1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 // -Werror is on whether we like it or not, and we're intentionally doing awful
18 // things in this file. GCC is dumb and doesn't have a specific error class for
19 // the fortify failures (it's just -Werror), so we can't use anything more
20 // constrained than disabling all the warnings in the file :( It also won't let
21 // us use system_header in a .cpp file, so we have to #include this from
22 // fortify_test_main.cpp.
23 #pragma GCC system_header
24
25 #include <gtest/gtest.h>
26 #include "BionicDeathTest.h"
27
28 #include <fcntl.h>
29 #include <malloc.h>
30 #include <poll.h>
31 #include <signal.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <sys/socket.h>
35 #include <sys/stat.h>
36 #include <sys/types.h>
37 #include <time.h>
38
39 #if __BIONIC__
40 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
41 #else
42 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
43 #endif
44
45 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
46 // distinguish different tests. TEST_NAME is defined in compilation command.
47 #define DEATHTEST_PASTER(name) name##_DeathTest
48 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
49 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
50
51 class DEATHTEST : public BionicDeathTest {};
52
53 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
54 struct foo {
55 char empty[0];
56 char one[1];
57 char a[10];
58 char b[10];
59 };
60
TEST_F(DEATHTEST,stpncpy_fortified2)61 TEST_F(DEATHTEST, stpncpy_fortified2) {
62 foo myfoo;
63 int copy_amt = atoi("11");
64 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
65 }
66
TEST_F(DEATHTEST,stpncpy2_fortified2)67 TEST_F(DEATHTEST, stpncpy2_fortified2) {
68 foo myfoo;
69 memset(&myfoo, 0, sizeof(myfoo));
70 myfoo.one[0] = 'A'; // not null terminated string
71 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
72 }
73
TEST_F(DEATHTEST,strncpy_fortified2)74 TEST_F(DEATHTEST, strncpy_fortified2) {
75 foo myfoo;
76 int copy_amt = atoi("11");
77 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
78 }
79
TEST_F(DEATHTEST,strncpy2_fortified2)80 TEST_F(DEATHTEST, strncpy2_fortified2) {
81 foo myfoo;
82 memset(&myfoo, 0, sizeof(myfoo));
83 myfoo.one[0] = 'A'; // not null terminated string
84 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
85 }
86
TEST_F(DEATHTEST,sprintf_fortified2)87 TEST_F(DEATHTEST, sprintf_fortified2) {
88 foo myfoo;
89 char source_buf[15];
90 memcpy(source_buf, "12345678901234", 15);
91 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
92 }
93
TEST_F(DEATHTEST,sprintf2_fortified2)94 TEST_F(DEATHTEST, sprintf2_fortified2) {
95 foo myfoo;
96 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
97 }
98
vsprintf_helper2(const char * fmt,...)99 static int vsprintf_helper2(const char *fmt, ...) {
100 foo myfoo;
101 va_list va;
102 int result;
103
104 va_start(va, fmt);
105 result = vsprintf(myfoo.a, fmt, va); // should crash here
106 va_end(va);
107 return result;
108 }
109
TEST_F(DEATHTEST,vsprintf_fortified2)110 TEST_F(DEATHTEST, vsprintf_fortified2) {
111 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
112 }
113
TEST_F(DEATHTEST,vsprintf2_fortified2)114 TEST_F(DEATHTEST, vsprintf2_fortified2) {
115 ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
116 }
117
vsnprintf_helper2(const char * fmt,...)118 static int vsnprintf_helper2(const char *fmt, ...) {
119 foo myfoo;
120 va_list va;
121 int result;
122 size_t size = atoi("11");
123
124 va_start(va, fmt);
125 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
126 va_end(va);
127 return result;
128 }
129
TEST_F(DEATHTEST,vsnprintf_fortified2)130 TEST_F(DEATHTEST, vsnprintf_fortified2) {
131 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
132 }
133
TEST_F(DEATHTEST,vsnprintf2_fortified2)134 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
135 ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
136 }
137
138 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,stpcpy_fortified2)139 TEST_F(DEATHTEST, stpcpy_fortified2) {
140 #if defined(__BIONIC__)
141 foo myfoo;
142 char* src = strdup("");
143 ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
144 free(src);
145 #else // __BIONIC__
146 GTEST_SKIP() << "stpcpy not available";
147 #endif // __BIONIC__
148 }
149
