1 /* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 // -Werror is on whether we like it or not, and we're intentionally doing awful 18 // things in this file. GCC is dumb and doesn't have a specific error class for 19 // the fortify failures (it's just -Werror), so we can't use anything more 20 // constrained than disabling all the warnings in the file :( It also won't let 21 // us use system_header in a .cpp file, so we have to #include this from 22 // fortify_test_main.cpp. 23 #pragma GCC system_header 24 25 #include <gtest/gtest.h> 26 #include "BionicDeathTest.h" 27 28 #include <fcntl.h> 29 #include <malloc.h> 30 #include <poll.h> 31 #include <signal.h> 32 #include <stdarg.h> 33 #include <string.h> 34 #include <sys/socket.h> 35 #include <sys/stat.h> 36 #include <sys/types.h> 37 #include <time.h> 38 39 #if __BIONIC__ 40 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY") 41 #else 42 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "") 43 #endif 44 45 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to 46 // distinguish different tests. TEST_NAME is defined in compilation command. 47 #define DEATHTEST_PASTER(name) name##_DeathTest 48 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name) 49 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME) 50 51 class DEATHTEST : public BionicDeathTest {}; 52 53 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2 54 struct foo { 55 char empty[0]; 56 char one[1]; 57 char a[10]; 58 char b[10]; 59 }; 60 61 TEST_F(DEATHTEST, stpncpy_fortified2) { 62 foo myfoo; 63 int copy_amt = atoi("11"); 64 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt)); 65 } 66 67 TEST_F(DEATHTEST, stpncpy2_fortified2) { 68 foo myfoo; 69 memset(&myfoo, 0, sizeof(myfoo)); 70 myfoo.one[0] = 'A'; // not null terminated string 71 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b))); 72 } 73 74 TEST_F(DEATHTEST, strncpy_fortified2) { 75 foo myfoo; 76 int copy_amt = atoi("11"); 77 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt)); 78 } 79 80 TEST_F(DEATHTEST, strncpy2_fortified2) { 81 foo myfoo; 82 memset(&myfoo, 0, sizeof(myfoo)); 83 myfoo.one[0] = 'A'; // not null terminated string 84 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b))); 85 } 86 87 TEST_F(DEATHTEST, sprintf_fortified2) { 88 foo myfoo; 89 char source_buf[15]; 90 memcpy(source_buf, "12345678901234", 15); 91 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf)); 92 } 93 94 TEST_F(DEATHTEST, sprintf2_fortified2) { 95 foo myfoo; 96 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789")); 97 } 98 99 static int vsprintf_helper2(const char *fmt, ...) { 100 foo myfoo; 101 va_list va; 102 int result; 103 104 va_start(va, fmt); 105 result = vsprintf(myfoo.a, fmt, va); // should crash here 106 va_end(va); 107 return result; 108 } 109 110 TEST_F(DEATHTEST, vsprintf_fortified2) { 111 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789")); 112 } 113 114 TEST_F(DEATHTEST, vsprintf2_fortified2) { 115 ASSERT_FORTIFY(vsprintf_helper2("0123456789")); 116 } 117 118 static int vsnprintf_helper2(const char *fmt, ...) { 119 foo myfoo; 120 va_list va; 121 int result; 122 size_t size = atoi("11"); 123 124 va_start(va, fmt); 125 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here 126 va_end(va); 127 return result; 128 } 129 130 TEST_F(DEATHTEST, vsnprintf_fortified2) { 131 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789")); 132 } 133 134 TEST_F(DEATHTEST, vsnprintf2_fortified2) { 135 ASSERT_FORTIFY(vsnprintf_helper2("0123456789")); 136 } 137 138 // zero sized target with "\0" source (should fail) 139 TEST_F(DEATHTEST, stpcpy_fortified2) { 140 #if defined(__BIONIC__) 141 foo myfoo; 142 char* src = strdup(""); 143 ASSERT_FORTIFY(stpcpy(myfoo.empty, src)); 144 free(src); 145 #else // __BIONIC__ 146 GTEST_LOG_(INFO) << "This test does nothing.