1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 // -Werror is on whether we like it or not, and we're intentionally doing awful
18 // things in this file. GCC is dumb and doesn't have a specific error class for
19 // the fortify failures (it's just -Werror), so we can't use anything more
20 // constrained than disabling all the warnings in the file :( It also won't let
21 // us use system_header in a .cpp file, so we have to #include this from
22 // fortify_test_main.cpp.
23 #pragma GCC system_header
24
25 #include <gtest/gtest.h>
26 #include "BionicDeathTest.h"
27
28 #include <fcntl.h>
29 #include <malloc.h>
30 #include <poll.h>
31 #include <signal.h>
32 #include <stdarg.h>
33 #include <string.h>
34 #include <sys/socket.h>
35 #include <sys/stat.h>
36 #include <sys/types.h>
37 #include <time.h>
38
39 #if __BIONIC__
40 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
41 #else
42 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
43 #endif
44
45 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
46 // distinguish different tests. TEST_NAME is defined in compilation command.
47 #define DEATHTEST_PASTER(name) name##_DeathTest
48 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
49 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
50
51 class DEATHTEST : public BionicDeathTest {};
52
53 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
54 struct foo {
55 char empty[0];
56 char one[1];
57 char a[10];
58 char b[10];
59 };
60
TEST_F(DEATHTEST,stpncpy_fortified2)61 TEST_F(DEATHTEST, stpncpy_fortified2) {
62 foo myfoo;
63 int copy_amt = atoi("11");
64 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
65 }
66
TEST_F(DEATHTEST,stpncpy2_fortified2)67 TEST_F(DEATHTEST, stpncpy2_fortified2) {
68 foo myfoo;
69 memset(&myfoo, 0, sizeof(myfoo));
70 myfoo.one[0] = 'A'; // not null terminated string
71 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
72 }
73
TEST_F(DEATHTEST,strncpy_fortified2)74 TEST_F(DEATHTEST, strncpy_fortified2) {
75 foo myfoo;
76 int copy_amt = atoi("11");
77 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
78 }
79
TEST_F(DEATHTEST,strncpy2_fortified2)80 TEST_F(DEATHTEST, strncpy2_fortified2) {
81 foo myfoo;
82 memset(&myfoo, 0, sizeof(myfoo));
83 myfoo.one[0] = 'A'; // not null terminated string
84 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
85 }
86
TEST_F(DEATHTEST,sprintf_fortified2)87 TEST_F(DEATHTEST, sprintf_fortified2) {
88 foo myfoo;
89 char source_buf[15];
90 memcpy(source_buf, "12345678901234", 15);
91 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
92 }
93
TEST_F(DEATHTEST,sprintf2_fortified2)94 TEST_F(DEATHTEST, sprintf2_fortified2) {
95 foo myfoo;
96 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
97 }
98
vsprintf_helper2(const char * fmt,...)99 static int vsprintf_helper2(const char *fmt, ...) {
100 foo myfoo;
101 va_list va;
102 int result;
103
104 va_start(va, fmt);
105 result = vsprintf(myfoo.a, fmt, va); // should crash here
106 va_end(va);
107 return result;
108 }
109
TEST_F(DEATHTEST,vsprintf_fortified2)110 TEST_F(DEATHTEST, vsprintf_fortified2) {
111 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
112 }
113
TEST_F(DEATHTEST,vsprintf2_fortified2)114 TEST_F(DEATHTEST, vsprintf2_fortified2) {
115 ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
116 }
117
vsnprintf_helper2(const char * fmt,...)118 static int vsnprintf_helper2(const char *fmt, ...) {
119 foo myfoo;
120 va_list va;
121 int result;
122 size_t size = atoi("11");
123
124 va_start(va, fmt);
125 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
126 va_end(va);
127 return result;
128 }
129
TEST_F(DEATHTEST,vsnprintf_fortified2)130 TEST_F(DEATHTEST, vsnprintf_fortified2) {
131 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
132 }
133
TEST_F(DEATHTEST,vsnprintf2_fortified2)134 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
135 ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
136 }
137
138 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,stpcpy_fortified2)139 TEST_F(DEATHTEST, stpcpy_fortified2) {
140 #if defined(__BIONIC__)
141 foo myfoo;
142 char* src = strdup("");
143 ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
144 free(src);
145 #else // __BIONIC__
146 GTEST_LOG_(INFO) << "This test does nothing.\n";
147 #endif // __BIONIC__
148 }
149
