1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <gtest/gtest.h>
18 #include "BionicDeathTest.h"
19
20 #include <fcntl.h>
21 #include <malloc.h>
22 #include <poll.h>
23 #include <signal.h>
24 #include <stdarg.h>
25 #include <string.h>
26 #include <sys/socket.h>
27 #include <sys/stat.h>
28 #include <sys/types.h>
29 #include <time.h>
30
31 #if __BIONIC__
32 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
33 #else
34 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
35 #endif
36
37 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
38 // distinguish different tests. TEST_NAME is defined in compilation command.
39 #define DEATHTEST_PASTER(name) name##_DeathTest
40 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
41 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
42
43 class DEATHTEST : public BionicDeathTest {};
44
45 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
46 struct foo {
47 char empty[0];
48 char one[1];
49 char a[10];
50 char b[10];
51 };
52
TEST_F(DEATHTEST,stpncpy_fortified2)53 TEST_F(DEATHTEST, stpncpy_fortified2) {
54 foo myfoo;
55 int copy_amt = atoi("11");
56 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
57 }
58
TEST_F(DEATHTEST,stpncpy2_fortified2)59 TEST_F(DEATHTEST, stpncpy2_fortified2) {
60 foo myfoo;
61 memset(&myfoo, 0, sizeof(myfoo));
62 myfoo.one[0] = 'A'; // not null terminated string
63 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
64 }
65
TEST_F(DEATHTEST,strncpy_fortified2)66 TEST_F(DEATHTEST, strncpy_fortified2) {
67 foo myfoo;
68 int copy_amt = atoi("11");
69 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
70 }
71
TEST_F(DEATHTEST,strncpy2_fortified2)72 TEST_F(DEATHTEST, strncpy2_fortified2) {
73 foo myfoo;
74 memset(&myfoo, 0, sizeof(myfoo));
75 myfoo.one[0] = 'A'; // not null terminated string
76 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
77 }
78
TEST_F(DEATHTEST,sprintf_fortified2)79 TEST_F(DEATHTEST, sprintf_fortified2) {
80 foo myfoo;
81 char source_buf[15];
82 memcpy(source_buf, "12345678901234", 15);
83 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
84 }
85
TEST_F(DEATHTEST,sprintf2_fortified2)86 TEST_F(DEATHTEST, sprintf2_fortified2) {
87 foo myfoo;
88 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
89 }
90
vsprintf_helper2(const char * fmt,...)91 static int vsprintf_helper2(const char *fmt, ...) {
92 foo myfoo;
93 va_list va;
94 int result;
95
96 va_start(va, fmt);
97 result = vsprintf(myfoo.a, fmt, va); // should crash here
98 va_end(va);
99 return result;
100 }
101
TEST_F(DEATHTEST,vsprintf_fortified2)102 TEST_F(DEATHTEST, vsprintf_fortified2) {
103 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
104 }
105
TEST_F(DEATHTEST,vsprintf2_fortified2)106 TEST_F(DEATHTEST, vsprintf2_fortified2) {
107 ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
108 }
109
vsnprintf_helper2(const char * fmt,...)110 static int vsnprintf_helper2(const char *fmt, ...) {
111 foo myfoo;
112 va_list va;
113 int result;
114 size_t size = atoi("11");
115
116 va_start(va, fmt);
117 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
118 va_end(va);
119 return result;
120 }
121
TEST_F(DEATHTEST,vsnprintf_fortified2)122 TEST_F(DEATHTEST, vsnprintf_fortified2) {
123 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
124 }
125
TEST_F(DEATHTEST,vsnprintf2_fortified2)126 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
127 ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
128 }
129
130 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,stpcpy_fortified2)131 TEST_F(DEATHTEST, stpcpy_fortified2) {
132 #if defined(__BIONIC__)
133 foo myfoo;
134 char* src = strdup("");
135 ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
136 free(src);
137 #else // __BIONIC__
138 GTEST_SKIP() << "stpcpy not available";
139 #endif // __BIONIC__
140 }
141
142 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy_fortified2)143 TEST_F(DEATHTEST, strcpy_fortified2) {
144 #if defined(__BIONIC__)
145 foo myfoo;
146 char* src = strdup("");
147 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
148 free(src);
149 #else // __BIONIC__
150 GTEST_SKIP() << "glibc is broken";
151 #endif // __BIONIC__
152 }
153
