1 /*
2  * Copyright (C) 2013 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 // -Werror is on whether we like it or not, and we're intentionally doing awful
18 // things in this file. GCC is dumb and doesn't have a specific error class for
19 // the fortify failures (it's just -Werror), so we can't use anything more
20 // constrained than disabling all the warnings in the file :( It also won't let
21 // us use system_header in a .cpp file, so we have to #include this from
22 // fortify_test_main.cpp.
23 #pragma GCC system_header
24 
25 #include <gtest/gtest.h>
26 #include "BionicDeathTest.h"
27 
28 #include <fcntl.h>
29 #include <malloc.h>
30 #include <poll.h>
31 #include <signal.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <sys/socket.h>
35 #include <sys/stat.h>
36 #include <sys/types.h>
37 #include <time.h>
38 
39 #if __BIONIC__
40 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
41 #else
42 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
43 #endif
44 
45 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
46 // distinguish different tests. TEST_NAME is defined in compilation command.
47 #define DEATHTEST_PASTER(name) name##_DeathTest
48 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
49 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
50 
51 class DEATHTEST : public BionicDeathTest {};
52 
53 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
54 struct foo {
55   char empty[0];
56   char one[1];
57   char a[10];
58   char b[10];
59 };
60 
61 #ifndef __clang__
62 // This test is disabled in clang because clang doesn't properly detect
63 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy_fortified2)64 TEST_F(DEATHTEST, stpncpy_fortified2) {
65   foo myfoo;
66   int copy_amt = atoi("11");
67   ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
68 }
69 #endif
70 
71 #ifndef __clang__
72 // This test is disabled in clang because clang doesn't properly detect
73 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy2_fortified2)74 TEST_F(DEATHTEST, stpncpy2_fortified2) {
75   foo myfoo;
76   memset(&myfoo, 0, sizeof(myfoo));
77   myfoo.one[0] = 'A'; // not null terminated string
78   ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
79 }
80 #endif
81 
82 #ifndef __clang__
83 // This test is disabled in clang because clang doesn't properly detect
84 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy_fortified2)85 TEST_F(DEATHTEST, strncpy_fortified2) {
86   foo myfoo;
87   int copy_amt = atoi("11");
88   ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
89 }
90 #endif
91 
92 #ifndef __clang__
93 // This test is disabled in clang because clang doesn't properly detect
94 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy2_fortified2)95 TEST_F(DEATHTEST, strncpy2_fortified2) {
96   foo myfoo;
97   memset(&myfoo, 0, sizeof(myfoo));
98   myfoo.one[0] = 'A'; // not null terminated string
99   ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
100 }
101 #endif
102 
103 #ifndef __clang__
104 // This test is disabled in clang because clang doesn't properly detect
105 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_fortified2)106 TEST_F(DEATHTEST, sprintf_fortified2) {
107   foo myfoo;
108   char source_buf[15];
109   memcpy(source_buf, "12345678901234", 15);
110   ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
111 }
112 #endif
113 
114 #ifndef __clang__
115 // This test is disabled in clang because clang doesn't properly detect
116 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf2_fortified2)117 TEST_F(DEATHTEST, sprintf2_fortified2) {
118   foo myfoo;
119   ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
120 }
121 #endif
122 
123 #ifndef __clang__
124 // These tests are disabled in clang because clang doesn't properly detect
125 // this buffer overflow. TODO: Fix clang.
vsprintf_helper2(const char * fmt,...)126 static int vsprintf_helper2(const char *fmt, ...) {
127   foo myfoo;
128   va_list va;
129   int result;
130 
131   va_start(va, fmt);
132   result = vsprintf(myfoo.a, fmt, va); // should crash here
133   va_end(va);
134   return result;
135 }
136 
TEST_F(DEATHTEST,vsprintf_fortified2)137 TEST_F(DEATHTEST, vsprintf_fortified2) {
138   ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
139 }
140 
TEST_F(DEATHTEST,vsprintf2_fortified2)141 TEST_F(DEATHTEST, vsprintf2_fortified2) {
142   ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
143 }
144 #endif
145 
146 #ifndef __clang__
147 // These tests are disabled in clang because clang doesn't properly detect
148 // this buffer overflow. TODO: Fix clang.