150 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy_fortified2)151 TEST_F(DEATHTEST, strcpy_fortified2) {
152 #if defined(__BIONIC__)
153 foo myfoo;
154 char* src = strdup("");
155 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
156 free(src);
157 #else // __BIONIC__
158 GTEST_SKIP() << "glibc is broken";
159 #endif // __BIONIC__
160 }
161
162 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified2)163 TEST_F(DEATHTEST, strcpy2_fortified2) {
164 #if defined(__BIONIC__)
165 foo myfoo;
166 char* src = strdup("1");
167 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
168 free(src);
169 #else // __BIONIC__
170 GTEST_SKIP() << "glibc is broken";
171 #endif // __BIONIC__
172 }
173
174 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified2)175 TEST_F(DEATHTEST, strcpy3_fortified2) {
176 #if defined(__BIONIC__)
177 foo myfoo;
178 char* src = strdup("12");
179 ASSERT_FORTIFY(strcpy(myfoo.one, src));
180 free(src);
181 #else // __BIONIC__
182 GTEST_SKIP() << "glibc is broken";
183 #endif // __BIONIC__
184 }
185
TEST_F(DEATHTEST,strchr_fortified2)186 TEST_F(DEATHTEST, strchr_fortified2) {
187 #if defined(__BIONIC__)
188 foo myfoo;
189 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
190 myfoo.b[0] = '\0';
191 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
192 ASSERT_FORTIFY(printf("%s", strchr(static_cast<const char*>(myfoo.a), 'a')));
193 #else // __BIONIC__
194 GTEST_SKIP() << "glibc is broken";
195 #endif // __BIONIC__
196 }
197
TEST_F(DEATHTEST,strrchr_fortified2)198 TEST_F(DEATHTEST, strrchr_fortified2) {
199 #if defined(__BIONIC__)
200 foo myfoo;
201 memcpy(myfoo.a, "0123456789", 10);
202 memcpy(myfoo.b, "01234", 6);
203 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
204 ASSERT_FORTIFY(printf("%s", strrchr(static_cast<const char*>(myfoo.a), 'a')));
205 #else // __BIONIC__
206 GTEST_SKIP() << "glibc is broken";
207 #endif // __BIONIC__
208 }
209
TEST_F(DEATHTEST,memchr_fortified2)210 TEST_F(DEATHTEST, memchr_fortified2) {
211 #if defined(__BIONIC__)
212 foo myfoo;
213 volatile int asize = sizeof(myfoo.a) + 1;
214 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
215 ASSERT_FORTIFY(printf("%s", memchr(myfoo.a, 'a', asize)));
216 ASSERT_FORTIFY(printf("%s", memchr(static_cast<const void*>(myfoo.a), 'a', asize)));
217 #else // __BIONIC__
218 GTEST_SKIP() << "glibc is broken";
219 #endif // __BIONIC__
220 }
221
TEST_F(DEATHTEST,memrchr_fortified2)222 TEST_F(DEATHTEST, memrchr_fortified2) {
223 #if defined(__BIONIC__)
224 foo myfoo;
225 volatile int asize = sizeof(myfoo.a) + 1;
226 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
227 ASSERT_FORTIFY(printf("%s", memrchr(myfoo.a, 'a', asize)));
228 ASSERT_FORTIFY(printf("%s", memrchr(static_cast<const void*>(myfoo.a), 'a', asize)));
229 #else // __BIONIC__
230 GTEST_SKIP() << "glibc is broken";
231 #endif // __BIONIC__
232 }
233
TEST_F(DEATHTEST,strlcpy_fortified2)234 TEST_F(DEATHTEST, strlcpy_fortified2) {
235 #if defined(__BIONIC__)
236 foo myfoo;
237 strcpy(myfoo.a, "01");
238 size_t n = strlen(myfoo.a);
239 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
240 #else // __BIONIC__
241 GTEST_SKIP() << "strlcpy not available";
242 #endif // __BIONIC__
243 }
244
TEST_F(DEATHTEST,strlcat_fortified2)245 TEST_F(DEATHTEST, strlcat_fortified2) {
246 #if defined(__BIONIC__)
247 foo myfoo;
248 strcpy(myfoo.a, "01");
249 myfoo.one[0] = '\0';
250 size_t n = strlen(myfoo.a);
251 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
252 #else // __BIONIC__
253 GTEST_SKIP() << "strlcat not available";
254 #endif // __BIONIC__
255 }
256
TEST_F(DEATHTEST,strncat_fortified2)257 TEST_F(DEATHTEST, strncat_fortified2) {
258 foo myfoo;
259 size_t n = atoi("10"); // avoid compiler optimizations
260 strncpy(myfoo.a, "012345678", n);
261 ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
262 }
263
TEST_F(DEATHTEST,strncat2_fortified2)264 TEST_F(DEATHTEST, strncat2_fortified2) {
265 foo myfoo;
266 myfoo.a[0] = '\0';
267 size_t n = atoi("10"); // avoid compiler optimizations
268 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
269 }
270
TEST_F(DEATHTEST,strncat3_fortified2)271 TEST_F(DEATHTEST, strncat3_fortified2) {
272 foo myfoo;
273 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
274 myfoo.b[0] = '\0';
275 size_t n = atoi("10"); // avoid compiler optimizations
276 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
277 }