154 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified2)155 TEST_F(DEATHTEST, strcpy2_fortified2) {
156 #if defined(__BIONIC__)
157 foo myfoo;
158 char* src = strdup("1");
159 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
160 free(src);
161 #else // __BIONIC__
162 GTEST_SKIP() << "glibc is broken";
163 #endif // __BIONIC__
164 }
165
166 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified2)167 TEST_F(DEATHTEST, strcpy3_fortified2) {
168 #if defined(__BIONIC__)
169 foo myfoo;
170 char* src = strdup("12");
171 ASSERT_FORTIFY(strcpy(myfoo.one, src));
172 free(src);
173 #else // __BIONIC__
174 GTEST_SKIP() << "glibc is broken";
175 #endif // __BIONIC__
176 }
177
TEST_F(DEATHTEST,strchr_fortified2)178 TEST_F(DEATHTEST, strchr_fortified2) {
179 #if defined(__BIONIC__)
180 foo myfoo;
181 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
182 myfoo.b[0] = '\0';
183 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
184 ASSERT_FORTIFY(printf("%s", strchr(static_cast<const char*>(myfoo.a), 'a')));
185 #else // __BIONIC__
186 GTEST_SKIP() << "glibc is broken";
187 #endif // __BIONIC__
188 }
189
TEST_F(DEATHTEST,strrchr_fortified2)190 TEST_F(DEATHTEST, strrchr_fortified2) {
191 #if defined(__BIONIC__)
192 foo myfoo;
193 memcpy(myfoo.a, "0123456789", 10);
194 memcpy(myfoo.b, "01234", 6);
195 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
196 ASSERT_FORTIFY(printf("%s", strrchr(static_cast<const char*>(myfoo.a), 'a')));
197 #else // __BIONIC__
198 GTEST_SKIP() << "glibc is broken";
199 #endif // __BIONIC__
200 }
201
TEST_F(DEATHTEST,memchr_fortified2)202 TEST_F(DEATHTEST, memchr_fortified2) {
203 #if defined(__BIONIC__)
204 foo myfoo;
205 volatile int asize = sizeof(myfoo.a) + 1;
206 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
207 ASSERT_FORTIFY(printf("%s", memchr(myfoo.a, 'a', asize)));
208 ASSERT_FORTIFY(printf("%s", memchr(static_cast<const void*>(myfoo.a), 'a', asize)));
209 #else // __BIONIC__
210 GTEST_SKIP() << "glibc is broken";
211 #endif // __BIONIC__
212 }
213
TEST_F(DEATHTEST,memrchr_fortified2)214 TEST_F(DEATHTEST, memrchr_fortified2) {
215 #if defined(__BIONIC__)
216 foo myfoo;
217 volatile int asize = sizeof(myfoo.a) + 1;
218 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
219 ASSERT_FORTIFY(printf("%s", memrchr(myfoo.a, 'a', asize)));
220 ASSERT_FORTIFY(printf("%s", memrchr(static_cast<const void*>(myfoo.a), 'a', asize)));
221 #else // __BIONIC__
222 GTEST_SKIP() << "glibc is broken";
223 #endif // __BIONIC__
224 }
225
TEST_F(DEATHTEST,strlcpy_fortified2)226 TEST_F(DEATHTEST, strlcpy_fortified2) {
227 #if defined(__BIONIC__)
228 foo myfoo;
229 strcpy(myfoo.a, "01");
230 size_t n = strlen(myfoo.a);
231 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
232 #else // __BIONIC__
233 GTEST_SKIP() << "strlcpy not available";
234 #endif // __BIONIC__
235 }
236
TEST_F(DEATHTEST,strlcat_fortified2)237 TEST_F(DEATHTEST, strlcat_fortified2) {
238 #if defined(__BIONIC__)
239 foo myfoo;
240 strcpy(myfoo.a, "01");
241 myfoo.one[0] = '\0';
242 size_t n = strlen(myfoo.a);
243 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
244 #else // __BIONIC__
245 GTEST_SKIP() << "strlcat not available";
246 #endif // __BIONIC__
247 }
248
TEST_F(DEATHTEST,strncat_fortified2)249 TEST_F(DEATHTEST, strncat_fortified2) {
250 foo myfoo;
251 size_t n = atoi("10"); // avoid compiler optimizations
252 strncpy(myfoo.a, "012345678", n);
253 ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
254 }
255
TEST_F(DEATHTEST,strncat2_fortified2)256 TEST_F(DEATHTEST, strncat2_fortified2) {
257 foo myfoo;
258 myfoo.a[0] = '\0';
259 size_t n = atoi("10"); // avoid compiler optimizations
260 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
261 }
262
TEST_F(DEATHTEST,strncat3_fortified2)263 TEST_F(DEATHTEST, strncat3_fortified2) {
264 foo myfoo;
265 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
266 myfoo.b[0] = '\0';
267 size_t n = atoi("10"); // avoid compiler optimizations
268 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
269 }
270
TEST_F(DEATHTEST,strcat_fortified2)271 TEST_F(DEATHTEST, strcat_fortified2) {
272 char src[11];
273 strcpy(src, "0123456789");
274 foo myfoo;
275 myfoo.a[0] = '\0';
