1 /* 2 * Copyright (C) 2013 The Android Open Source Project 3 * 4 * Licensed under the Apache License, Version 2.0 (the "License"); 5 * you may not use this file except in compliance with the License. 6 * You may obtain a copy of the License at 7 * 8 * http://www.apache.org/licenses/LICENSE-2.0 9 * 10 * Unless required by applicable law or agreed to in writing, software 11 * distributed under the License is distributed on an "AS IS" BASIS, 12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 * See the License for the specific language governing permissions and 14 * limitations under the License. 15 */ 16 17 // -Werror is on whether we like it or not, and we're intentionally doing awful 18 // things in this file. GCC is dumb and doesn't have a specific error class for 19 // the fortify failures (it's just -Werror), so we can't use anything more 20 // constrained than disabling all the warnings in the file :( It also won't let 21 // us use system_header in a .cpp file, so we have to #include this from 22 // fortify_test_main.cpp. 23 #pragma GCC system_header 24 25 #include <gtest/gtest.h> 26 #include "BionicDeathTest.h" 27 28 #include <fcntl.h> 29 #include <malloc.h> 30 #include <poll.h> 31 #include <signal.h> 32 #include <stdarg.h> 33 #include <string.h> 34 #include <sys/socket.h> 35 #include <sys/stat.h> 36 #include <sys/types.h> 37 #include <time.h> 38 39 #if __BIONIC__ 40 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY") 41 #else 42 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "") 43 #endif 44 45 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to 46 // distinguish different tests. TEST_NAME is defined in compilation command. 47 #define DEATHTEST_PASTER(name) name##_DeathTest 48 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name) 49 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME) 50 51 class DEATHTEST : public BionicDeathTest {}; 52 53 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2 54 struct foo { 55 char empty[0]; 56 char one[1]; 57 char a[10]; 58 char b[10]; 59 }; 60 61 TEST_F(DEATHTEST, stpncpy_fortified2) { 62 foo myfoo; 63 int copy_amt = atoi("11"); 64 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt)); 65 } 66 67 TEST_F(DEATHTEST, stpncpy2_fortified2) { 68 foo myfoo; 69 memset(&myfoo, 0, sizeof(myfoo)); 70 myfoo.one[0] = 'A'; // not null terminated string 71 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b))); 72 } 73 74 TEST_F(DEATHTEST, strncpy_fortified2) { 75 foo myfoo; 76 int copy_amt = atoi("11"); 77 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt)); 78 } 79 80 TEST_F(DEATHTEST, strncpy2_fortified2) { 81 foo myfoo; 82 memset(&myfoo, 0, sizeof(myfoo)); 83 myfoo.one[0] = 'A'; // not null terminated string 84 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b))); 85 } 86 87 TEST_F(DEATHTEST, sprintf_fortified2) { 88 foo myfoo; 89 char source_buf[15]; 90 memcpy(source_buf, "12345678901234", 15); 91 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf)); 92 } 93 94 TEST_F(DEATHTEST, sprintf2_fortified2) { 95 foo myfoo; 96 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789")); 97 } 98 99 static int vsprintf_helper2(const char *fmt, ...) { 100 foo myfoo; 101 va_list va; 102 int result; 103 104 va_start(va, fmt); 105 result = vsprintf(myfoo.a, fmt, va); // should crash here 106 va_end(va); 107 return result; 108 } 109 110 TEST_F(DEATHTEST, vsprintf_fortified2) { 111 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789")); 112 } 113 114 TEST_F(DEATHTEST, vsprintf2_fortified2) { 115 ASSERT_FORTIFY(vsprintf_helper2("0123456789")); 116 } 117 118 static int vsnprintf_helper2(const char *fmt, ...) { 119 