278
TEST_F(DEATHTEST,strcat_fortified2)279 TEST_F(DEATHTEST, strcat_fortified2) {
280 char src[11];
281 strcpy(src, "0123456789");
282 foo myfoo;
283 myfoo.a[0] = '\0';
284 ASSERT_FORTIFY(strcat(myfoo.a, src));
285 }
286
TEST_F(DEATHTEST,strcat2_fortified2)287 TEST_F(DEATHTEST, strcat2_fortified2) {
288 foo myfoo;
289 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
290 myfoo.b[0] = '\0';
291 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
292 }
293
TEST_F(DEATHTEST,snprintf_fortified2)294 TEST_F(DEATHTEST, snprintf_fortified2) {
295 foo myfoo;
296 strcpy(myfoo.a, "012345678");
297 size_t n = strlen(myfoo.a) + 2;
298 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
299 }
300
TEST_F(DEATHTEST,bzero_fortified2)301 TEST_F(DEATHTEST, bzero_fortified2) {
302 foo myfoo;
303 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
304 size_t n = atoi("11");
305 ASSERT_FORTIFY(bzero(myfoo.b, n));
306 }
307
308 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
309
310 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)311 TEST_F(DEATHTEST, strcpy_fortified) {
312 #if defined(__BIONIC__)
313 char buf[10];
314 char *orig = strdup("0123456789");
315 ASSERT_FORTIFY(strcpy(buf, orig));
316 free(orig);
317 #else // __BIONIC__
318 GTEST_SKIP() << "glibc is broken";
319 #endif // __BIONIC__
320 }
321
322 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)323 TEST_F(DEATHTEST, strcpy2_fortified) {
324 #if defined(__BIONIC__)
325 char buf[0];
326 char *orig = strdup("");
327 ASSERT_FORTIFY(strcpy(buf, orig));
328 free(orig);
329 #else // __BIONIC__
330 GTEST_SKIP() << "glibc is broken";
331 #endif // __BIONIC__
332 }
333
334 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)335 TEST_F(DEATHTEST, strcpy3_fortified) {
336 #if defined(__BIONIC__)
337 char buf[0];
338 char *orig = strdup("1");
339 ASSERT_FORTIFY(strcpy(buf, orig));
340 free(orig);
341 #else // __BIONIC__
342 GTEST_SKIP() << "glibc is broken";
343 #endif // __BIONIC__
344 }
345
346 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)347 TEST_F(DEATHTEST, strcpy4_fortified) {
348 #if defined(__BIONIC__)
349 char buf[1];
350 char *orig = strdup("12");
351 ASSERT_FORTIFY(strcpy(buf, orig));
352 free(orig);
353 #else // __BIONIC__
354 GTEST_SKIP() << "glibc is broken";
355 #endif // __BIONIC__
356 }
357
TEST_F(DEATHTEST,strlen_fortified)358 TEST_F(DEATHTEST, strlen_fortified) {
359 #if defined(__BIONIC__)
360 char buf[10];
361 memcpy(buf, "0123456789", sizeof(buf));
362 ASSERT_FORTIFY(printf("%zd", strlen(buf)));
363 #else // __BIONIC__
364 GTEST_SKIP() << "glibc is broken";
365 #endif // __BIONIC__
366 }
367
TEST_F(DEATHTEST,strchr_fortified)368 TEST_F(DEATHTEST, strchr_fortified) {
369 #if defined(__BIONIC__)
370 char buf[10];
371 memcpy(buf, "0123456789", sizeof(buf));
372 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
373 #else // __BIONIC__
374 GTEST_SKIP() << "glibc is broken";
375 #endif // __BIONIC__
376 }
377
TEST_F(DEATHTEST,strrchr_fortified)378 TEST_F(DEATHTEST, strrchr_fortified) {
379 #if defined(__BIONIC__)
380 char buf[10];
381 memcpy(buf, "0123456789", sizeof(buf));
382 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
383 #else // __BIONIC__
384 GTEST_SKIP() << "glibc is broken";
385 #endif // __BIONIC__
386 }
387
TEST_F(DEATHTEST,strlcpy_fortified)388 TEST_F(DEATHTEST, strlcpy_fortified) {
389 #if defined(__BIONIC__)
390 char bufa[15];
391 char bufb[10];
392 strcpy(bufa, "01234567890123");
393 size_t n = strlen(bufa);
394 ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
395 #else // __BIONIC__
396 GTEST_SKIP() << "strlcpy not available";
397 #endif // __BIONIC__
398 }
399
TEST_F(DEATHTEST,strlcat_fortified)400 TEST_F(DEATHTEST, strlcat_fortified) {
401 #if defined(__BIONIC__)
402 char bufa[15];
403 char bufb[10];
404 bufb[0] = '\0';
405 strcpy(bufa, "01234567890123");
406 size_t n = strlen(bufa);
407 ASSERT_FORTIFY(strlcat(bufb, bufa, n));
408 #else // __BIONIC__
409 GTEST_SKIP() << "strlcat not available";
410 #endif // __BIONIC__
411 }
412
TEST_F(DEATHTEST,sprintf_fortified)413 TEST_F(DEATHTEST, sprintf_fortified) {
414 char buf[10];
415 char source_buf[15];
416 memcpy(source_buf, "12345678901234", 15);
417 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
418 }
419
420 #if !__has_attribute(alloc_size)
421 // TODO: remove this after Clang prebuilt rebase.
