• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 /*
2  * Copyright (C) 2013 The Android Open Source Project
3  *
4  * Licensed under the Apache License, Version 2.0 (the "License");
5  * you may not use this file except in compliance with the License.
6  * You may obtain a copy of the License at
7  *
8  *      http://www.apache.org/licenses/LICENSE-2.0
9  *
10  * Unless required by applicable law or agreed to in writing, software
11  * distributed under the License is distributed on an "AS IS" BASIS,
12  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13  * See the License for the specific language governing permissions and
14  * limitations under the License.
15  */
16 
17 #include <gtest/gtest.h>
18 #include "BionicDeathTest.h"
19 
20 #include <fcntl.h>
21 #include <malloc.h>
22 #include <poll.h>
23 #include <signal.h>
24 #include <stdarg.h>
25 #include <string.h>
26 #include <sys/socket.h>
27 #include <sys/stat.h>
28 #include <sys/types.h>
29 #include <time.h>
30 
31 #if __BIONIC__
32 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
33 #else
34 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
35 #endif
36 
37 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
38 // distinguish different tests. TEST_NAME is defined in compilation command.
39 #define DEATHTEST_PASTER(name) name##_DeathTest
40 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
41 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
42 
43 class DEATHTEST : public BionicDeathTest {};
44 
45 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
46 struct foo {
47   char empty[0];
48   char one[1];
49   char a[10];
50   char b[10];
51 };
52 
53 #ifndef __clang__
54 // This test is disabled in clang because clang doesn't properly detect
55 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy_fortified2)56 TEST_F(DEATHTEST, stpncpy_fortified2) {
57   foo myfoo;
58   int copy_amt = atoi("11");
59   ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
60 }
61 #endif
62 
63 #ifndef __clang__
64 // This test is disabled in clang because clang doesn't properly detect
65 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpncpy2_fortified2)66 TEST_F(DEATHTEST, stpncpy2_fortified2) {
67   foo myfoo;
68   memset(&myfoo, 0, sizeof(myfoo));
69   myfoo.one[0] = 'A'; // not null terminated string
70   ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
71 }
72 #endif
73 
74 #ifndef __clang__
75 // This test is disabled in clang because clang doesn't properly detect
76 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy_fortified2)77 TEST_F(DEATHTEST, strncpy_fortified2) {
78   foo myfoo;
79   int copy_amt = atoi("11");
80   ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
81 }
82 #endif
83 
84 #ifndef __clang__
85 // This test is disabled in clang because clang doesn't properly detect
86 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncpy2_fortified2)87 TEST_F(DEATHTEST, strncpy2_fortified2) {
88   foo myfoo;
89   memset(&myfoo, 0, sizeof(myfoo));
90   myfoo.one[0] = 'A'; // not null terminated string
91   ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
92 }
93 #endif
94 
95 #ifndef __clang__
96 // This test is disabled in clang because clang doesn't properly detect
97 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_fortified2)98 TEST_F(DEATHTEST, sprintf_fortified2) {
99   foo myfoo;
100   char source_buf[15];
101   memcpy(source_buf, "12345678901234", 15);
102   ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
103 }
104 #endif
105 
106 #ifndef __clang__
107 // This test is disabled in clang because clang doesn't properly detect
108 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf2_fortified2)109 TEST_F(DEATHTEST, sprintf2_fortified2) {
110   foo myfoo;
111   ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
112 }
113 #endif
114 
115 #ifndef __clang__
116 // These tests are disabled in clang because clang doesn't properly detect
117 // this buffer overflow. TODO: Fix clang.
vsprintf_helper2(const char * fmt,...)118 static int vsprintf_helper2(const char *fmt, ...) {
119   foo myfoo;
120   va_list va;
121   int result;
122 
123   va_start(va, fmt);
124   result = vsprintf(myfoo.a, fmt, va); // should crash here
125   va_end(va);
126   return result;
127 }
128 
TEST_F(DEATHTEST,vsprintf_fortified2)129 TEST_F(DEATHTEST, vsprintf_fortified2) {
130   ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
131 }
132 
TEST_F(DEATHTEST,vsprintf2_fortified2)133 TEST_F(DEATHTEST, vsprintf2_fortified2) {
134   ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
135 }
136 #endif
137 
138 #ifndef __clang__
139 // These tests are disabled in clang because clang doesn't properly detect
140 // this buffer overflow. TODO: Fix clang.
