1 /* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 // -Werror is on whether we like it or not, and we're intentionally doing awful 18 // things in this file. GCC is dumb and doesn't have a specific error class for 19 // the fortify failures (it's just -Werror), so we can't use anything more 20 // constrained than disabling all the warnings in the file :( It also won't let 21 // us use system_header in a .cpp file, so we have to #include this from 22 // fortify_test_main.cpp. 23 #pragma GCC system_header 24 25 #include <gtest/gtest.h> 26 #include "BionicDeathTest.h" 27 28 #include <fcntl.h> 29 #include <malloc.h> 30 #include <poll.h> 31 #include <signal.h> 32 #include <stdarg.h> 33 #include <string.h> 34 #include <sys/socket.h> 35 #include <sys/stat.h> 36 #include <sys/types.h> 37 #include <time.h> 38 39 #if __BIONIC__ 40 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY") 41 #else 42 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "") 43 #endif 44 45 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to 46 // distinguish different tests. TEST_NAME is defined in compilation command. 47 #define DEATHTEST_PASTER(name) name##_DeathTest 48 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name) 49 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME) 50 51 class DEATHTEST : public BionicDeathTest {}; 52 53 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2 54 struct foo { 55 char empty[0]; 56 char one[1]; 57 char a[10]; 58 char b[10]; 59 }; 60 61 #ifndef __clang__ 62 // This test is disabled in clang because clang doesn't properly detect 63 // this buffer overflow. TODO: Fix clang. 64 TEST_F(DEATHTEST, stpncpy_fortified2) { 65 foo myfoo; 66 int copy_amt = atoi("11"); 67 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt)); 68 } 69 #endif 70 71 #ifndef __clang__ 72 // This test is disabled in clang because clang doesn't properly detect 73 // this buffer overflow. TODO: Fix clang. 74 TEST_F(DEATHTEST, stpncpy2_fortified2) { 75 foo myfoo; 76 memset(&myfoo, 0, sizeof(myfoo)); 77 myfoo.one[0] = 'A'; // not null terminated string 78 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b))); 79 } 80 #endif 81 82 #ifndef __clang__ 83 // This test is disabled in clang because clang doesn't properly detect 84 // this buffer overflow. TODO: Fix clang. 85 TEST_F(DEATHTEST, strncpy_fortified2) { 86 foo myfoo; 87 int copy_amt = atoi("11"); 88 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt)); 89 } 90 #endif 91 92 #ifndef __clang__ 93 // This test is disabled in clang because clang doesn't properly detect 94 // this buffer overflow. TODO: Fix clang. 95 TEST_F(DEATHTEST, strncpy2_fortified2) { 96 foo myfoo; 97 memset(&myfoo, 0, sizeof(myfoo)); 98 myfoo.one[0] = 'A'; // not null terminated string 99 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b))); 100 } 101 #endif 102 103 #ifndef __clang__ 104 // This test is disabled in clang because clang doesn't properly detect 105 // this buffer overflow. TODO: Fix clang. 106 TEST_F(DEATHTEST, sprintf_fortified2) { 107 foo myfoo; 108 char source_buf[15]; 109 memcpy(source_buf, "12345678901234", 15); 110 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf)); 111 } 112 #endif 113 114 #ifndef __clang__ 115 // This test is disabled in clang because clang doesn't properly detect 116 // this buffer overflow. TODO: Fix clang. 117 TEST_F(DEATHTEST, sprintf2_fortified2) { 118 foo myfoo; 119 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789")); 120 } 121 #endif 122 123 #ifndef __clang__ 124 // These tests are disabled in clang because clang doesn't properly detect 125 // this buffer overflow. TODO: Fix clang. 