276 ASSERT_FORTIFY(strcat(myfoo.a, src));
277 }
278
TEST_F(DEATHTEST,strcat2_fortified2)279 TEST_F(DEATHTEST, strcat2_fortified2) {
280 foo myfoo;
281 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
282 myfoo.b[0] = '\0';
283 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
284 }
285
TEST_F(DEATHTEST,snprintf_fortified2)286 TEST_F(DEATHTEST, snprintf_fortified2) {
287 foo myfoo;
288 strcpy(myfoo.a, "012345678");
289 size_t n = strlen(myfoo.a) + 2;
290 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
291 }
292
TEST_F(DEATHTEST,bzero_fortified2)293 TEST_F(DEATHTEST, bzero_fortified2) {
294 foo myfoo;
295 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
296 size_t n = atoi("11");
297 ASSERT_FORTIFY(bzero(myfoo.b, n));
298 }
299
300 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
301
302 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)303 TEST_F(DEATHTEST, strcpy_fortified) {
304 #if defined(__BIONIC__)
305 char buf[10];
306 char *orig = strdup("0123456789");
307 ASSERT_FORTIFY(strcpy(buf, orig));
308 free(orig);
309 #else // __BIONIC__
310 GTEST_SKIP() << "glibc is broken";
311 #endif // __BIONIC__
312 }
313
314 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)315 TEST_F(DEATHTEST, strcpy2_fortified) {
316 #if defined(__BIONIC__)
317 char buf[0];
318 char *orig = strdup("");
319 ASSERT_FORTIFY(strcpy(buf, orig));
320 free(orig);
321 #else // __BIONIC__
322 GTEST_SKIP() << "glibc is broken";
323 #endif // __BIONIC__
324 }
325
326 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)327 TEST_F(DEATHTEST, strcpy3_fortified) {
328 #if defined(__BIONIC__)
329 char buf[0];
330 char *orig = strdup("1");
331 ASSERT_FORTIFY(strcpy(buf, orig));
332 free(orig);
333 #else // __BIONIC__
334 GTEST_SKIP() << "glibc is broken";
335 #endif // __BIONIC__
336 }
337
338 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)339 TEST_F(DEATHTEST, strcpy4_fortified) {
340 #if defined(__BIONIC__)
341 char buf[1];
342 char *orig = strdup("12");
343 ASSERT_FORTIFY(strcpy(buf, orig));
344 free(orig);
345 #else // __BIONIC__
346 GTEST_SKIP() << "glibc is broken";
347 #endif // __BIONIC__
348 }
349
TEST_F(DEATHTEST,strlen_fortified)350 TEST_F(DEATHTEST, strlen_fortified) {
351 #if defined(__BIONIC__)
352 char buf[10];
353 memcpy(buf, "0123456789", sizeof(buf));
354 ASSERT_FORTIFY(printf("%zd", strlen(buf)));
355 #else // __BIONIC__
356 GTEST_SKIP() << "glibc is broken";
357 #endif // __BIONIC__
358 }
359
TEST_F(DEATHTEST,strchr_fortified)360 TEST_F(DEATHTEST, strchr_fortified) {
361 #if defined(__BIONIC__)
362 char buf[10];
363 memcpy(buf, "0123456789", sizeof(buf));
364 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
365 #else // __BIONIC__
366 GTEST_SKIP() << "glibc is broken";
367 #endif // __BIONIC__
368 }
369
TEST_F(DEATHTEST,strrchr_fortified)370 TEST_F(DEATHTEST, strrchr_fortified) {
371 #if defined(__BIONIC__)
372 char buf[10];
373 memcpy(buf, "0123456789", sizeof(buf));
374 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
375 #else // __BIONIC__
376 GTEST_SKIP() << "glibc is broken";
377 #endif // __BIONIC__
378 }
379
TEST_F(DEATHTEST,strlcpy_fortified)380 TEST_F(DEATHTEST, strlcpy_fortified) {
381 #if defined(__BIONIC__)
382 char bufa[15];
383 char bufb[10];
384 strcpy(bufa, "01234567890123");
385 size_t n = strlen(bufa);
386 ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
387 #else // __BIONIC__
388 GTEST_SKIP() << "strlcpy not available";
389 #endif // __BIONIC__
390 }
391
TEST_F(DEATHTEST,strlcat_fortified)392 TEST_F(DEATHTEST, strlcat_fortified) {
393 #if defined(__BIONIC__)
394 char bufa[15];
395 char bufb[10];
396 bufb[0] = '\0';
397 strcpy(bufa, "01234567890123");
398 size_t n = strlen(bufa);
399 ASSERT_FORTIFY(strlcat(bufb, bufa, n));
400 #else // __BIONIC__
401 GTEST_SKIP() << "strlcat not available";
402 #endif // __BIONIC__
403 }
404
TEST_F(DEATHTEST,sprintf_fortified)405 TEST_F(DEATHTEST, sprintf_fortified) {
406 char buf[10];
407 char source_buf[15];
408 memcpy(source_buf, "12345678901234", 15);
409 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
410 }
411
412 #if !__has_attribute(alloc_size)
413 // TODO: remove this after Clang prebuilt rebase.