vsnprintf_helper2(const char * fmt,...)141 static int vsnprintf_helper2(const char *fmt, ...) {
142   foo myfoo;
143   va_list va;
144   int result;
145   size_t size = atoi("11");
146 
147   va_start(va, fmt);
148   result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
149   va_end(va);
150   return result;
151 }
152 
TEST_F(DEATHTEST,vsnprintf_fortified2)153 TEST_F(DEATHTEST, vsnprintf_fortified2) {
154   ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
155 }
156 
TEST_F(DEATHTEST,vsnprintf2_fortified2)157 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
158   ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
159 }
160 #endif
161 
162 #ifndef __clang__
163 // zero sized target with "\0" source (should fail)
164 // This test is disabled in clang because clang doesn't properly detect
165 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,stpcpy_fortified2)166 TEST_F(DEATHTEST, stpcpy_fortified2) {
167 #if defined(__BIONIC__)
168   foo myfoo;
169   char* src = strdup("");
170   ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
171   free(src);
172 #else // __BIONIC__
173   GTEST_LOG_(INFO) << "This test does nothing.\n";
174 #endif // __BIONIC__
175 }
176 #endif
177 
178 #ifndef __clang__
179 // zero sized target with "\0" source (should fail)
180 // This test is disabled in clang because clang doesn't properly detect
181 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy_fortified2)182 TEST_F(DEATHTEST, strcpy_fortified2) {
183 #if defined(__BIONIC__)
184   foo myfoo;
185   char* src = strdup("");
186   ASSERT_FORTIFY(strcpy(myfoo.empty, src));
187   free(src);
188 #else // __BIONIC__
189   GTEST_LOG_(INFO) << "This test does nothing.\n";
190 #endif // __BIONIC__
191 }
192 #endif
193 
194 #ifndef __clang__
195 // zero sized target with longer source (should fail)
196 // This test is disabled in clang because clang doesn't properly detect
197 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy2_fortified2)198 TEST_F(DEATHTEST, strcpy2_fortified2) {
199 #if defined(__BIONIC__)
200   foo myfoo;
201   char* src = strdup("1");
202   ASSERT_FORTIFY(strcpy(myfoo.empty, src));
203   free(src);
204 #else // __BIONIC__
205   GTEST_LOG_(INFO) << "This test does nothing.\n";
206 #endif // __BIONIC__
207 }
208 #endif
209 
210 #ifndef __clang__
211 // one byte target with longer source (should fail)
212 // This test is disabled in clang because clang doesn't properly detect
213 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcpy3_fortified2)214 TEST_F(DEATHTEST, strcpy3_fortified2) {
215 #if defined(__BIONIC__)
216   foo myfoo;
217   char* src = strdup("12");
218   ASSERT_FORTIFY(strcpy(myfoo.one, src));
219   free(src);
220 #else // __BIONIC__
221   GTEST_LOG_(INFO) << "This test does nothing.\n";
222 #endif // __BIONIC__
223 }
224 #endif
225 
226 #ifndef __clang__
227 // This test is disabled in clang because clang doesn't properly detect
228 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strchr_fortified2)229 TEST_F(DEATHTEST, strchr_fortified2) {
230 #if defined(__BIONIC__)
231   foo myfoo;
232   memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
233   myfoo.b[0] = '\0';
234   ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
235 #else // __BIONIC__
236   GTEST_LOG_(INFO) << "This test does nothing.\n";
237 #endif // __BIONIC__
238 }
239 #endif
240 
241 #ifndef __clang__
242 // This test is disabled in clang because clang doesn't properly detect
243 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strrchr_fortified2)244 TEST_F(DEATHTEST, strrchr_fortified2) {
245 #if defined(__BIONIC__)
246   foo myfoo;
247   memcpy(myfoo.a, "0123456789", 10);
248   memcpy(myfoo.b, "01234", 6);
249   ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
250 #else // __BIONIC__
251   GTEST_LOG_(INFO) << "This test does nothing.\n";
252 #endif // __BIONIC__
253 }
254 #endif
255 
256 #ifndef __clang__