150 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy_fortified2)151 TEST_F(DEATHTEST, strcpy_fortified2) {
152 #if defined(__BIONIC__)
153 foo myfoo;
154 char* src = strdup("");
155 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
156 free(src);
157 #else // __BIONIC__
158 GTEST_LOG_(INFO) << "This test does nothing.\n";
159 #endif // __BIONIC__
160 }
161
162 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified2)163 TEST_F(DEATHTEST, strcpy2_fortified2) {
164 #if defined(__BIONIC__)
165 foo myfoo;
166 char* src = strdup("1");
167 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
168 free(src);
169 #else // __BIONIC__
170 GTEST_LOG_(INFO) << "This test does nothing.\n";
171 #endif // __BIONIC__
172 }
173
174 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified2)175 TEST_F(DEATHTEST, strcpy3_fortified2) {
176 #if defined(__BIONIC__)
177 foo myfoo;
178 char* src = strdup("12");
179 ASSERT_FORTIFY(strcpy(myfoo.one, src));
180 free(src);
181 #else // __BIONIC__
182 GTEST_LOG_(INFO) << "This test does nothing.\n";
183 #endif // __BIONIC__
184 }
185
TEST_F(DEATHTEST,strchr_fortified2)186 TEST_F(DEATHTEST, strchr_fortified2) {
187 #if defined(__BIONIC__)
188 foo myfoo;
189 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
190 myfoo.b[0] = '\0';
191 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
192 ASSERT_FORTIFY(printf("%s", strchr(static_cast<const char*>(myfoo.a), 'a')));
193 #else // __BIONIC__
194 GTEST_LOG_(INFO) << "This test does nothing.\n";
195 #endif // __BIONIC__
196 }
197
TEST_F(DEATHTEST,strrchr_fortified2)198 TEST_F(DEATHTEST, strrchr_fortified2) {
199 #if defined(__BIONIC__)
200 foo myfoo;
201 memcpy(myfoo.a, "0123456789", 10);
202 memcpy(myfoo.b, "01234", 6);
203 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
204 ASSERT_FORTIFY(printf("%s", strrchr(static_cast<const char*>(myfoo.a), 'a')));
205 #else // __BIONIC__
206 GTEST_LOG_(INFO) << "This test does nothing.\n";
207 #endif // __BIONIC__
208 }
209
TEST_F(DEATHTEST,memchr_fortified2)210 TEST_F(DEATHTEST, memchr_fortified2) {
211 #if defined(__BIONIC__)
212 foo myfoo;
213 volatile int asize = sizeof(myfoo.a) + 1;
214 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
215 ASSERT_FORTIFY(printf("%s", memchr(myfoo.a, 'a', asize)));
216 ASSERT_FORTIFY(printf("%s", memchr(static_cast<const void*>(myfoo.a), 'a', asize)));
217 #else // __BIONIC__
218 GTEST_LOG_(INFO) << "This test does nothing.\n";
219 #endif // __BIONIC__
220 }
221
TEST_F(DEATHTEST,strlcpy_fortified2)222 TEST_F(DEATHTEST, strlcpy_fortified2) {
223 #if defined(__BIONIC__)
224 foo myfoo;
225 strcpy(myfoo.a, "01");
226 size_t n = strlen(myfoo.a);
227 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
228 #else // __BIONIC__
229 GTEST_LOG_(INFO) << "This test does nothing.\n";
230 #endif // __BIONIC__
231 }
232
TEST_F(DEATHTEST,strlcat_fortified2)233 TEST_F(DEATHTEST, strlcat_fortified2) {
234 #if defined(__BIONIC__)
235 foo myfoo;
236 strcpy(myfoo.a, "01");
237 myfoo.one[0] = '\0';
238 size_t n = strlen(myfoo.a);
239 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
240 #else // __BIONIC__
241 GTEST_LOG_(INFO) << "This test does nothing.\n";
242 #endif // __BIONIC__
243 }
244
TEST_F(DEATHTEST,strncat_fortified2)245 TEST_F(DEATHTEST, strncat_fortified2) {
246 foo myfoo;
247 size_t n = atoi("10"); // avoid compiler optimizations
248 strncpy(myfoo.a, "012345678", n);
249 ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
250 }
251
TEST_F(DEATHTEST,strncat2_fortified2)252 TEST_F(DEATHTEST, strncat2_fortified2) {
253 foo myfoo;
254 myfoo.a[0] = '\0';
255 size_t n = atoi("10"); // avoid compiler optimizations
256 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
257 }
258
TEST_F(DEATHTEST,strncat3_fortified2)259 TEST_F(DEATHTEST, strncat3_fortified2) {
260 foo myfoo;
261 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
262 myfoo.b[0] = '\0';
263 size_t n = atoi("10"); // avoid compiler optimizations
264 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
265 }
266
TEST_F(DEATHTEST,strcat_fortified2)267 TEST_F(DEATHTEST, strcat_fortified2) {
268 char src[11];
269 strcpy(src, "0123456789");
270 foo myfoo;
271 myfoo.a[0] = '\0';
272 ASSERT_FORTIFY(strcat(myfoo.a, src));
273 }
274
TEST_F(DEATHTEST,strcat2_fortified2)275 TEST_F(DEATHTEST, strcat2_fortified2) {
