...)487 static int vsprintf_helper(const char *fmt, ...) {
488 char buf[10];
489 va_list va;
490 int result;
491
492 va_start(va, fmt);
493 result = vsprintf(buf, fmt, va); // should crash here
494 va_end(va);
495 return result;
496 }
497
TEST_F(DEATHTEST,vsprintf_fortified)498 TEST_F(DEATHTEST, vsprintf_fortified) {
499 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
500 }
501
TEST_F(DEATHTEST,vsprintf2_fortified)502 TEST_F(DEATHTEST, vsprintf2_fortified) {
503 ASSERT_FORTIFY(vsprintf_helper("0123456789"));
504 }
505
vsnprintf_helper(const char * fmt,...)506 static int vsnprintf_helper(const char *fmt, ...) {
507 char buf[10];
508 va_list va;
509 int result;
510 size_t size = atoi("11");
511
512 va_start(va, fmt);
513 result = vsnprintf(buf, size, fmt, va); // should crash here
514 va_end(va);
515 return result;
516 }
517
TEST_F(DEATHTEST,vsnprintf_fortified)518 TEST_F(DEATHTEST, vsnprintf_fortified) {
519 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
520 }
521
TEST_F(DEATHTEST,vsnprintf2_fortified)522 TEST_F(DEATHTEST, vsnprintf2_fortified) {
523 ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
524 }
525
TEST_F(DEATHTEST,strncat_fortified)526 TEST_F(DEATHTEST, strncat_fortified) {
527 char buf[10];
528 size_t n = atoi("10"); // avoid compiler optimizations
529 strncpy(buf, "012345678", n);
530 ASSERT_FORTIFY(strncat(buf, "9", n));
531 }
532
TEST_F(DEATHTEST,strncat2_fortified)533 TEST_F(DEATHTEST, strncat2_fortified) {
534 char buf[10];
535 buf[0] = '\0';
536 size_t n = atoi("10"); // avoid compiler optimizations
537 ASSERT_FORTIFY(strncat(buf, "0123456789", n));
538 }
539
TEST_F(DEATHTEST,strcat_fortified)540 TEST_F(DEATHTEST, strcat_fortified) {
541 char src[11];
542 strcpy(src, "0123456789");
543 char buf[10];
544 buf[0] = '\0';
545 ASSERT_FORTIFY(strcat(buf, src));
546 }
547
TEST_F(DEATHTEST,memmove_fortified)548 TEST_F(DEATHTEST, memmove_fortified) {
549 char buf[20];
550 strcpy(buf, "0123456789");
551 size_t n = atoi("10");
552 ASSERT_FORTIFY(memmove(buf + 11, buf, n));
553 }
554
TEST_F(DEATHTEST,memcpy_fortified)555 TEST_F(DEATHTEST, memcpy_fortified) {
556 char bufa[10];
557 char bufb[10];
558 strcpy(bufa, "012345678");
559 size_t n = atoi("11");
560 ASSERT_FORTIFY(memcpy(bufb, bufa, n));
561 }
562
TEST_F(DEATHTEST,memset_fortified)563 TEST_F(DEATHTEST, memset_fortified) {
564 char buf[10];
565 size_t n = atoi("11");
566 ASSERT_FORTIFY(memset(buf, 0, n));
567 }
568
TEST_F(DEATHTEST,stpncpy_fortified)569 TEST_F(DEATHTEST, stpncpy_fortified) {
570 char bufa[15];
571 char bufb[10];
572 strcpy(bufa, "01234567890123");
573 size_t n = strlen(bufa);
574 ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
575 }
576
TEST_F(DEATHTEST,stpncpy2_fortified)577 TEST_F(DEATHTEST, stpncpy2_fortified) {
578 char dest[11];
579 char src[10];
580 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