257 // This test is disabled in clang because clang doesn't properly detect
258 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcpy_fortified2)259 TEST_F(DEATHTEST, strlcpy_fortified2) {
260 #if defined(__BIONIC__)
261   foo myfoo;
262   strcpy(myfoo.a, "01");
263   size_t n = strlen(myfoo.a);
264   ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
265 #else // __BIONIC__
266   GTEST_LOG_(INFO) << "This test does nothing.\n";
267 #endif // __BIONIC__
268 }
269 #endif
270 
271 #ifndef __clang__
272 // This test is disabled in clang because clang doesn't properly detect
273 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strlcat_fortified2)274 TEST_F(DEATHTEST, strlcat_fortified2) {
275 #if defined(__BIONIC__)
276   foo myfoo;
277   strcpy(myfoo.a, "01");
278   myfoo.one[0] = '\0';
279   size_t n = strlen(myfoo.a);
280   ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
281 #else // __BIONIC__
282   GTEST_LOG_(INFO) << "This test does nothing.\n";
283 #endif // __BIONIC__
284 }
285 #endif
286 
287 #ifndef __clang__
288 // This test is disabled in clang because clang doesn't properly detect
289 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat_fortified2)290 TEST_F(DEATHTEST, strncat_fortified2) {
291   foo myfoo;
292   size_t n = atoi("10"); // avoid compiler optimizations
293   strncpy(myfoo.a, "012345678", n);
294   ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
295 }
296 #endif
297 
298 #ifndef __clang__
299 // This test is disabled in clang because clang doesn't properly detect
300 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strncat2_fortified2)301 TEST_F(DEATHTEST, strncat2_fortified2) {
302   foo myfoo;
303   myfoo.a[0] = '\0';
304   size_t n = atoi("10"); // avoid compiler optimizations
305   ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
306 }
307 #endif
308 
TEST_F(DEATHTEST,strncat3_fortified2)309 TEST_F(DEATHTEST, strncat3_fortified2) {
310   foo myfoo;
311   memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
312   myfoo.b[0] = '\0';
313   size_t n = atoi("10"); // avoid compiler optimizations
314   ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
315 }
316 
317 #ifndef __clang__
318 // This test is disabled in clang because clang doesn't properly detect
319 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,strcat_fortified2)320 TEST_F(DEATHTEST, strcat_fortified2) {
321   char src[11];
322   strcpy(src, "0123456789");
323   foo myfoo;
324   myfoo.a[0] = '\0';
325   ASSERT_FORTIFY(strcat(myfoo.a, src));
326 }
327 #endif
328 
TEST_F(DEATHTEST,strcat2_fortified2)329 TEST_F(DEATHTEST, strcat2_fortified2) {
330   foo myfoo;
331   memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
332   myfoo.b[0] = '\0';
333   ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
334 }
335 
TEST_F(DEATHTEST,snprintf_fortified2)336 TEST_F(DEATHTEST, snprintf_fortified2) {
337   foo myfoo;
338   strcpy(myfoo.a, "012345678");
339   size_t n = strlen(myfoo.a) + 2;
340   ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
341 }
342 
TEST_F(DEATHTEST,bzero_fortified2)343 TEST_F(DEATHTEST, bzero_fortified2) {
344   foo myfoo;
345   memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
346   size_t n = atoi("11");
347   ASSERT_FORTIFY(bzero(myfoo.b, n));
348 }
349 
350 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
351 
352 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)353 TEST_F(DEATHTEST, strcpy_fortified) {
354 #if defined(__BIONIC__)
355   char buf[10];
356   char *orig = strdup("0123456789");
357   ASSERT_FORTIFY(strcpy(buf, orig));
358   free(orig);
359 #else // __BIONIC__
360   GTEST_LOG_(INFO) << "This test does nothing.\n";
361 #endif // __BIONIC__
362 }
363 
364 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)365 TEST_F(DEATHTEST, strcpy2_fortified) {
366 #if defined(__BIONIC__)
367   char buf[0];
368   char *orig = strdup("");
369   ASSERT_FORTIFY(strcpy(buf, orig));
370   free(orig);
371 #else // __BIONIC__