foo myfoo; 120 va_list va; 121 int result; 122 size_t size = atoi("11"); 123 124 va_start(va, fmt); 125 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here 126 va_end(va); 127 return result; 128 } 129 130 TEST_F(DEATHTEST, vsnprintf_fortified2) { 131 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789")); 132 } 133 134 TEST_F(DEATHTEST, vsnprintf2_fortified2) { 135 ASSERT_FORTIFY(vsnprintf_helper2("0123456789")); 136 } 137 138 // zero sized target with "\0" source (should fail) 139 TEST_F(DEATHTEST, stpcpy_fortified2) { 140 #if defined(__BIONIC__) 141 foo myfoo; 142 char* src = strdup(""); 143 ASSERT_FORTIFY(stpcpy(myfoo.empty, src)); 144 free(src); 145 #else // __BIONIC__ 146 GTEST_LOG_(INFO) << "This test does nothing.\n"; 147 #endif // __BIONIC__ 148 } 149 150 // zero sized target with "\0" source (should fail) 151 TEST_F(DEATHTEST, strcpy_fortified2) { 152 #if defined(__BIONIC__) 153 foo myfoo; 154 char* src = strdup(""); 155 ASSERT_FORTIFY(strcpy(myfoo.empty, src)); 156 free(src); 157 #else // __BIONIC__ 158 GTEST_LOG_(INFO) << "This test does nothing.\n"; 159 #endif // __BIONIC__ 160 } 161 162 // zero sized target with longer source (should fail) 163 TEST_F(DEATHTEST, strcpy2_fortified2) { 164 #if defined(__BIONIC__) 165 foo myfoo; 166 char* src = strdup("1"); 167 ASSERT_FORTIFY(strcpy(myfoo.empty, src)); 168 free(src); 169 #else // __BIONIC__ 170 GTEST_LOG_(INFO) << "This test does nothing.\n"; 171 #endif // __BIONIC__ 172 } 173 174 // one byte target with longer source (should fail) 175 TEST_F(DEATHTEST, strcpy3_fortified2) { 176 #if defined(__BIONIC__) 177 foo myfoo; 178 char* src = strdup("12"); 179 ASSERT_FORTIFY(strcpy(myfoo.one, src)); 180 free(src); 181 #else // __BIONIC__ 182 GTEST_LOG_(INFO) << "This test does nothing.\n"; 183 #endif // __BIONIC__ 184 } 185 186 TEST_F(DEATHTEST, strchr_fortified2) { 187 #if defined(__BIONIC__) 188 foo myfoo; 189 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 190 myfoo.b[0] = '\0'; 191 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a'))); 192 ASSERT_FORTIFY(printf("%s", strchr(static_cast<const char*>(myfoo.a), 'a'))); 193 #else // __BIONIC__ 194 GTEST_LOG_(INFO) << "This test does nothing.\n"; 195 #endif // __BIONIC__ 196 } 197 198 TEST_F(DEATHTEST, strrchr_fortified2) { 199 #if defined(__BIONIC__) 200 foo myfoo; 201 memcpy(myfoo.a, "0123456789", 10); 202 memcpy(myfoo.b, "01234", 6); 203 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a'))); 204 ASSERT_FORTIFY(printf("%s", strrchr(static_cast<const char*>(myfoo.a), 'a'))); 205 #else // __BIONIC__ 206 GTEST_LOG_(INFO) << "This test does nothing.\n"; 207 #endif // __BIONIC__ 208 } 209 210 TEST_F(DEATHTEST, memchr_fortified2) { 211 #if defined(__BIONIC__) 212 foo myfoo; 213 volatile int asize = sizeof(myfoo.a) + 1; 214 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 215 ASSERT_FORTIFY(printf("%s", memchr(myfoo.a, 'a', asize))); 216 ASSERT_FORTIFY(printf("%s", memchr(static_cast<const void*>(myfoo.a), 'a', asize))); 217 #else // __BIONIC__ 218 GTEST_LOG_(INFO) << "This test does nothing.\n"; 219 #endif // __BIONIC__ 220 } 221 222 TEST_F(DEATHTEST, memrchr_fortified2) { 223 #if defined(__BIONIC__) 224 foo myfoo; 225 volatile int asize = sizeof(myfoo.a) + 1; 226 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); 227 ASSERT_FORTIFY(printf("%s", memrchr(myfoo.a, 'a', asize))); 228 ASSERT_FORTIFY(printf("%s", memrchr(static_cast<const void*>(myfoo.a), 'a', asize))); 229 #else // __BIONIC__ 230 GTEST_LOG_(INFO) << "This test does nothing.