422 #else
TEST_F(DEATHTEST,sprintf_malloc_fortified)423 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
424 char* buf = (char *) malloc(10);
425 char source_buf[11];
426 memcpy(source_buf, "1234567890", 11);
427 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
428 free(buf);
429 }
430 #endif
431
TEST_F(DEATHTEST,sprintf2_fortified)432 TEST_F(DEATHTEST, sprintf2_fortified) {
433 char buf[5];
434 ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
435 }
436
vsprintf_helper(const char * fmt,...)437 static int vsprintf_helper(const char *fmt, ...) {
438 char buf[10];
439 va_list va;
440 int result;
441
442 va_start(va, fmt);
443 result = vsprintf(buf, fmt, va); // should crash here
444 va_end(va);
445 return result;
446 }
447
TEST_F(DEATHTEST,vsprintf_fortified)448 TEST_F(DEATHTEST, vsprintf_fortified) {
449 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
450 }
451
TEST_F(DEATHTEST,vsprintf2_fortified)452 TEST_F(DEATHTEST, vsprintf2_fortified) {
453 ASSERT_FORTIFY(vsprintf_helper("0123456789"));
454 }
455
vsnprintf_helper(const char * fmt,...)456 static int vsnprintf_helper(const char *fmt, ...) {
457 char buf[10];
458 va_list va;
459 int result;
460 size_t size = atoi("11");
461
462 va_start(va, fmt);
463 result = vsnprintf(buf, size, fmt, va); // should crash here
464 va_end(va);
465 return result;
466 }
467
TEST_F(DEATHTEST,vsnprintf_fortified)468 TEST_F(DEATHTEST, vsnprintf_fortified) {
469 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
470 }
471
TEST_F(DEATHTEST,vsnprintf2_fortified)472 TEST_F(DEATHTEST, vsnprintf2_fortified) {
473 ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
474 }
475
TEST_F(DEATHTEST,strncat_fortified)476 TEST_F(DEATHTEST, strncat_fortified) {
477 char buf[10];
478 size_t n = atoi("10"); // avoid compiler optimizations
479 strncpy(buf, "012345678", n);
480 ASSERT_FORTIFY(strncat(buf, "9", n));
481 }
482
TEST_F(DEATHTEST,strncat2_fortified)483 TEST_F(DEATHTEST, strncat2_fortified) {
484 char buf[10];
485 buf[0] = '\0';
486 size_t n = atoi("10"); // avoid compiler optimizations
487 ASSERT_FORTIFY(strncat(buf, "0123456789", n));
488 }
489
TEST_F(DEATHTEST,strcat_fortified)490 TEST_F(DEATHTEST, strcat_fortified) {
491 char src[11];
492 strcpy(src, "0123456789");
493 char buf[10];
494 buf[0] = '\0';
495 ASSERT_FORTIFY(strcat(buf, src));
496 }
497
TEST_F(DEATHTEST,memmove_fortified)498 TEST_F(DEATHTEST, memmove_fortified) {
499 char buf[20];
500 strcpy(buf, "0123456789");
501 size_t n = atoi("10");
502 ASSERT_FORTIFY(memmove(buf + 11, buf, n));
503 }
504
TEST_F(DEATHTEST,memcpy_fortified)505 TEST_F(DEATHTEST, memcpy_fortified) {
506 char bufa[10];
507 char bufb[10];
508 strcpy(bufa, "012345678");
509 size_t n = atoi("11");
510 ASSERT_FORTIFY(memcpy(bufb, bufa, n));
511 }
512
TEST_F(DEATHTEST,memset_fortified)513 TEST_F(DEATHTEST, memset_fortified) {
514 char buf[10];
515 size_t n = atoi("11");
516 ASSERT_FORTIFY(memset(buf, 0, n));
517 }
518
TEST_F(DEATHTEST,stpncpy_fortified)519 TEST_F(DEATHTEST, stpncpy_fortified) {
520 char bufa[15];
521 char bufb[10];
522 strcpy(bufa, "01234567890123");
523 size_t n = strlen(bufa);
524 ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
525 }
526
TEST_F(DEATHTEST,stpncpy2_fortified)527 TEST_F(DEATHTEST, stpncpy2_fortified) {
528 char dest[11];
529 char src[10];
530 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
531 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
532 }
533
TEST_F(DEATHTEST,strncpy_fortified)534 TEST_F(DEATHTEST, strncpy_fortified) {
535 char bufa[15];
536 char bufb[10];
537 strcpy(bufa, "01234567890123");
538 size_t n = strlen(bufa);
539 ASSERT_FORTIFY(strncpy(bufb, bufa, n));
540 }
541
542
TEST_F(DEATHTEST,strncpy2_fortified)543 TEST_F(DEATHTEST, strncpy2_fortified) {
544 char dest[11];
545 char src[10];
546 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
547 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
548 }
549
TEST_F(DEATHTEST,snprintf_fortified)550 TEST_F(DEATHTEST, snprintf_fortified) {
551 char bufa[15];
552 char bufb[10];
553 strcpy(bufa, "0123456789");
554 size_t n = strlen(bufa) + 1;
555 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
556 }
557
TEST_F(DEATHTEST,bzero_fortified)558 TEST_F(DEATHTEST, bzero_fortified) {
559 char buf[10];
560 memcpy(buf, "0123456789", sizeof(buf));
561 size_t n = atoi("11");
562 ASSERT_FORTIFY(bzero(buf, n));
563 }
564
TEST_F(DEATHTEST,umask_fortified)565 TEST_F(DEATHTEST, umask_fortified) {
566 mode_t mask = atoi("1023"); // 01777 in octal
567 ASSERT_FORTIFY(umask(mask));
568 }
569
TEST_F(DEATHTEST,recv_fortified)570 TEST_F(DEATHTEST, recv_fortified) {
571 size_t data_len = atoi("11"); // suppress compiler optimizations
572 char buf[10];
573 ASSERT_FORTIFY(recv(0, buf, data_len, 0));
574 }
575
TEST_F(DEATHTEST,send_fortified)576 TEST_F(DEATHTEST, send_fortified) {
577 size_t data_len = atoi("11"); // suppress compiler optimizations
578 char buf[10] = {0};
579 ASSERT_FORTIFY(send(0, buf, data_len, 0));
580 }
581
TEST_F(DEATHTEST,FD_ISSET_fortified)582 TEST_F(DEATHTEST, FD_ISSET_fortified) {
583 #if defined(__BIONIC__) // glibc catches this at compile-time.