372   GTEST_LOG_(INFO) << "This test does nothing.\n";
373 #endif // __BIONIC__
374 }
375 
376 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)377 TEST_F(DEATHTEST, strcpy3_fortified) {
378 #if defined(__BIONIC__)
379   char buf[0];
380   char *orig = strdup("1");
381   ASSERT_FORTIFY(strcpy(buf, orig));
382   free(orig);
383 #else // __BIONIC__
384   GTEST_LOG_(INFO) << "This test does nothing.\n";
385 #endif // __BIONIC__
386 }
387 
388 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)389 TEST_F(DEATHTEST, strcpy4_fortified) {
390 #if defined(__BIONIC__)
391   char buf[1];
392   char *orig = strdup("12");
393   ASSERT_FORTIFY(strcpy(buf, orig));
394   free(orig);
395 #else // __BIONIC__
396   GTEST_LOG_(INFO) << "This test does nothing.\n";
397 #endif // __BIONIC__
398 }
399 
TEST_F(DEATHTEST,strlen_fortified)400 TEST_F(DEATHTEST, strlen_fortified) {
401 #if defined(__BIONIC__)
402   char buf[10];
403   memcpy(buf, "0123456789", sizeof(buf));
404   ASSERT_FORTIFY(printf("%zd", strlen(buf)));
405 #else // __BIONIC__
406   GTEST_LOG_(INFO) << "This test does nothing.\n";
407 #endif // __BIONIC__
408 }
409 
TEST_F(DEATHTEST,strchr_fortified)410 TEST_F(DEATHTEST, strchr_fortified) {
411 #if defined(__BIONIC__)
412   char buf[10];
413   memcpy(buf, "0123456789", sizeof(buf));
414   ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
415 #else // __BIONIC__
416   GTEST_LOG_(INFO) << "This test does nothing.\n";
417 #endif // __BIONIC__
418 }
419 
TEST_F(DEATHTEST,strrchr_fortified)420 TEST_F(DEATHTEST, strrchr_fortified) {
421 #if defined(__BIONIC__)
422   char buf[10];
423   memcpy(buf, "0123456789", sizeof(buf));
424   ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
425 #else // __BIONIC__
426   GTEST_LOG_(INFO) << "This test does nothing.\n";
427 #endif // __BIONIC__
428 }
429 
TEST_F(DEATHTEST,strlcpy_fortified)430 TEST_F(DEATHTEST, strlcpy_fortified) {
431 #if defined(__BIONIC__)
432   char bufa[15];
433   char bufb[10];
434   strcpy(bufa, "01234567890123");
435   size_t n = strlen(bufa);
436   ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
437 #else // __BIONIC__
438   GTEST_LOG_(INFO) << "This test does nothing.\n";
439 #endif // __BIONIC__
440 }
441 
TEST_F(DEATHTEST,strlcat_fortified)442 TEST_F(DEATHTEST, strlcat_fortified) {
443 #if defined(__BIONIC__)
444   char bufa[15];
445   char bufb[10];
446   bufb[0] = '\0';
447   strcpy(bufa, "01234567890123");
448   size_t n = strlen(bufa);
449   ASSERT_FORTIFY(strlcat(bufb, bufa, n));
450 #else // __BIONIC__
451   GTEST_LOG_(INFO) << "This test does nothing.\n";
452 #endif // __BIONIC__
453 }
454 
TEST_F(DEATHTEST,sprintf_fortified)455 TEST_F(DEATHTEST, sprintf_fortified) {
456   char buf[10];
457   char source_buf[15];
458   memcpy(source_buf, "12345678901234", 15);
459   ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
460 }
461 
462 #ifndef __clang__
463 // This test is disabled in clang because clang doesn't properly detect
464 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_malloc_fortified)465 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
466   char* buf = (char *) malloc(10);
467   char source_buf[11];
468   memcpy(source_buf, "1234567890", 11);
469   ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
470   free(buf);
471 }
472 #endif
473 
TEST_F(DEATHTEST,sprintf2_fortified)474 TEST_F(DEATHTEST, sprintf2_fortified) {
475   char buf[5];
476   ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
477 }
478 
vsprintf_helper(const char * fmt,...)479 static int vsprintf_helper(const char *fmt, ...) {
480   char buf[10];
481   va_list va;
482   int result;
483 
484   va_start(va, fmt);
485   result = vsprintf(buf, fmt, va); // should crash here
486   va_end(va);
487   return result;
488 }
489 
TEST_F(DEATHTEST,vsprintf_fortified)490 TEST_F(DEATHTEST, vsprintf_fortified) {
491   ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
492 }
493 
