1 /*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 /*
18 * If this test fails, you can see the compiler's output by erasing a few args from the failing
19 * command. Specifically, delete everything before the path/to/the/compiler, then delete the first
20 * arg after the path/to/the/compiler. For example, given the following command:
21 *
22 * bionic/tests/file-check-cxx out/host/linux-x86/bin/FileCheck \
23 * prebuilts/clang/host/linux-x86/clang-4053586/bin/clang++ CLANG -I bionic/tests -I ...
24 *
25 * If you delete everything before clang++ and delete "CLANG", then you'll end up with:
26 *
27 * prebuilts/clang/host/linux-x86/clang-4053586/bin/clang++ -I bionic/tests -I ...
28 *
29 * Which is the command that FileCheck executes.
30 */
31
32 #undef _FORTIFY_SOURCE
33 #define _FORTIFY_SOURCE 2
34 #include <fcntl.h>
35 #include <netinet/in.h>
36 #include <poll.h>
37 #include <stdarg.h>
38 #include <stdio.h>
39 #include <stdlib.h>
40 #include <string.h>
41 #include <sys/socket.h>
42 #include <sys/stat.h>
43 #include <time.h>
44 #include <unistd.h>
45
test_sprintf()46 void test_sprintf() {
47 char buf[4];
48
49 // NOLINTNEXTLINE(whitespace/line_length)
50 // CLANG: error: call to unavailable function 'sprintf': format string will always overflow destination buffer
51 sprintf(buf, "foobar"); // NOLINT(runtime/printf)
52
53 // TODO: clang should emit a warning, but doesn't
54 sprintf(buf, "%s", "foobar"); // NOLINT(runtime/printf)
55 }
56
test_snprintf()57 void test_snprintf() {
58 char buf[4];
59
60 // NOLINTNEXTLINE(whitespace/line_length)
61 // CLANG: error: call to unavailable function 'snprintf': format string will always overflow destination buffer
62 snprintf(buf, 5, "foobar"); // NOLINT(runtime/printf)
63
64 // TODO: clang should emit a warning, but doesn't
65 snprintf(buf, 5, "%s", "foobar"); // NOLINT(runtime/printf)
66
67 // TODO: clang should emit a warning, but doesn't
68 snprintf(buf, 5, " %s ", "foobar"); // NOLINT(runtime/printf)
69
70 // TODO: clang should emit a warning, but doesn't
71 snprintf(buf, 5, "%d", 100000); // NOLINT(runtime/printf)
72 }
73
test_memcpy()74 void test_memcpy() {
75 char buf[4];
76
77 // CLANG: error: 'memcpy' called with size bigger than buffer
78 memcpy(buf, "foobar", sizeof("foobar") + 100);
79 }
80
test_memmove()81 void test_memmove() {
82 char buf[4];
83
84 // CLANG: error: 'memmove' called with size bigger than buffer
85 memmove(buf, "foobar", sizeof("foobar"));
86 }
87
test_memset()88 void test_memset() {
89 char buf[4];
90
91 // CLANG: error: 'memset' called with size bigger than buffer
92 memset(buf, 0, 6);
93 }
94
test_strcpy()95 void test_strcpy() {
96 char buf[4];
97
98 // CLANG: error: 'strcpy' called with string bigger than buffer
99 strcpy(buf, "foobar"); // NOLINT(runtime/printf)
100
101 // CLANG: error: 'strcpy' called with string bigger than buffer
102 strcpy(buf, "quux");
103 }
104
test_stpcpy()105 void test_stpcpy() {