414 #else
TEST_F(DEATHTEST,sprintf_malloc_fortified)415 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
416 char* buf = (char *) malloc(10);
417 char source_buf[11];
418 memcpy(source_buf, "1234567890", 11);
419 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
420 free(buf);
421 }
422 #endif
423
TEST_F(DEATHTEST,sprintf2_fortified)424 TEST_F(DEATHTEST, sprintf2_fortified) {
425 char buf[5];
426 ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
427 }
428
vsprintf_helper(const char * fmt,...)429 static int vsprintf_helper(const char *fmt, ...) {
430 char buf[10];
431 va_list va;
432 int result;
433
434 va_start(va, fmt);
435 result = vsprintf(buf, fmt, va); // should crash here
436 va_end(va);
437 return result;
438 }
439
TEST_F(DEATHTEST,vsprintf_fortified)440 TEST_F(DEATHTEST, vsprintf_fortified) {
441 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
442 }
443
TEST_F(DEATHTEST,vsprintf2_fortified)444 TEST_F(DEATHTEST, vsprintf2_fortified) {
445 ASSERT_FORTIFY(vsprintf_helper("0123456789"));
446 }
447
vsnprintf_helper(const char * fmt,...)448 static int vsnprintf_helper(const char *fmt, ...) {
449 char buf[10];
450 va_list va;
451 int result;
452 size_t size = atoi("11");
453
454 va_start(va, fmt);
455 result = vsnprintf(buf, size, fmt, va); // should crash here
456 va_end(va);
457 return result;
458 }
459
TEST_F(DEATHTEST,vsnprintf_fortified)460 TEST_F(DEATHTEST, vsnprintf_fortified) {
461 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
462 }
463
TEST_F(DEATHTEST,vsnprintf2_fortified)464 TEST_F(DEATHTEST, vsnprintf2_fortified) {
465 ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
466 }
467
TEST_F(DEATHTEST,strncat_fortified)468 TEST_F(DEATHTEST, strncat_fortified) {
469 char buf[10];
470 size_t n = atoi("10"); // avoid compiler optimizations
471 strncpy(buf, "012345678", n);
472 ASSERT_FORTIFY(strncat(buf, "9", n));
473 }
474
TEST_F(DEATHTEST,strncat2_fortified)475 TEST_F(DEATHTEST, strncat2_fortified) {
476 char buf[10];
477 buf[0] = '\0';
478 size_t n = atoi("10"); // avoid compiler optimizations
479 ASSERT_FORTIFY(strncat(buf, "0123456789", n));
480 }
481
TEST_F(DEATHTEST,strcat_fortified)482 TEST_F(DEATHTEST, strcat_fortified) {
483 char src[11];
484 strcpy(src, "0123456789");
485 char buf[10];
486 buf[0] = '\0';
487 ASSERT_FORTIFY(strcat(buf, src));
488 }
489
TEST_F(DEATHTEST,memmove_fortified)490 TEST_F(DEATHTEST, memmove_fortified) {
491 char buf[20];
492 strcpy(buf, "0123456789");
493 size_t n = atoi("10");
494 ASSERT_FORTIFY(memmove(buf + 11, buf, n));
495 }
496
TEST_F(DEATHTEST,memcpy_fortified)497 TEST_F(DEATHTEST, memcpy_fortified) {
498 char bufa[10];
499 char bufb[10];
500 strcpy(bufa, "012345678");
501 size_t n = atoi("11");
502 ASSERT_FORTIFY(memcpy(bufb, bufa, n));
503 }
504
TEST_F(DEATHTEST,memset_fortified)505 TEST_F(DEATHTEST, memset_fortified) {
506 char buf[10];
507 size_t n = atoi("11");
508 ASSERT_FORTIFY(memset(buf, 0, n));
509 }
510
TEST_F(DEATHTEST,stpncpy_fortified)511 TEST_F(DEATHTEST, stpncpy_fortified) {
512 char bufa[15];
513 char bufb[10];
514 strcpy(bufa, "01234567890123");
515 size_t n = strlen(bufa);
516 ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
517 }
518
TEST_F(DEATHTEST,stpncpy2_fortified)519 TEST_F(DEATHTEST, stpncpy2_fortified) {
520 char dest[11];
521 char src[10];
522 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
523 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
524 }
525
TEST_F(DEATHTEST,strncpy_fortified)526 TEST_F(DEATHTEST, strncpy_fortified) {
527 char bufa[15];
528 char bufb[10];
529 strcpy(bufa, "01234567890123");
530 size_t n = strlen(bufa);
531 ASSERT_FORTIFY(strncpy(bufb, bufa, n));
532 }
533
534
TEST_F(DEATHTEST,strncpy2_fortified)535 TEST_F(DEATHTEST, strncpy2_fortified) {
536 char dest[11];
537 char src[10];
538 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
539 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
540 }
541
TEST_F(DEATHTEST,snprintf_fortified)542 TEST_F(DEATHTEST, snprintf_fortified) {
543 char bufa[15];
544 char bufb[10];
545 strcpy(bufa, "0123456789");
546 size_t n = strlen(bufa) + 1;
547 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
548 }
549
TEST_F(DEATHTEST,bzero_fortified)550 TEST_F(DEATHTEST, bzero_fortified) {
551 char buf[10];
552 memcpy(buf, "0123456789", sizeof(buf));
553 size_t n = atoi("11");
554 ASSERT_FORTIFY(bzero(buf, n));
555 }
556
TEST_F(DEATHTEST,umask_fortified)557 TEST_F(DEATHTEST, umask_fortified) {
558 mode_t mask = atoi("1023"); // 01777 in octal
559 ASSERT_FORTIFY(umask(mask));
560 }
561
TEST_F(DEATHTEST,recv_fortified)562 TEST_F(DEATHTEST, recv_fortified) {
563 size_t data_len = atoi("11"); // suppress compiler optimizations
564 char buf[10];
565 ASSERT_FORTIFY(recv(0, buf, data_len, 0));
566 }
567
TEST_F(DEATHTEST,send_fortified)568 TEST_F(DEATHTEST, send_fortified) {
569 size_t data_len = atoi("11"); // suppress compiler optimizations
570 char buf[10] = {0};
571 ASSERT_FORTIFY(send(0, buf, data_len, 0));
572 }
573
TEST_F(DEATHTEST,FD_ISSET_fortified)574 TEST_F(DEATHTEST, FD_ISSET_fortified) {
575 #if defined(__BIONIC__) // glibc catches this at compile-time.