vsnprintf_helper2(const char * fmt,...)149 static int vsnprintf_helper2(const char *fmt, ...) {
150   foo myfoo;
151   va_list va;
152   int result;
153   size_t size = atoi("11");
154 
155   va_start(va, fmt);
156   result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
157   va_end(va);
158   return result;
159 }
160 
TEST_F(DEATHTEST,vsnprintf_fortified2)161 TEST_F(DEATHTEST, vsnprintf_fortified2) {
162   ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
163 }
164 
TEST_F(DEATHTEST,vsnprintf2_fortified2)165 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
166   ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
167 }
168 #endif
169 
170 #ifndef __clang__
171 // zero sized target with "\0" source (should fail)
172 // This test is disabled in clang because clang doesn't properly detect
173 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpcpy_fortified2)174 TEST_F(DEATHTEST, stpcpy_fortified2) {
175 #if defined(__BIONIC__)
176   foo myfoo;
177   char* src = strdup("");
178   ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
179   free(src);
180 #else // __BIONIC__
181   GTEST_LOG_(INFO) << "This test does nothing.\n";
182 #endif // __BIONIC__
183 }
184 #endif
185 
186 #ifndef __clang__
187 // zero sized target with "\0" source (should fail)
188 // This test is disabled in clang because clang doesn't properly detect
189 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy_fortified2)190 TEST_F(DEATHTEST, strcpy_fortified2) {
191 #if defined(__BIONIC__)
192   foo myfoo;
193   char* src = strdup("");
194   ASSERT_FORTIFY(strcpy(myfoo.empty, src));
195   free(src);
196 #else // __BIONIC__
197   GTEST_LOG_(INFO) << "This test does nothing.\n";
198 #endif // __BIONIC__
199 }
200 #endif
201 
202 #ifndef __clang__
203 // zero sized target with longer source (should fail)
204 // This test is disabled in clang because clang doesn't properly detect
205 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy2_fortified2)206 TEST_F(DEATHTEST, strcpy2_fortified2) {
207 #if defined(__BIONIC__)
208   foo myfoo;
209   char* src = strdup("1");
210   ASSERT_FORTIFY(strcpy(myfoo.empty, src));
211   free(src);
212 #else // __BIONIC__
213   GTEST_LOG_(INFO) << "This test does nothing.\n";
214 #endif // __BIONIC__
215 }
216 #endif
217 
218 #ifndef __clang__
219 // one byte target with longer source (should fail)
220 // This test is disabled in clang because clang doesn't properly detect
221 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy3_fortified2)222 TEST_F(DEATHTEST, strcpy3_fortified2) {
223 #if defined(__BIONIC__)
224   foo myfoo;
225   char* src = strdup("12");
226   ASSERT_FORTIFY(strcpy(myfoo.one, src));
227   free(src);
228 #else // __BIONIC__
229   GTEST_LOG_(INFO) << "This test does nothing.\n";
230 #endif // __BIONIC__
231 }
232 #endif
233 
234 #ifndef __clang__
235 // This test is disabled in clang because clang doesn't properly detect
236 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strchr_fortified2)237 TEST_F(DEATHTEST, strchr_fortified2) {
238 #if defined(__BIONIC__)
239   foo myfoo;
240   memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
241   myfoo.b[0] = '\0';
242   ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
243 #else // __BIONIC__
244   GTEST_LOG_(INFO) << "This test does nothing.\n";
245 #endif // __BIONIC__
246 }
247 #endif
248 
249 #ifndef __clang__
250 // This test is disabled in clang because clang doesn't properly detect
251 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strrchr_fortified2)252 TEST_F(DEATHTEST, strrchr_fortified2) {
253 #if defined(__BIONIC__)
254   foo myfoo;
255   memcpy(myfoo.a, "0123456789", 10);
256   memcpy(myfoo.b, "01234", 6);
257   ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
258 #else // __BIONIC__
259   GTEST_LOG_(INFO) << "This test does nothing.\n";
260 #endif // __BIONIC__
261 }
262 #endif
263 
264 #ifndef __clang__
265 // This test is disabled in clang because clang doesn't properly detect
266 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcpy_fortified2)267 TEST_F(DEATHTEST, strlcpy_fortified2) {
268 #if defined(__BIONIC__)
269   foo myfoo;
270   strcpy(myfoo.a, "01");
271   size_t n = strlen(myfoo.a);