\n"; 147 #endif // __BIONIC__ 148 } 149 150 // zero sized target with "\0" source (should fail) 151 TEST_F(DEATHTEST, strcpy_fortified2) { 152 #if defined(__BIONIC__) 153 foo myfoo; 154 char* src = strdup(""); 155 ASSERT_FORTIFY(strcpy(myfoo.empty, src)); 156 free(src); 157 #else // __BIONIC__ 158 GTEST_LOG_(INFO) << "This test does nothing.\n"; 159 #endif // __BIONIC__ 160 } 161 162 // zero sized target with longer source (should fail) 163 TEST_F(DEATHTEST, strcpy2_fortified2) { 164 #if defined(__BIONIC__) 165 foo myfoo; 166 char* src = strdup("1"); 167 ASSERT_FORTIFY(strcpy(myfoo.empty, src)); 168 free(src); 169 #else // __BIONIC__ 170 GTEST_LOG_(INFO) << "This test does nothing.\n"; 171 #endif // __BIONIC__ 172 } 173 174 // one byte target with longer source (should fail) 175 TEST_F(DEATHTEST, strcpy3_fortified2) { 176 #if defined(__BIONIC__) 177 foo myfoo; 178 char* src = strdup("12"); 179 ASSERT_FORTIFY(strcpy(myfoo.one, src)); 180 free(src); 181 #else // __BIONIC__ 182 GTEST_LOG_(INFO) << "This test does nothing.\n"; 183 #endif // __BIONIC__ 184 } 185 186 TEST_F(DEATHTEST, strchr_fortified2) { 187 #if defined(__BIONIC__) 188 foo myfoo; 189 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 190 myfoo.b[0] = '\0'; 191 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a'))); 192 ASSERT_FORTIFY(printf("%s", strchr(static_cast<const char*>(myfoo.a), 'a'))); 193 #else // __BIONIC__ 194 GTEST_LOG_(INFO) << "This test does nothing.\n"; 195 #endif // __BIONIC__ 196 } 197 198 TEST_F(DEATHTEST, strrchr_fortified2) { 199 #if defined(__BIONIC__) 200 foo myfoo; 201 memcpy(myfoo.a, "0123456789", 10); 202 memcpy(myfoo.b, "01234", 6); 203 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a'))); 204 ASSERT_FORTIFY(printf("%s", strrchr(static_cast<const char*>(myfoo.a), 'a'))); 205 #else // __BIONIC__ 206 GTEST_LOG_(INFO) << "This test does nothing.\n"; 207 #endif // __BIONIC__ 208 } 209 210 TEST_F(DEATHTEST, memchr_fortified2) { 211 #if defined(__BIONIC__) 212 foo myfoo; 213 volatile int asize = sizeof(myfoo.a) + 1; 214 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 215 ASSERT_FORTIFY(printf("%s", memchr(myfoo.a, 'a', asize))); 216 ASSERT_FORTIFY(printf("%s", memchr(static_cast<const void*>(myfoo.a), 'a', asize))); 217 #else // __BIONIC__ 218 GTEST_LOG_(INFO) << "This test does nothing.\n"; 219 #endif // __BIONIC__ 220 } 221 222 TEST_F(DEATHTEST, strlcpy_fortified2) { 223 #if defined(__BIONIC__) 224 foo myfoo; 225 strcpy(myfoo.a, "01"); 226 size_t n = strlen(myfoo.a); 227 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n)); 228 #else // __BIONIC__ 229 GTEST_LOG_(INFO) << "This test does nothing.\n"; 230 #endif // __BIONIC__ 231 } 232 233 TEST_F(DEATHTEST, strlcat_fortified2) { 234 #if defined(__BIONIC__) 235 foo myfoo; 236 strcpy(myfoo.a, "01"); 237 myfoo.one[0] = '\0'; 238 size_t n = strlen(myfoo.a); 239 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n)); 240 #else // __BIONIC__ 241 GTEST_LOG_(INFO) << "This test does nothing.