\n"; 231 #endif // __BIONIC__ 232 } 233 234 TEST_F(DEATHTEST, strlcpy_fortified2) { 235 #if defined(__BIONIC__) 236 foo myfoo; 237 strcpy(myfoo.a, "01"); 238 size_t n = strlen(myfoo.a); 239 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n)); 240 #else // __BIONIC__ 241 GTEST_LOG_(INFO) << "This test does nothing.\n"; 242 #endif // __BIONIC__ 243 } 244 245 TEST_F(DEATHTEST, strlcat_fortified2) { 246 #if defined(__BIONIC__) 247 foo myfoo; 248 strcpy(myfoo.a, "01"); 249 myfoo.one[0] = '\0'; 250 size_t n = strlen(myfoo.a); 251 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n)); 252 #else // __BIONIC__ 253 GTEST_LOG_(INFO) << "This test does nothing.\n"; 254 #endif // __BIONIC__ 255 } 256 257 TEST_F(DEATHTEST, strncat_fortified2) { 258 foo myfoo; 259 size_t n = atoi("10"); // avoid compiler optimizations 260 strncpy(myfoo.a, "012345678", n); 261 ASSERT_FORTIFY(strncat(myfoo.a, "9", n)); 262 } 263 264 TEST_F(DEATHTEST, strncat2_fortified2) { 265 foo myfoo; 266 myfoo.a[0] = '\0'; 267 size_t n = atoi("10"); // avoid compiler optimizations 268 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n)); 269 } 270 271 TEST_F(DEATHTEST, strncat3_fortified2) { 272 foo myfoo; 273 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 274 myfoo.b[0] = '\0'; 275 size_t n = atoi("10"); // avoid compiler optimizations 276 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n)); 277 } 278 279 TEST_F(DEATHTEST, strcat_fortified2) { 280 char src[11]; 281 strcpy(src, "0123456789"); 282 foo myfoo; 283 myfoo.a[0] = '\0'; 284 ASSERT_FORTIFY(strcat(myfoo.a, src)); 285 } 286 287 TEST_F(DEATHTEST, strcat2_fortified2) { 288 foo myfoo; 289 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string 290 myfoo.b[0] = '\0'; 291 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a)); 292 } 293 294 TEST_F(DEATHTEST, snprintf_fortified2) { 295 foo myfoo; 296 strcpy(myfoo.a, "012345678"); 297 size_t n = strlen(myfoo.a) + 2; 298 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a)); 299 } 300 301 TEST_F(DEATHTEST, bzero_fortified2) { 302 foo myfoo; 303 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b)); 304 size_t n = atoi("11"); 305 ASSERT_FORTIFY(bzero(myfoo.b, n)); 306 } 307 308 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */ 309 310 // multibyte target where we over fill (should fail) 311 TEST_F(DEATHTEST, strcpy_fortified) { 312 #if defined(__BIONIC__) 313 char buf[10]; 314 char *orig = strdup("0123456789"); 315 ASSERT_FORTIFY(strcpy(buf, orig)); 316 free(orig); 317 #else // __BIONIC__ 318 GTEST_LOG_(INFO) << "This test does nothing.\n"; 319 #endif // __BIONIC__ 320 } 321 322 // zero sized target with "\0" source (should fail) 323 TEST_F(DEATHTEST, strcpy2_fortified) { 324 #if defined(__BIONIC__) 325 char buf[0]; 326 char *orig = strdup(""); 327 ASSERT_FORTIFY(strcpy(buf, orig)); 328 free(orig); 329 #else // __BIONIC__ 330 GTEST_LOG_(INFO) << "This test does nothing.\n"; 331 #endif // __BIONIC__ 332 } 333 334 // zero sized target with longer source (should fail) 335 TEST_F(DEATHTEST, strcpy3_fortified) { 336 #if defined(__BIONIC__) 337 char buf[0]; 338 char *orig = strdup("1"); 339 ASSERT_FORTIFY(strcpy(buf, orig)); 340 free(orig); 341 #else // __BIONIC__ 342 GTEST_LOG_(INFO) << "This test does nothing.\n"; 343 #endif // __BIONIC__ 344 } 345 346 // one byte target with longer source (should fail) 347 TEST_F(DEATHTEST, strcpy4_fortified) { 348 #if defined(__BIONIC__) 349 char buf[1]; 350 char *orig = strdup("12"); 351 ASSERT_FORTIFY(strcpy(buf, orig)); 352 free(orig); 353 #else // __BIONIC__ 354 GTEST_LOG_(INFO) << "This test does nothing.\n"; 355 #endif // __BIONIC__ 356 } 357 358 TEST_F(DEATHTEST, strlen_fortified) { 359 #if defined(__BIONIC__) 360 char buf[10]; 361 memcpy(buf, "0123456789", sizeof(buf)); 362 ASSERT_FORTIFY(printf("%zd", strlen(buf))); 363 #else // __BIONIC__ 364 GTEST_LOG_(INFO) << "This test does nothing.