106 char buf[4];
107
108 // CLANG: error: 'stpcpy' called with string bigger than buffer
109 stpcpy(buf, "foobar");
110
111 // CLANG: error: 'stpcpy' called with string bigger than buffer
112 stpcpy(buf, "quux");
113 }
114
test_strncpy()115 void test_strncpy() {
116 char buf[4];
117
118 // TODO: clang should emit a warning, but doesn't
119 strncpy(buf, "foobar", sizeof("foobar"));
120 }
121
test_strcat()122 void test_strcat() {
123 char buf[4] = "";
124
125 // TODO: clang should emit a warning, but doesn't
126 strcat(buf, "foobar"); // NOLINT(runtime/printf)
127 }
128
test_strncat()129 void test_strncat() {
130 char buf[4] = "";
131
132 // TODO: clang should emit a warning, but doesn't
133 strncat(buf, "foobar", sizeof("foobar"));
134 }
135
test_vsprintf(const char * fmt,...)136 void test_vsprintf(const char* fmt, ...) {
137 va_list va;
138 char buf[4];
139 va_start(va, fmt);
140
141 // clang should emit a warning, but doesn't
142 vsprintf(buf, "foobar", va);
143 va_end(va);
144 }
145
test_vsnprintf(const char * fmt,...)146 void test_vsnprintf(const char* fmt, ...) {
147 va_list va;
148 char buf[4];
149 va_start(va, fmt);
150
151 // clang should emit a warning, but doesn't
152 vsnprintf(buf, 5, "foobar", va); // NOLINT(runtime/printf)
153
154 va_end(va);
155 }
156
test_fgets()157 void test_fgets() {
158 char buf[4];
159
160 // CLANG: error: in call to 'fgets', size should not be negative
161 fgets(buf, -1, stdin);
162
163 // CLANG: error: in call to 'fgets', size is larger than the destination buffer
164 fgets(buf, 6, stdin);
165 }
166
test_recvfrom()167 void test_recvfrom() {
168 char buf[4];
169 sockaddr_in addr;
170
171 // CLANG: error: 'recvfrom' called with size bigger than buffer
172 recvfrom(0, buf, 6, 0, reinterpret_cast<sockaddr*>(&addr), nullptr);
173 }
174
test_recv()175 void test_recv() {
176 char buf[4] = {0};
177
178 // CLANG: error: 'recv' called with size bigger than buffer
179 recv(0, buf, 6, 0);
180 }
181
test_umask()182 void test_umask() {
183 // CLANG: error: 'umask' called with invalid mode
184 umask(01777);
185 }
186
test_read()187 void test_read() {
188 char buf[4];
189 // CLANG: error: in call to 'read', 'count' bytes overflows the given object
190 read(0, buf, 6);
191 }
192
test_open()193 void test_open() {
194 // CLANG: error: 'open' called with O_CREAT or O_TMPFILE, but missing mode
195 open("/dev/null", O_CREAT);
196
197 // CLANG: error: 'open' called with O_CREAT or O_TMPFILE, but missing mode
198 open("/dev/null", O_TMPFILE);
199
200 // CLANG: error: call to unavailable function 'open': too many arguments
201 open("/dev/null", O_CREAT, 0, 0);
202
203 // CLANG: error: call to unavailable function 'open': too many arguments
204 open("/dev/null", O_TMPFILE, 0, 0);
205
206 // CLANG: warning: 'open' has superfluous mode bits; missing O_CREAT?
207 open("/dev/null", O_RDONLY, 0644);
208
209 // CLANG: warning: 'open' has superfluous mode bits; missing O_CREAT?