\n"; 242 #endif // __BIONIC__ 243 } 244 245 TEST_F(DEATHTEST, strncat_fortified2) { 246 foo myfoo; 247 size_t n = atoi("10"); // avoid compiler optimizations 248 strncpy(myfoo.a, "012345678", n); 249 ASSERT_FORTIFY(strncat(myfoo.a, "9", n)); 250 } 251 252 TEST_F(DEATHTEST, strncat2_fortified2) { 253 foo myfoo; 254 myfoo.a[0] = '\0'; 255 size_t n = atoi("10"); // avoid compiler optimizations 256 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n)); 257 } 258 259 TEST_F(DEATHTEST, strncat3_fortified2) { 260 foo myfoo; 261 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 262 myfoo.b[0] = '\0'; 263 size_t n = atoi("10"); // avoid compiler optimizations 264 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n)); 265 } 266 267 TEST_F(DEATHTEST, strcat_fortified2) { 268 char src[11]; 269 strcpy(src, "0123456789"); 270 foo myfoo; 271 myfoo.a[0] = '\0'; 272 ASSERT_FORTIFY(strcat(myfoo.a, src)); 273 } 274 275 TEST_F(DEATHTEST, strcat2_fortified2) { 276 foo myfoo; 277 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 278 myfoo.b[0] = '\0'; 279 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a)); 280 } 281 282 TEST_F(DEATHTEST, snprintf_fortified2) { 283 foo myfoo; 284 strcpy(myfoo.a, "012345678"); 285 size_t n = strlen(myfoo.a) + 2; 286 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a)); 287 } 288 289 TEST_F(DEATHTEST, bzero_fortified2) { 290 foo myfoo; 291 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b)); 292 size_t n = atoi("11"); 293 ASSERT_FORTIFY(bzero(myfoo.b, n)); 294 } 295 296 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */ 297 298 // multibyte target where we over fill (should fail) 299 TEST_F(DEATHTEST, strcpy_fortified) { 300 #if defined(__BIONIC__) 301 char buf[10]; 302 char *orig = strdup("0123456789"); 303 ASSERT_FORTIFY(strcpy(buf, orig)); 304 free(orig); 305 #else // __BIONIC__ 306 GTEST_LOG_(INFO) << "This test does nothing.\n"; 307 #endif // __BIONIC__ 308 } 309 310 // zero sized target with "\0" source (should fail) 311 TEST_F(DEATHTEST, strcpy2_fortified) { 312 #if defined(__BIONIC__) 313 char buf[0]; 314 char *orig = strdup(""); 315 ASSERT_FORTIFY(strcpy(buf, orig)); 316 free(orig); 317 #else // __BIONIC__ 318 GTEST_LOG_(INFO) << "This test does nothing.\n"; 319 #endif // __BIONIC__ 320 } 321 322 // zero sized target with longer source (should fail) 323 TEST_F(DEATHTEST, strcpy3_fortified) { 324 #if defined(__BIONIC__) 325 char buf[0]; 326 char *orig = strdup("1"); 327 ASSERT_FORTIFY(strcpy(buf, orig)); 328 free(orig); 329 #else // __BIONIC__ 330 GTEST_LOG_(INFO) << "This test does nothing.\n"; 331 #endif // __BIONIC__ 332 } 333 334 // one byte target with longer source (should fail) 335 TEST_F(DEATHTEST, strcpy4_fortified) { 336 #if defined(__BIONIC__) 337 char buf[1]; 338 char *orig = strdup("12"); 339 ASSERT_FORTIFY(strcpy(buf, orig)); 340 free(orig); 341 #else // __BIONIC__ 342 GTEST_LOG_(INFO) << "This test does nothing.\n"; 343 #endif // __BIONIC__ 344 } 345 346 TEST_F(DEATHTEST, strlen_fortified) { 347 #if defined(__BIONIC__) 348 char buf[10]; 349 memcpy(buf, "0123456789", sizeof(buf)); 350 ASSERT_FORTIFY(printf("%zd", strlen(buf))); 351 #else // __BIONIC__ 352 GTEST_LOG_(INFO) << "This test does nothing.\n"; 353 #endif // __BIONIC__ 354 } 355 356 TEST_F(DEATHTEST, strchr_fortified) { 357 #if defined(__BIONIC__) 358 char buf[10]; 359 memcpy(buf, "0123456789", sizeof(buf)); 360 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a'))); 361 #else // __BIONIC__ 362 GTEST_LOG_(INFO) << "This test does nothing.