276 foo myfoo;
277 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
278 myfoo.b[0] = '\0';
279 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
280 }
281
TEST_F(DEATHTEST,snprintf_fortified2)282 TEST_F(DEATHTEST, snprintf_fortified2) {
283 foo myfoo;
284 strcpy(myfoo.a, "012345678");
285 size_t n = strlen(myfoo.a) + 2;
286 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
287 }
288
TEST_F(DEATHTEST,bzero_fortified2)289 TEST_F(DEATHTEST, bzero_fortified2) {
290 foo myfoo;
291 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
292 size_t n = atoi("11");
293 ASSERT_FORTIFY(bzero(myfoo.b, n));
294 }
295
296 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
297
298 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)299 TEST_F(DEATHTEST, strcpy_fortified) {
300 #if defined(__BIONIC__)
301 char buf[10];
302 char *orig = strdup("0123456789");
303 ASSERT_FORTIFY(strcpy(buf, orig));
304 free(orig);
305 #else // __BIONIC__
306 GTEST_LOG_(INFO) << "This test does nothing.\n";
307 #endif // __BIONIC__
308 }
309
310 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)311 TEST_F(DEATHTEST, strcpy2_fortified) {
312 #if defined(__BIONIC__)
313 char buf[0];
314 char *orig = strdup("");
315 ASSERT_FORTIFY(strcpy(buf, orig));
316 free(orig);
317 #else // __BIONIC__
318 GTEST_LOG_(INFO) << "This test does nothing.\n";
319 #endif // __BIONIC__
320 }
321
322 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)323 TEST_F(DEATHTEST, strcpy3_fortified) {
324 #if defined(__BIONIC__)
325 char buf[0];
326 char *orig = strdup("1");
327 ASSERT_FORTIFY(strcpy(buf, orig));
328 free(orig);
329 #else // __BIONIC__
330 GTEST_LOG_(INFO) << "This test does nothing.\n";
331 #endif // __BIONIC__
332 }
333
334 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)335 TEST_F(DEATHTEST, strcpy4_fortified) {
336 #if defined(__BIONIC__)
337 char buf[1];
338 char *orig = strdup("12");
339 ASSERT_FORTIFY(strcpy(buf, orig));
340 free(orig);
341 #else // __BIONIC__
342 GTEST_LOG_(INFO) << "This test does nothing.\n";
343 #endif // __BIONIC__
344 }
345
TEST_F(DEATHTEST,strlen_fortified)346 TEST_F(DEATHTEST, strlen_fortified) {
347 #if defined(__BIONIC__)
348 char buf[10];
349 memcpy(buf, "0123456789", sizeof(buf));
350 ASSERT_FORTIFY(printf("%zd", strlen(buf)));
351 #else // __BIONIC__
352 GTEST_LOG_(INFO) << "This test does nothing.\n";
353 #endif // __BIONIC__
354 }
355
TEST_F(DEATHTEST,strchr_fortified)356 TEST_F(DEATHTEST, strchr_fortified) {
357 #if defined(__BIONIC__)
358 char buf[10];
359 memcpy(buf, "0123456789", sizeof(buf));
360 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
361 #else // __BIONIC__
362 GTEST_LOG_(INFO) << "This test does nothing.\n";
363 #endif // __BIONIC__
364 }
365
TEST_F(DEATHTEST,strrchr_fortified)366 TEST_F(DEATHTEST, strrchr_fortified) {
367 #if defined(__BIONIC__)
368 char buf[10];
369 memcpy(buf, "0123456789", sizeof(buf));
370 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
371 #else // __BIONIC__
372 GTEST_LOG_(INFO) << "This test does nothing.\n";
373 #endif // __BIONIC__
374 }
375
TEST_F(DEATHTEST,strlcpy_fortified)376 TEST_F(DEATHTEST, strlcpy_fortified) {
377 #if defined(__BIONIC__)
378 char bufa[15];
379 char bufb[10];
380 strcpy(bufa, "01234567890123");
381 size_t n = strlen(bufa);
382 ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
383 #else // __BIONIC__
384 GTEST_LOG_(INFO) << "This test does nothing.\n";
385 #endif // __BIONIC__
386 }
387
TEST_F(DEATHTEST,strlcat_fortified)388 TEST_F(DEATHTEST, strlcat_fortified) {
389 #if defined(__BIONIC__)
390 char bufa[15];
391 char bufb[10];
392 bufb[0] = '\0';
393 strcpy(bufa, "01234567890123");
394 size_t n = strlen(bufa);
395 ASSERT_FORTIFY(strlcat(bufb, bufa, n));
396 #else // __BIONIC__
397 GTEST_LOG_(INFO) << "This test does nothing.\n";
398 #endif // __BIONIC__
399 }
400
TEST_F(DEATHTEST,sprintf_fortified)401 TEST_F(DEATHTEST, sprintf_fortified) {
402 char buf[10];
403 char source_buf[15];
404 memcpy(source_buf, "12345678901234", 15);
405 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
406 }
407
408 #ifdef __clang__ && !__has_attribute(alloc_size)
409 // TODO: remove this after Clang prebuilt rebase.
410 #else
411 // This test is disabled in clang because clang doesn't properly detect
412 // this buffer overflow. TODO: Fix clang.