126 static int vsprintf_helper2(const char *fmt, ...) { 127 foo myfoo; 128 va_list va; 129 int result; 130 131 va_start(va, fmt); 132 result = vsprintf(myfoo.a, fmt, va); // should crash here 133 va_end(va); 134 return result; 135 } 136 137 TEST_F(DEATHTEST, vsprintf_fortified2) { 138 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789")); 139 } 140 141 TEST_F(DEATHTEST, vsprintf2_fortified2) { 142 ASSERT_FORTIFY(vsprintf_helper2("0123456789")); 143 } 144 #endif 145 146 #ifndef __clang__ 147 // These tests are disabled in clang because clang doesn't properly detect 148 // this buffer overflow. TODO: Fix clang. 149 static int vsnprintf_helper2(const char *fmt, ...) { 150 foo myfoo; 151 va_list va; 152 int result; 153 size_t size = atoi("11"); 154 155 va_start(va, fmt); 156 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here 157 va_end(va); 158 return result; 159 } 160 161 TEST_F(DEATHTEST, vsnprintf_fortified2) { 162 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789")); 163 } 164 165 TEST_F(DEATHTEST, vsnprintf2_fortified2) { 166 ASSERT_FORTIFY(vsnprintf_helper2("0123456789")); 167 } 168 #endif 169 170 #ifndef __clang__ 171 // zero sized target with "\0" source (should fail) 172 // This test is disabled in clang because clang doesn't properly detect 173 // this buffer overflow. TODO: Fix clang. 174 TEST_F(DEATHTEST, stpcpy_fortified2) { 175 #if defined(__BIONIC__) 176 foo myfoo; 177 char* src = strdup(""); 178 ASSERT_FORTIFY(stpcpy(myfoo.empty, src)); 179 free(src); 180 #else // __BIONIC__ 181 GTEST_LOG_(INFO) << "This test does nothing.\n"; 182 #endif // __BIONIC__ 183 } 184 #endif 185 186 #ifndef __clang__ 187 // zero sized target with "\0" source (should fail) 188 // This test is disabled in clang because clang doesn't properly detect 189 // this buffer overflow. TODO: Fix clang. 190 TEST_F(DEATHTEST, strcpy_fortified2) { 191 #if defined(__BIONIC__) 192 foo myfoo; 193 char* src = strdup(""); 194 ASSERT_FORTIFY(strcpy(myfoo.empty, src)); 195 free(src); 196 #else // __BIONIC__ 197 GTEST_LOG_(INFO) << "This test does nothing.\n"; 198 #endif // __BIONIC__ 199 } 200 #endif 201 202 #ifndef __clang__ 203 // zero sized target with longer source (should fail) 204 // This test is disabled in clang because clang doesn't properly detect 205 // this buffer overflow. TODO: Fix clang. 206 TEST_F(DEATHTEST, strcpy2_fortified2) { 207 #if defined(__BIONIC__) 208 foo myfoo; 209 char* src = strdup("1"); 210 ASSERT_FORTIFY(strcpy(myfoo.empty, src)); 211 free(src); 212 #else // __BIONIC__ 213 GTEST_LOG_(INFO) << "This test does nothing.\n"; 214 #endif // __BIONIC__ 215 } 216 #endif 217 218 #ifndef __clang__ 219 // one byte target with longer source (should fail) 220 // This test is disabled in clang because clang doesn't properly detect 221 // this buffer overflow. TODO: Fix clang. 222 TEST_F(DEATHTEST, strcpy3_fortified2) { 223 #if defined(__BIONIC__) 224 foo myfoo; 225 char* src = strdup("12"); 226 ASSERT_FORTIFY(strcpy(myfoo.one, src)); 227 free(src); 228 #else // __BIONIC__ 229 GTEST_LOG_(INFO) << "This test does nothing.\n"; 230 #endif // __BIONIC__ 231 } 232 #endif 233 234 #ifndef __clang__ 235 // This test is disabled in clang because clang doesn't properly detect 236 // this buffer overflow. TODO: Fix clang. 237 TEST_F(DEATHTEST, strchr_fortified2) { 238 #if defined(__BIONIC__) 239 foo myfoo; 240 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 241 myfoo.b[0] = '\0'; 242 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a'))); 243 #else // __BIONIC__ 244 GTEST_LOG_(INFO) << "This test does nothing.\n"; 245 #endif // __BIONIC__ 246 } 247 #endif 248 249 #ifndef __clang__ 250 // This test is disabled in clang because clang doesn't properly detect 251 // this buffer overflow. TODO: Fix clang. 