\n"; 363 #endif // __BIONIC__ 364 } 365 366 TEST_F(DEATHTEST, strrchr_fortified) { 367 #if defined(__BIONIC__) 368 char buf[10]; 369 memcpy(buf, "0123456789", sizeof(buf)); 370 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a'))); 371 #else // __BIONIC__ 372 GTEST_LOG_(INFO) << "This test does nothing.\n"; 373 #endif // __BIONIC__ 374 } 375 376 TEST_F(DEATHTEST, strlcpy_fortified) { 377 #if defined(__BIONIC__) 378 char bufa[15]; 379 char bufb[10]; 380 strcpy(bufa, "01234567890123"); 381 size_t n = strlen(bufa); 382 ASSERT_FORTIFY(strlcpy(bufb, bufa, n)); 383 #else // __BIONIC__ 384 GTEST_LOG_(INFO) << "This test does nothing.\n"; 385 #endif // __BIONIC__ 386 } 387 388 TEST_F(DEATHTEST, strlcat_fortified) { 389 #if defined(__BIONIC__) 390 char bufa[15]; 391 char bufb[10]; 392 bufb[0] = '\0'; 393 strcpy(bufa, "01234567890123"); 394 size_t n = strlen(bufa); 395 ASSERT_FORTIFY(strlcat(bufb, bufa, n)); 396 #else // __BIONIC__ 397 GTEST_LOG_(INFO) << "This test does nothing.\n"; 398 #endif // __BIONIC__ 399 } 400 401 TEST_F(DEATHTEST, sprintf_fortified) { 402 char buf[10]; 403 char source_buf[15]; 404 memcpy(source_buf, "12345678901234", 15); 405 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf)); 406 } 407 408 #ifdef __clang__ && !__has_attribute(alloc_size) 409 // TODO: remove this after Clang prebuilt rebase. 410 #else 411 // This test is disabled in clang because clang doesn't properly detect 412 // this buffer overflow. TODO: Fix clang. 413 TEST_F(DEATHTEST, sprintf_malloc_fortified) { 414 char* buf = (char *) malloc(10); 415 char source_buf[11]; 416 memcpy(source_buf, "1234567890", 11); 417 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf)); 418 free(buf); 419 } 420 #endif 421 422 TEST_F(DEATHTEST, sprintf2_fortified) { 423 char buf[5]; 424 ASSERT_FORTIFY(sprintf(buf, "aaaaa")); 425 } 426 427 static int vsprintf_helper(const char *fmt, ...) { 428 char buf[10]; 429 va_list va; 430 int result; 431 432 va_start(va, fmt); 433 result = vsprintf(buf, fmt, va); // should crash here 434 va_end(va); 435 return result; 436 } 437 438 TEST_F(DEATHTEST, vsprintf_fortified) { 439 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789")); 440 } 441 442 TEST_F(DEATHTEST, vsprintf2_fortified) { 443 ASSERT_FORTIFY(vsprintf_helper("0123456789")); 444 } 445 446 static int vsnprintf_helper(const char *fmt, ...) { 447 char buf[10]; 448 va_list va; 449 int result; 450 size_t size = atoi("11"); 451 452 va_start(va, fmt); 453 result = vsnprintf(buf, size, fmt, va); // should crash here 454 va_end(va); 455 return result; 456 } 457 458 TEST_F(DEATHTEST, vsnprintf_fortified) { 459 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789")); 460 } 461 462 TEST_F(DEATHTEST, vsnprintf2_fortified) { 463 ASSERT_FORTIFY(vsnprintf_helper("0123456789")); 464 } 465 466 TEST_F(DEATHTEST, strncat_fortified) { 467 char buf[10]; 468 size_t n = atoi("10"); // avoid compiler optimizations 469 strncpy(buf, "012345678", n); 470 ASSERT_FORTIFY(strncat(buf, "9", n)); 471 } 472 473 TEST_F(DEATHTEST, strncat2_fortified) { 474 char buf[10]; 475 buf[0] = '\0'; 476 size_t n = atoi("10"); // avoid compiler optimizations 477 ASSERT_FORTIFY(strncat(buf, "0123456789", n)); 478 } 479 480 TEST_F(DEATHTEST, strcat_fortified) { 481 char src[11]; 482 strcpy(src, "0123456789"); 483 char buf[10]; 484 buf[0] = '\0'; 485 ASSERT_FORTIFY(strcat(buf, src)); 486 } 487 488 TEST_F(DEATHTEST, memmove_fortified) { 489 char buf[20]; 490 strcpy(buf, "0123456789"); 491 size_t n = atoi("10"); 492 