\n"; 365 #endif // __BIONIC__ 366 } 367 368 TEST_F(DEATHTEST, strchr_fortified) { 369 #if defined(__BIONIC__) 370 char buf[10]; 371 memcpy(buf, "0123456789", sizeof(buf)); 372 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a'))); 373 #else // __BIONIC__ 374 GTEST_LOG_(INFO) << "This test does nothing.\n"; 375 #endif // __BIONIC__ 376 } 377 378 TEST_F(DEATHTEST, strrchr_fortified) { 379 #if defined(__BIONIC__) 380 char buf[10]; 381 memcpy(buf, "0123456789", sizeof(buf)); 382 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a'))); 383 #else // __BIONIC__ 384 GTEST_LOG_(INFO) << "This test does nothing.\n"; 385 #endif // __BIONIC__ 386 } 387 388 TEST_F(DEATHTEST, strlcpy_fortified) { 389 #if defined(__BIONIC__) 390 char bufa[15]; 391 char bufb[10]; 392 strcpy(bufa, "01234567890123"); 393 size_t n = strlen(bufa); 394 ASSERT_FORTIFY(strlcpy(bufb, bufa, n)); 395 #else // __BIONIC__ 396 GTEST_LOG_(INFO) << "This test does nothing.\n"; 397 #endif // __BIONIC__ 398 } 399 400 TEST_F(DEATHTEST, strlcat_fortified) { 401 #if defined(__BIONIC__) 402 char bufa[15]; 403 char bufb[10]; 404 bufb[0] = '\0'; 405 strcpy(bufa, "01234567890123"); 406 size_t n = strlen(bufa); 407 ASSERT_FORTIFY(strlcat(bufb, bufa, n)); 408 #else // __BIONIC__ 409 GTEST_LOG_(INFO) << "This test does nothing.\n"; 410 #endif // __BIONIC__ 411 } 412 413 TEST_F(DEATHTEST, sprintf_fortified) { 414 char buf[10]; 415 char source_buf[15]; 416 memcpy(source_buf, "12345678901234", 15); 417 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf)); 418 } 419 420 #ifdef __clang__ && !__has_attribute(alloc_size) 421 // TODO: remove this after Clang prebuilt rebase. 422 #else 423 // This test is disabled in clang because clang doesn't properly detect 424 // this buffer overflow. TODO: Fix clang. 425 TEST_F(DEATHTEST, sprintf_malloc_fortified) { 426 char* buf = (char *) malloc(10); 427 char source_buf[11]; 428 memcpy(source_buf, "1234567890", 11); 429 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf)); 430 free(buf); 431 } 432 #endif 433 434 TEST_F(DEATHTEST, sprintf2_fortified) { 435 char buf[5]; 436 ASSERT_FORTIFY(sprintf(buf, "aaaaa")); 437 } 438 439 static int vsprintf_helper(const char *fmt, ...) { 440 char buf[10]; 441 va_list va; 442 int result; 443 444 va_start(va, fmt); 445 result = vsprintf(buf, fmt, va); // should crash here 446 va_end(va); 447 return result; 448 } 449 450 TEST_F(DEATHTEST, vsprintf_fortified) { 451 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789")); 452 } 453 454 TEST_F(DEATHTEST, vsprintf2_fortified) { 455 ASSERT_FORTIFY(vsprintf_helper("0123456789")); 456 } 457 458 static int vsnprintf_helper(const char *fmt, ...) { 459 char buf[10]; 460 va_list va; 461 int result; 462 size_t size = atoi("11"); 463 464 va_start(va, fmt); 465 result = vsnprintf(buf, size, fmt, va); // should crash here 466 va_end(va); 467 return result; 468 } 469 470 TEST_F(DEATHTEST, vsnprintf_fortified) { 471 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789")); 472 } 473 474 TEST_F(DEATHTEST, vsnprintf2_fortified) { 475 ASSERT_FORTIFY(vsnprintf_helper("0123456789")); 476 } 477 478 TEST_F(DEATHTEST, strncat_fortified) { 479 char buf[10]; 480 size_t n = atoi("10"); // avoid compiler optimizations 481 strncpy(buf, "012345678", n); 482 ASSERT_FORTIFY(strncat(buf, "9", n)); 483 } 484 485 TEST_F(DEATHTEST, strncat2_fortified) { 486 char buf[10]; 487 buf[0] = '\0'; 488 size_t n = atoi("10"); // avoid compiler optimizations 489 ASSERT_FORTIFY(strncat(buf, "0123456789", n)); 490 } 491 492 