576 fd_set set;
577 memset(&set, 0, sizeof(set));
578 ASSERT_FORTIFY(FD_ISSET(-1, &set));
579 #endif
580 }
581
TEST_F(DEATHTEST,FD_ISSET_2_fortified)582 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
583 char buf[1];
584 fd_set* set = (fd_set*) buf;
585 ASSERT_FORTIFY(FD_ISSET(0, set));
586 }
587
TEST_F(DEATHTEST,getcwd_fortified)588 TEST_F(DEATHTEST, getcwd_fortified) {
589 char buf[1];
590 size_t ct = atoi("2"); // prevent optimizations
591 ASSERT_FORTIFY(getcwd(buf, ct));
592 }
593
TEST_F(DEATHTEST,pread_fortified)594 TEST_F(DEATHTEST, pread_fortified) {
595 char buf[1];
596 size_t ct = atoi("2"); // prevent optimizations
597 int fd = open("/dev/null", O_RDONLY);
598 ASSERT_FORTIFY(pread(fd, buf, ct, 0));
599 close(fd);
600 }
601
TEST_F(DEATHTEST,pread64_fortified)602 TEST_F(DEATHTEST, pread64_fortified) {
603 char buf[1];
604 size_t ct = atoi("2"); // prevent optimizations
605 int fd = open("/dev/null", O_RDONLY);
606 ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
607 close(fd);
608 }
609
TEST_F(DEATHTEST,pwrite_fortified)610 TEST_F(DEATHTEST, pwrite_fortified) {
611 char buf[1] = {0};
612 size_t ct = atoi("2"); // prevent optimizations
613 int fd = open("/dev/null", O_WRONLY);
614 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
615 close(fd);
616 }
617
TEST_F(DEATHTEST,pwrite64_fortified)618 TEST_F(DEATHTEST, pwrite64_fortified) {
619 char buf[1] = {0};
620 size_t ct = atoi("2"); // prevent optimizations
621 int fd = open("/dev/null", O_WRONLY);
622 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
623 close(fd);
624 }
625
TEST_F(DEATHTEST,read_fortified)626 TEST_F(DEATHTEST, read_fortified) {
627 char buf[1];
628 size_t ct = atoi("2"); // prevent optimizations
629 int fd = open("/dev/null", O_RDONLY);
630 ASSERT_FORTIFY(read(fd, buf, ct));
631 close(fd);
632 }
633
TEST_F(DEATHTEST,write_fortified)634 TEST_F(DEATHTEST, write_fortified) {
635 char buf[1] = {0};
636 size_t ct = atoi("2"); // prevent optimizations
637 int fd = open("/dev/null", O_WRONLY);
638 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
639 close(fd);
640 }
641
TEST_F(DEATHTEST,fread_fortified)642 TEST_F(DEATHTEST, fread_fortified) {
643 char buf[1];
644 size_t ct = atoi("2"); // prevent optimizations
645 FILE* fp = fopen("/dev/null", "r");
646 ASSERT_FORTIFY(fread(buf, 1, ct, fp));
647 fclose(fp);
648 }
649
TEST_F(DEATHTEST,fwrite_fortified)650 TEST_F(DEATHTEST, fwrite_fortified) {
651 char buf[1] = {0};
652 size_t ct = atoi("2"); // prevent optimizations
653 FILE* fp = fopen("/dev/null", "w");
654 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
655 fclose(fp);
656 }
657
TEST_F(DEATHTEST,readlink_fortified)658 TEST_F(DEATHTEST, readlink_fortified) {
659 char buf[1];
660 size_t ct = atoi("2"); // prevent optimizations
661 ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
662 }
663
TEST_F(DEATHTEST,readlinkat_fortified)664 TEST_F(DEATHTEST, readlinkat_fortified) {
665 char buf[1];
666 size_t ct = atoi("2"); // prevent optimizations
667 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
668 }
669
670 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
671 extern "C" char* __strcat_chk(char*, const char*, size_t);
672
TEST(TEST_NAME,strncat)673 TEST(TEST_NAME, strncat) {
674 char buf[10];
675 memset(buf, 'A', sizeof(buf));
676 buf[0] = 'a';
677 buf[1] = '\0';
678 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
679 ASSERT_EQ(buf, res);
680 ASSERT_EQ('a', buf[0]);
681 ASSERT_EQ('0', buf[1]);
682 ASSERT_EQ('1', buf[2]);
683 ASSERT_EQ('2', buf[3]);