584 fd_set set;
585 memset(&set, 0, sizeof(set));
586 ASSERT_FORTIFY(FD_ISSET(-1, &set));
587 #endif
588 }
589
TEST_F(DEATHTEST,FD_ISSET_2_fortified)590 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
591 char buf[1];
592 fd_set* set = (fd_set*) buf;
593 ASSERT_FORTIFY(FD_ISSET(0, set));
594 }
595
TEST_F(DEATHTEST,getcwd_fortified)596 TEST_F(DEATHTEST, getcwd_fortified) {
597 char buf[1];
598 size_t ct = atoi("2"); // prevent optimizations
599 ASSERT_FORTIFY(getcwd(buf, ct));
600 }
601
TEST_F(DEATHTEST,pread_fortified)602 TEST_F(DEATHTEST, pread_fortified) {
603 char buf[1];
604 size_t ct = atoi("2"); // prevent optimizations
605 int fd = open("/dev/null", O_RDONLY);
606 ASSERT_FORTIFY(pread(fd, buf, ct, 0));
607 close(fd);
608 }
609
TEST_F(DEATHTEST,pread64_fortified)610 TEST_F(DEATHTEST, pread64_fortified) {
611 char buf[1];
612 size_t ct = atoi("2"); // prevent optimizations
613 int fd = open("/dev/null", O_RDONLY);
614 ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
615 close(fd);
616 }
617
TEST_F(DEATHTEST,pwrite_fortified)618 TEST_F(DEATHTEST, pwrite_fortified) {
619 char buf[1] = {0};
620 size_t ct = atoi("2"); // prevent optimizations
621 int fd = open("/dev/null", O_WRONLY);
622 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
623 close(fd);
624 }
625
TEST_F(DEATHTEST,pwrite64_fortified)626 TEST_F(DEATHTEST, pwrite64_fortified) {
627 char buf[1] = {0};
628 size_t ct = atoi("2"); // prevent optimizations
629 int fd = open("/dev/null", O_WRONLY);
630 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
631 close(fd);
632 }
633
TEST_F(DEATHTEST,read_fortified)634 TEST_F(DEATHTEST, read_fortified) {
635 char buf[1];
636 size_t ct = atoi("2"); // prevent optimizations
637 int fd = open("/dev/null", O_RDONLY);
638 ASSERT_FORTIFY(read(fd, buf, ct));
639 close(fd);
640 }
641
TEST_F(DEATHTEST,write_fortified)642 TEST_F(DEATHTEST, write_fortified) {
643 char buf[1] = {0};
644 size_t ct = atoi("2"); // prevent optimizations
645 int fd = open("/dev/null", O_WRONLY);
646 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
647 close(fd);
648 }
649
TEST_F(DEATHTEST,fread_fortified)650 TEST_F(DEATHTEST, fread_fortified) {
651 char buf[1];
652 size_t ct = atoi("2"); // prevent optimizations
653 FILE* fp = fopen("/dev/null", "r");
654 ASSERT_FORTIFY(fread(buf, 1, ct, fp));
655 fclose(fp);
656 }
657
TEST_F(DEATHTEST,fwrite_fortified)658 TEST_F(DEATHTEST, fwrite_fortified) {
659 char buf[1] = {0};
660 size_t ct = atoi("2"); // prevent optimizations
661 FILE* fp = fopen("/dev/null", "w");
662 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
663 fclose(fp);
664 }
665
TEST_F(DEATHTEST,readlink_fortified)666 TEST_F(DEATHTEST, readlink_fortified) {
667 char buf[1];
668 size_t ct = atoi("2"); // prevent optimizations
669 ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
670 }
671
TEST_F(DEATHTEST,readlinkat_fortified)672 TEST_F(DEATHTEST, readlinkat_fortified) {
673 char buf[1];
674 size_t ct = atoi("2"); // prevent optimizations
675 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
676 }
677
678 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
679 extern "C" char* __strcat_chk(char*, const char*, size_t);
680
TEST(TEST_NAME,strncat)681 TEST(TEST_NAME, strncat) {
682 char buf[10];
683 memset(buf, 'A', sizeof(buf));
684 buf[0] = 'a';
685 buf[1] = '\0';
686 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