TEST_F(DEATHTEST,vsprintf2_fortified)494 TEST_F(DEATHTEST, vsprintf2_fortified) {
495   ASSERT_FORTIFY(vsprintf_helper("0123456789"));
496 }
497 
vsnprintf_helper(const char * fmt,...)498 static int vsnprintf_helper(const char *fmt, ...) {
499   char buf[10];
500   va_list va;
501   int result;
502   size_t size = atoi("11");
503 
504   va_start(va, fmt);
505   result = vsnprintf(buf, size, fmt, va); // should crash here
506   va_end(va);
507   return result;
508 }
509 
TEST_F(DEATHTEST,vsnprintf_fortified)510 TEST_F(DEATHTEST, vsnprintf_fortified) {
511   ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
512 }
513 
TEST_F(DEATHTEST,vsnprintf2_fortified)514 TEST_F(DEATHTEST, vsnprintf2_fortified) {
515   ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
516 }
517 
TEST_F(DEATHTEST,strncat_fortified)518 TEST_F(DEATHTEST, strncat_fortified) {
519   char buf[10];
520   size_t n = atoi("10"); // avoid compiler optimizations
521   strncpy(buf, "012345678", n);
522   ASSERT_FORTIFY(strncat(buf, "9", n));
523 }
524 
TEST_F(DEATHTEST,strncat2_fortified)525 TEST_F(DEATHTEST, strncat2_fortified) {
526   char buf[10];
527   buf[0] = '\0';
528   size_t n = atoi("10"); // avoid compiler optimizations
529   ASSERT_FORTIFY(strncat(buf, "0123456789", n));
530 }
531 
TEST_F(DEATHTEST,strcat_fortified)532 TEST_F(DEATHTEST, strcat_fortified) {
533   char src[11];
534   strcpy(src, "0123456789");
535   char buf[10];
536   buf[0] = '\0';
537   ASSERT_FORTIFY(strcat(buf, src));
538 }
539 
TEST_F(DEATHTEST,memmove_fortified)540 TEST_F(DEATHTEST, memmove_fortified) {
541   char buf[20];
542   strcpy(buf, "0123456789");
543   size_t n = atoi("10");
544   ASSERT_FORTIFY(memmove(buf + 11, buf, n));
545 }
546 
TEST_F(DEATHTEST,memcpy_fortified)547 TEST_F(DEATHTEST, memcpy_fortified) {
548   char bufa[10];
549   char bufb[10];
550   strcpy(bufa, "012345678");
551   size_t n = atoi("11");
552   ASSERT_FORTIFY(memcpy(bufb, bufa, n));
553 }
554 
TEST_F(DEATHTEST,stpncpy_fortified)555 TEST_F(DEATHTEST, stpncpy_fortified) {
556   char bufa[15];
557   char bufb[10];
558   strcpy(bufa, "01234567890123");
559   size_t n = strlen(bufa);
560   ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
561 }
562 
TEST_F(DEATHTEST,stpncpy2_fortified)563 TEST_F(DEATHTEST, stpncpy2_fortified) {
564   char dest[11];
565   char src[10];
566   memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
567   ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
568 }
569 
TEST_F(DEATHTEST,strncpy_fortified)570 TEST_F(DEATHTEST, strncpy_fortified) {
571   char bufa[15];
572   char bufb[10];
573   strcpy(bufa, "01234567890123");
574   size_t n = strlen(bufa);
575   ASSERT_FORTIFY(strncpy(bufb, bufa, n));
576 }
577 
578 
TEST_F(DEATHTEST,strncpy2_fortified)579 TEST_F(DEATHTEST, strncpy2_fortified) {
580   char dest[11];
581   char src[10];
582   memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
583   ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
584 }
585 
TEST_F(DEATHTEST,snprintf_fortified)586 TEST_F(DEATHTEST, snprintf_fortified) {
587   char bufa[15];
588   char bufb[10];
589   strcpy(bufa, "0123456789");
590   size_t n = strlen(bufa) + 1;
591   ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
592 }
593 
TEST_F(DEATHTEST,bzero_fortified)594 TEST_F(DEATHTEST, bzero_fortified) {
595   char buf[10];
596   memcpy(buf, "0123456789", sizeof(buf));
597   size_t n = atoi("11");
598   ASSERT_FORTIFY(bzero(buf, n));
599 }
600 
TEST_F(DEATHTEST,umask_fortified)601 TEST_F(DEATHTEST, umask_fortified) {
602   mode_t mask = atoi("1023");  // 01777 in octal
603   ASSERT_FORTIFY(umask(mask));
604 }
605 
TEST_F(DEATHTEST,recv_fortified)606 TEST_F(DEATHTEST, recv_fortified) {
607   size_t data_len = atoi("11"); // suppress compiler optimizations
608   char buf[10];
609   ASSERT_FORTIFY(recv(0, buf, data_len, 0));
610 }
611 
TEST_F(DEATHTEST,FD_ISSET_fortified)612 TEST_F(DEATHTEST, FD_ISSET_fortified) {