252 TEST_F(DEATHTEST, strrchr_fortified2) { 253 #if defined(__BIONIC__) 254 foo myfoo; 255 memcpy(myfoo.a, "0123456789", 10); 256 memcpy(myfoo.b, "01234", 6); 257 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a'))); 258 #else // __BIONIC__ 259 GTEST_LOG_(INFO) << "This test does nothing.\n"; 260 #endif // __BIONIC__ 261 } 262 #endif 263 264 #ifndef __clang__ 265 // This test is disabled in clang because clang doesn't properly detect 266 // this buffer overflow. TODO: Fix clang. 267 TEST_F(DEATHTEST, strlcpy_fortified2) { 268 #if defined(__BIONIC__) 269 foo myfoo; 270 strcpy(myfoo.a, "01"); 271 size_t n = strlen(myfoo.a); 272 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n)); 273 #else // __BIONIC__ 274 GTEST_LOG_(INFO) << "This test does nothing.\n"; 275 #endif // __BIONIC__ 276 } 277 #endif 278 279 #ifndef __clang__ 280 // This test is disabled in clang because clang doesn't properly detect 281 // this buffer overflow. TODO: Fix clang. 282 TEST_F(DEATHTEST, strlcat_fortified2) { 283 #if defined(__BIONIC__) 284 foo myfoo; 285 strcpy(myfoo.a, "01"); 286 myfoo.one[0] = '\0'; 287 size_t n = strlen(myfoo.a); 288 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n)); 289 #else // __BIONIC__ 290 GTEST_LOG_(INFO) << "This test does nothing.\n"; 291 #endif // __BIONIC__ 292 } 293 #endif 294 295 #ifndef __clang__ 296 // This test is disabled in clang because clang doesn't properly detect 297 // this buffer overflow. TODO: Fix clang. 298 TEST_F(DEATHTEST, strncat_fortified2) { 299 foo myfoo; 300 size_t n = atoi("10"); // avoid compiler optimizations 301 strncpy(myfoo.a, "012345678", n); 302 ASSERT_FORTIFY(strncat(myfoo.a, "9", n)); 303 } 304 #endif 305 306 #ifndef __clang__ 307 // This test is disabled in clang because clang doesn't properly detect 308 // this buffer overflow. TODO: Fix clang. 309 TEST_F(DEATHTEST, strncat2_fortified2) { 310 foo myfoo; 311 myfoo.a[0] = '\0'; 312 size_t n = atoi("10"); // avoid compiler optimizations 313 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n)); 314 } 315 #endif 316 317 TEST_F(DEATHTEST, strncat3_fortified2) { 318 foo myfoo; 319 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 320 myfoo.b[0] = '\0'; 321 size_t n = atoi("10"); // avoid compiler optimizations 322 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n)); 323 } 324 325 #ifndef __clang__ 326 // This test is disabled in clang because clang doesn't properly detect 327 // this buffer overflow. TODO: Fix clang. 328 TEST_F(DEATHTEST, strcat_fortified2) { 329 char src[11]; 330 strcpy(src, "0123456789"); 331 foo myfoo; 332 myfoo.a[0] = '\0'; 333 ASSERT_FORTIFY(strcat(myfoo.a, src)); 334 } 335 #endif 336 337 TEST_F(DEATHTEST, strcat2_fortified2) { 338 foo myfoo; 339 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 340 myfoo.b[0] = '\0'; 341 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a)); 342 } 343 344 TEST_F(DEATHTEST, snprintf_fortified2) { 345 foo myfoo; 346 strcpy(myfoo.a, "012345678"); 347 size_t n = strlen(myfoo.a) + 2; 348 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a)); 349 } 350 351 TEST_F(DEATHTEST, bzero_fortified2) { 352 foo myfoo; 353 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b)); 354 size_t n = atoi("11"); 355 ASSERT_FORTIFY(bzero(myfoo.b, n)); 356 } 357 358 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */ 359 360 // multibyte target where we over fill (should fail) 361 TEST_F(DEATHTEST, strcpy_fortified) { 362 #if defined(__BIONIC__) 363 char buf[10]; 364 char *orig = strdup("0123456789"); 365 ASSERT_FORTIFY(strcpy(buf, orig)); 366 free(orig); 367 #else // __BIONIC__ 368 GTEST_LOG_(INFO) << "This test does nothing.\n"; 369 #endif // __BIONIC__ 370 } 371 372 // zero sized target with "\0" source (should fail) 373 TEST_F(DEATHTEST, strcpy2_fortified) { 374 #if defined(__BIONIC__) 375 char buf[0]; 376 char *orig = strdup(""); 377 ASSERT_FORTIFY(strcpy(buf, orig)); 378 free(orig); 379 #else // __BIONIC__ 380 GTEST_LOG_(INFO) << "This test does nothing.