TEST_F(DEATHTEST,sprintf_malloc_fortified)413 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
414 char* buf = (char *) malloc(10);
415 char source_buf[11];
416 memcpy(source_buf, "1234567890", 11);
417 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
418 free(buf);
419 }
420 #endif
421
TEST_F(DEATHTEST,sprintf2_fortified)422 TEST_F(DEATHTEST, sprintf2_fortified) {
423 char buf[5];
424 ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
425 }
426
vsprintf_helper(const char * fmt,...)427 static int vsprintf_helper(const char *fmt, ...) {
428 char buf[10];
429 va_list va;
430 int result;
431
432 va_start(va, fmt);
433 result = vsprintf(buf, fmt, va); // should crash here
434 va_end(va);
435 return result;
436 }
437
TEST_F(DEATHTEST,vsprintf_fortified)438 TEST_F(DEATHTEST, vsprintf_fortified) {
439 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
440 }
441
TEST_F(DEATHTEST,vsprintf2_fortified)442 TEST_F(DEATHTEST, vsprintf2_fortified) {
443 ASSERT_FORTIFY(vsprintf_helper("0123456789"));
444 }
445
vsnprintf_helper(const char * fmt,...)446 static int vsnprintf_helper(const char *fmt, ...) {
447 char buf[10];
448 va_list va;
449 int result;
450 size_t size = atoi("11");
451
452 va_start(va, fmt);
453 result = vsnprintf(buf, size, fmt, va); // should crash here
454 va_end(va);
455 return result;
456 }
457
TEST_F(DEATHTEST,vsnprintf_fortified)458 TEST_F(DEATHTEST, vsnprintf_fortified) {
459 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
460 }
461
TEST_F(DEATHTEST,vsnprintf2_fortified)462 TEST_F(DEATHTEST, vsnprintf2_fortified) {
463 ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
464 }
465
TEST_F(DEATHTEST,strncat_fortified)466 TEST_F(DEATHTEST, strncat_fortified) {
467 char buf[10];
468 size_t n = atoi("10"); // avoid compiler optimizations
469 strncpy(buf, "012345678", n);
470 ASSERT_FORTIFY(strncat(buf, "9", n));
471 }
472
TEST_F(DEATHTEST,strncat2_fortified)473 TEST_F(DEATHTEST, strncat2_fortified) {
474 char buf[10];
475 buf[0] = '\0';
476 size_t n = atoi("10"); // avoid compiler optimizations
477 ASSERT_FORTIFY(strncat(buf, "0123456789", n));
478 }
479
TEST_F(DEATHTEST,strcat_fortified)480 TEST_F(DEATHTEST, strcat_fortified) {
481 char src[11];
482 strcpy(src, "0123456789");
483 char buf[10];
484 buf[0] = '\0';
485 ASSERT_FORTIFY(strcat(buf, src));
486 }
487
TEST_F(DEATHTEST,memmove_fortified)488 TEST_F(DEATHTEST, memmove_fortified) {
489 char buf[20];
490 strcpy(buf, "0123456789");
491 size_t n = atoi("10");
492 ASSERT_FORTIFY(memmove(buf + 11, buf, n));
493 }
494
TEST_F(DEATHTEST,memcpy_fortified)495 TEST_F(DEATHTEST, memcpy_fortified) {
496 char bufa[10];
497 char bufb[10];
498 strcpy(bufa, "012345678");
499 size_t n = atoi("11");
500 ASSERT_FORTIFY(memcpy(bufb, bufa, n));
501 }
502
TEST_F(DEATHTEST,memset_fortified)503 TEST_F(DEATHTEST, memset_fortified) {
504 char buf[10];
505 size_t n = atoi("11");
506 ASSERT_FORTIFY(memset(buf, 0, n));
507 }
508
TEST_F(DEATHTEST,stpncpy_fortified)509 TEST_F(DEATHTEST, stpncpy_fortified) {
510 char bufa[15];
511 char bufb[10];
512 strcpy(bufa, "01234567890123");
513 size_t n = strlen(bufa);
514 ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
515 }
516
TEST_F(DEATHTEST,stpncpy2_fortified)517 TEST_F(DEATHTEST, stpncpy2_fortified) {
518 char dest[11];
519 char src[10];
520 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
521 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
522 }
523
TEST_F(DEATHTEST,strncpy_fortified)524 TEST_F(DEATHTEST, strncpy_fortified) {
525 char bufa[15];