272   ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
273 #else // __BIONIC__
274   GTEST_LOG_(INFO) << "This test does nothing.\n";
275 #endif // __BIONIC__
276 }
277 #endif
278 
279 #ifndef __clang__
280 // This test is disabled in clang because clang doesn't properly detect
281 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcat_fortified2)282 TEST_F(DEATHTEST, strlcat_fortified2) {
283 #if defined(__BIONIC__)
284   foo myfoo;
285   strcpy(myfoo.a, "01");
286   myfoo.one[0] = '\0';
287   size_t n = strlen(myfoo.a);
288   ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
289 #else // __BIONIC__
290   GTEST_LOG_(INFO) << "This test does nothing.\n";
291 #endif // __BIONIC__
292 }
293 #endif
294 
295 #ifndef __clang__
296 // This test is disabled in clang because clang doesn't properly detect
297 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat_fortified2)298 TEST_F(DEATHTEST, strncat_fortified2) {
299   foo myfoo;
300   size_t n = atoi("10"); // avoid compiler optimizations
301   strncpy(myfoo.a, "012345678", n);
302   ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
303 }
304 #endif
305 
306 #ifndef __clang__
307 // This test is disabled in clang because clang doesn't properly detect
308 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat2_fortified2)309 TEST_F(DEATHTEST, strncat2_fortified2) {
310   foo myfoo;
311   myfoo.a[0] = '\0';
312   size_t n = atoi("10"); // avoid compiler optimizations
313   ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
314 }
315 #endif
316 
TEST_F(DEATHTEST,strncat3_fortified2)317 TEST_F(DEATHTEST, strncat3_fortified2) {
318   foo myfoo;
319   memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
320   myfoo.b[0] = '\0';
321   size_t n = atoi("10"); // avoid compiler optimizations
322   ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
323 }
324 
325 #ifndef __clang__
326 // This test is disabled in clang because clang doesn't properly detect
327 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcat_fortified2)328 TEST_F(DEATHTEST, strcat_fortified2) {
329   char src[11];
330   strcpy(src, "0123456789");
331   foo myfoo;
332   myfoo.a[0] = '\0';
333   ASSERT_FORTIFY(strcat(myfoo.a, src));
334 }
335 #endif
336 
TEST_F(DEATHTEST,strcat2_fortified2)337 TEST_F(DEATHTEST, strcat2_fortified2) {
338   foo myfoo;
339   memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
340   myfoo.b[0] = '\0';
341   ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
342 }
343 
TEST_F(DEATHTEST,snprintf_fortified2)344 TEST_F(DEATHTEST, snprintf_fortified2) {
345   foo myfoo;
346   strcpy(myfoo.a, "012345678");
347   size_t n = strlen(myfoo.a) + 2;
348   ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
349 }
350 
TEST_F(DEATHTEST,bzero_fortified2)351 TEST_F(DEATHTEST, bzero_fortified2) {
352   foo myfoo;
353   memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
354   size_t n = atoi("11");
355   ASSERT_FORTIFY(bzero(myfoo.b, n));
356 }
357 
358 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
359 
360 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)361 TEST_F(DEATHTEST, strcpy_fortified) {
362 #if defined(__BIONIC__)
363   char buf[10];
364   char *orig = strdup("0123456789");
365   ASSERT_FORTIFY(strcpy(buf, orig));
366   free(orig);
367 #else // __BIONIC__
368   GTEST_LOG_(INFO) << "This test does nothing.\n";
369 #endif // __BIONIC__
370 }
371 
372 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)373 TEST_F(DEATHTEST, strcpy2_fortified) {
374 #if defined(__BIONIC__)
375   char buf[0];
376   char *orig = strdup("");
377   ASSERT_FORTIFY(strcpy(buf, orig));
378   free(orig);
379 #else // __BIONIC__
380   GTEST_LOG_(INFO) << "This test does nothing.\n";
381 #endif // __BIONIC__
382 }
383 
384 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)385 TEST_F(DEATHTEST, strcpy3_fortified) {
386 #if defined(__BIONIC__)
387   char buf[0];
388   char *orig = strdup("1");
389   ASSERT_FORTIFY(strcpy(buf, orig));
390   free(orig);
391 #else // __BIONIC__
392   GTEST_LOG_(INFO) << "This test does nothing.\n";
393 #endif // __BIONIC__
394 }
395 
396 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)397 TEST_F(DEATHTEST, strcpy4_fortified) {
398 #if defined(__BIONIC__)
399   char buf[1];