ASSERT_FORTIFY(memmove(buf + 11, buf, n)); 493 } 494 495 TEST_F(DEATHTEST, memcpy_fortified) { 496 char bufa[10]; 497 char bufb[10]; 498 strcpy(bufa, "012345678"); 499 size_t n = atoi("11"); 500 ASSERT_FORTIFY(memcpy(bufb, bufa, n)); 501 } 502 503 TEST_F(DEATHTEST, memset_fortified) { 504 char buf[10]; 505 size_t n = atoi("11"); 506 ASSERT_FORTIFY(memset(buf, 0, n)); 507 } 508 509 TEST_F(DEATHTEST, stpncpy_fortified) { 510 char bufa[15]; 511 char bufb[10]; 512 strcpy(bufa, "01234567890123"); 513 size_t n = strlen(bufa); 514 ASSERT_FORTIFY(stpncpy(bufb, bufa, n)); 515 } 516 517 TEST_F(DEATHTEST, stpncpy2_fortified) { 518 char dest[11]; 519 char src[10]; 520 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 521 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest))); 522 } 523 524 TEST_F(DEATHTEST, strncpy_fortified) { 525 char bufa[15]; 526 char bufb[10]; 527 strcpy(bufa, "01234567890123"); 528 size_t n = strlen(bufa); 529 ASSERT_FORTIFY(strncpy(bufb, bufa, n)); 530 } 531 532 533 TEST_F(DEATHTEST, strncpy2_fortified) { 534 char dest[11]; 535 char src[10]; 536 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 537 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest))); 538 } 539 540 TEST_F(DEATHTEST, snprintf_fortified) { 541 char bufa[15]; 542 char bufb[10]; 543 strcpy(bufa, "0123456789"); 544 size_t n = strlen(bufa) + 1; 545 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa)); 546 } 547 548 TEST_F(DEATHTEST, bzero_fortified) { 549 char buf[10]; 550 memcpy(buf, "0123456789", sizeof(buf)); 551 size_t n = atoi("11"); 552 ASSERT_FORTIFY(bzero(buf, n)); 553 } 554 555 TEST_F(DEATHTEST, umask_fortified) { 556 mode_t mask = atoi("1023"); // 01777 in octal 557 ASSERT_FORTIFY(umask(mask)); 558 } 559 560 TEST_F(DEATHTEST, recv_fortified) { 561 size_t data_len = atoi("11"); // suppress compiler optimizations 562 char buf[10]; 563 ASSERT_FORTIFY(recv(0, buf, data_len, 0)); 564 } 565 566 TEST_F(DEATHTEST, send_fortified) { 567 size_t data_len = atoi("11"); // suppress compiler optimizations 568 char buf[10] = {0}; 569 ASSERT_FORTIFY(send(0, buf, data_len, 0)); 570 } 571 572 TEST_F(DEATHTEST, FD_ISSET_fortified) { 573 #if defined(__BIONIC__) // glibc catches this at compile-time. 574 fd_set set; 575 memset(&set, 0, sizeof(set)); 576 ASSERT_FORTIFY(FD_ISSET(-1, &set)); 577 #endif 578 } 579 580 TEST_F(DEATHTEST, FD_ISSET_2_fortified) { 581 char buf[1]; 582 fd_set* set = (fd_set*) buf; 583 ASSERT_FORTIFY(FD_ISSET(0, set)); 584 } 585 586 TEST_F(DEATHTEST, getcwd_fortified) { 587 char buf[1]; 588 size_t ct = atoi("2"); // prevent optimizations 589 ASSERT_FORTIFY(getcwd(buf, ct)); 590 } 591 592 TEST_F(DEATHTEST, pread_fortified) { 593 char buf[1]; 594 size_t ct = atoi("2"); // prevent optimizations 595 int fd = open("/dev/null", O_RDONLY); 596 ASSERT_FORTIFY(pread(fd, buf, ct, 0)); 597 close(fd); 598 } 599 600 TEST_F(DEATHTEST, pread64_fortified) { 601 char buf[1]; 602 size_t ct = atoi("2"); // prevent optimizations 603 int fd = open("/dev/null", O_RDONLY); 604 ASSERT_FORTIFY(pread64(fd, buf, ct, 0)); 605 close(fd); 606 } 607 608 TEST_F(DEATHTEST, pwrite_fortified) { 609 char buf[1] = {0}; 610 size_t ct = atoi("2"); // prevent optimizations 611 int fd = open("/dev/null", O_WRONLY); 612 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0)); 613 close(fd); 614 } 615 616 TEST_F(DEATHTEST, pwrite64_fortified) { 617 char buf[1] = {0}; 618 size_t ct = atoi("2"); // prevent optimizations 619 int fd = open("/dev/null", O_WRONLY); 