684 ASSERT_EQ('3', buf[4]);
685 ASSERT_EQ('4', buf[5]);
686 ASSERT_EQ('\0', buf[6]);
687 ASSERT_EQ('A', buf[7]);
688 ASSERT_EQ('A', buf[8]);
689 ASSERT_EQ('A', buf[9]);
690 }
691
TEST(TEST_NAME,strncat2)692 TEST(TEST_NAME, strncat2) {
693 char buf[10];
694 memset(buf, 'A', sizeof(buf));
695 buf[0] = 'a';
696 buf[1] = '\0';
697 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
698 ASSERT_EQ(buf, res);
699 ASSERT_EQ('a', buf[0]);
700 ASSERT_EQ('0', buf[1]);
701 ASSERT_EQ('1', buf[2]);
702 ASSERT_EQ('2', buf[3]);
703 ASSERT_EQ('3', buf[4]);
704 ASSERT_EQ('4', buf[5]);
705 ASSERT_EQ('\0', buf[6]);
706 ASSERT_EQ('A', buf[7]);
707 ASSERT_EQ('A', buf[8]);
708 ASSERT_EQ('A', buf[9]);
709 }
710
TEST(TEST_NAME,strncat3)711 TEST(TEST_NAME, strncat3) {
712 char buf[10];
713 memset(buf, 'A', sizeof(buf));
714 buf[0] = '\0';
715 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
716 ASSERT_EQ(buf, res);
717 ASSERT_EQ('0', buf[0]);
718 ASSERT_EQ('1', buf[1]);
719 ASSERT_EQ('2', buf[2]);
720 ASSERT_EQ('3', buf[3]);
721 ASSERT_EQ('4', buf[4]);
722 ASSERT_EQ('\0', buf[5]);
723 ASSERT_EQ('A', buf[6]);
724 ASSERT_EQ('A', buf[7]);
725 ASSERT_EQ('A', buf[8]);
726 ASSERT_EQ('A', buf[9]);
727 }
728
TEST(TEST_NAME,strncat4)729 TEST(TEST_NAME, strncat4) {
730 char buf[10];
731 memset(buf, 'A', sizeof(buf));
732 buf[9] = '\0';
733 char* res = __strncat_chk(buf, "", 5, sizeof(buf));
734 ASSERT_EQ(buf, res);
735 ASSERT_EQ('A', buf[0]);
736 ASSERT_EQ('A', buf[1]);
737 ASSERT_EQ('A', buf[2]);
738 ASSERT_EQ('A', buf[3]);
739 ASSERT_EQ('A', buf[4]);
740 ASSERT_EQ('A', buf[5]);
741 ASSERT_EQ('A', buf[6]);
742 ASSERT_EQ('A', buf[7]);
743 ASSERT_EQ('A', buf[8]);
744 ASSERT_EQ('\0', buf[9]);
745 }
746
TEST(TEST_NAME,strncat5)747 TEST(TEST_NAME, strncat5) {
748 char buf[10];
749 memset(buf, 'A', sizeof(buf));
750 buf[0] = 'a';
751 buf[1] = '\0';
752 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
753 ASSERT_EQ(buf, res);
754 ASSERT_EQ('a', buf[0]);
755 ASSERT_EQ('0', buf[1]);
756 ASSERT_EQ('1', buf[2]);
757 ASSERT_EQ('2', buf[3]);
758 ASSERT_EQ('3', buf[4]);
759 ASSERT_EQ('4', buf[5]);
760 ASSERT_EQ('5', buf[6]);
761 ASSERT_EQ('6', buf[7]);
762 ASSERT_EQ('7', buf[8]);
763 ASSERT_EQ('\0', buf[9]);
764 }
765
TEST(TEST_NAME,strncat6)766 TEST(TEST_NAME, strncat6) {
767 char buf[10];
768 memset(buf, 'A', sizeof(buf));
769 buf[0] = 'a';
770 buf[1] = '\0';
771 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
772 ASSERT_EQ(buf, res);
773 ASSERT_EQ('a', buf[0]);
774 ASSERT_EQ('0', buf[1]);
775 ASSERT_EQ('1', buf[2]);
776 ASSERT_EQ('2', buf[3]);
777 ASSERT_EQ('3', buf[4]);
778 ASSERT_EQ('4', buf[5]);
779 ASSERT_EQ('5', buf[6]);
780 ASSERT_EQ('6', buf[7]);
781 ASSERT_EQ('7', buf[8]);
782 ASSERT_EQ('\0', buf[9]);
783 }
784
785
TEST(TEST_NAME,strcat)786 TEST(TEST_NAME, strcat) {
787 char buf[10];
788 memset(buf, 'A', sizeof(buf));
789 buf[0] = 'a';
790 buf[1] = '\0';
791 char* res = __strcat_chk(buf, "01234", sizeof(buf));
792 ASSERT_EQ(buf, res);
793 ASSERT_EQ('a', buf[0]);
794 ASSERT_EQ('0', buf[1]);
795 ASSERT_EQ('1', buf[2]);
796 ASSERT_EQ('2', buf[3]);
797 ASSERT_EQ('3', buf[4]);
798 ASSERT_EQ('4', buf[5]);
799 ASSERT_EQ('\0', buf[6]);
800 ASSERT_EQ('A', buf[7]);
801 ASSERT_EQ('A', buf[8]);
802 ASSERT_EQ('A', buf[9]);
803 }
804
TEST(TEST_NAME,strcat2)805 TEST(TEST_NAME, strcat2) {
806 char buf[10];
807 memset(buf, 'A', sizeof(buf));
808 buf[0] = 'a';
809 buf[1] = '\0';
810 char* res = __strcat_chk(buf, "01234567", sizeof(buf));
811 ASSERT_EQ(buf, res);
812 ASSERT_EQ('a', buf[0]);