\n"; 381 #endif // __BIONIC__ 382 } 383 384 // zero sized target with longer source (should fail) 385 TEST_F(DEATHTEST, strcpy3_fortified) { 386 #if defined(__BIONIC__) 387 char buf[0]; 388 char *orig = strdup("1"); 389 ASSERT_FORTIFY(strcpy(buf, orig)); 390 free(orig); 391 #else // __BIONIC__ 392 GTEST_LOG_(INFO) << "This test does nothing.\n"; 393 #endif // __BIONIC__ 394 } 395 396 // one byte target with longer source (should fail) 397 TEST_F(DEATHTEST, strcpy4_fortified) { 398 #if defined(__BIONIC__) 399 char buf[1]; 400 char *orig = strdup("12"); 401 ASSERT_FORTIFY(strcpy(buf, orig)); 402 free(orig); 403 #else // __BIONIC__ 404 GTEST_LOG_(INFO) << "This test does nothing.\n"; 405 #endif // __BIONIC__ 406 } 407 408 TEST_F(DEATHTEST, strlen_fortified) { 409 #if defined(__BIONIC__) 410 char buf[10]; 411 memcpy(buf, "0123456789", sizeof(buf)); 412 ASSERT_FORTIFY(printf("%zd", strlen(buf))); 413 #else // __BIONIC__ 414 GTEST_LOG_(INFO) << "This test does nothing.\n"; 415 #endif // __BIONIC__ 416 } 417 418 TEST_F(DEATHTEST, strchr_fortified) { 419 #if defined(__BIONIC__) 420 char buf[10]; 421 memcpy(buf, "0123456789", sizeof(buf)); 422 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a'))); 423 #else // __BIONIC__ 424 GTEST_LOG_(INFO) << "This test does nothing.\n"; 425 #endif // __BIONIC__ 426 } 427 428 TEST_F(DEATHTEST, strrchr_fortified) { 429 #if defined(__BIONIC__) 430 char buf[10]; 431 memcpy(buf, "0123456789", sizeof(buf)); 432 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a'))); 433 #else // __BIONIC__ 434 GTEST_LOG_(INFO) << "This test does nothing.\n"; 435 #endif // __BIONIC__ 436 } 437 438 TEST_F(DEATHTEST, strlcpy_fortified) { 439 #if defined(__BIONIC__) 440 char bufa[15]; 441 char bufb[10]; 442 strcpy(bufa, "01234567890123"); 443 size_t n = strlen(bufa); 444 ASSERT_FORTIFY(strlcpy(bufb, bufa, n)); 445 #else // __BIONIC__ 446 GTEST_LOG_(INFO) << "This test does nothing.\n"; 447 #endif // __BIONIC__ 448 } 449 450 TEST_F(DEATHTEST, strlcat_fortified) { 451 #if defined(__BIONIC__) 452 char bufa[15]; 453 char bufb[10]; 454 bufb[0] = '\0'; 455 strcpy(bufa, "01234567890123"); 456 size_t n = strlen(bufa); 457 ASSERT_FORTIFY(strlcat(bufb, bufa, n)); 458 #else // __BIONIC__ 459 GTEST_LOG_(INFO) << "This test does nothing.\n"; 460 #endif // __BIONIC__ 461 } 462 463 TEST_F(DEATHTEST, sprintf_fortified) { 464 char buf[10]; 465 char source_buf[15]; 466 memcpy(source_buf, "12345678901234", 15); 467 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf)); 468 } 469 470 #ifndef __clang__ 471 // This test is disabled in clang because clang doesn't properly detect 472 // this buffer overflow. TODO: Fix clang. 473 TEST_F(DEATHTEST, sprintf_malloc_fortified) { 474 char* buf = (char *) malloc(10); 475 char source_buf[11]; 476 memcpy(source_buf, "1234567890", 11); 477 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf)); 478 free(buf); 479 } 480 #endif 481 482 TEST_F(DEATHTEST, sprintf2_fortified) { 483 char buf[5]; 484 ASSERT_FORTIFY(sprintf(buf, "aaaaa")); 485 } 486 487 static int vsprintf_helper(const char *fmt, ...) { 488 char buf[10]; 489 va_list va; 490 int result; 491 492 va_start(va, fmt); 493 result = vsprintf(buf, fmt, va); // should crash here 494 va_end(va); 495 return result; 496 } 497 498 TEST_F(DEATHTEST, vsprintf_fortified) { 499 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789")); 500 } 501 502 TEST_F(DEATHTEST, vsprintf2_fortified) { 503 ASSERT_FORTIFY(vsprintf_helper("0123456789")); 504 } 505 506 static int vsnprintf_helper(const char *fmt, ...) { 507 char buf[10]; 508 va_list va; 509 int result; 510 size_t size = atoi("11"); 511 512 va_start(va, fmt); 513 result = vsnprintf(buf, size, fmt, va); // should crash here 514 va_end(va); 515 return result; 516 } 517 518 TEST_F(DEATHTEST, vsnprintf_fortified) { 519 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789")); 520 } 521 522 TEST_F(DEATHTEST, vsnprintf2_fortified) { 523 ASSERT_FORTIFY(vsnprintf_helper("0123456789")); 524 } 525 526 TEST_F(DEATHTEST, strncat_fortified) { 527 char buf[10]; 528 size_t n = atoi("10"); // avoid compiler optimizations 529 strncpy(buf, "012345678", n); 530 ASSERT_FORTIFY(strncat(buf, "9", n)); 531 } 532 533 TEST_F(DEATHTEST, strncat2_fortified) { 534 char buf[10]; 535 buf[0] = '\0'; 536 size_t n = atoi("10"); // avoid compiler optimizations 537 ASSERT_FORTIFY(strncat(buf, "0123456789", n)); 538 } 539 540 TEST_F(DEATHTEST, strcat_fortified) { 541 char src[11]; 542 strcpy(src, "0123456789"); 543 char buf[10]; 544 buf[0] = '\0'; 545 ASSERT_FORTIFY(strcat(buf, src)); 546 } 547 548 TEST_F(DEATHTEST, memmove_fortified) { 549 char buf[20]; 550 strcpy(buf, "0123456789"); 551 size_t n = atoi("10"); 552 ASSERT_FORTIFY(memmove(buf + 11, buf, n)); 553 } 554 555 TEST_F(DEATHTEST, memcpy_fortified) { 556 char bufa[10]; 557 char bufb[10]; 558 strcpy(bufa, "012345678"); 559 size_t n = atoi("11"); 560 ASSERT_FORTIFY(memcpy(bufb, bufa, n)); 561 } 562 563 TEST_F(DEATHTEST, memset_fortified) { 564 char buf[10]; 565 size_t n = atoi("11"); 566 ASSERT_FORTIFY(memset(buf, 0, n)); 567 } 568 569 TEST_F(DEATHTEST, stpncpy_fortified) { 570 char bufa[15]; 571 char bufb[10]; 572 strcpy(bufa, "01234567890123"); 573 size_t n = strlen(bufa); 574 ASSERT_FORTIFY(stpncpy(bufb, bufa, n)); 575 } 576 577 TEST_F(DEATHTEST, stpncpy2_fortified) { 578 char dest[11]; 579 char src[10]; 580 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 581 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest))); 582 } 583 584 TEST_F(DEATHTEST, strncpy_fortified) { 585 char bufa[15]; 586 char bufb[10]; 587 strcpy(bufa, "01234567890123"); 588 size_t n = strlen(bufa); 589 ASSERT_FORTIFY(strncpy(bufb, bufa, n)); 590 } 591 592 593 TEST_F(DEATHTEST, strncpy2_fortified) { 594 char dest[11]; 595 char src[10]; 596 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 597 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest))); 598 } 599 600 TEST_F(DEATHTEST, snprintf_fortified) { 601 char bufa[15]; 602 char bufb[10]; 603 strcpy(bufa, "0123456789"); 604 size_t n = strlen(bufa) + 1; 605 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa)); 606 } 607 608 TEST_F(DEATHTEST, bzero_fortified) { 609 char buf[10]; 610 memcpy(buf, "0123456789", sizeof(buf)); 611 size_t n = atoi("11"); 612 ASSERT_FORTIFY(bzero(buf, n)); 613 } 614 615 TEST_F(DEATHTEST, umask_fortified) { 616 mode_t mask = atoi("1023"); // 01777 in octal 617 ASSERT_FORTIFY(umask(mask)); 618 } 619 620 TEST_F(DEATHTEST, recv_fortified) { 621 size_t data_len = atoi("11"); // suppress compiler optimizations 622 char buf[10]; 623 ASSERT_FORTIFY(recv(0, buf, data_len, 0)); 624 } 625 626 TEST_F(DEATHTEST, send_fortified) { 627 size_t data_len = atoi("11"); // suppress compiler optimizations 628 char buf[10] = {0}; 629 ASSERT_FORTIFY(send(0, buf, data_len, 0)); 630 } 631 632 TEST_F(DEATHTEST, FD_ISSET_fortified) { 633 #if defined(__BIONIC__) // glibc catches this at compile-time. 634 fd_set set; 635 memset(&set, 0, sizeof(set)); 636 ASSERT_FORTIFY(FD_ISSET(-1, &set)); 637 #endif 638 } 639 640 TEST_F(DEATHTEST, FD_ISSET_2_fortified) { 641 char buf[1]; 642 fd_set* set = (fd_set*) buf; 643 ASSERT_FORTIFY(FD_ISSET(0, set)); 644 } 645 646 TEST_F(DEATHTEST, getcwd_fortified) { 647 char buf[1]; 648 size_t ct = atoi("2"); // prevent optimizations 649 ASSERT_FORTIFY(getcwd(buf, ct)); 650 } 651 652 TEST_F(DEATHTEST, pread_fortified) { 