TEST_F(DEATHTEST, strcat_fortified) { 493 char src[11]; 494 strcpy(src, "0123456789"); 495 char buf[10]; 496 buf[0] = '\0'; 497 ASSERT_FORTIFY(strcat(buf, src)); 498 } 499 500 TEST_F(DEATHTEST, memmove_fortified) { 501 char buf[20]; 502 strcpy(buf, "0123456789"); 503 size_t n = atoi("10"); 504 ASSERT_FORTIFY(memmove(buf + 11, buf, n)); 505 } 506 507 TEST_F(DEATHTEST, memcpy_fortified) { 508 char bufa[10]; 509 char bufb[10]; 510 strcpy(bufa, "012345678"); 511 size_t n = atoi("11"); 512 ASSERT_FORTIFY(memcpy(bufb, bufa, n)); 513 } 514 515 TEST_F(DEATHTEST, memset_fortified) { 516 char buf[10]; 517 size_t n = atoi("11"); 518 ASSERT_FORTIFY(memset(buf, 0, n)); 519 } 520 521 TEST_F(DEATHTEST, stpncpy_fortified) { 522 char bufa[15]; 523 char bufb[10]; 524 strcpy(bufa, "01234567890123"); 525 size_t n = strlen(bufa); 526 ASSERT_FORTIFY(stpncpy(bufb, bufa, n)); 527 } 528 529 TEST_F(DEATHTEST, stpncpy2_fortified) { 530 char dest[11]; 531 char src[10]; 532 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 533 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest))); 534 } 535 536 TEST_F(DEATHTEST, strncpy_fortified) { 537 char bufa[15]; 538 char bufb[10]; 539 strcpy(bufa, "01234567890123"); 540 size_t n = strlen(bufa); 541 ASSERT_FORTIFY(strncpy(bufb, bufa, n)); 542 } 543 544 545 TEST_F(DEATHTEST, strncpy2_fortified) { 546 char dest[11]; 547 char src[10]; 548 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated 549 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest))); 550 } 551 552 TEST_F(DEATHTEST, snprintf_fortified) { 553 char bufa[15]; 554 char bufb[10]; 555 strcpy(bufa, "0123456789"); 556 size_t n = strlen(bufa) + 1; 557 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa)); 558 } 559 560 TEST_F(DEATHTEST, bzero_fortified) { 561 char buf[10]; 562 memcpy(buf, "0123456789", sizeof(buf)); 563 size_t n = atoi("11"); 564 ASSERT_FORTIFY(bzero(buf, n)); 565 } 566 567 TEST_F(DEATHTEST, umask_fortified) { 568 mode_t mask = atoi("1023"); // 01777 in octal 569 ASSERT_FORTIFY(umask(mask)); 570 } 571 572 TEST_F(DEATHTEST, recv_fortified) { 573 size_t data_len = atoi("11"); // suppress compiler optimizations 574 char buf[10]; 575 ASSERT_FORTIFY(recv(0, buf, data_len, 0)); 576 } 577 578 TEST_F(DEATHTEST, send_fortified) { 579 size_t data_len = atoi("11"); // suppress compiler optimizations 580 char buf[10] = {0}; 581 ASSERT_FORTIFY(send(0, buf, data_len, 0)); 582 } 583 584 TEST_F(DEATHTEST, FD_ISSET_fortified) { 585 #if defined(__BIONIC__) // glibc catches this at compile-time. 586 fd_set set; 587 memset(&set, 0, sizeof(set)); 588 ASSERT_FORTIFY(FD_ISSET(-1, &set)); 589 #endif 590 } 591 592 TEST_F(DEATHTEST, FD_ISSET_2_fortified) { 593 char buf[1]; 594 fd_set* set = (fd_set*) buf; 595 ASSERT_FORTIFY(FD_ISSET(0, set)); 596 } 597 598 TEST_F(DEATHTEST, getcwd_fortified) { 599 char buf[1]; 600 size_t ct = atoi("2"); // prevent optimizations 601 ASSERT_FORTIFY(getcwd(buf, ct)); 602 } 603 604 TEST_F(DEATHTEST, pread_fortified) { 605 char buf[1]; 606 size_t ct = atoi("2"); // prevent optimizations 607 int fd = open("/dev/null", O_RDONLY); 608 ASSERT_FORTIFY(pread(fd, buf, ct, 0)); 609 close(fd); 610 } 611 612 TEST_F(DEATHTEST, pread64_fortified) { 613 char buf[1]; 614 size_t ct = atoi("2"); // prevent optimizations 615 int fd = open("/dev/null", O_RDONLY); 616 ASSERT_FORTIFY(pread64(fd, buf, ct, 0)); 617 close(fd); 618 } 619 620 TEST_F(DEATHTEST, pwrite_fortified) { 621 char buf[1] = {0}; 622 size_t ct = atoi("2"); // prevent optimizations 623 int fd = open("/dev/null", O_WRONLY); 624 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0)); 625 close(fd); 626 } 627 628 TEST_F(DEATHTEST, pwrite64_fortified) { 