581 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
582 }
583
TEST_F(DEATHTEST,strncpy_fortified)584 TEST_F(DEATHTEST, strncpy_fortified) {
585 char bufa[15];
586 char bufb[10];
587 strcpy(bufa, "01234567890123");
588 size_t n = strlen(bufa);
589 ASSERT_FORTIFY(strncpy(bufb, bufa, n));
590 }
591
592
TEST_F(DEATHTEST,strncpy2_fortified)593 TEST_F(DEATHTEST, strncpy2_fortified) {
594 char dest[11];
595 char src[10];
596 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
597 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
598 }
599
TEST_F(DEATHTEST,snprintf_fortified)600 TEST_F(DEATHTEST, snprintf_fortified) {
601 char bufa[15];
602 char bufb[10];
603 strcpy(bufa, "0123456789");
604 size_t n = strlen(bufa) + 1;
605 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
606 }
607
TEST_F(DEATHTEST,bzero_fortified)608 TEST_F(DEATHTEST, bzero_fortified) {
609 char buf[10];
610 memcpy(buf, "0123456789", sizeof(buf));
611 size_t n = atoi("11");
612 ASSERT_FORTIFY(bzero(buf, n));
613 }
614
TEST_F(DEATHTEST,umask_fortified)615 TEST_F(DEATHTEST, umask_fortified) {
616 mode_t mask = atoi("1023"); // 01777 in octal
617 ASSERT_FORTIFY(umask(mask));
618 }
619
TEST_F(DEATHTEST,recv_fortified)620 TEST_F(DEATHTEST, recv_fortified) {
621 size_t data_len = atoi("11"); // suppress compiler optimizations
622 char buf[10];
623 ASSERT_FORTIFY(recv(0, buf, data_len, 0));
624 }
625
TEST_F(DEATHTEST,send_fortified)626 TEST_F(DEATHTEST, send_fortified) {
627 size_t data_len = atoi("11"); // suppress compiler optimizations
628 char buf[10] = {0};
629 ASSERT_FORTIFY(send(0, buf, data_len, 0));
630 }
631
TEST_F(DEATHTEST,FD_ISSET_fortified)632 TEST_F(DEATHTEST, FD_ISSET_fortified) {
633 #if defined(__BIONIC__) // glibc catches this at compile-time.
634 fd_set set;
635 memset(&set, 0, sizeof(set));
636 ASSERT_FORTIFY(FD_ISSET(-1, &set));
637 #endif
638 }
639
TEST_F(DEATHTEST,FD_ISSET_2_fortified)640 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
641 char buf[1];
642 fd_set* set = (fd_set*) buf;
643 ASSERT_FORTIFY(FD_ISSET(0, set));
644 }
645
TEST_F(DEATHTEST,getcwd_fortified)646 TEST_F(DEATHTEST, getcwd_fortified) {
647 char buf[1];
648 size_t ct = atoi("2"); // prevent optimizations
649 ASSERT_FORTIFY(getcwd(buf, ct));
650 }
651
TEST_F(DEATHTEST,pread_fortified)652 TEST_F(DEATHTEST, pread_fortified) {
653 char buf[1];
654 size_t ct = atoi("2"); // prevent optimizations
655 int fd = open("/dev/null", O_RDONLY);
656 ASSERT_FORTIFY(pread(fd, buf, ct, 0));
657 close(fd);
658 }
659
TEST_F(DEATHTEST,pread64_fortified)660 TEST_F(DEATHTEST, pread64_fortified) {
661 char buf[1];
662 size_t ct = atoi("2"); // prevent optimizations
663 int fd = open("/dev/null", O_RDONLY);
664 ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
665 close(fd);
666 }
667
TEST_F(DEATHTEST,pwrite_fortified)668 TEST_F(DEATHTEST, pwrite_fortified) {