653 char buf[1]; 654 size_t ct = atoi("2"); // prevent optimizations 655 int fd = open("/dev/null", O_RDONLY); 656 ASSERT_FORTIFY(pread(fd, buf, ct, 0)); 657 close(fd); 658 } 659 660 TEST_F(DEATHTEST, pread64_fortified) { 661 char buf[1]; 662 size_t ct = atoi("2"); // prevent optimizations 663 int fd = open("/dev/null", O_RDONLY); 664 ASSERT_FORTIFY(pread64(fd, buf, ct, 0)); 665 close(fd); 666 } 667 668 TEST_F(DEATHTEST, pwrite_fortified) { 669 char buf[1] = {0}; 670 size_t ct = atoi("2"); // prevent optimizations 671 int fd = open("/dev/null", O_WRONLY); 672 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0)); 673 close(fd); 674 } 675 676 TEST_F(DEATHTEST, pwrite64_fortified) { 677 char buf[1] = {0}; 678 size_t ct = atoi("2"); // prevent optimizations 679 int fd = open("/dev/null", O_WRONLY); 680 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0)); 681 close(fd); 682 } 683 684 TEST_F(DEATHTEST, read_fortified) { 685 char buf[1]; 686 size_t ct = atoi("2"); // prevent optimizations 687 int fd = open("/dev/null", O_RDONLY); 688 ASSERT_FORTIFY(read(fd, buf, ct)); 689 close(fd); 690 } 691 692 TEST_F(DEATHTEST, write_fortified) { 693 char buf[1] = {0}; 694 size_t ct = atoi("2"); // prevent optimizations 695 int fd = open("/dev/null", O_WRONLY); 696 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), ""); 697 close(fd); 698 } 699 700 TEST_F(DEATHTEST, fread_fortified) { 701 char buf[1]; 702 size_t ct = atoi("2"); // prevent optimizations 703 FILE* fp = fopen("/dev/null", "r"); 704 ASSERT_FORTIFY(fread(buf, 1, ct, fp)); 705 fclose(fp); 706 } 707 708 TEST_F(DEATHTEST, fwrite_fortified) { 709 char buf[1] = {0}; 710 size_t ct = atoi("2"); // prevent optimizations 711 FILE* fp = fopen("/dev/null", "w"); 712 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp)); 713 fclose(fp); 714 } 715 716 TEST_F(DEATHTEST, readlink_fortified) { 717 char buf[1]; 718 size_t ct = atoi("2"); // prevent optimizations 719 ASSERT_FORTIFY(readlink("/dev/null", buf, ct)); 720 } 721 722 TEST_F(DEATHTEST, readlinkat_fortified) { 723 char buf[1]; 724 size_t ct = atoi("2"); // prevent optimizations 725 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct)); 726 } 727 728 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t); 729 extern "C" char* __strcat_chk(char*, const char*, size_t); 730 731 TEST(TEST_NAME, strncat) { 732 char buf[10]; 733 memset(buf, 'A', sizeof(buf)); 734 buf[0] = 'a'; 735 buf[1] = '\0'; 736 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf)); 737 ASSERT_EQ(buf, res); 738 ASSERT_EQ('a', buf[0]); 739 ASSERT_EQ('0', buf[1]); 740 ASSERT_EQ('1', buf[2]); 741 ASSERT_EQ('2', buf[3]); 742 ASSERT_EQ('3', buf[4]); 743 ASSERT_EQ('4', buf[5]); 744 ASSERT_EQ('\0', buf[6]); 745 ASSERT_EQ('A', buf[7]); 746 ASSERT_EQ('A', buf[8]); 747 ASSERT_EQ('A', buf[9]); 748 } 749 750 TEST(TEST_NAME, strncat2) { 751 char buf[10]; 752 memset(buf, 'A', sizeof(buf)); 753 buf[0] = 'a'; 754 buf[1] = '\0'; 755 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 756 ASSERT_EQ(buf, res); 757 ASSERT_EQ('a', buf[0]); 758 ASSERT_EQ('0', buf[1]); 759 ASSERT_EQ('1', buf[2]); 760 ASSERT_EQ('2', buf[3]); 761 ASSERT_EQ('3', buf[4]); 762 ASSERT_EQ('4', buf[5]); 763 ASSERT_EQ('\0', buf[6]); 764 ASSERT_EQ('A', buf[7]); 765 ASSERT_EQ('A', buf[8]); 766 ASSERT_EQ('A', buf[9]); 767 } 768 769 TEST(TEST_NAME, strncat3) { 770 char buf[10]; 771 memset(buf, 'A', sizeof(buf)); 772 buf[0] = '\0'; 773 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 774 ASSERT_EQ(buf, res); 775 ASSERT_EQ('0', buf[0]); 776 ASSERT_EQ('1', buf[1]); 777 ASSERT_EQ('2', buf[2]); 778 ASSERT_EQ('3', buf[3]); 779 ASSERT_EQ('4', buf[4]); 780 ASSERT_EQ('\0', buf[5]); 781 ASSERT_EQ('A', buf[6]); 782 ASSERT_EQ('A', buf[7]); 783 ASSERT_EQ('A', buf[8]); 