687 ASSERT_EQ(buf, res);
688 ASSERT_EQ('a', buf[0]);
689 ASSERT_EQ('0', buf[1]);
690 ASSERT_EQ('1', buf[2]);
691 ASSERT_EQ('2', buf[3]);
692 ASSERT_EQ('3', buf[4]);
693 ASSERT_EQ('4', buf[5]);
694 ASSERT_EQ('\0', buf[6]);
695 ASSERT_EQ('A', buf[7]);
696 ASSERT_EQ('A', buf[8]);
697 ASSERT_EQ('A', buf[9]);
698 }
699
TEST(TEST_NAME,strncat2)700 TEST(TEST_NAME, strncat2) {
701 char buf[10];
702 memset(buf, 'A', sizeof(buf));
703 buf[0] = 'a';
704 buf[1] = '\0';
705 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
706 ASSERT_EQ(buf, res);
707 ASSERT_EQ('a', buf[0]);
708 ASSERT_EQ('0', buf[1]);
709 ASSERT_EQ('1', buf[2]);
710 ASSERT_EQ('2', buf[3]);
711 ASSERT_EQ('3', buf[4]);
712 ASSERT_EQ('4', buf[5]);
713 ASSERT_EQ('\0', buf[6]);
714 ASSERT_EQ('A', buf[7]);
715 ASSERT_EQ('A', buf[8]);
716 ASSERT_EQ('A', buf[9]);
717 }
718
TEST(TEST_NAME,strncat3)719 TEST(TEST_NAME, strncat3) {
720 char buf[10];
721 memset(buf, 'A', sizeof(buf));
722 buf[0] = '\0';
723 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
724 ASSERT_EQ(buf, res);
725 ASSERT_EQ('0', buf[0]);
726 ASSERT_EQ('1', buf[1]);
727 ASSERT_EQ('2', buf[2]);
728 ASSERT_EQ('3', buf[3]);
729 ASSERT_EQ('4', buf[4]);
730 ASSERT_EQ('\0', buf[5]);
731 ASSERT_EQ('A', buf[6]);
732 ASSERT_EQ('A', buf[7]);
733 ASSERT_EQ('A', buf[8]);
734 ASSERT_EQ('A', buf[9]);
735 }
736
TEST(TEST_NAME,strncat4)737 TEST(TEST_NAME, strncat4) {
738 char buf[10];
739 memset(buf, 'A', sizeof(buf));
740 buf[9] = '\0';
741 char* res = __strncat_chk(buf, "", 5, sizeof(buf));
742 ASSERT_EQ(buf, res);
743 ASSERT_EQ('A', buf[0]);
744 ASSERT_EQ('A', buf[1]);
745 ASSERT_EQ('A', buf[2]);
746 ASSERT_EQ('A', buf[3]);
747 ASSERT_EQ('A', buf[4]);
748 ASSERT_EQ('A', buf[5]);
749 ASSERT_EQ('A', buf[6]);
750 ASSERT_EQ('A', buf[7]);
751 ASSERT_EQ('A', buf[8]);
752 ASSERT_EQ('\0', buf[9]);
753 }
754
TEST(TEST_NAME,strncat5)755 TEST(TEST_NAME, strncat5) {
756 char buf[10];
757 memset(buf, 'A', sizeof(buf));
758 buf[0] = 'a';
759 buf[1] = '\0';
760 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
761 ASSERT_EQ(buf, res);
762 ASSERT_EQ('a', buf[0]);
763 ASSERT_EQ('0', buf[1]);
764 ASSERT_EQ('1', buf[2]);
765 ASSERT_EQ('2', buf[3]);
766 ASSERT_EQ('3', buf[4]);
767 ASSERT_EQ('4', buf[5]);
768 ASSERT_EQ('5', buf[6]);
769 ASSERT_EQ('6', buf[7]);
770 ASSERT_EQ('7', buf[8]);
771 ASSERT_EQ('\0', buf[9]);
772 }
773
TEST(TEST_NAME,strncat6)774 TEST(TEST_NAME, strncat6) {
775 char buf[10];
776 memset(buf, 'A', sizeof(buf));
777 buf[0] = 'a';
778 buf[1] = '\0';
779 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
780 ASSERT_EQ(buf, res);
781 ASSERT_EQ('a', buf[0]);
782 ASSERT_EQ('0', buf[1]);
783 ASSERT_EQ('1', buf[2]);
784 ASSERT_EQ('2', buf[3]);
785 ASSERT_EQ('3', buf[4]);
786 ASSERT_EQ('4', buf[5]);
787 ASSERT_EQ('5', buf[6]);
788 ASSERT_EQ('6', buf[7]);
789 ASSERT_EQ('7', buf[8]);
790 ASSERT_EQ('\0', buf[9]);
791 }
792
793
TEST(TEST_NAME,strcat)794 TEST(TEST_NAME, strcat) {
795 char buf[10];
796 memset(buf, 'A', sizeof(buf));
797 buf[0] = 'a';
798 buf[1] = '\0';
799 char* res = __strcat_chk(buf, "01234", sizeof(buf));
800 ASSERT_EQ(buf, res);
801 ASSERT_EQ('a', buf[0]);
802 ASSERT_EQ('0', buf[1]);
803 ASSERT_EQ('1', buf[2]);
804 ASSERT_EQ('2', buf[3]);
805 ASSERT_EQ('3', buf[4]);
806 ASSERT_EQ('4', buf[5]);
807 ASSERT_EQ('\0', buf[6]);
808 ASSERT_EQ('A', buf[7]);