669 char buf[1] = {0};
670 size_t ct = atoi("2"); // prevent optimizations
671 int fd = open("/dev/null", O_WRONLY);
672 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
673 close(fd);
674 }
675
TEST_F(DEATHTEST,pwrite64_fortified)676 TEST_F(DEATHTEST, pwrite64_fortified) {
677 char buf[1] = {0};
678 size_t ct = atoi("2"); // prevent optimizations
679 int fd = open("/dev/null", O_WRONLY);
680 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
681 close(fd);
682 }
683
TEST_F(DEATHTEST,read_fortified)684 TEST_F(DEATHTEST, read_fortified) {
685 char buf[1];
686 size_t ct = atoi("2"); // prevent optimizations
687 int fd = open("/dev/null", O_RDONLY);
688 ASSERT_FORTIFY(read(fd, buf, ct));
689 close(fd);
690 }
691
TEST_F(DEATHTEST,write_fortified)692 TEST_F(DEATHTEST, write_fortified) {
693 char buf[1] = {0};
694 size_t ct = atoi("2"); // prevent optimizations
695 int fd = open("/dev/null", O_WRONLY);
696 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
697 close(fd);
698 }
699
TEST_F(DEATHTEST,fread_fortified)700 TEST_F(DEATHTEST, fread_fortified) {
701 char buf[1];
702 size_t ct = atoi("2"); // prevent optimizations
703 FILE* fp = fopen("/dev/null", "r");
704 ASSERT_FORTIFY(fread(buf, 1, ct, fp));
705 fclose(fp);
706 }
707
TEST_F(DEATHTEST,fwrite_fortified)708 TEST_F(DEATHTEST, fwrite_fortified) {
709 char buf[1] = {0};
710 size_t ct = atoi("2"); // prevent optimizations
711 FILE* fp = fopen("/dev/null", "w");
712 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
713 fclose(fp);
714 }
715
TEST_F(DEATHTEST,readlink_fortified)716 TEST_F(DEATHTEST, readlink_fortified) {
717 char buf[1];
718 size_t ct = atoi("2"); // prevent optimizations
719 ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
720 }
721
TEST_F(DEATHTEST,readlinkat_fortified)722 TEST_F(DEATHTEST, readlinkat_fortified) {
723 char buf[1];
724 size_t ct = atoi("2"); // prevent optimizations
725 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
726 }
727
728 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
729 extern "C" char* __strcat_chk(char*, const char*, size_t);
730
TEST(TEST_NAME,strncat)731 TEST(TEST_NAME, strncat) {
732 char buf[10];
733 memset(buf, 'A', sizeof(buf));
734 buf[0] = 'a';
735 buf[1] = '\0';
736 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
737 ASSERT_EQ(buf, res);
738 ASSERT_EQ('a', buf[0]);
739 ASSERT_EQ('0', buf[1]);
740 ASSERT_EQ('1', buf[2]);
741 ASSERT_EQ('2', buf[3]);
742 ASSERT_EQ('3', buf[4]);
743 ASSERT_EQ('4', buf[5]);
744 ASSERT_EQ('\0', buf[6]);
745 ASSERT_EQ('A', buf[7]);
746 ASSERT_EQ('A', buf[8]);
747 ASSERT_EQ('A', buf[9]);
748 }
749
TEST(TEST_NAME,strncat2)750 TEST(TEST_NAME, strncat2) {
751 char buf[10];
752 memset(buf, 'A', sizeof(buf));
753 buf[0] = 'a';
754 buf[1] = '\0';
755 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
756 ASSERT_EQ(buf, res);
757 ASSERT_EQ('a', buf[0]);