620 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0)); 621 close(fd); 622 } 623 624 TEST_F(DEATHTEST, read_fortified) { 625 char buf[1]; 626 size_t ct = atoi("2"); // prevent optimizations 627 int fd = open("/dev/null", O_RDONLY); 628 ASSERT_FORTIFY(read(fd, buf, ct)); 629 close(fd); 630 } 631 632 TEST_F(DEATHTEST, write_fortified) { 633 char buf[1] = {0}; 634 size_t ct = atoi("2"); // prevent optimizations 635 int fd = open("/dev/null", O_WRONLY); 636 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), ""); 637 close(fd); 638 } 639 640 TEST_F(DEATHTEST, fread_fortified) { 641 char buf[1]; 642 size_t ct = atoi("2"); // prevent optimizations 643 FILE* fp = fopen("/dev/null", "r"); 644 ASSERT_FORTIFY(fread(buf, 1, ct, fp)); 645 fclose(fp); 646 } 647 648 TEST_F(DEATHTEST, fwrite_fortified) { 649 char buf[1] = {0}; 650 size_t ct = atoi("2"); // prevent optimizations 651 FILE* fp = fopen("/dev/null", "w"); 652 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp)); 653 fclose(fp); 654 } 655 656 TEST_F(DEATHTEST, readlink_fortified) { 657 char buf[1]; 658 size_t ct = atoi("2"); // prevent optimizations 659 ASSERT_FORTIFY(readlink("/dev/null", buf, ct)); 660 } 661 662 TEST_F(DEATHTEST, readlinkat_fortified) { 663 char buf[1]; 664 size_t ct = atoi("2"); // prevent optimizations 665 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct)); 666 } 667 668 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t); 669 extern "C" char* __strcat_chk(char*, const char*, size_t); 670 671 TEST(TEST_NAME, strncat) { 672 char buf[10]; 673 memset(buf, 'A', sizeof(buf)); 674 buf[0] = 'a'; 675 buf[1] = '\0'; 676 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf)); 677 ASSERT_EQ(buf, res); 678 ASSERT_EQ('a', buf[0]); 679 ASSERT_EQ('0', buf[1]); 680 ASSERT_EQ('1', buf[2]); 681 ASSERT_EQ('2', buf[3]); 682 ASSERT_EQ('3', buf[4]); 683 ASSERT_EQ('4', buf[5]); 684 ASSERT_EQ('\0', buf[6]); 685 ASSERT_EQ('A', buf[7]); 686 ASSERT_EQ('A', buf[8]); 687 ASSERT_EQ('A', buf[9]); 688 } 689 690 TEST(TEST_NAME, strncat2) { 691 char buf[10]; 692 memset(buf, 'A', sizeof(buf)); 693 buf[0] = 'a'; 694 buf[1] = '\0'; 695 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 696 ASSERT_EQ(buf, res); 697 ASSERT_EQ('a', buf[0]); 698 ASSERT_EQ('0', buf[1]); 699 ASSERT_EQ('1', buf[2]); 700 ASSERT_EQ('2', buf[3]); 701 ASSERT_EQ('3', buf[4]); 702 ASSERT_EQ('4', buf[5]); 703 ASSERT_EQ('\0', buf[6]); 704 ASSERT_EQ('A', buf[7]); 705 ASSERT_EQ('A', buf[8]); 706 ASSERT_EQ('A', buf[9]); 707 } 708 709 TEST(TEST_NAME, strncat3) { 710 char buf[10]; 711 memset(buf, 'A', sizeof(buf)); 712 buf[0] = '\0'; 713 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 714 ASSERT_EQ(buf, res); 715 ASSERT_EQ('0', buf[0]); 716 ASSERT_EQ('1', buf[1]); 717 ASSERT_EQ('2', buf[2]); 718 ASSERT_EQ('3', buf[3]); 719 ASSERT_EQ('4', buf[4]); 720 ASSERT_EQ('\0', buf[5]); 721 ASSERT_EQ('A', buf[6]); 722 ASSERT_EQ('A', buf[7]); 723 ASSERT_EQ('A', buf[8]); 724 ASSERT_EQ('A', buf[9]); 725 } 726 727 TEST(TEST_NAME, strncat4) { 728 char buf[10]; 729 memset(buf, 'A', sizeof(buf)); 730 buf[9] = '\0'; 731 char* res = __strncat_chk(buf, "", 5, sizeof(buf)); 732 ASSERT_EQ(buf, res); 733 ASSERT_EQ('A', buf[0]); 734 ASSERT_EQ('A', buf[1]); 735 ASSERT_EQ('A', buf[2]); 736 ASSERT_EQ('A', buf[3]); 737 ASSERT_EQ('A', buf[4]); 738 ASSERT_EQ('A', buf[5]); 739 ASSERT_EQ('A', buf[6]); 740 ASSERT_EQ('A', buf[7]); 741 ASSERT_EQ('A', buf[8]); 742 ASSERT_EQ('\0', buf[9]); 743 } 744 745 