400   char *orig = strdup("12");
401   ASSERT_FORTIFY(strcpy(buf, orig));
402   free(orig);
403 #else // __BIONIC__
404   GTEST_LOG_(INFO) << "This test does nothing.\n";
405 #endif // __BIONIC__
406 }
407 
TEST_F(DEATHTEST,strlen_fortified)408 TEST_F(DEATHTEST, strlen_fortified) {
409 #if defined(__BIONIC__)
410   char buf[10];
411   memcpy(buf, "0123456789", sizeof(buf));
412   ASSERT_FORTIFY(printf("%zd", strlen(buf)));
413 #else // __BIONIC__
414   GTEST_LOG_(INFO) << "This test does nothing.\n";
415 #endif // __BIONIC__
416 }
417 
TEST_F(DEATHTEST,strchr_fortified)418 TEST_F(DEATHTEST, strchr_fortified) {
419 #if defined(__BIONIC__)
420   char buf[10];
421   memcpy(buf, "0123456789", sizeof(buf));
422   ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
423 #else // __BIONIC__
424   GTEST_LOG_(INFO) << "This test does nothing.\n";
425 #endif // __BIONIC__
426 }
427 
TEST_F(DEATHTEST,strrchr_fortified)428 TEST_F(DEATHTEST, strrchr_fortified) {
429 #if defined(__BIONIC__)
430   char buf[10];
431   memcpy(buf, "0123456789", sizeof(buf));
432   ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
433 #else // __BIONIC__
434   GTEST_LOG_(INFO) << "This test does nothing.\n";
435 #endif // __BIONIC__
436 }
437 
TEST_F(DEATHTEST,strlcpy_fortified)438 TEST_F(DEATHTEST, strlcpy_fortified) {
439 #if defined(__BIONIC__)
440   char bufa[15];
441   char bufb[10];
442   strcpy(bufa, "01234567890123");
443   size_t n = strlen(bufa);
444   ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
445 #else // __BIONIC__
446   GTEST_LOG_(INFO) << "This test does nothing.\n";
447 #endif // __BIONIC__
448 }
449 
TEST_F(DEATHTEST,strlcat_fortified)450 TEST_F(DEATHTEST, strlcat_fortified) {
451 #if defined(__BIONIC__)
452   char bufa[15];
453   char bufb[10];
454   bufb[0] = '\0';
455   strcpy(bufa, "01234567890123");
456   size_t n = strlen(bufa);
457   ASSERT_FORTIFY(strlcat(bufb, bufa, n));
458 #else // __BIONIC__
459   GTEST_LOG_(INFO) << "This test does nothing.\n";
460 #endif // __BIONIC__
461 }
462 
TEST_F(DEATHTEST,sprintf_fortified)463 TEST_F(DEATHTEST, sprintf_fortified) {
464   char buf[10];
465   char source_buf[15];
466   memcpy(source_buf, "12345678901234", 15);
467   ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
468 }
469 
470 #ifndef __clang__
471 // This test is disabled in clang because clang doesn't properly detect
472 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_malloc_fortified)473 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
474   char* buf = (char *) malloc(10);
475   char source_buf[11];
476   memcpy(source_buf, "1234567890", 11);
477   ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
478   free(buf);
479 }
480 #endif
481 
TEST_F(DEATHTEST,sprintf2_fortified)482 TEST_F(DEATHTEST, sprintf2_fortified) {
483   char buf[5];
484   ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
485 }
486 
vsprintf_helper(const char * fmt,...)487 static int vsprintf_helper(const char *fmt, ...) {
488   char buf[10];
489   va_list va;
490   int result;
491 
492   va_start(va, fmt);
493   result = vsprintf(buf, fmt, va); // should crash here
494   va_end(va);
495   return result;
496 }
497 
TEST_F(DEATHTEST,vsprintf_fortified)498 TEST_F(DEATHTEST, vsprintf_fortified) {
499   ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
500 }
501 
TEST_F(DEATHTEST,vsprintf2_fortified)502 TEST_F(DEATHTEST, vsprintf2_fortified) {
503   ASSERT_FORTIFY(vsprintf_helper("0123456789"));
504 }
505 
vsnprintf_helper(const char * fmt,...)506 static int vsnprintf_helper(const char *fmt, ...) {
507   char buf[10];
508   va_list va;
509   int result;
510   size_t size = atoi("11");
511 
512   va_start(va, fmt);
513   result = vsnprintf(buf, size, fmt, va); // should crash here
514   va_end(va);
515   return result;
516 }
517 
TEST_F(DEATHTEST,vsnprintf_fortified)518 TEST_F(DEATHTEST, vsnprintf_fortified) {
519   ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
520 }
521 
TEST_F(DEATHTEST,vsnprintf2_fortified)522 TEST_F(DEATHTEST, vsnprintf2_fortified) {
523   ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
524 }
525 
TEST_F(DEATHTEST,strncat_fortified)526 TEST_F(DEATHTEST, strncat_fortified) {
527   char buf[10];