526 char bufb[10];
527 strcpy(bufa, "01234567890123");
528 size_t n = strlen(bufa);
529 ASSERT_FORTIFY(strncpy(bufb, bufa, n));
530 }
531
532
TEST_F(DEATHTEST,strncpy2_fortified)533 TEST_F(DEATHTEST, strncpy2_fortified) {
534 char dest[11];
535 char src[10];
536 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
537 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
538 }
539
TEST_F(DEATHTEST,snprintf_fortified)540 TEST_F(DEATHTEST, snprintf_fortified) {
541 char bufa[15];
542 char bufb[10];
543 strcpy(bufa, "0123456789");
544 size_t n = strlen(bufa) + 1;
545 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
546 }
547
TEST_F(DEATHTEST,bzero_fortified)548 TEST_F(DEATHTEST, bzero_fortified) {
549 char buf[10];
550 memcpy(buf, "0123456789", sizeof(buf));
551 size_t n = atoi("11");
552 ASSERT_FORTIFY(bzero(buf, n));
553 }
554
TEST_F(DEATHTEST,umask_fortified)555 TEST_F(DEATHTEST, umask_fortified) {
556 mode_t mask = atoi("1023"); // 01777 in octal
557 ASSERT_FORTIFY(umask(mask));
558 }
559
TEST_F(DEATHTEST,recv_fortified)560 TEST_F(DEATHTEST, recv_fortified) {
561 size_t data_len = atoi("11"); // suppress compiler optimizations
562 char buf[10];
563 ASSERT_FORTIFY(recv(0, buf, data_len, 0));
564 }
565
TEST_F(DEATHTEST,send_fortified)566 TEST_F(DEATHTEST, send_fortified) {
567 size_t data_len = atoi("11"); // suppress compiler optimizations
568 char buf[10] = {0};
569 ASSERT_FORTIFY(send(0, buf, data_len, 0));
570 }
571
TEST_F(DEATHTEST,FD_ISSET_fortified)572 TEST_F(DEATHTEST, FD_ISSET_fortified) {
573 #if defined(__BIONIC__) // glibc catches this at compile-time.
574 fd_set set;
575 memset(&set, 0, sizeof(set));
576 ASSERT_FORTIFY(FD_ISSET(-1, &set));
577 #endif
578 }
579
TEST_F(DEATHTEST,FD_ISSET_2_fortified)580 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
581 char buf[1];
582 fd_set* set = (fd_set*) buf;
583 ASSERT_FORTIFY(FD_ISSET(0, set));
584 }
585
TEST_F(DEATHTEST,getcwd_fortified)586 TEST_F(DEATHTEST, getcwd_fortified) {
587 char buf[1];
588 size_t ct = atoi("2"); // prevent optimizations
589 ASSERT_FORTIFY(getcwd(buf, ct));
590 }
591
TEST_F(DEATHTEST,pread_fortified)592 TEST_F(DEATHTEST, pread_fortified) {
593 char buf[1];
594 size_t ct = atoi("2"); // prevent optimizations
595 int fd = open("/dev/null", O_RDONLY);
596 ASSERT_FORTIFY(pread(fd, buf, ct, 0));
597 close(fd);
598 }
599
TEST_F(DEATHTEST,pread64_fortified)600 TEST_F(DEATHTEST, pread64_fortified) {
601 char buf[1];
602 size_t ct = atoi("2"); // prevent optimizations
603 int fd = open("/dev/null", O_RDONLY);
604 ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
605 close(fd);
606 }
607
TEST_F(DEATHTEST,pwrite_fortified)608 TEST_F(DEATHTEST, pwrite_fortified) {
609 char buf[1] = {0};
610 size_t ct = atoi("2"); // prevent optimizations
611 int fd = open("/dev/null", O_WRONLY);
612 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
613 close(fd);
614 }
615
TEST_F(DEATHTEST,pwrite64_fortified)616 TEST_F(DEATHTEST, pwrite64_fortified) {
617 char buf[1] = {0};
618 size_t ct = atoi("2"); // prevent optimizations
619 int fd = open("/dev/null", O_WRONLY);
620 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
621 close(fd);
622 }
623
TEST_F(DEATHTEST,read_fortified)624 TEST_F(DEATHTEST, read_fortified) {
625 char buf[1];
626 size_t ct = atoi("2"); // prevent optimizations
627 int fd = open("/dev/null", O_RDONLY);
628 ASSERT_FORTIFY(read(fd, buf, ct));
629 close(fd);
630 }
631
TEST_F(DEATHTEST,write_fortified)632 TEST_F(DEATHTEST, write_fortified) {
633 char buf[1] = {0};