784 ASSERT_EQ('A', buf[9]); 785 } 786 787 TEST(TEST_NAME, strncat4) { 788 char buf[10]; 789 memset(buf, 'A', sizeof(buf)); 790 buf[9] = '\0'; 791 char* res = __strncat_chk(buf, "", 5, sizeof(buf)); 792 ASSERT_EQ(buf, res); 793 ASSERT_EQ('A', buf[0]); 794 ASSERT_EQ('A', buf[1]); 795 ASSERT_EQ('A', buf[2]); 796 ASSERT_EQ('A', buf[3]); 797 ASSERT_EQ('A', buf[4]); 798 ASSERT_EQ('A', buf[5]); 799 ASSERT_EQ('A', buf[6]); 800 ASSERT_EQ('A', buf[7]); 801 ASSERT_EQ('A', buf[8]); 802 ASSERT_EQ('\0', buf[9]); 803 } 804 805 TEST(TEST_NAME, strncat5) { 806 char buf[10]; 807 memset(buf, 'A', sizeof(buf)); 808 buf[0] = 'a'; 809 buf[1] = '\0'; 810 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf)); 811 ASSERT_EQ(buf, res); 812 ASSERT_EQ('a', buf[0]); 813 ASSERT_EQ('0', buf[1]); 814 ASSERT_EQ('1', buf[2]); 815 ASSERT_EQ('2', buf[3]); 816 ASSERT_EQ('3', buf[4]); 817 ASSERT_EQ('4', buf[5]); 818 ASSERT_EQ('5', buf[6]); 819 ASSERT_EQ('6', buf[7]); 820 ASSERT_EQ('7', buf[8]); 821 ASSERT_EQ('\0', buf[9]); 822 } 823 824 TEST(TEST_NAME, strncat6) { 825 char buf[10]; 826 memset(buf, 'A', sizeof(buf)); 827 buf[0] = 'a'; 828 buf[1] = '\0'; 829 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf)); 830 ASSERT_EQ(buf, res); 831 ASSERT_EQ('a', buf[0]); 832 ASSERT_EQ('0', buf[1]); 833 ASSERT_EQ('1', buf[2]); 834 ASSERT_EQ('2', buf[3]); 835 ASSERT_EQ('3', buf[4]); 836 ASSERT_EQ('4', buf[5]); 837 ASSERT_EQ('5', buf[6]); 838 ASSERT_EQ('6', buf[7]); 839 ASSERT_EQ('7', buf[8]); 840 ASSERT_EQ('\0', buf[9]); 841 } 842 843 844 TEST(TEST_NAME, strcat) { 845 char buf[10]; 846 memset(buf, 'A', sizeof(buf)); 847 buf[0] = 'a'; 848 buf[1] = '\0'; 849 char* res = __strcat_chk(buf, "01234", sizeof(buf)); 850 ASSERT_EQ(buf, res); 851 ASSERT_EQ('a', buf[0]); 852 ASSERT_EQ('0', buf[1]); 853 ASSERT_EQ('1', buf[2]); 854 ASSERT_EQ('2', buf[3]); 855 ASSERT_EQ('3', buf[4]); 856 ASSERT_EQ('4', buf[5]); 857 ASSERT_EQ('\0', buf[6]); 858 ASSERT_EQ('A', buf[7]); 859 ASSERT_EQ('A', buf[8]); 860 ASSERT_EQ('A', buf[9]); 861 } 862 863 TEST(TEST_NAME, strcat2) { 864 char buf[10]; 865 memset(buf, 'A', sizeof(buf)); 866 buf[0] = 'a'; 867 buf[1] = '\0'; 868 char* res = __strcat_chk(buf, "01234567", sizeof(buf)); 869 ASSERT_EQ(buf, res); 870 ASSERT_EQ('a', buf[0]); 871 ASSERT_EQ('0', buf[1]); 872 ASSERT_EQ('1', buf[2]); 873 ASSERT_EQ('2', buf[3]); 874 ASSERT_EQ('3', buf[4]); 875 ASSERT_EQ('4', buf[5]); 876 ASSERT_EQ('5', buf[6]); 877 ASSERT_EQ('6', buf[7]); 878 ASSERT_EQ('7', buf[8]); 879 ASSERT_EQ('\0', buf[9]); 880 } 881 882 TEST(TEST_NAME, stpncpy) { 883 char src[10]; 884 char dst[10]; 885 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 886 stpncpy(dst, src, sizeof(dst)); 887 ASSERT_EQ('0', dst[0]); 888 ASSERT_EQ('1', dst[1]); 889 ASSERT_EQ('2', dst[2]); 890 ASSERT_EQ('3', dst[3]); 891 ASSERT_EQ('4', dst[4]); 892 ASSERT_EQ('5', dst[5]); 893 ASSERT_EQ('6', dst[6]); 894 ASSERT_EQ('7', dst[7]); 895 ASSERT_EQ('8', dst[8]); 896 ASSERT_EQ('9', dst[9]); 897 } 898 899 TEST(TEST_NAME, stpncpy2) { 900 char src[10]; 901 char dst[15]; 902 memcpy(src, "012345678\0", sizeof(src)); 903 stpncpy(dst, src, sizeof(dst)); 904 ASSERT_EQ('0', dst[0]); 905 ASSERT_EQ('1', dst[1]); 906 ASSERT_EQ('2', dst[2]); 907 ASSERT_EQ('3', dst[3]); 908 ASSERT_EQ('4', dst[4]); 909 ASSERT_EQ('5', dst[5]); 910 ASSERT_EQ('6', dst[6]); 911 ASSERT_EQ('7', dst[7]); 912 ASSERT_EQ('8', dst[8]); 913 ASSERT_EQ('\0', dst[9]); 914 ASSERT_EQ('\0', dst[10]); 915 ASSERT_EQ('\0', dst[11]); 916 ASSERT_EQ('\0', dst[12]); 917 ASSERT_EQ('\0', dst[13]); 918 ASSERT_EQ('\0', dst[14]); 919 } 920 921 TEST(TEST_NAME, strncpy) { 922 char src[10]; 923 char dst[10]; 924 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 925 strncpy(dst, src, sizeof(dst)); 926 ASSERT_EQ('0', dst[0]); 927 