809 ASSERT_EQ('A', buf[8]);
810 ASSERT_EQ('A', buf[9]);
811 }
812
TEST(TEST_NAME,strcat2)813 TEST(TEST_NAME, strcat2) {
814 char buf[10];
815 memset(buf, 'A', sizeof(buf));
816 buf[0] = 'a';
817 buf[1] = '\0';
818 char* res = __strcat_chk(buf, "01234567", sizeof(buf));
819 ASSERT_EQ(buf, res);
820 ASSERT_EQ('a', buf[0]);
821 ASSERT_EQ('0', buf[1]);
822 ASSERT_EQ('1', buf[2]);
823 ASSERT_EQ('2', buf[3]);
824 ASSERT_EQ('3', buf[4]);
825 ASSERT_EQ('4', buf[5]);
826 ASSERT_EQ('5', buf[6]);
827 ASSERT_EQ('6', buf[7]);
828 ASSERT_EQ('7', buf[8]);
829 ASSERT_EQ('\0', buf[9]);
830 }
831
TEST(TEST_NAME,stpncpy)832 TEST(TEST_NAME, stpncpy) {
833 char src[10];
834 char dst[10];
835 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
836 stpncpy(dst, src, sizeof(dst));
837 ASSERT_EQ('0', dst[0]);
838 ASSERT_EQ('1', dst[1]);
839 ASSERT_EQ('2', dst[2]);
840 ASSERT_EQ('3', dst[3]);
841 ASSERT_EQ('4', dst[4]);
842 ASSERT_EQ('5', dst[5]);
843 ASSERT_EQ('6', dst[6]);
844 ASSERT_EQ('7', dst[7]);
845 ASSERT_EQ('8', dst[8]);
846 ASSERT_EQ('9', dst[9]);
847 }
848
TEST(TEST_NAME,stpncpy2)849 TEST(TEST_NAME, stpncpy2) {
850 char src[10];
851 char dst[15];
852 memcpy(src, "012345678\0", sizeof(src));
853 stpncpy(dst, src, sizeof(dst));
854 ASSERT_EQ('0', dst[0]);
855 ASSERT_EQ('1', dst[1]);
856 ASSERT_EQ('2', dst[2]);
857 ASSERT_EQ('3', dst[3]);
858 ASSERT_EQ('4', dst[4]);
859 ASSERT_EQ('5', dst[5]);
860 ASSERT_EQ('6', dst[6]);
861 ASSERT_EQ('7', dst[7]);
862 ASSERT_EQ('8', dst[8]);
863 ASSERT_EQ('\0', dst[9]);
864 ASSERT_EQ('\0', dst[10]);
865 ASSERT_EQ('\0', dst[11]);
866 ASSERT_EQ('\0', dst[12]);
867 ASSERT_EQ('\0', dst[13]);
868 ASSERT_EQ('\0', dst[14]);
869 }
870
TEST(TEST_NAME,strncpy)871 TEST(TEST_NAME, strncpy) {
872 char src[10];
873 char dst[10];
874 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
875 strncpy(dst, src, sizeof(dst));
876 ASSERT_EQ('0', dst[0]);
877 ASSERT_EQ('1', dst[1]);
878 ASSERT_EQ('2', dst[2]);
879 ASSERT_EQ('3', dst[3]);
880 ASSERT_EQ('4', dst[4]);
881 ASSERT_EQ('5', dst[5]);
882 ASSERT_EQ('6', dst[6]);
883 ASSERT_EQ('7', dst[7]);
884 ASSERT_EQ('8', dst[8]);
885 ASSERT_EQ('9', dst[9]);
886 }
887
TEST(TEST_NAME,strncpy2)888 TEST(TEST_NAME, strncpy2) {
889 char src[10];
890 char dst[15];
891 memcpy(src, "012345678\0", sizeof(src));
892 strncpy(dst, src, sizeof(dst));
893 ASSERT_EQ('0', dst[0]);
894 ASSERT_EQ('1', dst[1]);
895 ASSERT_EQ('2', dst[2]);
896 ASSERT_EQ('3', dst[3]);
897 ASSERT_EQ('4', dst[4]);
898 ASSERT_EQ('5', dst[5]);
899 ASSERT_EQ('6', dst[6]);
900 ASSERT_EQ('7', dst[7]);
901 ASSERT_EQ('8', dst[8]);
902 ASSERT_EQ('\0', dst[9]);
903 ASSERT_EQ('\0', dst[10]);
904 ASSERT_EQ('\0', dst[11]);
905 ASSERT_EQ('\0', dst[12]);
906 ASSERT_EQ('\0', dst[13]);
907 ASSERT_EQ('\0', dst[14]);
908 }
909
TEST(TEST_NAME,strcat_chk_max_int_size)910 TEST(TEST_NAME, strcat_chk_max_int_size) {
911 char buf[10];
912 memset(buf, 'A', sizeof(buf));
913 buf[0] = 'a';
914 buf[1] = '\0';
915 char* res = __strcat_chk(buf, "01234567", (size_t)-1);
916 ASSERT_EQ(buf, res);
917 ASSERT_EQ('a', buf[0]);
918 ASSERT_EQ('0', buf[1]);
919 ASSERT_EQ('1', buf[2]);
920 ASSERT_EQ('2', buf[3]);
921 ASSERT_EQ('3', buf[4]);
922 ASSERT_EQ('4', buf[5]);
923 ASSERT_EQ('5', buf[6]);
924 ASSERT_EQ('6', buf[7]);
925 ASSERT_EQ('7', buf[8]);
926 ASSERT_EQ('\0', buf[9]);
927 }
928
929 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
930