758 ASSERT_EQ('0', buf[1]);
759 ASSERT_EQ('1', buf[2]);
760 ASSERT_EQ('2', buf[3]);
761 ASSERT_EQ('3', buf[4]);
762 ASSERT_EQ('4', buf[5]);
763 ASSERT_EQ('\0', buf[6]);
764 ASSERT_EQ('A', buf[7]);
765 ASSERT_EQ('A', buf[8]);
766 ASSERT_EQ('A', buf[9]);
767 }
768
TEST(TEST_NAME,strncat3)769 TEST(TEST_NAME, strncat3) {
770 char buf[10];
771 memset(buf, 'A', sizeof(buf));
772 buf[0] = '\0';
773 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
774 ASSERT_EQ(buf, res);
775 ASSERT_EQ('0', buf[0]);
776 ASSERT_EQ('1', buf[1]);
777 ASSERT_EQ('2', buf[2]);
778 ASSERT_EQ('3', buf[3]);
779 ASSERT_EQ('4', buf[4]);
780 ASSERT_EQ('\0', buf[5]);
781 ASSERT_EQ('A', buf[6]);
782 ASSERT_EQ('A', buf[7]);
783 ASSERT_EQ('A', buf[8]);
784 ASSERT_EQ('A', buf[9]);
785 }
786
TEST(TEST_NAME,strncat4)787 TEST(TEST_NAME, strncat4) {
788 char buf[10];
789 memset(buf, 'A', sizeof(buf));
790 buf[9] = '\0';
791 char* res = __strncat_chk(buf, "", 5, sizeof(buf));
792 ASSERT_EQ(buf, res);
793 ASSERT_EQ('A', buf[0]);
794 ASSERT_EQ('A', buf[1]);
795 ASSERT_EQ('A', buf[2]);
796 ASSERT_EQ('A', buf[3]);
797 ASSERT_EQ('A', buf[4]);
798 ASSERT_EQ('A', buf[5]);
799 ASSERT_EQ('A', buf[6]);
800 ASSERT_EQ('A', buf[7]);
801 ASSERT_EQ('A', buf[8]);
802 ASSERT_EQ('\0', buf[9]);
803 }
804
TEST(TEST_NAME,strncat5)805 TEST(TEST_NAME, strncat5) {
806 char buf[10];
807 memset(buf, 'A', sizeof(buf));
808 buf[0] = 'a';
809 buf[1] = '\0';
810 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
811 ASSERT_EQ(buf, res);
812 ASSERT_EQ('a', buf[0]);
813 ASSERT_EQ('0', buf[1]);
814 ASSERT_EQ('1', buf[2]);
815 ASSERT_EQ('2', buf[3]);
816 ASSERT_EQ('3', buf[4]);
817 ASSERT_EQ('4', buf[5]);
818 ASSERT_EQ('5', buf[6]);
819 ASSERT_EQ('6', buf[7]);
820 ASSERT_EQ('7', buf[8]);
821 ASSERT_EQ('\0', buf[9]);
822 }
823
TEST(TEST_NAME,strncat6)824 TEST(TEST_NAME, strncat6) {
825 char buf[10];
826 memset(buf, 'A', sizeof(buf));
827 buf[0] = 'a';
828 buf[1] = '\0';
829 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
830 ASSERT_EQ(buf, res);
831 ASSERT_EQ('a', buf[0]);
832 ASSERT_EQ('0', buf[1]);
833 ASSERT_EQ('1', buf[2]);
834 ASSERT_EQ('2', buf[3]);
835 ASSERT_EQ('3', buf[4]);
836 ASSERT_EQ('4', buf[5]);
837 ASSERT_EQ('5', buf[6]);
838 ASSERT_EQ('6', buf[7]);
839 ASSERT_EQ('7', buf[8]);
840 ASSERT_EQ('\0', buf[9]);
841 }
842
843
TEST(TEST_NAME,strcat)844 TEST(TEST_NAME, strcat) {
845 char buf[10];
846 memset(buf, 'A', sizeof(buf));
847 buf[0] = 'a';
848 buf[1] = '\0';
849 char* res = __strcat_chk(buf, "01234", sizeof(buf));
850 ASSERT_EQ(buf, res);
851 ASSERT_EQ('a', buf[0]);
852 ASSERT_EQ('0', buf[1]);
853 ASSERT_EQ('1', buf[2]);
854 ASSERT_EQ('2', buf[3]);
855 ASSERT_EQ('3', buf[4]);
856 ASSERT_EQ('4', buf[5]);
857 ASSERT_EQ('\0', buf[6]);
858 ASSERT_EQ('A', buf[7]);
859 ASSERT_EQ('A', buf[8]);
860 ASSERT_EQ('A', buf[9]);
861 }
862
TEST(TEST_NAME,strcat2)863 TEST(TEST_NAME, strcat2) {