TEST(TEST_NAME, strncat5) { 746 char buf[10]; 747 memset(buf, 'A', sizeof(buf)); 748 buf[0] = 'a'; 749 buf[1] = '\0'; 750 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf)); 751 ASSERT_EQ(buf, res); 752 ASSERT_EQ('a', buf[0]); 753 ASSERT_EQ('0', buf[1]); 754 ASSERT_EQ('1', buf[2]); 755 ASSERT_EQ('2', buf[3]); 756 ASSERT_EQ('3', buf[4]); 757 ASSERT_EQ('4', buf[5]); 758 ASSERT_EQ('5', buf[6]); 759 ASSERT_EQ('6', buf[7]); 760 ASSERT_EQ('7', buf[8]); 761 ASSERT_EQ('\0', buf[9]); 762 } 763 764 TEST(TEST_NAME, strncat6) { 765 char buf[10]; 766 memset(buf, 'A', sizeof(buf)); 767 buf[0] = 'a'; 768 buf[1] = '\0'; 769 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf)); 770 ASSERT_EQ(buf, res); 771 ASSERT_EQ('a', buf[0]); 772 ASSERT_EQ('0', buf[1]); 773 ASSERT_EQ('1', buf[2]); 774 ASSERT_EQ('2', buf[3]); 775 ASSERT_EQ('3', buf[4]); 776 ASSERT_EQ('4', buf[5]); 777 ASSERT_EQ('5', buf[6]); 778 ASSERT_EQ('6', buf[7]); 779 ASSERT_EQ('7', buf[8]); 780 ASSERT_EQ('\0', buf[9]); 781 } 782 783 784 TEST(TEST_NAME, strcat) { 785 char buf[10]; 786 memset(buf, 'A', sizeof(buf)); 787 buf[0] = 'a'; 788 buf[1] = '\0'; 789 char* res = __strcat_chk(buf, "01234", sizeof(buf)); 790 ASSERT_EQ(buf, res); 791 ASSERT_EQ('a', buf[0]); 792 ASSERT_EQ('0', buf[1]); 793 ASSERT_EQ('1', buf[2]); 794 ASSERT_EQ('2', buf[3]); 795 ASSERT_EQ('3', buf[4]); 796 ASSERT_EQ('4', buf[5]); 797 ASSERT_EQ('\0', buf[6]); 798 ASSERT_EQ('A', buf[7]); 799 ASSERT_EQ('A', buf[8]); 800 ASSERT_EQ('A', buf[9]); 801 } 802 803 TEST(TEST_NAME, strcat2) { 804 char buf[10]; 805 memset(buf, 'A', sizeof(buf)); 806 buf[0] = 'a'; 807 buf[1] = '\0'; 808 char* res = __strcat_chk(buf, "01234567", sizeof(buf)); 809 ASSERT_EQ(buf, res); 810 ASSERT_EQ('a', buf[0]); 811 ASSERT_EQ('0', buf[1]); 812 ASSERT_EQ('1', buf[2]); 813 ASSERT_EQ('2', buf[3]); 814 ASSERT_EQ('3', buf[4]); 815 ASSERT_EQ('4', buf[5]); 816 ASSERT_EQ('5', buf[6]); 817 ASSERT_EQ('6', buf[7]); 818 ASSERT_EQ('7', buf[8]); 819 ASSERT_EQ('\0', buf[9]); 820 } 821 822 TEST(TEST_NAME, stpncpy) { 823 char src[10]; 824 char dst[10]; 825 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 826 stpncpy(dst, src, sizeof(dst)); 827 ASSERT_EQ('0', dst[0]); 828 ASSERT_EQ('1', dst[1]); 829 ASSERT_EQ('2', dst[2]); 830 ASSERT_EQ('3', dst[3]); 831 ASSERT_EQ('4', dst[4]); 832 ASSERT_EQ('5', dst[5]); 833 ASSERT_EQ('6', dst[6]); 834 ASSERT_EQ('7', dst[7]); 835 ASSERT_EQ('8', dst[8]); 836 ASSERT_EQ('9', dst[9]); 837 } 838 839 TEST(TEST_NAME, stpncpy2) { 840 char src[10]; 841 char dst[15]; 842 memcpy(src, "012345678\0", sizeof(src)); 843 stpncpy(dst, src, sizeof(dst)); 844 ASSERT_EQ('0', dst[0]); 845 ASSERT_EQ('1', dst[1]); 846 ASSERT_EQ('2', dst[2]); 847 ASSERT_EQ('3', dst[3]); 848 ASSERT_EQ('4', dst[4]); 849 ASSERT_EQ('5', dst[5]); 850 ASSERT_EQ('6', dst[6]); 851 ASSERT_EQ('7', dst[7]); 852 ASSERT_EQ('8', dst[8]); 853 ASSERT_EQ('\0', dst[9]); 854 ASSERT_EQ('\0', dst[10]); 855 ASSERT_EQ('\0', dst[11]); 856 ASSERT_EQ('\0', dst[12]); 857 ASSERT_EQ('\0', dst[13]); 858 ASSERT_EQ('\0', dst[14]); 859 } 860 861 TEST(TEST_NAME, strncpy) { 862 char src[10]; 863 char dst[10]; 864 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 865 strncpy(dst, src, sizeof(dst)); 866 ASSERT_EQ('0', dst[0]); 867 ASSERT_EQ('1', dst[1]); 868 ASSERT_EQ('2', dst[2]); 869 ASSERT_EQ('3', dst[3]); 870 ASSERT_EQ('4', dst[4]); 871 ASSERT_EQ('5', dst[5]); 872 ASSERT_EQ('6', dst[6]); 873 ASSERT_EQ('7', dst[7]); 874 ASSERT_EQ('8', dst[8]); 875 ASSERT_EQ('9', dst[9]); 