634 size_t ct = atoi("2"); // prevent optimizations
635 int fd = open("/dev/null", O_WRONLY);
636 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
637 close(fd);
638 }
639
TEST_F(DEATHTEST,fread_fortified)640 TEST_F(DEATHTEST, fread_fortified) {
641 char buf[1];
642 size_t ct = atoi("2"); // prevent optimizations
643 FILE* fp = fopen("/dev/null", "r");
644 ASSERT_FORTIFY(fread(buf, 1, ct, fp));
645 fclose(fp);
646 }
647
TEST_F(DEATHTEST,fwrite_fortified)648 TEST_F(DEATHTEST, fwrite_fortified) {
649 char buf[1] = {0};
650 size_t ct = atoi("2"); // prevent optimizations
651 FILE* fp = fopen("/dev/null", "w");
652 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
653 fclose(fp);
654 }
655
TEST_F(DEATHTEST,readlink_fortified)656 TEST_F(DEATHTEST, readlink_fortified) {
657 char buf[1];
658 size_t ct = atoi("2"); // prevent optimizations
659 ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
660 }
661
TEST_F(DEATHTEST,readlinkat_fortified)662 TEST_F(DEATHTEST, readlinkat_fortified) {
663 char buf[1];
664 size_t ct = atoi("2"); // prevent optimizations
665 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
666 }
667
668 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
669 extern "C" char* __strcat_chk(char*, const char*, size_t);
670
TEST(TEST_NAME,strncat)671 TEST(TEST_NAME, strncat) {
672 char buf[10];
673 memset(buf, 'A', sizeof(buf));
674 buf[0] = 'a';
675 buf[1] = '\0';
676 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
677 ASSERT_EQ(buf, res);
678 ASSERT_EQ('a', buf[0]);
679 ASSERT_EQ('0', buf[1]);
680 ASSERT_EQ('1', buf[2]);
681 ASSERT_EQ('2', buf[3]);
682 ASSERT_EQ('3', buf[4]);
683 ASSERT_EQ('4', buf[5]);
684 ASSERT_EQ('\0', buf[6]);
685 ASSERT_EQ('A', buf[7]);
686 ASSERT_EQ('A', buf[8]);
687 ASSERT_EQ('A', buf[9]);
688 }
689
TEST(TEST_NAME,strncat2)690 TEST(TEST_NAME, strncat2) {
691 char buf[10];
692 memset(buf, 'A', sizeof(buf));
693 buf[0] = 'a';
694 buf[1] = '\0';
695 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
696 ASSERT_EQ(buf, res);
697 ASSERT_EQ('a', buf[0]);
698 ASSERT_EQ('0', buf[1]);
699 ASSERT_EQ('1', buf[2]);
700 ASSERT_EQ('2', buf[3]);
701 ASSERT_EQ('3', buf[4]);
702 ASSERT_EQ('4', buf[5]);
703 ASSERT_EQ('\0', buf[6]);
704 ASSERT_EQ('A', buf[7]);
705 ASSERT_EQ('A', buf[8]);
706 ASSERT_EQ('A', buf[9]);
707 }
708
TEST(TEST_NAME,strncat3)709 TEST(TEST_NAME, strncat3) {
710 char buf[10];
711 memset(buf, 'A', sizeof(buf));
712 buf[0] = '\0';
713 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
714 ASSERT_EQ(buf, res);
715 ASSERT_EQ('0', buf[0]);
716 ASSERT_EQ('1', buf[1]);
717 ASSERT_EQ('2', buf[2]);
718 ASSERT_EQ('3', buf[3]);
719 ASSERT_EQ('4', buf[4]);
720 ASSERT_EQ('\0', buf[5]);
721 ASSERT_EQ('A', buf[6]);
722 ASSERT_EQ('A', buf[7]);
723 ASSERT_EQ('A', buf[8]);
724 ASSERT_EQ('A', buf[9]);
725 }
726
TEST(TEST_NAME,strncat4)727 TEST(TEST_NAME, strncat4) {
728 char buf[10];
729 memset(buf, 'A', sizeof(buf));
730 buf[9] = '\0';
731 char* res = __strncat_chk(buf, "", 5, sizeof(buf));
732 ASSERT_EQ(buf, res);
733 ASSERT_EQ('A', buf[0]);
734 ASSERT_EQ('A', buf[1]);
735 ASSERT_EQ('A', buf[2]);
736 ASSERT_EQ('A', buf[3]);
737 ASSERT_EQ('A', buf[4]);
738 ASSERT_EQ('A', buf[5]);
739 ASSERT_EQ('A', buf[6]);
740 ASSERT_EQ('A', buf[7]);
741 ASSERT_EQ('A', buf[8]);
742 ASSERT_EQ('\0', buf[9]);
743 }
744
TEST(TEST_NAME,strncat5)745 TEST(TEST_NAME, strncat5) {
746 char buf[10];
747 memset(buf, 'A', sizeof(buf));
748 buf[0] = 'a';
749 buf[1] = '\0';
750 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
751 ASSERT_EQ(buf, res);