864 char buf[10];
865 memset(buf, 'A', sizeof(buf));
866 buf[0] = 'a';
867 buf[1] = '\0';
868 char* res = __strcat_chk(buf, "01234567", sizeof(buf));
869 ASSERT_EQ(buf, res);
870 ASSERT_EQ('a', buf[0]);
871 ASSERT_EQ('0', buf[1]);
872 ASSERT_EQ('1', buf[2]);
873 ASSERT_EQ('2', buf[3]);
874 ASSERT_EQ('3', buf[4]);
875 ASSERT_EQ('4', buf[5]);
876 ASSERT_EQ('5', buf[6]);
877 ASSERT_EQ('6', buf[7]);
878 ASSERT_EQ('7', buf[8]);
879 ASSERT_EQ('\0', buf[9]);
880 }
881
TEST(TEST_NAME,stpncpy)882 TEST(TEST_NAME, stpncpy) {
883 char src[10];
884 char dst[10];
885 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
886 stpncpy(dst, src, sizeof(dst));
887 ASSERT_EQ('0', dst[0]);
888 ASSERT_EQ('1', dst[1]);
889 ASSERT_EQ('2', dst[2]);
890 ASSERT_EQ('3', dst[3]);
891 ASSERT_EQ('4', dst[4]);
892 ASSERT_EQ('5', dst[5]);
893 ASSERT_EQ('6', dst[6]);
894 ASSERT_EQ('7', dst[7]);
895 ASSERT_EQ('8', dst[8]);
896 ASSERT_EQ('9', dst[9]);
897 }
898
TEST(TEST_NAME,stpncpy2)899 TEST(TEST_NAME, stpncpy2) {
900 char src[10];
901 char dst[15];
902 memcpy(src, "012345678\0", sizeof(src));
903 stpncpy(dst, src, sizeof(dst));
904 ASSERT_EQ('0', dst[0]);
905 ASSERT_EQ('1', dst[1]);
906 ASSERT_EQ('2', dst[2]);
907 ASSERT_EQ('3', dst[3]);
908 ASSERT_EQ('4', dst[4]);
909 ASSERT_EQ('5', dst[5]);
910 ASSERT_EQ('6', dst[6]);
911 ASSERT_EQ('7', dst[7]);
912 ASSERT_EQ('8', dst[8]);
913 ASSERT_EQ('\0', dst[9]);
914 ASSERT_EQ('\0', dst[10]);
915 ASSERT_EQ('\0', dst[11]);
916 ASSERT_EQ('\0', dst[12]);
917 ASSERT_EQ('\0', dst[13]);
918 ASSERT_EQ('\0', dst[14]);
919 }
920
TEST(TEST_NAME,strncpy)921 TEST(TEST_NAME, strncpy) {
922 char src[10];
923 char dst[10];
924 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
925 strncpy(dst, src, sizeof(dst));
926 ASSERT_EQ('0', dst[0]);
927 ASSERT_EQ('1', dst[1]);
928 ASSERT_EQ('2', dst[2]);
929 ASSERT_EQ('3', dst[3]);
930 ASSERT_EQ('4', dst[4]);
931 ASSERT_EQ('5', dst[5]);
932 ASSERT_EQ('6', dst[6]);
933 ASSERT_EQ('7', dst[7]);
934 ASSERT_EQ('8', dst[8]);
935 ASSERT_EQ('9', dst[9]);
936 }
937
TEST(TEST_NAME,strncpy2)938 TEST(TEST_NAME, strncpy2) {
939 char src[10];
940 char dst[15];
941 memcpy(src, "012345678\0", sizeof(src));
942 strncpy(dst, src, sizeof(dst));
943 ASSERT_EQ('0', dst[0]);
944 ASSERT_EQ('1', dst[1]);
945 ASSERT_EQ('2', dst[2]);
946 ASSERT_EQ('3', dst[3]);
947 ASSERT_EQ('4', dst[4]);
948 ASSERT_EQ('5', dst[5]);
949 ASSERT_EQ('6', dst[6]);
950 ASSERT_EQ('7', dst[7]);
951 ASSERT_EQ('8', dst[8]);
952 ASSERT_EQ('\0', dst[9]);
953 ASSERT_EQ('\0', dst[10]);
954 ASSERT_EQ('\0', dst[11]);
955 ASSERT_EQ('\0', dst[12]);
956 ASSERT_EQ('\0', dst[13]);
957 ASSERT_EQ('\0', dst[14]);
958 }
959
TEST(TEST_NAME,strcat_chk_max_int_size)960 TEST(TEST_NAME, strcat_chk_max_int_size) {
961 char buf[10];
962 memset(buf, 'A', sizeof(buf));
963 buf[0] = 'a';
964 buf[1] = '\0';
965 char* res = __strcat_chk(buf, "01234567", (size_t)-1);