528   size_t n = atoi("10"); // avoid compiler optimizations
529   strncpy(buf, "012345678", n);
530   ASSERT_FORTIFY(strncat(buf, "9", n));
531 }
532 
TEST_F(DEATHTEST,strncat2_fortified)533 TEST_F(DEATHTEST, strncat2_fortified) {
534   char buf[10];
535   buf[0] = '\0';
536   size_t n = atoi("10"); // avoid compiler optimizations
537   ASSERT_FORTIFY(strncat(buf, "0123456789", n));
538 }
539 
TEST_F(DEATHTEST,strcat_fortified)540 TEST_F(DEATHTEST, strcat_fortified) {
541   char src[11];
542   strcpy(src, "0123456789");
543   char buf[10];
544   buf[0] = '\0';
545   ASSERT_FORTIFY(strcat(buf, src));
546 }
547 
TEST_F(DEATHTEST,memmove_fortified)548 TEST_F(DEATHTEST, memmove_fortified) {
549   char buf[20];
550   strcpy(buf, "0123456789");
551   size_t n = atoi("10");
552   ASSERT_FORTIFY(memmove(buf + 11, buf, n));
553 }
554 
TEST_F(DEATHTEST,memcpy_fortified)555 TEST_F(DEATHTEST, memcpy_fortified) {
556   char bufa[10];
557   char bufb[10];
558   strcpy(bufa, "012345678");
559   size_t n = atoi("11");
560   ASSERT_FORTIFY(memcpy(bufb, bufa, n));
561 }
562 
TEST_F(DEATHTEST,memset_fortified)563 TEST_F(DEATHTEST, memset_fortified) {
564   char buf[10];
565   size_t n = atoi("11");
566   ASSERT_FORTIFY(memset(buf, 0, n));
567 }
568 
TEST_F(DEATHTEST,stpncpy_fortified)569 TEST_F(DEATHTEST, stpncpy_fortified) {
570   char bufa[15];
571   char bufb[10];
572   strcpy(bufa, "01234567890123");
573   size_t n = strlen(bufa);
574   ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
575 }
576 
TEST_F(DEATHTEST,stpncpy2_fortified)577 TEST_F(DEATHTEST, stpncpy2_fortified) {
578   char dest[11];
579   char src[10];
580   memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
581   ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
582 }
583 
TEST_F(DEATHTEST,strncpy_fortified)584 TEST_F(DEATHTEST, strncpy_fortified) {
585   char bufa[15];
586   char bufb[10];
587   strcpy(bufa, "01234567890123");
588   size_t n = strlen(bufa);
589   ASSERT_FORTIFY(strncpy(bufb, bufa, n));
590 }
591 
592 
TEST_F(DEATHTEST,strncpy2_fortified)593 TEST_F(DEATHTEST, strncpy2_fortified) {
594   char dest[11];
595   char src[10];
596   memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
597   ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
598 }
599 
TEST_F(DEATHTEST,snprintf_fortified)600 TEST_F(DEATHTEST, snprintf_fortified) {
601   char bufa[15];
602   char bufb[10];
603   strcpy(bufa, "0123456789");
604   size_t n = strlen(bufa) + 1;
605   ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
606 }
607 
TEST_F(DEATHTEST,bzero_fortified)608 TEST_F(DEATHTEST, bzero_fortified) {
609   char buf[10];
610   memcpy(buf, "0123456789", sizeof(buf));
611   size_t n = atoi("11");
612   ASSERT_FORTIFY(bzero(buf, n));
613 }
614 
TEST_F(DEATHTEST,umask_fortified)615 TEST_F(DEATHTEST, umask_fortified) {
616   mode_t mask = atoi("1023");  // 01777 in octal
617   ASSERT_FORTIFY(umask(mask));
618 }
619 
TEST_F(DEATHTEST,recv_fortified)620 TEST_F(DEATHTEST, recv_fortified) {
621   size_t data_len = atoi("11"); // suppress compiler optimizations
622   char buf[10];
623   ASSERT_FORTIFY(recv(0, buf, data_len, 0));
624 }
625 
TEST_F(DEATHTEST,send_fortified)626 TEST_F(DEATHTEST, send_fortified) {
627   size_t data_len = atoi("11"); // suppress compiler optimizations
628   char buf[10] = {0};
629   ASSERT_FORTIFY(send(0, buf, data_len, 0));
630 }
631 
TEST_F(DEATHTEST,FD_ISSET_fortified)632 TEST_F(DEATHTEST, FD_ISSET_fortified) {
633 #if defined(__BIONIC__) // glibc catches this at compile-time.
634   fd_set set;
635   memset(&set, 0, sizeof(set));
636   ASSERT_FORTIFY(FD_ISSET(-1, &set));
637 #endif
638 }
639 
TEST_F(DEATHTEST,FD_ISSET_2_fortified)640 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
641   char buf[1];
642   fd_set* set = (fd_set*) buf;
643   ASSERT_FORTIFY(FD_ISSET(0, set));
644 }
645 
TEST_F(DEATHTEST,getcwd_fortified)646 TEST_F(DEATHTEST, getcwd_fortified) {
647   char buf[1];
648   size_t ct = atoi("2"); // prevent optimizations
649   ASSERT_FORTIFY(getcwd(buf, ct));
650 }
651 
TEST_F(DEATHTEST,pread_fortified)652 TEST_F(DEATHTEST, pread_fortified) {
653   char buf[1];
654   size_t ct = atoi("2"); // prevent optimizations
655   int fd = open("/dev/null", O_RDONLY);