752 ASSERT_EQ('a', buf[0]);
753 ASSERT_EQ('0', buf[1]);
754 ASSERT_EQ('1', buf[2]);
755 ASSERT_EQ('2', buf[3]);
756 ASSERT_EQ('3', buf[4]);
757 ASSERT_EQ('4', buf[5]);
758 ASSERT_EQ('5', buf[6]);
759 ASSERT_EQ('6', buf[7]);
760 ASSERT_EQ('7', buf[8]);
761 ASSERT_EQ('\0', buf[9]);
762 }
763
TEST(TEST_NAME,strncat6)764 TEST(TEST_NAME, strncat6) {
765 char buf[10];
766 memset(buf, 'A', sizeof(buf));
767 buf[0] = 'a';
768 buf[1] = '\0';
769 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
770 ASSERT_EQ(buf, res);
771 ASSERT_EQ('a', buf[0]);
772 ASSERT_EQ('0', buf[1]);
773 ASSERT_EQ('1', buf[2]);
774 ASSERT_EQ('2', buf[3]);
775 ASSERT_EQ('3', buf[4]);
776 ASSERT_EQ('4', buf[5]);
777 ASSERT_EQ('5', buf[6]);
778 ASSERT_EQ('6', buf[7]);
779 ASSERT_EQ('7', buf[8]);
780 ASSERT_EQ('\0', buf[9]);
781 }
782
783
TEST(TEST_NAME,strcat)784 TEST(TEST_NAME, strcat) {
785 char buf[10];
786 memset(buf, 'A', sizeof(buf));
787 buf[0] = 'a';
788 buf[1] = '\0';
789 char* res = __strcat_chk(buf, "01234", sizeof(buf));
790 ASSERT_EQ(buf, res);
791 ASSERT_EQ('a', buf[0]);
792 ASSERT_EQ('0', buf[1]);
793 ASSERT_EQ('1', buf[2]);
794 ASSERT_EQ('2', buf[3]);
795 ASSERT_EQ('3', buf[4]);
796 ASSERT_EQ('4', buf[5]);
797 ASSERT_EQ('\0', buf[6]);
798 ASSERT_EQ('A', buf[7]);
799 ASSERT_EQ('A', buf[8]);
800 ASSERT_EQ('A', buf[9]);
801 }
802
TEST(TEST_NAME,strcat2)803 TEST(TEST_NAME, strcat2) {
804 char buf[10];
805 memset(buf, 'A', sizeof(buf));
806 buf[0] = 'a';
807 buf[1] = '\0';
808 char* res = __strcat_chk(buf, "01234567", sizeof(buf));
809 ASSERT_EQ(buf, res);
810 ASSERT_EQ('a', buf[0]);
811 ASSERT_EQ('0', buf[1]);
812 ASSERT_EQ('1', buf[2]);
813 ASSERT_EQ('2', buf[3]);
814 ASSERT_EQ('3', buf[4]);
815 ASSERT_EQ('4', buf[5]);
816 ASSERT_EQ('5', buf[6]);
817 ASSERT_EQ('6', buf[7]);
818 ASSERT_EQ('7', buf[8]);
819 ASSERT_EQ('\0', buf[9]);
820 }
821
TEST(TEST_NAME,stpncpy)822 TEST(TEST_NAME, stpncpy) {
823 char src[10];
824 char dst[10];
825 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
826 stpncpy(dst, src, sizeof(dst));
827 ASSERT_EQ('0', dst[0]);
828 ASSERT_EQ('1', dst[1]);
829 ASSERT_EQ('2', dst[2]);
830 ASSERT_EQ('3', dst[3]);
831 ASSERT_EQ('4', dst[4]);
832 ASSERT_EQ('5', dst[5]);
833 ASSERT_EQ('6', dst[6]);
834 ASSERT_EQ('7', dst[7]);
835 ASSERT_EQ('8', dst[8]);
836 ASSERT_EQ('9', dst[9]);
837 }
838
TEST(TEST_NAME,stpncpy2)839 TEST(TEST_NAME, stpncpy2) {
840 char src[10];
841 char dst[15];
842 memcpy(src, "012345678\0", sizeof(src));
843 stpncpy(dst, src, sizeof(dst));
844 ASSERT_EQ('0', dst[0]);
845 ASSERT_EQ('1', dst[1]);
846 ASSERT_EQ('2', dst[2]);
847 ASSERT_EQ('3', dst[3]);
848 ASSERT_EQ('4', dst[4]);
849 ASSERT_EQ('5', dst[5]);
850 ASSERT_EQ('6', dst[6]);
851 ASSERT_EQ('7', dst[7]);
852 ASSERT_EQ('8', dst[8]);
853 ASSERT_EQ('\0', dst[9]);
854 ASSERT_EQ('\0', dst[10]);
855 ASSERT_EQ('\0', dst[11]);
856 ASSERT_EQ('\0', dst[12]);
857 ASSERT_EQ('\0', dst[13]);
858 ASSERT_EQ('\0', dst[14]);
859 }
860
TEST(TEST_NAME,strncpy)861 TEST(TEST_NAME, strncpy) {
862 char src[10];
863 char dst[10];
864 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
865 strncpy(dst, src, sizeof(dst));
866 ASSERT_EQ('0', dst[0]);
867 ASSERT_EQ('1', dst[1]);
868 ASSERT_EQ('2', dst[2]);
869 ASSERT_EQ('3', dst[3]);
870 ASSERT_EQ('4', dst[4]);
871 ASSERT_EQ('5', dst[5]);
872 ASSERT_EQ('6', dst[6]);
873 ASSERT_EQ('7', dst[7]);
874 ASSERT_EQ('8', dst[8]);
875 ASSERT_EQ('9', dst[9]);
876 }
877
TEST(TEST_NAME,strncpy2)878 TEST(TEST_NAME, strncpy2) {
879 char src[10];
880 char dst[15];
881 memcpy(src, "012345678\0", sizeof(src));