629 char buf[1] = {0}; 630 size_t ct = atoi("2"); // prevent optimizations 631 int fd = open("/dev/null", O_WRONLY); 632 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0)); 633 close(fd); 634 } 635 636 TEST_F(DEATHTEST, read_fortified) { 637 char buf[1]; 638 size_t ct = atoi("2"); // prevent optimizations 639 int fd = open("/dev/null", O_RDONLY); 640 ASSERT_FORTIFY(read(fd, buf, ct)); 641 close(fd); 642 } 643 644 TEST_F(DEATHTEST, write_fortified) { 645 char buf[1] = {0}; 646 size_t ct = atoi("2"); // prevent optimizations 647 int fd = open("/dev/null", O_WRONLY); 648 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), ""); 649 close(fd); 650 } 651 652 TEST_F(DEATHTEST, fread_fortified) { 653 char buf[1]; 654 size_t ct = atoi("2"); // prevent optimizations 655 FILE* fp = fopen("/dev/null", "r"); 656 ASSERT_FORTIFY(fread(buf, 1, ct, fp)); 657 fclose(fp); 658 } 659 660 TEST_F(DEATHTEST, fwrite_fortified) { 661 char buf[1] = {0}; 662 size_t ct = atoi("2"); // prevent optimizations 663 FILE* fp = fopen("/dev/null", "w"); 664 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp)); 665 fclose(fp); 666 } 667 668 TEST_F(DEATHTEST, readlink_fortified) { 669 char buf[1]; 670 size_t ct = atoi("2"); // prevent optimizations 671 ASSERT_FORTIFY(readlink("/dev/null", buf, ct)); 672 } 673 674 TEST_F(DEATHTEST, readlinkat_fortified) { 675 char buf[1]; 676 size_t ct = atoi("2"); // prevent optimizations 677 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct)); 678 } 679 680 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t); 681 extern "C" char* __strcat_chk(char*, const char*, size_t); 682 683 TEST(TEST_NAME, strncat) { 684 char buf[10]; 685 memset(buf, 'A', sizeof(buf)); 686 buf[0] = 'a'; 687 buf[1] = '\0'; 688 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf)); 689 ASSERT_EQ(buf, res); 690 ASSERT_EQ('a', buf[0]); 691 ASSERT_EQ('0', buf[1]); 692 ASSERT_EQ('1', buf[2]); 693 ASSERT_EQ('2', buf[3]); 694 ASSERT_EQ('3', buf[4]); 695 ASSERT_EQ('4', buf[5]); 696 ASSERT_EQ('\0', buf[6]); 697 ASSERT_EQ('A', buf[7]); 698 ASSERT_EQ('A', buf[8]); 699 ASSERT_EQ('A', buf[9]); 700 } 701 702 TEST(TEST_NAME, strncat2) { 703 char buf[10]; 704 memset(buf, 'A', sizeof(buf)); 705 buf[0] = 'a'; 706 buf[1] = '\0'; 707 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 708 ASSERT_EQ(buf, res); 709 ASSERT_EQ('a', buf[0]); 710 ASSERT_EQ('0', buf[1]); 711 ASSERT_EQ('1', buf[2]); 712 ASSERT_EQ('2', buf[3]); 713 ASSERT_EQ('3', buf[4]); 714 ASSERT_EQ('4', buf[5]); 715 ASSERT_EQ('\0', buf[6]); 716 ASSERT_EQ('A', buf[7]); 717 ASSERT_EQ('A', buf[8]); 718 ASSERT_EQ('A', buf[9]); 719 } 720 721 TEST(TEST_NAME, strncat3) { 722 char buf[10]; 723 memset(buf, 'A', sizeof(buf)); 724 buf[0] = '\0'; 725 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf)); 726 ASSERT_EQ(buf, res); 727 ASSERT_EQ('0', buf[0]); 728 ASSERT_EQ('1', buf[1]); 729 ASSERT_EQ('2', buf[2]); 730 ASSERT_EQ('3', buf[3]); 731 ASSERT_EQ('4', buf[4]); 732 ASSERT_EQ('\0', buf[5]); 733 ASSERT_EQ('A', buf[6]); 734 ASSERT_EQ('A', buf[7]); 735 ASSERT_EQ('A', buf[8]); 736 ASSERT_EQ('A', buf[9]); 737 } 738 739 TEST(TEST_NAME, strncat4) { 740 char buf[10]; 741 memset(buf, 'A', sizeof(buf)); 742 buf[9] = '\0'; 743 char* res = __strncat_chk(buf, "", 5, sizeof(buf)); 744 ASSERT_EQ(buf, res); 745 ASSERT_EQ('A', buf[0]); 746 ASSERT_EQ('A', buf[1]); 747 ASSERT_EQ('A', buf[2]); 748 ASSERT_EQ('A', buf[3]); 749 ASSERT_EQ('A', buf[4]); 750 ASSERT_EQ('A', buf[5]); 751 ASSERT_EQ('A', buf[6]); 752 ASSERT_EQ('A', buf[7]); 753 ASSERT_EQ('A', buf[8]); 754 ASSERT_EQ('\0', buf[9]); 755 } 756 757 TEST(TEST_NAME, strncat5) { 758 char buf[10]; 759 