656   ASSERT_FORTIFY(pread(fd, buf, ct, 0));
657   close(fd);
658 }
659 
TEST_F(DEATHTEST,pread64_fortified)660 TEST_F(DEATHTEST, pread64_fortified) {
661   char buf[1];
662   size_t ct = atoi("2"); // prevent optimizations
663   int fd = open("/dev/null", O_RDONLY);
664   ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
665   close(fd);
666 }
667 
TEST_F(DEATHTEST,pwrite_fortified)668 TEST_F(DEATHTEST, pwrite_fortified) {
669   char buf[1] = {0};
670   size_t ct = atoi("2"); // prevent optimizations
671   int fd = open("/dev/null", O_WRONLY);
672   ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
673   close(fd);
674 }
675 
TEST_F(DEATHTEST,pwrite64_fortified)676 TEST_F(DEATHTEST, pwrite64_fortified) {
677   char buf[1] = {0};
678   size_t ct = atoi("2"); // prevent optimizations
679   int fd = open("/dev/null", O_WRONLY);
680   ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
681   close(fd);
682 }
683 
TEST_F(DEATHTEST,read_fortified)684 TEST_F(DEATHTEST, read_fortified) {
685   char buf[1];
686   size_t ct = atoi("2"); // prevent optimizations
687   int fd = open("/dev/null", O_RDONLY);
688   ASSERT_FORTIFY(read(fd, buf, ct));
689   close(fd);
690 }
691 
TEST_F(DEATHTEST,write_fortified)692 TEST_F(DEATHTEST, write_fortified) {
693   char buf[1] = {0};
694   size_t ct = atoi("2"); // prevent optimizations
695   int fd = open("/dev/null", O_WRONLY);
696   ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
697   close(fd);
698 }
699 
TEST_F(DEATHTEST,fread_fortified)700 TEST_F(DEATHTEST, fread_fortified) {
701   char buf[1];
702   size_t ct = atoi("2"); // prevent optimizations
703   FILE* fp = fopen("/dev/null", "r");
704   ASSERT_FORTIFY(fread(buf, 1, ct, fp));
705   fclose(fp);
706 }
707 
TEST_F(DEATHTEST,fwrite_fortified)708 TEST_F(DEATHTEST, fwrite_fortified) {
709   char buf[1] = {0};
710   size_t ct = atoi("2"); // prevent optimizations
711   FILE* fp = fopen("/dev/null", "w");
712   ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
713   fclose(fp);
714 }
715 
TEST_F(DEATHTEST,readlink_fortified)716 TEST_F(DEATHTEST, readlink_fortified) {
717   char buf[1];
718   size_t ct = atoi("2"); // prevent optimizations
719   ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
720 }
721 
TEST_F(DEATHTEST,readlinkat_fortified)722 TEST_F(DEATHTEST, readlinkat_fortified) {
723   char buf[1];
724   size_t ct = atoi("2"); // prevent optimizations
725   ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
726 }
727 
728 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
729 extern "C" char* __strcat_chk(char*, const char*, size_t);
730 
TEST(TEST_NAME,strncat)731 TEST(TEST_NAME, strncat) {
732   char buf[10];
733   memset(buf, 'A', sizeof(buf));
734   buf[0] = 'a';
735   buf[1] = '\0';
736   char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
737   ASSERT_EQ(buf, res);
738   ASSERT_EQ('a',  buf[0]);
739   ASSERT_EQ('0',  buf[1]);
740   ASSERT_EQ('1',  buf[2]);
741   ASSERT_EQ('2',  buf[3]);
742   ASSERT_EQ('3',  buf[4]);
743   ASSERT_EQ('4',  buf[5]);
744   ASSERT_EQ('\0', buf[6]);
745   ASSERT_EQ('A',  buf[7]);
746   ASSERT_EQ('A',  buf[8]);
747   ASSERT_EQ('A',  buf[9]);
748 }
749 
TEST(TEST_NAME,strncat2)750 TEST(TEST_NAME, strncat2) {
751   char buf[10];
752   memset(buf, 'A', sizeof(buf));
753   buf[0] = 'a';
754   buf[1] = '\0';
755   char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
756   ASSERT_EQ(buf, res);
757   ASSERT_EQ('a',  buf[0]);
758   ASSERT_EQ('0',  buf[1]);
759   ASSERT_EQ('1',  buf[2]);
760   ASSERT_EQ('2',  buf[3]);
761   ASSERT_EQ('3',  buf[4]);
762   ASSERT_EQ('4',  buf[5]);
763   ASSERT_EQ('\0', buf[6]);
764   ASSERT_EQ('A',  buf[7]);
765   ASSERT_EQ('A',  buf[8]);
766   ASSERT_EQ('A',  buf[9]);
767 }
768 
TEST(TEST_NAME,strncat3)769 TEST(TEST_NAME, strncat3) {
770   char buf[10];
771   memset(buf, 'A', sizeof(buf));
772   buf[0] = '\0';
773   char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
774   ASSERT_EQ(buf, res);
775   ASSERT_EQ('0',  buf[0]);
776   ASSERT_EQ('1',  buf[1]);
777   ASSERT_EQ('2',  buf[2]);
778   ASSERT_EQ('3',  buf[3]);
779   ASSERT_EQ('4',  buf[4]);
780   ASSERT_EQ('\0', buf[5]);
781   ASSERT_EQ('A',  buf[6]);
782   ASSERT_EQ('A',  buf[7]);
783   ASSERT_EQ('A',  buf[8]);