TEST(TEST_NAME,stpcpy_chk_max_int_size)931 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
932 char buf[10];
933 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
934 ASSERT_EQ(buf + strlen("012345678"), res);
935 ASSERT_STREQ("012345678", buf);
936 }
937
938 extern "C" char* __strcpy_chk(char*, const char*, size_t);
939
TEST(TEST_NAME,strcpy_chk_max_int_size)940 TEST(TEST_NAME, strcpy_chk_max_int_size) {
941 char buf[10];
942 char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
943 ASSERT_EQ(buf, res);
944 ASSERT_STREQ("012345678", buf);
945 }
946
947 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
948
TEST(TEST_NAME,memcpy_chk_max_int_size)949 TEST(TEST_NAME, memcpy_chk_max_int_size) {
950 char buf[10];
951 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
952 ASSERT_EQ((void*)buf, res);
953 ASSERT_EQ('0', buf[0]);
954 ASSERT_EQ('1', buf[1]);
955 ASSERT_EQ('2', buf[2]);
956 ASSERT_EQ('3', buf[3]);
957 ASSERT_EQ('4', buf[4]);
958 ASSERT_EQ('5', buf[5]);
959 ASSERT_EQ('6', buf[6]);
960 ASSERT_EQ('7', buf[7]);
961 ASSERT_EQ('8', buf[8]);
962 ASSERT_EQ('\0', buf[9]);
963 }
964
965 // Verify that macro expansion is done properly for sprintf/snprintf (which
966 // are defined as macros in stdio.h under clang).
967 #define CONTENTS "macro expansion"
968 #define BUF_AND_SIZE(A) A, sizeof(A)
969 #define BUF_AND_CONTENTS(A) A, CONTENTS
970 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)971 TEST(TEST_NAME, s_n_printf_macro_expansion) {
972 char buf[BUFSIZ];
973 snprintf(BUF_AND_SIZE(buf), CONTENTS);
974 EXPECT_STREQ(CONTENTS, buf);
975
976 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
977 EXPECT_STREQ(CONTENTS, buf);
978
979 sprintf(BUF_AND_CONTENTS(buf));
980 EXPECT_STREQ(CONTENTS, buf);
981 }
982
TEST_F(DEATHTEST,poll_fortified)983 TEST_F(DEATHTEST, poll_fortified) {
984 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
985 pollfd buf[1] = {{0, POLLIN, 0}};
986 // Set timeout to zero to prevent waiting in poll when fortify test fails.
987 ASSERT_FORTIFY(poll(buf, fd_count, 0));
988 }
989
TEST_F(DEATHTEST,ppoll_fortified)990 TEST_F(DEATHTEST, ppoll_fortified) {
991 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
992 pollfd buf[1] = {{0, POLLIN, 0}};
993 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
994 timespec timeout;
995 timeout.tv_sec = timeout.tv_nsec = 0;
996 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, nullptr));
997 }
998
TEST_F(DEATHTEST,ppoll64_fortified)999 TEST_F(DEATHTEST, ppoll64_fortified) {
1000 #if __BIONIC__ // glibc doesn't have ppoll64.
1001 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1002 pollfd buf[1] = {{0, POLLIN, 0}};
1003 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1004 timespec timeout;
1005 timeout.tv_sec = timeout.tv_nsec = 0;
1006 ASSERT_FORTIFY(ppoll64(buf, fd_count, &timeout, nullptr));
1007 #endif
1008 }
1009
TEST_F(DEATHTEST,open_O_CREAT_without_mode_fortified)1010 TEST_F(DEATHTEST, open_O_CREAT_without_mode_fortified) {
1011 int flags = O_CREAT; // Fool the compiler.
1012 ASSERT_FORTIFY(open("", flags));
1013 }
1014
TEST_F(DEATHTEST,open_O_TMPFILE_without_mode_fortified)1015 TEST_F(DEATHTEST, open_O_TMPFILE_without_mode_fortified) {
1016 #if __BIONIC__ // Our glibc is too old for O_TMPFILE.
1017 int flags = O_TMPFILE; // Fool the compiler.
1018 ASSERT_FORTIFY(open("", flags));
1019 #endif
1020 }
1021