ASSERT_EQ('1', dst[1]); 928 ASSERT_EQ('2', dst[2]); 929 ASSERT_EQ('3', dst[3]); 930 ASSERT_EQ('4', dst[4]); 931 ASSERT_EQ('5', dst[5]); 932 ASSERT_EQ('6', dst[6]); 933 ASSERT_EQ('7', dst[7]); 934 ASSERT_EQ('8', dst[8]); 935 ASSERT_EQ('9', dst[9]); 936 } 937 938 TEST(TEST_NAME, strncpy2) { 939 char src[10]; 940 char dst[15]; 941 memcpy(src, "012345678\0", sizeof(src)); 942 strncpy(dst, src, sizeof(dst)); 943 ASSERT_EQ('0', dst[0]); 944 ASSERT_EQ('1', dst[1]); 945 ASSERT_EQ('2', dst[2]); 946 ASSERT_EQ('3', dst[3]); 947 ASSERT_EQ('4', dst[4]); 948 ASSERT_EQ('5', dst[5]); 949 ASSERT_EQ('6', dst[6]); 950 ASSERT_EQ('7', dst[7]); 951 ASSERT_EQ('8', dst[8]); 952 ASSERT_EQ('\0', dst[9]); 953 ASSERT_EQ('\0', dst[10]); 954 ASSERT_EQ('\0', dst[11]); 955 ASSERT_EQ('\0', dst[12]); 956 ASSERT_EQ('\0', dst[13]); 957 ASSERT_EQ('\0', dst[14]); 958 } 959 960 TEST(TEST_NAME, strcat_chk_max_int_size) { 961 char buf[10]; 962 memset(buf, 'A', sizeof(buf)); 963 buf[0] = 'a'; 964 buf[1] = '\0'; 965 char* res = __strcat_chk(buf, "01234567", (size_t)-1); 966 ASSERT_EQ(buf, res); 967 ASSERT_EQ('a', buf[0]); 968 ASSERT_EQ('0', buf[1]); 969 ASSERT_EQ('1', buf[2]); 970 ASSERT_EQ('2', buf[3]); 971 ASSERT_EQ('3', buf[4]); 972 ASSERT_EQ('4', buf[5]); 973 ASSERT_EQ('5', buf[6]); 974 ASSERT_EQ('6', buf[7]); 975 ASSERT_EQ('7', buf[8]); 976 ASSERT_EQ('\0', buf[9]); 977 } 978 979 extern "C" char* __stpcpy_chk(char*, const char*, size_t); 980 981 TEST(TEST_NAME, stpcpy_chk_max_int_size) { 982 char buf[10]; 983 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1); 984 ASSERT_EQ(buf + strlen("012345678"), res); 985 ASSERT_STREQ("012345678", buf); 986 } 987 988 extern "C" char* __strcpy_chk(char*, const char*, size_t); 989 990 TEST(TEST_NAME, strcpy_chk_max_int_size) { 991 char buf[10]; 992 char* res = __strcpy_chk(buf, "012345678", (size_t)-1); 993 ASSERT_EQ(buf, res); 994 ASSERT_STREQ("012345678", buf); 995 } 996 997 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t); 998 999 TEST(TEST_NAME, memcpy_chk_max_int_size) { 1000 char buf[10]; 1001 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1); 1002 ASSERT_EQ((void*)buf, res); 1003 ASSERT_EQ('0', buf[0]); 1004 ASSERT_EQ('1', buf[1]); 1005 ASSERT_EQ('2', buf[2]); 1006 ASSERT_EQ('3', buf[3]); 1007 ASSERT_EQ('4', buf[4]); 1008 ASSERT_EQ('5', buf[5]); 1009 ASSERT_EQ('6', buf[6]); 1010 ASSERT_EQ('7', buf[7]); 1011 ASSERT_EQ('8', buf[8]); 1012 ASSERT_EQ('\0', buf[9]); 1013 } 1014 1015 // Verify that macro expansion is done properly for sprintf/snprintf (which 1016 // are defined as macros in stdio.h under clang). 1017 #define CONTENTS "macro expansion" 1018 #define BUF_AND_SIZE(A) A, sizeof(A) 1019 #define BUF_AND_CONTENTS(A) A, CONTENTS 1020 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS 1021 TEST(TEST_NAME, s_n_printf_macro_expansion) { 1022 char buf[BUFSIZ]; 1023 snprintf(BUF_AND_SIZE(buf), CONTENTS); 1024 EXPECT_STREQ(CONTENTS, buf); 1025 1026 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf)); 1027 EXPECT_STREQ(CONTENTS, buf); 1028 1029 sprintf(BUF_AND_CONTENTS(buf)); 1030 EXPECT_STREQ(CONTENTS, buf); 1031 } 1032 1033 TEST_F(DEATHTEST, poll_fortified) { 1034 nfds_t fd_count = atoi("2"); // suppress compiler optimizations 1035 pollfd buf[1] = {{0, POLLIN, 0}}; 1036 // Set timeout to zero to prevent waiting in poll when fortify test fails. 1037 ASSERT_FORTIFY(poll(buf, fd_count, 0)); 1038 } 1039 1040 TEST_F(DEATHTEST, ppoll_fortified) { 1041 nfds_t fd_count = atoi("2"); // suppress compiler optimizations 1042 pollfd buf[1] = {{0, POLLIN, 0}}; 1043 // Set timeout to zero to prevent waiting in ppoll when fortify test fails. 1044 timespec timeout; 1045 timeout.tv_sec = timeout.tv_nsec = 0; 1046 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL)); 1047 } 1048