784   ASSERT_EQ('A',  buf[9]);
785 }
786 
TEST(TEST_NAME,strncat4)787 TEST(TEST_NAME, strncat4) {
788   char buf[10];
789   memset(buf, 'A', sizeof(buf));
790   buf[9] = '\0';
791   char* res = __strncat_chk(buf, "", 5, sizeof(buf));
792   ASSERT_EQ(buf, res);
793   ASSERT_EQ('A',  buf[0]);
794   ASSERT_EQ('A',  buf[1]);
795   ASSERT_EQ('A',  buf[2]);
796   ASSERT_EQ('A',  buf[3]);
797   ASSERT_EQ('A',  buf[4]);
798   ASSERT_EQ('A',  buf[5]);
799   ASSERT_EQ('A',  buf[6]);
800   ASSERT_EQ('A',  buf[7]);
801   ASSERT_EQ('A',  buf[8]);
802   ASSERT_EQ('\0', buf[9]);
803 }
804 
TEST(TEST_NAME,strncat5)805 TEST(TEST_NAME, strncat5) {
806   char buf[10];
807   memset(buf, 'A', sizeof(buf));
808   buf[0] = 'a';
809   buf[1] = '\0';
810   char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
811   ASSERT_EQ(buf, res);
812   ASSERT_EQ('a',  buf[0]);
813   ASSERT_EQ('0',  buf[1]);
814   ASSERT_EQ('1',  buf[2]);
815   ASSERT_EQ('2',  buf[3]);
816   ASSERT_EQ('3',  buf[4]);
817   ASSERT_EQ('4',  buf[5]);
818   ASSERT_EQ('5', buf[6]);
819   ASSERT_EQ('6',  buf[7]);
820   ASSERT_EQ('7',  buf[8]);
821   ASSERT_EQ('\0',  buf[9]);
822 }
823 
TEST(TEST_NAME,strncat6)824 TEST(TEST_NAME, strncat6) {
825   char buf[10];
826   memset(buf, 'A', sizeof(buf));
827   buf[0] = 'a';
828   buf[1] = '\0';
829   char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
830   ASSERT_EQ(buf, res);
831   ASSERT_EQ('a',  buf[0]);
832   ASSERT_EQ('0',  buf[1]);
833   ASSERT_EQ('1',  buf[2]);
834   ASSERT_EQ('2',  buf[3]);
835   ASSERT_EQ('3',  buf[4]);
836   ASSERT_EQ('4',  buf[5]);
837   ASSERT_EQ('5', buf[6]);
838   ASSERT_EQ('6',  buf[7]);
839   ASSERT_EQ('7',  buf[8]);
840   ASSERT_EQ('\0',  buf[9]);
841 }
842 
843 
TEST(TEST_NAME,strcat)844 TEST(TEST_NAME, strcat) {
845   char buf[10];
846   memset(buf, 'A', sizeof(buf));
847   buf[0] = 'a';
848   buf[1] = '\0';
849   char* res = __strcat_chk(buf, "01234", sizeof(buf));
850   ASSERT_EQ(buf, res);
851   ASSERT_EQ('a',  buf[0]);
852   ASSERT_EQ('0',  buf[1]);
853   ASSERT_EQ('1',  buf[2]);
854   ASSERT_EQ('2',  buf[3]);
855   ASSERT_EQ('3',  buf[4]);
856   ASSERT_EQ('4',  buf[5]);
857   ASSERT_EQ('\0', buf[6]);
858   ASSERT_EQ('A',  buf[7]);
859   ASSERT_EQ('A',  buf[8]);
860   ASSERT_EQ('A',  buf[9]);
861 }
862 
TEST(TEST_NAME,strcat2)863 TEST(TEST_NAME, strcat2) {
864   char buf[10];
865   memset(buf, 'A', sizeof(buf));
866   buf[0] = 'a';
867   buf[1] = '\0';
868   char* res = __strcat_chk(buf, "01234567", sizeof(buf));
869   ASSERT_EQ(buf, res);
870   ASSERT_EQ('a',  buf[0]);
871   ASSERT_EQ('0',  buf[1]);
872   ASSERT_EQ('1',  buf[2]);
873   ASSERT_EQ('2',  buf[3]);
874   ASSERT_EQ('3',  buf[4]);
875   ASSERT_EQ('4',  buf[5]);
876   ASSERT_EQ('5', buf[6]);
877   ASSERT_EQ('6',  buf[7]);
878   ASSERT_EQ('7',  buf[8]);
879   ASSERT_EQ('\0',  buf[9]);
880 }
881 
TEST(TEST_NAME,stpncpy)882 TEST(TEST_NAME, stpncpy) {
883   char src[10];
884   char dst[10];
885   memcpy(src, "0123456789", sizeof(src)); // non null terminated string
886   stpncpy(dst, src, sizeof(dst));
887   ASSERT_EQ('0', dst[0]);
888   ASSERT_EQ('1', dst[1]);
889   ASSERT_EQ('2', dst[2]);
890   ASSERT_EQ('3', dst[3]);
891   ASSERT_EQ('4', dst[4]);
892   ASSERT_EQ('5', dst[5]);
893   ASSERT_EQ('6', dst[6]);
894   ASSERT_EQ('7', dst[7]);
895   ASSERT_EQ('8', dst[8]);
896   ASSERT_EQ('9', dst[9]);
897 }
898 
TEST(TEST_NAME,stpncpy2)899 TEST(TEST_NAME, stpncpy2) {
900   char src[10];
901   char dst[15];
902   memcpy(src, "012345678\0", sizeof(src));
903   stpncpy(dst, src, sizeof(dst));
904   ASSERT_EQ('0',  dst[0]);
905   ASSERT_EQ('1',  dst[1]);
906   ASSERT_EQ('2',  dst[2]);
907   ASSERT_EQ('3',  dst[3]);
908   ASSERT_EQ('4',  dst[4]);
909   ASSERT_EQ('5',  dst[5]);
910   ASSERT_EQ('6',  dst[6]);
911   ASSERT_EQ('7',  dst[7]);
912   ASSERT_EQ('8',  dst[8]);
913   ASSERT_EQ('\0', dst[9]);
914   ASSERT_EQ('\0', dst[10]);
915   ASSERT_EQ('\0', dst[11]);
916   ASSERT_EQ('\0', dst[12]);
917   ASSERT_EQ('\0', dst[13]);
918   ASSERT_EQ('\0', dst[14]);
919 }
920 
TEST(TEST_NAME,strncpy)921 TEST(TEST_NAME, strncpy) {
922   char src[10];
923   char dst[10];
924   memcpy(src, "0123456789", sizeof(src)); // non null terminated string
925   strncpy(dst, src, sizeof(dst));