882 strncpy(dst, src, sizeof(dst));
883 ASSERT_EQ('0', dst[0]);
884 ASSERT_EQ('1', dst[1]);
885 ASSERT_EQ('2', dst[2]);
886 ASSERT_EQ('3', dst[3]);
887 ASSERT_EQ('4', dst[4]);
888 ASSERT_EQ('5', dst[5]);
889 ASSERT_EQ('6', dst[6]);
890 ASSERT_EQ('7', dst[7]);
891 ASSERT_EQ('8', dst[8]);
892 ASSERT_EQ('\0', dst[9]);
893 ASSERT_EQ('\0', dst[10]);
894 ASSERT_EQ('\0', dst[11]);
895 ASSERT_EQ('\0', dst[12]);
896 ASSERT_EQ('\0', dst[13]);
897 ASSERT_EQ('\0', dst[14]);
898 }
899
TEST(TEST_NAME,strcat_chk_max_int_size)900 TEST(TEST_NAME, strcat_chk_max_int_size) {
901 char buf[10];
902 memset(buf, 'A', sizeof(buf));
903 buf[0] = 'a';
904 buf[1] = '\0';
905 char* res = __strcat_chk(buf, "01234567", (size_t)-1);
906 ASSERT_EQ(buf, res);
907 ASSERT_EQ('a', buf[0]);
908 ASSERT_EQ('0', buf[1]);
909 ASSERT_EQ('1', buf[2]);
910 ASSERT_EQ('2', buf[3]);
911 ASSERT_EQ('3', buf[4]);
912 ASSERT_EQ('4', buf[5]);
913 ASSERT_EQ('5', buf[6]);
914 ASSERT_EQ('6', buf[7]);
915 ASSERT_EQ('7', buf[8]);
916 ASSERT_EQ('\0', buf[9]);
917 }
918
919 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
920
TEST(TEST_NAME,stpcpy_chk_max_int_size)921 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
922 char buf[10];
923 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
924 ASSERT_EQ(buf + strlen("012345678"), res);
925 ASSERT_STREQ("012345678", buf);
926 }
927
928 extern "C" char* __strcpy_chk(char*, const char*, size_t);
929
TEST(TEST_NAME,strcpy_chk_max_int_size)930 TEST(TEST_NAME, strcpy_chk_max_int_size) {
931 char buf[10];
932 char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
933 ASSERT_EQ(buf, res);
934 ASSERT_STREQ("012345678", buf);
935 }
936
937 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
938
TEST(TEST_NAME,memcpy_chk_max_int_size)939 TEST(TEST_NAME, memcpy_chk_max_int_size) {
940 char buf[10];
941 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
942 ASSERT_EQ((void*)buf, res);
943 ASSERT_EQ('0', buf[0]);
944 ASSERT_EQ('1', buf[1]);
945 ASSERT_EQ('2', buf[2]);
946 ASSERT_EQ('3', buf[3]);
947 ASSERT_EQ('4', buf[4]);
948 ASSERT_EQ('5', buf[5]);
949 ASSERT_EQ('6', buf[6]);
950 ASSERT_EQ('7', buf[7]);
951 ASSERT_EQ('8', buf[8]);
952 ASSERT_EQ('\0', buf[9]);
953 }
954
955 // Verify that macro expansion is done properly for sprintf/snprintf (which
956 // are defined as macros in stdio.h under clang).
957 #define CONTENTS "macro expansion"
958 #define BUF_AND_SIZE(A) A, sizeof(A)
959 #define BUF_AND_CONTENTS(A) A, CONTENTS
960 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)961 TEST(TEST_NAME, s_n_printf_macro_expansion) {
962 char buf[BUFSIZ];
963 snprintf(BUF_AND_SIZE(buf), CONTENTS);
964 EXPECT_STREQ(CONTENTS, buf);
965
966 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
967 EXPECT_STREQ(CONTENTS, buf);
968
969 sprintf(BUF_AND_CONTENTS(buf));
970 EXPECT_STREQ(CONTENTS, buf);
971 }
972
TEST_F(DEATHTEST,poll_fortified)973 TEST_F(DEATHTEST, poll_fortified) {
974 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
975 pollfd buf[1] = {{0, POLLIN, 0}};
976 // Set timeout to zero to prevent waiting in poll when fortify test fails.
977 ASSERT_FORTIFY(poll(buf, fd_count, 0));
978 }
979
TEST_F(DEATHTEST,ppoll_fortified)980 TEST_F(DEATHTEST, ppoll_fortified) {
981 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
982 pollfd buf[1] = {{0, POLLIN, 0}};
983 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
984 timespec timeout;
985 timeout.tv_sec = timeout.tv_nsec = 0;
986 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, NULL));
987 }
988