966 ASSERT_EQ(buf, res);
967 ASSERT_EQ('a', buf[0]);
968 ASSERT_EQ('0', buf[1]);
969 ASSERT_EQ('1', buf[2]);
970 ASSERT_EQ('2', buf[3]);
971 ASSERT_EQ('3', buf[4]);
972 ASSERT_EQ('4', buf[5]);
973 ASSERT_EQ('5', buf[6]);
974 ASSERT_EQ('6', buf[7]);
975 ASSERT_EQ('7', buf[8]);
976 ASSERT_EQ('\0', buf[9]);
977 }
978
979 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
980
TEST(TEST_NAME,stpcpy_chk_max_int_size)981 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
982 char buf[10];
983 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
984 ASSERT_EQ(buf + strlen("012345678"), res);
985 ASSERT_STREQ("012345678", buf);
986 }
987
988 extern "C" char* __strcpy_chk(char*, const char*, size_t);
989
TEST(TEST_NAME,strcpy_chk_max_int_size)990 TEST(TEST_NAME, strcpy_chk_max_int_size) {
991 char buf[10];
992 char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
993 ASSERT_EQ(buf, res);
994 ASSERT_STREQ("012345678", buf);
995 }
996
997 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
998
TEST(TEST_NAME,memcpy_chk_max_int_size)999 TEST(TEST_NAME, memcpy_chk_max_int_size) {
1000 char buf[10];
1001 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
1002 ASSERT_EQ((void*)buf, res);
1003 ASSERT_EQ('0', buf[0]);
1004 ASSERT_EQ('1', buf[1]);
1005 ASSERT_EQ('2', buf[2]);
1006 ASSERT_EQ('3', buf[3]);
1007 ASSERT_EQ('4', buf[4]);
1008 ASSERT_EQ('5', buf[5]);
1009 ASSERT_EQ('6', buf[6]);
1010 ASSERT_EQ('7', buf[7]);
1011 ASSERT_EQ('8', buf[8]);
1012 ASSERT_EQ('\0', buf[9]);
1013 }
1014
1015 // Verify that macro expansion is done properly for sprintf/snprintf (which
1016 // are defined as macros in stdio.h under clang).
1017 #define CONTENTS "macro expansion"
1018 #define BUF_AND_SIZE(A) A, sizeof(A)
1019 #define BUF_AND_CONTENTS(A) A, CONTENTS
1020 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)1021 TEST(TEST_NAME, s_n_printf_macro_expansion) {
1022 char buf[BUFSIZ];
1023 snprintf(BUF_AND_SIZE(buf), CONTENTS);
1024 EXPECT_STREQ(CONTENTS, buf);
1025
1026 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
1027 EXPECT_STREQ(CONTENTS, buf);
1028
1029 sprintf(BUF_AND_CONTENTS(buf));
1030 EXPECT_STREQ(CONTENTS, buf);
1031 }
1032
TEST_F(DEATHTEST,poll_fortified)1033 TEST_F(DEATHTEST, poll_fortified) {
1034 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1035 pollfd buf[1] = {{0, POLLIN, 0}};
1036 // Set timeout to zero to prevent waiting in poll when fortify test fails.
1037 ASSERT_FORTIFY(poll(buf, fd_count, 0));
1038 }
1039
TEST_F(DEATHTEST,ppoll_fortified)1040 TEST_F(DEATHTEST, ppoll_fortified) {
1041 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1042 pollfd buf[1] = {{0, POLLIN, 0}};
1043 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1044 timespec timeout;
1045 timeout.tv_sec = timeout.tv_nsec = 0;
1046 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL));
1047 }
1048