926   ASSERT_EQ('0', dst[0]);
927   ASSERT_EQ('1', dst[1]);
928   ASSERT_EQ('2', dst[2]);
929   ASSERT_EQ('3', dst[3]);
930   ASSERT_EQ('4', dst[4]);
931   ASSERT_EQ('5', dst[5]);
932   ASSERT_EQ('6', dst[6]);
933   ASSERT_EQ('7', dst[7]);
934   ASSERT_EQ('8', dst[8]);
935   ASSERT_EQ('9', dst[9]);
936 }
937 
TEST(TEST_NAME,strncpy2)938 TEST(TEST_NAME, strncpy2) {
939   char src[10];
940   char dst[15];
941   memcpy(src, "012345678\0", sizeof(src));
942   strncpy(dst, src, sizeof(dst));
943   ASSERT_EQ('0',  dst[0]);
944   ASSERT_EQ('1',  dst[1]);
945   ASSERT_EQ('2',  dst[2]);
946   ASSERT_EQ('3',  dst[3]);
947   ASSERT_EQ('4',  dst[4]);
948   ASSERT_EQ('5',  dst[5]);
949   ASSERT_EQ('6',  dst[6]);
950   ASSERT_EQ('7',  dst[7]);
951   ASSERT_EQ('8',  dst[8]);
952   ASSERT_EQ('\0', dst[9]);
953   ASSERT_EQ('\0', dst[10]);
954   ASSERT_EQ('\0', dst[11]);
955   ASSERT_EQ('\0', dst[12]);
956   ASSERT_EQ('\0', dst[13]);
957   ASSERT_EQ('\0', dst[14]);
958 }
959 
TEST(TEST_NAME,strcat_chk_max_int_size)960 TEST(TEST_NAME, strcat_chk_max_int_size) {
961   char buf[10];
962   memset(buf, 'A', sizeof(buf));
963   buf[0] = 'a';
964   buf[1] = '\0';
965   char* res = __strcat_chk(buf, "01234567", (size_t)-1);
966   ASSERT_EQ(buf, res);
967   ASSERT_EQ('a',  buf[0]);
968   ASSERT_EQ('0',  buf[1]);
969   ASSERT_EQ('1',  buf[2]);
970   ASSERT_EQ('2',  buf[3]);
971   ASSERT_EQ('3',  buf[4]);
972   ASSERT_EQ('4',  buf[5]);
973   ASSERT_EQ('5',  buf[6]);
974   ASSERT_EQ('6',  buf[7]);
975   ASSERT_EQ('7',  buf[8]);
976   ASSERT_EQ('\0', buf[9]);
977 }
978 
979 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
980 
TEST(TEST_NAME,stpcpy_chk_max_int_size)981 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
982   char buf[10];
983   char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
984   ASSERT_EQ(buf + strlen("012345678"), res);
985   ASSERT_STREQ("012345678", buf);
986 }
987 
988 extern "C" char* __strcpy_chk(char*, const char*, size_t);
989 
TEST(TEST_NAME,strcpy_chk_max_int_size)990 TEST(TEST_NAME, strcpy_chk_max_int_size) {
991   char buf[10];
992   char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
993   ASSERT_EQ(buf, res);
994   ASSERT_STREQ("012345678", buf);
995 }
996 
997 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
998 
TEST(TEST_NAME,memcpy_chk_max_int_size)999 TEST(TEST_NAME, memcpy_chk_max_int_size) {
1000   char buf[10];
1001   void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
1002   ASSERT_EQ((void*)buf, res);
1003   ASSERT_EQ('0',  buf[0]);
1004   ASSERT_EQ('1',  buf[1]);
1005   ASSERT_EQ('2',  buf[2]);
1006   ASSERT_EQ('3',  buf[3]);
1007   ASSERT_EQ('4',  buf[4]);
1008   ASSERT_EQ('5',  buf[5]);
1009   ASSERT_EQ('6',  buf[6]);
1010   ASSERT_EQ('7',  buf[7]);
1011   ASSERT_EQ('8',  buf[8]);
1012   ASSERT_EQ('\0', buf[9]);
1013 }
1014 
1015 // Verify that macro expansion is done properly for sprintf/snprintf (which
1016 // are defined as macros in stdio.h under clang).
1017 #define CONTENTS "macro expansion"
1018 #define BUF_AND_SIZE(A) A, sizeof(A)
1019 #define BUF_AND_CONTENTS(A) A, CONTENTS
1020 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)1021 TEST(TEST_NAME, s_n_printf_macro_expansion) {
1022   char buf[BUFSIZ];
1023   snprintf(BUF_AND_SIZE(buf), CONTENTS);
1024   EXPECT_STREQ(CONTENTS, buf);
1025 
1026   snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
1027   EXPECT_STREQ(CONTENTS, buf);
1028 
1029   sprintf(BUF_AND_CONTENTS(buf));
1030   EXPECT_STREQ(CONTENTS, buf);
1031 }
1032 
TEST_F(DEATHTEST,poll_fortified)1033 TEST_F(DEATHTEST, poll_fortified) {
1034   nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1035   pollfd buf[1] = {{0, POLLIN, 0}};
1036   // Set timeout to zero to prevent waiting in poll when fortify test fails.
1037   ASSERT_FORTIFY(poll(buf, fd_count, 0));
1038 }
1039 
TEST_F(DEATHTEST,ppoll_fortified)1040 TEST_F(DEATHTEST, ppoll_fortified) {
1041   nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1042   pollfd buf[1] = {{0, POLLIN, 0}};
1043   // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1044   timespec timeout;
1045   timeout.tv_sec = timeout.tv_nsec = 0;
1046   ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL));
1047 }
1048