613 #if defined(__BIONIC__) // glibc catches this at compile-time.
614   fd_set set;
615   memset(&set, 0, sizeof(set));
616   ASSERT_FORTIFY(FD_ISSET(-1, &set));
617 #endif
618 }
619 
TEST_F(DEATHTEST,FD_ISSET_2_fortified)620 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
621   char buf[1];
622   fd_set* set = (fd_set*) buf;
623   ASSERT_FORTIFY(FD_ISSET(0, set));
624 }
625 
TEST_F(DEATHTEST,pread_fortified)626 TEST_F(DEATHTEST, pread_fortified) {
627   char buf[1];
628   size_t ct = atoi("2"); // prevent optimizations
629   int fd = open("/dev/null", O_RDONLY);
630   ASSERT_FORTIFY(pread(fd, buf, ct, 0));
631   close(fd);
632 }
633 
TEST_F(DEATHTEST,pread64_fortified)634 TEST_F(DEATHTEST, pread64_fortified) {
635   char buf[1];
636   size_t ct = atoi("2"); // prevent optimizations
637   int fd = open("/dev/null", O_RDONLY);
638   ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
639   close(fd);
640 }
641 
TEST_F(DEATHTEST,read_fortified)642 TEST_F(DEATHTEST, read_fortified) {
643   char buf[1];
644   size_t ct = atoi("2"); // prevent optimizations
645   int fd = open("/dev/null", O_RDONLY);
646   ASSERT_FORTIFY(read(fd, buf, ct));
647   close(fd);
648 }
649 
TEST_F(DEATHTEST,readlink_fortified)650 TEST_F(DEATHTEST, readlink_fortified) {
651   char buf[1];
652   size_t ct = atoi("2"); // prevent optimizations
653   ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
654 }
655 
TEST_F(DEATHTEST,readlinkat_fortified)656 TEST_F(DEATHTEST, readlinkat_fortified) {
657   char buf[1];
658   size_t ct = atoi("2"); // prevent optimizations
659   ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
660 }
661 
662 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
663 extern "C" char* __strcat_chk(char*, const char*, size_t);
664 
TEST(TEST_NAME,strncat)665 TEST(TEST_NAME, strncat) {
666   char buf[10];
667   memset(buf, 'A', sizeof(buf));
668   buf[0] = 'a';
669   buf[1] = '\0';
670   char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
671   ASSERT_EQ(buf, res);
672   ASSERT_EQ('a',  buf[0]);
673   ASSERT_EQ('0',  buf[1]);
674   ASSERT_EQ('1',  buf[2]);
675   ASSERT_EQ('2',  buf[3]);
676   ASSERT_EQ('3',  buf[4]);
677   ASSERT_EQ('4',  buf[5]);
678   ASSERT_EQ('\0', buf[6]);
679   ASSERT_EQ('A',  buf[7]);
680   ASSERT_EQ('A',  buf[8]);
681   ASSERT_EQ('A',  buf[9]);
682 }
683 
TEST(TEST_NAME,strncat2)684 TEST(TEST_NAME, strncat2) {
685   char buf[10];
686   memset(buf, 'A', sizeof(buf));
687   buf[0] = 'a';
688   buf[1] = '\0';
689   char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
690   ASSERT_EQ(buf, res);
691   ASSERT_EQ('a',  buf[0]);
692   ASSERT_EQ('0',  buf[1]);
693   ASSERT_EQ('1',  buf[2]);
694   ASSERT_EQ('2',  buf[3]);
695   ASSERT_EQ('3',  buf[4]);
696   ASSERT_EQ('4',  buf[5]);
697   ASSERT_EQ('\0', buf[6]);
698   ASSERT_EQ('A',  buf[7]);
699   ASSERT_EQ('A',  buf[8]);
700   ASSERT_EQ('A',  buf[9]);
701 }
702 
TEST(TEST_NAME,strncat3)703 TEST(TEST_NAME, strncat3) {
704   char buf[10];
705   memset(buf, 'A', sizeof(buf));
706   buf[0] = '\0';
707   char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
708   ASSERT_EQ(buf, res);
709   ASSERT_EQ('0',  buf[0]);
710   ASSERT_EQ('1',  buf[1]);
711   ASSERT_EQ('2',  buf[2]);
712   ASSERT_EQ('3',  buf[3]);
713   ASSERT_EQ('4',  buf[4]);
714   ASSERT_EQ('\0', buf[5]);
715   ASSERT_EQ('A',  buf[6]);
716   ASSERT_EQ('A',  buf[7]);
717   ASSERT_EQ('A',  buf[8]);
718   ASSERT_EQ('A',  buf[9]);
719 }
720 
TEST(TEST_NAME,strncat4)721 TEST(TEST_NAME, strncat4) {
722   char buf[10];
723   memset(buf, 'A', sizeof(buf));
724   buf[9] = '\0';
725   char* res = __strncat_chk(buf, "", 5, sizeof(buf));
726   ASSERT_EQ(buf, res);
727   ASSERT_EQ('A',  buf[0]);
728   ASSERT_EQ('A',  buf[1]);
729   ASSERT_EQ('A',  buf[2]);
730   ASSERT_EQ('A',  buf[3]);
731   ASSERT_EQ('A',  buf[4]);
732   ASSERT_EQ('A',  buf[5]);
733   ASSERT_EQ('A',  buf[6]);
734   ASSERT_EQ('A',  buf[7]);
735   ASSERT_EQ('A',  buf[8]);