813 ASSERT_EQ('0', buf[1]);
814 ASSERT_EQ('1', buf[2]);
815 ASSERT_EQ('2', buf[3]);
816 ASSERT_EQ('3', buf[4]);
817 ASSERT_EQ('4', buf[5]);
818 ASSERT_EQ('5', buf[6]);
819 ASSERT_EQ('6', buf[7]);
820 ASSERT_EQ('7', buf[8]);
821 ASSERT_EQ('\0', buf[9]);
822 }
823
TEST(TEST_NAME,stpncpy)824 TEST(TEST_NAME, stpncpy) {
825 char src[10];
826 char dst[10];
827 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
828 stpncpy(dst, src, sizeof(dst));
829 ASSERT_EQ('0', dst[0]);
830 ASSERT_EQ('1', dst[1]);
831 ASSERT_EQ('2', dst[2]);
832 ASSERT_EQ('3', dst[3]);
833 ASSERT_EQ('4', dst[4]);
834 ASSERT_EQ('5', dst[5]);
835 ASSERT_EQ('6', dst[6]);
836 ASSERT_EQ('7', dst[7]);
837 ASSERT_EQ('8', dst[8]);
838 ASSERT_EQ('9', dst[9]);
839 }
840
TEST(TEST_NAME,stpncpy2)841 TEST(TEST_NAME, stpncpy2) {
842 char src[10];
843 char dst[15];
844 memcpy(src, "012345678\0", sizeof(src));
845 stpncpy(dst, src, sizeof(dst));
846 ASSERT_EQ('0', dst[0]);
847 ASSERT_EQ('1', dst[1]);
848 ASSERT_EQ('2', dst[2]);
849 ASSERT_EQ('3', dst[3]);
850 ASSERT_EQ('4', dst[4]);
851 ASSERT_EQ('5', dst[5]);
852 ASSERT_EQ('6', dst[6]);
853 ASSERT_EQ('7', dst[7]);
854 ASSERT_EQ('8', dst[8]);
855 ASSERT_EQ('\0', dst[9]);
856 ASSERT_EQ('\0', dst[10]);
857 ASSERT_EQ('\0', dst[11]);
858 ASSERT_EQ('\0', dst[12]);
859 ASSERT_EQ('\0', dst[13]);
860 ASSERT_EQ('\0', dst[14]);
861 }
862
TEST(TEST_NAME,strncpy)863 TEST(TEST_NAME, strncpy) {
864 char src[10];
865 char dst[10];
866 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
867 strncpy(dst, src, sizeof(dst));
868 ASSERT_EQ('0', dst[0]);
869 ASSERT_EQ('1', dst[1]);
870 ASSERT_EQ('2', dst[2]);
871 ASSERT_EQ('3', dst[3]);
872 ASSERT_EQ('4', dst[4]);
873 ASSERT_EQ('5', dst[5]);
874 ASSERT_EQ('6', dst[6]);
875 ASSERT_EQ('7', dst[7]);
876 ASSERT_EQ('8', dst[8]);
877 ASSERT_EQ('9', dst[9]);
878 }
879
TEST(TEST_NAME,strncpy2)880 TEST(TEST_NAME, strncpy2) {
881 char src[10];
882 char dst[15];
883 memcpy(src, "012345678\0", sizeof(src));
884 strncpy(dst, src, sizeof(dst));
885 ASSERT_EQ('0', dst[0]);
886 ASSERT_EQ('1', dst[1]);
887 ASSERT_EQ('2', dst[2]);
888 ASSERT_EQ('3', dst[3]);
889 ASSERT_EQ('4', dst[4]);
890 ASSERT_EQ('5', dst[5]);
891 ASSERT_EQ('6', dst[6]);
892 ASSERT_EQ('7', dst[7]);
893 ASSERT_EQ('8', dst[8]);
894 ASSERT_EQ('\0', dst[9]);
895 ASSERT_EQ('\0', dst[10]);
896 ASSERT_EQ('\0', dst[11]);
897 ASSERT_EQ('\0', dst[12]);
898 ASSERT_EQ('\0', dst[13]);
899 ASSERT_EQ('\0', dst[14]);
900 }
901
TEST(TEST_NAME,strcat_chk_max_int_size)902 TEST(TEST_NAME, strcat_chk_max_int_size) {
903 char buf[10];
904 memset(buf, 'A', sizeof(buf));
905 buf[0] = 'a';
906 buf[1] = '\0';
907 char* res = __strcat_chk(buf, "01234567", (size_t)-1);
908 ASSERT_EQ(buf, res);
909 ASSERT_EQ('a', buf[0]);
910 ASSERT_EQ('0', buf[1]);
911 ASSERT_EQ('1', buf[2]);
912 ASSERT_EQ('2', buf[3]);
913 ASSERT_EQ('3', buf[4]);
914 ASSERT_EQ('4', buf[5]);
915 ASSERT_EQ('5', buf[6]);
916 ASSERT_EQ('6', buf[7]);
917 ASSERT_EQ('7', buf[8]);
918 ASSERT_EQ('\0', buf[9]);
919 }
920
TEST(TEST_NAME,mempcpy_chk)921 TEST(TEST_NAME, mempcpy_chk) {
922 const char input_str[] = "abcdefg";
923 size_t input_str_size = strlen(input_str) + 1;
924
925 char buf1[10] = {};
926 char buf2[10] = {};
927
928 __builtin_mempcpy(buf1, input_str, input_str_size);
929 __builtin___mempcpy_chk(buf2, input_str, input_str_size, __bos0(buf2));
930
931 ASSERT_EQ(memcmp(buf1, buf2, sizeof(buf2)), 0);
932
933 void *builtin_ptr = __builtin_mempcpy(buf1, input_str, input_str_size);
934 void *fortify_ptr = __builtin___mempcpy_chk(buf1, input_str, input_str_size, __bos0(buf2));