876 } 877 878 TEST(TEST_NAME, strncpy2) { 879 char src[10]; 880 char dst[15]; 881 memcpy(src, "012345678\0", sizeof(src)); 882 strncpy(dst, src, sizeof(dst)); 883 ASSERT_EQ('0', dst[0]); 884 ASSERT_EQ('1', dst[1]); 885 ASSERT_EQ('2', dst[2]); 886 ASSERT_EQ('3', dst[3]); 887 ASSERT_EQ('4', dst[4]); 888 ASSERT_EQ('5', dst[5]); 889 ASSERT_EQ('6', dst[6]); 890 ASSERT_EQ('7', dst[7]); 891 ASSERT_EQ('8', dst[8]); 892 ASSERT_EQ('\0', dst[9]); 893 ASSERT_EQ('\0', dst[10]); 894 ASSERT_EQ('\0', dst[11]); 895 ASSERT_EQ('\0', dst[12]); 896 ASSERT_EQ('\0', dst[13]); 897 ASSERT_EQ('\0', dst[14]); 898 } 899 900 TEST(TEST_NAME, strcat_chk_max_int_size) { 901 char buf[10]; 902 memset(buf, 'A', sizeof(buf)); 903 buf[0] = 'a'; 904 buf[1] = '\0'; 905 char* res = __strcat_chk(buf, "01234567", (size_t)-1); 906 ASSERT_EQ(buf, res); 907 ASSERT_EQ('a', buf[0]); 908 ASSERT_EQ('0', buf[1]); 909 ASSERT_EQ('1', buf[2]); 910 ASSERT_EQ('2', buf[3]); 911 ASSERT_EQ('3', buf[4]); 912 ASSERT_EQ('4', buf[5]); 913 ASSERT_EQ('5', buf[6]); 914 ASSERT_EQ('6', buf[7]); 915 ASSERT_EQ('7', buf[8]); 916 ASSERT_EQ('\0', buf[9]); 917 } 918 919 extern "C" char* __stpcpy_chk(char*, const char*, size_t); 920 921 TEST(TEST_NAME, stpcpy_chk_max_int_size) { 922 char buf[10]; 923 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1); 924 ASSERT_EQ(buf + strlen("012345678"), res); 925 ASSERT_STREQ("012345678", buf); 926 } 927 928 extern "C" char* __strcpy_chk(char*, const char*, size_t); 929 930 TEST(TEST_NAME, strcpy_chk_max_int_size) { 931 char buf[10]; 932 char* res = __strcpy_chk(buf, "012345678", (size_t)-1); 933 ASSERT_EQ(buf, res); 934 ASSERT_STREQ("012345678", buf); 935 } 936 937 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t); 938 939 TEST(TEST_NAME, memcpy_chk_max_int_size) { 940 char buf[10]; 941 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1); 942 ASSERT_EQ((void*)buf, res); 943 ASSERT_EQ('0', buf[0]); 944 ASSERT_EQ('1', buf[1]); 945 ASSERT_EQ('2', buf[2]); 946 ASSERT_EQ('3', buf[3]); 947 ASSERT_EQ('4', buf[4]); 948 ASSERT_EQ('5', buf[5]); 949 ASSERT_EQ('6', buf[6]); 950 ASSERT_EQ('7', buf[7]); 951 ASSERT_EQ('8', buf[8]); 952 ASSERT_EQ('\0', buf[9]); 953 } 954 955 // Verify that macro expansion is done properly for sprintf/snprintf (which 956 // are defined as macros in stdio.h under clang). 957 #define CONTENTS "macro expansion" 958 #define BUF_AND_SIZE(A) A, sizeof(A) 959 #define BUF_AND_CONTENTS(A) A, CONTENTS 960 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS 961 TEST(TEST_NAME, s_n_printf_macro_expansion) { 962 char buf[BUFSIZ]; 963 snprintf(BUF_AND_SIZE(buf), CONTENTS); 964 EXPECT_STREQ(CONTENTS, buf); 965 966 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf)); 967 EXPECT_STREQ(CONTENTS, buf); 968 969 sprintf(BUF_AND_CONTENTS(buf)); 970 EXPECT_STREQ(CONTENTS, buf); 971 } 972 973 TEST_F(DEATHTEST, poll_fortified) { 974 nfds_t fd_count = atoi("2"); // suppress compiler optimizations 975 pollfd buf[1] = {{0, POLLIN, 0}}; 976 // Set timeout to zero to prevent waiting in poll when fortify test fails. 977 ASSERT_FORTIFY(poll(buf, fd_count, 0)); 978 } 979 980 TEST_F(DEATHTEST, ppoll_fortified) { 981 nfds_t fd_count = atoi("2"); // suppress compiler optimizations 982 pollfd buf[1] = {{0, POLLIN, 0}}; 983 // Set timeout to zero to prevent waiting in ppoll when fortify test fails. 984 timespec timeout; 985 timeout.tv_sec = timeout.tv_nsec = 0; 986 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL)); 987 } 988