memset(buf, 'A', sizeof(buf)); 760 buf[0] = 'a'; 761 buf[1] = '\0'; 762 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf)); 763 ASSERT_EQ(buf, res); 764 ASSERT_EQ('a', buf[0]); 765 ASSERT_EQ('0', buf[1]); 766 ASSERT_EQ('1', buf[2]); 767 ASSERT_EQ('2', buf[3]); 768 ASSERT_EQ('3', buf[4]); 769 ASSERT_EQ('4', buf[5]); 770 ASSERT_EQ('5', buf[6]); 771 ASSERT_EQ('6', buf[7]); 772 ASSERT_EQ('7', buf[8]); 773 ASSERT_EQ('\0', buf[9]); 774 } 775 776 TEST(TEST_NAME, strncat6) { 777 char buf[10]; 778 memset(buf, 'A', sizeof(buf)); 779 buf[0] = 'a'; 780 buf[1] = '\0'; 781 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf)); 782 ASSERT_EQ(buf, res); 783 ASSERT_EQ('a', buf[0]); 784 ASSERT_EQ('0', buf[1]); 785 ASSERT_EQ('1', buf[2]); 786 ASSERT_EQ('2', buf[3]); 787 ASSERT_EQ('3', buf[4]); 788 ASSERT_EQ('4', buf[5]); 789 ASSERT_EQ('5', buf[6]); 790 ASSERT_EQ('6', buf[7]); 791 ASSERT_EQ('7', buf[8]); 792 ASSERT_EQ('\0', buf[9]); 793 } 794 795 796 TEST(TEST_NAME, strcat) { 797 char buf[10]; 798 memset(buf, 'A', sizeof(buf)); 799 buf[0] = 'a'; 800 buf[1] = '\0'; 801 char* res = __strcat_chk(buf, "01234", sizeof(buf)); 802 ASSERT_EQ(buf, res); 803 ASSERT_EQ('a', buf[0]); 804 ASSERT_EQ('0', buf[1]); 805 ASSERT_EQ('1', buf[2]); 806 ASSERT_EQ('2', buf[3]); 807 ASSERT_EQ('3', buf[4]); 808 ASSERT_EQ('4', buf[5]); 809 ASSERT_EQ('\0', buf[6]); 810 ASSERT_EQ('A', buf[7]); 811 ASSERT_EQ('A', buf[8]); 812 ASSERT_EQ('A', buf[9]); 813 } 814 815 TEST(TEST_NAME, strcat2) { 816 char buf[10]; 817 memset(buf, 'A', sizeof(buf)); 818 buf[0] = 'a'; 819 buf[1] = '\0'; 820 char* res = __strcat_chk(buf, "01234567", sizeof(buf)); 821 ASSERT_EQ(buf, res); 822 ASSERT_EQ('a', buf[0]); 823 ASSERT_EQ('0', buf[1]); 824 ASSERT_EQ('1', buf[2]); 825 ASSERT_EQ('2', buf[3]); 826 ASSERT_EQ('3', buf[4]); 827 ASSERT_EQ('4', buf[5]); 828 ASSERT_EQ('5', buf[6]); 829 ASSERT_EQ('6', buf[7]); 830 ASSERT_EQ('7', buf[8]); 831 ASSERT_EQ('\0', buf[9]); 832 } 833 834 TEST(TEST_NAME, stpncpy) { 835 char src[10]; 836 char dst[10]; 837 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 838 stpncpy(dst, src, sizeof(dst)); 839 ASSERT_EQ('0', dst[0]); 840 ASSERT_EQ('1', dst[1]); 841 ASSERT_EQ('2', dst[2]); 842 ASSERT_EQ('3', dst[3]); 843 ASSERT_EQ('4', dst[4]); 844 ASSERT_EQ('5', dst[5]); 845 ASSERT_EQ('6', dst[6]); 846 ASSERT_EQ('7', dst[7]); 847 ASSERT_EQ('8', dst[8]); 848 ASSERT_EQ('9', dst[9]); 849 } 850 851 TEST(TEST_NAME, stpncpy2) { 852 char src[10]; 853 char dst[15]; 854 memcpy(src, "012345678\0", sizeof(src)); 855 stpncpy(dst, src, sizeof(dst)); 856 ASSERT_EQ('0', dst[0]); 857 ASSERT_EQ('1', dst[1]); 858 ASSERT_EQ('2', dst[2]); 859 ASSERT_EQ('3', dst[3]); 860 ASSERT_EQ('4', dst[4]); 861 ASSERT_EQ('5', dst[5]); 862 ASSERT_EQ('6', dst[6]); 863 ASSERT_EQ('7', dst[7]); 864 ASSERT_EQ('8', dst[8]); 865 ASSERT_EQ('\0', dst[9]); 866 ASSERT_EQ('\0', dst[10]); 867 ASSERT_EQ('\0', dst[11]); 868 ASSERT_EQ('\0', dst[12]); 869 ASSERT_EQ('\0', dst[13]); 870 ASSERT_EQ('\0', dst[14]); 871 } 872 873 TEST(TEST_NAME, strncpy) { 874 char src[10]; 875 char dst[10]; 876 memcpy(src, "0123456789", sizeof(src)); // non null terminated string 877 strncpy(dst, src, sizeof(dst)); 878 ASSERT_EQ('0', dst[0]); 879 ASSERT_EQ('1', dst[1]); 880 ASSERT_EQ('2', dst[2]); 881 ASSERT_EQ('3', dst[3]); 882 ASSERT_EQ('4', dst[4]); 883 ASSERT_EQ('5', dst[5]); 884 ASSERT_EQ('6', dst[6]); 885 ASSERT_EQ('7', dst[7]); 886 ASSERT_EQ('8', dst[8]); 887 ASSERT_EQ('9', dst[9]); 888 } 889 890 TEST(TEST_NAME, strncpy2) { 891 char src[10]; 892 char dst[15]; 893 memcpy(src, "012345678\0", sizeof(src)); 894 strncpy(dst, src, sizeof(dst)); 895 ASSERT_EQ('0', dst[0]); 896 ASSERT_EQ('1', dst[1]); 