935
936 ASSERT_EQ(builtin_ptr, fortify_ptr);
937 }
938
939 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
940
TEST(TEST_NAME,stpcpy_chk_max_int_size)941 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
942 char buf[10];
943 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
944 ASSERT_EQ(buf + strlen("012345678"), res);
945 ASSERT_STREQ("012345678", buf);
946 }
947
948 extern "C" char* __strcpy_chk(char*, const char*, size_t);
949
TEST(TEST_NAME,strcpy_chk_max_int_size)950 TEST(TEST_NAME, strcpy_chk_max_int_size) {
951 char buf[10];
952 char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
953 ASSERT_EQ(buf, res);
954 ASSERT_STREQ("012345678", buf);
955 }
956
957 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
958
TEST(TEST_NAME,memcpy_chk_max_int_size)959 TEST(TEST_NAME, memcpy_chk_max_int_size) {
960 char buf[10];
961 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
962 ASSERT_EQ((void*)buf, res);
963 ASSERT_EQ('0', buf[0]);
964 ASSERT_EQ('1', buf[1]);
965 ASSERT_EQ('2', buf[2]);
966 ASSERT_EQ('3', buf[3]);
967 ASSERT_EQ('4', buf[4]);
968 ASSERT_EQ('5', buf[5]);
969 ASSERT_EQ('6', buf[6]);
970 ASSERT_EQ('7', buf[7]);
971 ASSERT_EQ('8', buf[8]);
972 ASSERT_EQ('\0', buf[9]);
973 }
974
975 // Verify that macro expansion is done properly for sprintf/snprintf (which
976 // are defined as macros in stdio.h under clang).
977 #define CONTENTS "macro expansion"
978 #define BUF_AND_SIZE(A) A, sizeof(A)
979 #define BUF_AND_CONTENTS(A) A, CONTENTS
980 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)981 TEST(TEST_NAME, s_n_printf_macro_expansion) {
982 char buf[BUFSIZ];
983 snprintf(BUF_AND_SIZE(buf), CONTENTS);
984 EXPECT_STREQ(CONTENTS, buf);
985
986 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
987 EXPECT_STREQ(CONTENTS, buf);
988
989 sprintf(BUF_AND_CONTENTS(buf));
990 EXPECT_STREQ(CONTENTS, buf);
991 }
992
TEST_F(DEATHTEST,poll_fortified)993 TEST_F(DEATHTEST, poll_fortified) {
994 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
995 pollfd buf[1] = {{0, POLLIN, 0}};
996 // Set timeout to zero to prevent waiting in poll when fortify test fails.
997 ASSERT_FORTIFY(poll(buf, fd_count, 0));
998 }
999
TEST_F(DEATHTEST,ppoll_fortified)1000 TEST_F(DEATHTEST, ppoll_fortified) {
1001 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1002 pollfd buf[1] = {{0, POLLIN, 0}};
1003 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1004 timespec timeout;
1005 timeout.tv_sec = timeout.tv_nsec = 0;
1006 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, nullptr));
1007 }
1008
TEST_F(DEATHTEST,ppoll64_fortified)1009 TEST_F(DEATHTEST, ppoll64_fortified) {
1010 #if __BIONIC__ // glibc doesn't have ppoll64.
1011 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1012 pollfd buf[1] = {{0, POLLIN, 0}};
1013 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1014 timespec timeout;
1015 timeout.tv_sec = timeout.tv_nsec = 0;
1016 ASSERT_FORTIFY(ppoll64(buf, fd_count, &timeout, nullptr));
1017 #endif
1018 }
1019
TEST_F(DEATHTEST,open_O_CREAT_without_mode_fortified)1020 TEST_F(DEATHTEST, open_O_CREAT_without_mode_fortified) {
1021 int flags = O_CREAT; // Fool the compiler.
1022 ASSERT_FORTIFY(open("", flags));
1023 }
1024
TEST_F(DEATHTEST,open_O_TMPFILE_without_mode_fortified)1025 TEST_F(DEATHTEST, open_O_TMPFILE_without_mode_fortified) {
1026 #if __BIONIC__ // Our glibc is too old for O_TMPFILE.
1027 int flags = O_TMPFILE; // Fool the compiler.
1028 ASSERT_FORTIFY(open("", flags));
1029 #endif
1030 }
1031