736   ASSERT_EQ('\0', buf[9]);
737 }
738 
TEST(TEST_NAME,strncat5)739 TEST(TEST_NAME, strncat5) {
740   char buf[10];
741   memset(buf, 'A', sizeof(buf));
742   buf[0] = 'a';
743   buf[1] = '\0';
744   char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
745   ASSERT_EQ(buf, res);
746   ASSERT_EQ('a',  buf[0]);
747   ASSERT_EQ('0',  buf[1]);
748   ASSERT_EQ('1',  buf[2]);
749   ASSERT_EQ('2',  buf[3]);
750   ASSERT_EQ('3',  buf[4]);
751   ASSERT_EQ('4',  buf[5]);
752   ASSERT_EQ('5', buf[6]);
753   ASSERT_EQ('6',  buf[7]);
754   ASSERT_EQ('7',  buf[8]);
755   ASSERT_EQ('\0',  buf[9]);
756 }
757 
TEST(TEST_NAME,strncat6)758 TEST(TEST_NAME, strncat6) {
759   char buf[10];
760   memset(buf, 'A', sizeof(buf));
761   buf[0] = 'a';
762   buf[1] = '\0';
763   char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
764   ASSERT_EQ(buf, res);
765   ASSERT_EQ('a',  buf[0]);
766   ASSERT_EQ('0',  buf[1]);
767   ASSERT_EQ('1',  buf[2]);
768   ASSERT_EQ('2',  buf[3]);
769   ASSERT_EQ('3',  buf[4]);
770   ASSERT_EQ('4',  buf[5]);
771   ASSERT_EQ('5', buf[6]);
772   ASSERT_EQ('6',  buf[7]);
773   ASSERT_EQ('7',  buf[8]);
774   ASSERT_EQ('\0',  buf[9]);
775 }
776 
777 
TEST(TEST_NAME,strcat)778 TEST(TEST_NAME, strcat) {
779   char buf[10];
780   memset(buf, 'A', sizeof(buf));
781   buf[0] = 'a';
782   buf[1] = '\0';
783   char* res = __strcat_chk(buf, "01234", sizeof(buf));
784   ASSERT_EQ(buf, res);
785   ASSERT_EQ('a',  buf[0]);
786   ASSERT_EQ('0',  buf[1]);
787   ASSERT_EQ('1',  buf[2]);
788   ASSERT_EQ('2',  buf[3]);
789   ASSERT_EQ('3',  buf[4]);
790   ASSERT_EQ('4',  buf[5]);
791   ASSERT_EQ('\0', buf[6]);
792   ASSERT_EQ('A',  buf[7]);
793   ASSERT_EQ('A',  buf[8]);
794   ASSERT_EQ('A',  buf[9]);
795 }
796 
TEST(TEST_NAME,strcat2)797 TEST(TEST_NAME, strcat2) {
798   char buf[10];
799   memset(buf, 'A', sizeof(buf));
800   buf[0] = 'a';
801   buf[1] = '\0';
802   char* res = __strcat_chk(buf, "01234567", sizeof(buf));
803   ASSERT_EQ(buf, res);
804   ASSERT_EQ('a',  buf[0]);
805   ASSERT_EQ('0',  buf[1]);
806   ASSERT_EQ('1',  buf[2]);
807   ASSERT_EQ('2',  buf[3]);
808   ASSERT_EQ('3',  buf[4]);
809   ASSERT_EQ('4',  buf[5]);
810   ASSERT_EQ('5', buf[6]);
811   ASSERT_EQ('6',  buf[7]);
812   ASSERT_EQ('7',  buf[8]);
813   ASSERT_EQ('\0',  buf[9]);
814 }
815 
TEST(TEST_NAME,stpncpy)816 TEST(TEST_NAME, stpncpy) {
817   char src[10];
818   char dst[10];
819   memcpy(src, "0123456789", sizeof(src)); // non null terminated string
820   stpncpy(dst, src, sizeof(dst));
821   ASSERT_EQ('0', dst[0]);
822   ASSERT_EQ('1', dst[1]);
823   ASSERT_EQ('2', dst[2]);
824   ASSERT_EQ('3', dst[3]);
825   ASSERT_EQ('4', dst[4]);
826   ASSERT_EQ('5', dst[5]);
827   ASSERT_EQ('6', dst[6]);
828   ASSERT_EQ('7', dst[7]);
829   ASSERT_EQ('8', dst[8]);
830   ASSERT_EQ('9', dst[9]);
831 }
832 
TEST(TEST_NAME,stpncpy2)833 TEST(TEST_NAME, stpncpy2) {
834   char src[10];
835   char dst[15];
836   memcpy(src, "012345678\0", sizeof(src));
837   stpncpy(dst, src, sizeof(dst));
838   ASSERT_EQ('0',  dst[0]);
839   ASSERT_EQ('1',  dst[1]);
840   ASSERT_EQ('2',  dst[2]);
841   ASSERT_EQ('3',  dst[3]);
842   ASSERT_EQ('4',  dst[4]);
843   ASSERT_EQ('5',  dst[5]);
844   ASSERT_EQ('6',  dst[6]);
845   ASSERT_EQ('7',  dst[7]);
846   ASSERT_EQ('8',  dst[8]);
847   ASSERT_EQ('\0', dst[9]);
848   ASSERT_EQ('\0', dst[10]);
849   ASSERT_EQ('\0', dst[11]);
850   ASSERT_EQ('\0', dst[12]);
851   ASSERT_EQ('\0', dst[13]);
852   ASSERT_EQ('\0', dst[14]);
853 }
854 
TEST(TEST_NAME,strncpy)855 TEST(TEST_NAME, strncpy) {
856   char src[10];
857   char dst[10];
858   memcpy(src, "0123456789", sizeof(src)); // non null terminated string
859   strncpy(dst, src, sizeof(dst));
860   ASSERT_EQ('0', dst[0]);
861   ASSERT_EQ('1', dst[1]);
862   ASSERT_EQ('2', dst[2]);
863   ASSERT_EQ('3', dst[3]);
864   ASSERT_EQ('4', dst[4]);
865   ASSERT_EQ('5', dst[5]);
866   ASSERT_EQ('6', dst[6]);
867   ASSERT_EQ('7', dst[7]);