210 open("/dev/null", O_DIRECTORY, 0644);
211 }
212
test_poll()213 void test_poll() {
214 pollfd fds[1];
215 // CLANG: error: in call to 'poll', fd_count is larger than the given buffer
216 poll(fds, 2, 0);
217 }
218
test_ppoll()219 void test_ppoll() {
220 pollfd fds[1];
221 timespec timeout;
222 // CLANG: error: in call to 'ppoll', fd_count is larger than the given buffer
223 ppoll(fds, 2, &timeout, nullptr);
224 }
225
test_ppoll64()226 void test_ppoll64() {
227 pollfd fds[1];
228 timespec timeout;
229 // NOLINTNEXTLINE(whitespace/line_length)
230 // CLANG: error: in call to 'ppoll64', fd_count is larger than the given buffer
231 ppoll64(fds, 2, &timeout, nullptr);
232 }
233
test_fread_overflow()234 void test_fread_overflow() {
235 char buf[4];
236 // CLANG: error: in call to 'fread', size * count overflows
237 fread(buf, 2, (size_t)-1, stdin);
238 }
239
test_fread_too_big()240 void test_fread_too_big() {
241 char buf[4];
242 // NOLINTNEXTLINE(whitespace/line_length)
243 // CLANG: error: in call to 'fread', size * count is too large for the given buffer
244 fread(buf, 1, 5, stdin);
245 }
246
test_fwrite_overflow()247 void test_fwrite_overflow() {
248 char buf[4] = {0};
249 // CLANG: error: in call to 'fwrite', size * count overflows
250 fwrite(buf, 2, (size_t)-1, stdout);
251 }
252
test_fwrite_too_big()253 void test_fwrite_too_big() {
254 char buf[4] = {0};
255 // NOLINTNEXTLINE(whitespace/line_length)
256 // CLANG: error: in call to 'fwrite', size * count is too large for the given buffer
257 fwrite(buf, 1, 5, stdout);
258 }
259
test_getcwd()260 void test_getcwd() {
261 char buf[4];
262 // CLANG: error: in call to 'getcwd', 'size' bytes overflows the given object
263 getcwd(buf, 5);
264 }
265
test_pwrite64_size()266 void test_pwrite64_size() {
267 char buf[4] = {0};
268 // CLANG: error: in call to 'pwrite64', 'count' bytes overflows the given object
269 pwrite64(STDOUT_FILENO, buf, 5, 0);
270 }
271
test_pwrite64_too_big_malloc()272 void test_pwrite64_too_big_malloc() {
273 void *buf = calloc(atoi("5"), 1);
274 // clang should emit a warning, but probably never will.
275 pwrite64(STDOUT_FILENO, buf, SIZE_MAX, 0);
276 }
277
test_pwrite64_too_big()278 void test_pwrite64_too_big() {
279 char buf[4] = {0};
280 // CLANG: error: in call to 'pwrite64', 'count' must be <= SSIZE_MAX
281 pwrite64(STDOUT_FILENO, buf, SIZE_MAX, 0);
282 }
283
test_write_size()284 void test_write_size() {
285 char buf[4] = {0};
286 // CLANG: error: in call to 'write', 'count' bytes overflows the given object
287 write(STDOUT_FILENO, buf, 5);
288 }
289
test_memset_args_flipped()290 void test_memset_args_flipped() {
291 char from[4] = {0};
292 // NOLINTNEXTLINE(whitespace/line_length)
293 // CLANG: 'memset' will set 0 bytes; maybe the arguments got flipped?
294 #pragma clang diagnostic push
295 #pragma clang diagnostic ignored "-Wmemset-transposed-args"
296 memset(from, sizeof(from), 0);
297 #pragma clang diagnostic pop
298 }
299
test_sendto()300 void test_sendto() {
301 char buf[4] = {0};
302 sockaddr_in addr;
303
304 // CLANG: error: 'sendto' called with size bigger than buffer
305 sendto(0, buf, 6, 0, reinterpret_cast<sockaddr*>(&addr), sizeof(sockaddr_in));
306 }
307
test_send()308 void test_send() {
309 char buf[4] = {0};
310
311 // CLANG: error: 'send' called with size bigger than buffer
312 send(0, buf, 6, 0);
313 }
314
test_realpath()315 void test_realpath() {
316 char buf[4] = {0};
317 // NOLINTNEXTLINE(whitespace/line_length)
318 // CLANG: error: 'realpath' output parameter must be NULL or a pointer to a buffer with >= PATH_MAX bytes
319 realpath(".", buf);
320
321 // This is fine.
322 realpath(".", nullptr);
323
324 char bigbuf[PATH_MAX];
325 // CLANG: error: 'realpath': NULL path is never correct; flipped arguments?
326 realpath(nullptr, bigbuf);
327 }
328