897 ASSERT_EQ('2', dst[2]); 898 ASSERT_EQ('3', dst[3]); 899 ASSERT_EQ('4', dst[4]); 900 ASSERT_EQ('5', dst[5]); 901 ASSERT_EQ('6', dst[6]); 902 ASSERT_EQ('7', dst[7]); 903 ASSERT_EQ('8', dst[8]); 904 ASSERT_EQ('\0', dst[9]); 905 ASSERT_EQ('\0', dst[10]); 906 ASSERT_EQ('\0', dst[11]); 907 ASSERT_EQ('\0', dst[12]); 908 ASSERT_EQ('\0', dst[13]); 909 ASSERT_EQ('\0', dst[14]); 910 } 911 912 TEST(TEST_NAME, strcat_chk_max_int_size) { 913 char buf[10]; 914 memset(buf, 'A', sizeof(buf)); 915 buf[0] = 'a'; 916 buf[1] = '\0'; 917 char* res = __strcat_chk(buf, "01234567", (size_t)-1); 918 ASSERT_EQ(buf, res); 919 ASSERT_EQ('a', buf[0]); 920 ASSERT_EQ('0', buf[1]); 921 ASSERT_EQ('1', buf[2]); 922 ASSERT_EQ('2', buf[3]); 923 ASSERT_EQ('3', buf[4]); 924 ASSERT_EQ('4', buf[5]); 925 ASSERT_EQ('5', buf[6]); 926 ASSERT_EQ('6', buf[7]); 927 ASSERT_EQ('7', buf[8]); 928 ASSERT_EQ('\0', buf[9]); 929 } 930 931 extern "C" char* __stpcpy_chk(char*, const char*, size_t); 932 933 TEST(TEST_NAME, stpcpy_chk_max_int_size) { 934 char buf[10]; 935 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1); 936 ASSERT_EQ(buf + strlen("012345678"), res); 937 ASSERT_STREQ("012345678", buf); 938 } 939 940 extern "C" char* __strcpy_chk(char*, const char*, size_t); 941 942 TEST(TEST_NAME, strcpy_chk_max_int_size) { 943 char buf[10]; 944 char* res = __strcpy_chk(buf, "012345678", (size_t)-1); 945 ASSERT_EQ(buf, res); 946 ASSERT_STREQ("012345678", buf); 947 } 948 949 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t); 950 951 TEST(TEST_NAME, memcpy_chk_max_int_size) { 952 char buf[10]; 953 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1); 954 ASSERT_EQ((void*)buf, res); 955 ASSERT_EQ('0', buf[0]); 956 ASSERT_EQ('1', buf[1]); 957 ASSERT_EQ('2', buf[2]); 958 ASSERT_EQ('3', buf[3]); 959 ASSERT_EQ('4', buf[4]); 960 ASSERT_EQ('5', buf[5]); 961 ASSERT_EQ('6', buf[6]); 962 ASSERT_EQ('7', buf[7]); 963 ASSERT_EQ('8', buf[8]); 964 ASSERT_EQ('\0', buf[9]); 965 } 966 967 // Verify that macro expansion is done properly for sprintf/snprintf (which 968 // are defined as macros in stdio.h under clang). 969 #define CONTENTS "macro expansion" 970 #define BUF_AND_SIZE(A) A, sizeof(A) 971 #define BUF_AND_CONTENTS(A) A, CONTENTS 972 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS 973 TEST(TEST_NAME, s_n_printf_macro_expansion) { 974 char buf[BUFSIZ]; 975 snprintf(BUF_AND_SIZE(buf), CONTENTS); 976 EXPECT_STREQ(CONTENTS, buf); 977 978 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf)); 979 EXPECT_STREQ(CONTENTS, buf); 980 981 sprintf(BUF_AND_CONTENTS(buf)); 982 EXPECT_STREQ(CONTENTS, buf); 983 } 984 985 TEST_F(DEATHTEST, poll_fortified) { 986 nfds_t fd_count = atoi("2"); // suppress compiler optimizations 987 pollfd buf[1] = {{0, POLLIN, 0}}; 988 // Set timeout to zero to prevent waiting in poll when fortify test fails. 989 ASSERT_FORTIFY(poll(buf, fd_count, 0)); 990 } 991 992 TEST_F(DEATHTEST, ppoll_fortified) { 993 nfds_t fd_count = atoi("2"); // suppress compiler optimizations 994 pollfd buf[1] = {{0, POLLIN, 0}}; 995 // Set timeout to zero to prevent waiting in ppoll when fortify test fails. 996 timespec timeout; 997 timeout.tv_sec = timeout.tv_nsec = 0; 998 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL)); 999 } 1000 1001 TEST_F(DEATHTEST, open_O_CREAT_without_mode_fortified) { 1002 int flags = O_CREAT; // Fool the compiler. 1003 ASSERT_FORTIFY(open("", flags)); 1004 } 1005 1006 TEST_F(DEATHTEST, open_O_TMPFILE_without_mode_fortified) { 1007 #if __BIONIC__ // Our glibc is too old for O_TMPFILE. 1008 int flags = O_TMPFILE; // Fool the compiler. 1009 ASSERT_FORTIFY(open("", flags)); 1010 #endif 1011 } 1012