868   ASSERT_EQ('8', dst[8]);
869   ASSERT_EQ('9', dst[9]);
870 }
871 
TEST(TEST_NAME,strncpy2)872 TEST(TEST_NAME, strncpy2) {
873   char src[10];
874   char dst[15];
875   memcpy(src, "012345678\0", sizeof(src));
876   strncpy(dst, src, sizeof(dst));
877   ASSERT_EQ('0',  dst[0]);
878   ASSERT_EQ('1',  dst[1]);
879   ASSERT_EQ('2',  dst[2]);
880   ASSERT_EQ('3',  dst[3]);
881   ASSERT_EQ('4',  dst[4]);
882   ASSERT_EQ('5',  dst[5]);
883   ASSERT_EQ('6',  dst[6]);
884   ASSERT_EQ('7',  dst[7]);
885   ASSERT_EQ('8',  dst[8]);
886   ASSERT_EQ('\0', dst[9]);
887   ASSERT_EQ('\0', dst[10]);
888   ASSERT_EQ('\0', dst[11]);
889   ASSERT_EQ('\0', dst[12]);
890   ASSERT_EQ('\0', dst[13]);
891   ASSERT_EQ('\0', dst[14]);
892 }
893 
TEST(TEST_NAME,strcat_chk_max_int_size)894 TEST(TEST_NAME, strcat_chk_max_int_size) {
895   char buf[10];
896   memset(buf, 'A', sizeof(buf));
897   buf[0] = 'a';
898   buf[1] = '\0';
899   char* res = __strcat_chk(buf, "01234567", (size_t)-1);
900   ASSERT_EQ(buf, res);
901   ASSERT_EQ('a',  buf[0]);
902   ASSERT_EQ('0',  buf[1]);
903   ASSERT_EQ('1',  buf[2]);
904   ASSERT_EQ('2',  buf[3]);
905   ASSERT_EQ('3',  buf[4]);
906   ASSERT_EQ('4',  buf[5]);
907   ASSERT_EQ('5',  buf[6]);
908   ASSERT_EQ('6',  buf[7]);
909   ASSERT_EQ('7',  buf[8]);
910   ASSERT_EQ('\0', buf[9]);
911 }
912 
913 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
914 
TEST(TEST_NAME,stpcpy_chk_max_int_size)915 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
916   char buf[10];
917   char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
918   ASSERT_EQ(buf + strlen("012345678"), res);
919   ASSERT_STREQ("012345678", buf);
920 }
921 
922 extern "C" char* __strcpy_chk(char*, const char*, size_t);
923 
TEST(TEST_NAME,strcpy_chk_max_int_size)924 TEST(TEST_NAME, strcpy_chk_max_int_size) {
925   char buf[10];
926   char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
927   ASSERT_EQ(buf, res);
928   ASSERT_STREQ("012345678", buf);
929 }
930 
931 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
932 
TEST(TEST_NAME,memcpy_chk_max_int_size)933 TEST(TEST_NAME, memcpy_chk_max_int_size) {
934   char buf[10];
935   void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
936   ASSERT_EQ((void*)buf, res);
937   ASSERT_EQ('0',  buf[0]);
938   ASSERT_EQ('1',  buf[1]);
939   ASSERT_EQ('2',  buf[2]);
940   ASSERT_EQ('3',  buf[3]);
941   ASSERT_EQ('4',  buf[4]);
942   ASSERT_EQ('5',  buf[5]);
943   ASSERT_EQ('6',  buf[6]);
944   ASSERT_EQ('7',  buf[7]);
945   ASSERT_EQ('8',  buf[8]);
946   ASSERT_EQ('\0', buf[9]);
947 }
948 
949 // Verify that macro expansion is done properly for sprintf/snprintf (which
950 // are defined as macros in stdio.h under clang).
951 #define CONTENTS "macro expansion"
952 #define BUF_AND_SIZE(A) A, sizeof(A)
953 #define BUF_AND_CONTENTS(A) A, CONTENTS
954 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)955 TEST(TEST_NAME, s_n_printf_macro_expansion) {
956   char buf[BUFSIZ];
957   snprintf(BUF_AND_SIZE(buf), CONTENTS);
958   EXPECT_STREQ(CONTENTS, buf);
959 
960   snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
961   EXPECT_STREQ(CONTENTS, buf);
962 
963   sprintf(BUF_AND_CONTENTS(buf));
964   EXPECT_STREQ(CONTENTS, buf);
965 }
966 
TEST_F(DEATHTEST,poll_fortified)967 TEST_F(DEATHTEST, poll_fortified) {
968   nfds_t fd_count = atoi("2"); // suppress compiler optimizations
969   pollfd buf[1] = {{0, POLLIN, 0}};
970   // Set timeout to zero to prevent waiting in poll when fortify test fails.
971   ASSERT_FORTIFY(poll(buf, fd_count, 0));
972 }
973 
TEST_F(DEATHTEST,ppoll_fortified)974 TEST_F(DEATHTEST, ppoll_fortified) {
975   nfds_t fd_count = atoi("2"); // suppress compiler optimizations
976   pollfd buf[1] = {{0, POLLIN, 0}};
977   // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
978   timespec timeout;
979   timeout.tv_sec = timeout.tv_nsec = 0;
980   ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL));
981 }
982