1 /*
2 * Copyright (C) 2013 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <gtest/gtest.h>
18
19 #include <fcntl.h>
20 #include <malloc.h>
21 #include <poll.h>
22 #include <signal.h>
23 #include <stdarg.h>
24 #include <string.h>
25 #include <sys/socket.h>
26 #include <sys/stat.h>
27 #include <sys/types.h>
28 #include <time.h>
29
30 #include <android-base/silent_death_test.h>
31
32 #if __BIONIC__
33 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "FORTIFY")
34 #else
35 #define ASSERT_FORTIFY(expr) ASSERT_EXIT(expr, testing::KilledBySignal(SIGABRT), "")
36 #endif
37
38 // Fortify test code needs to run multiple times, so TEST_NAME macro is used to
39 // distinguish different tests. TEST_NAME is defined in compilation command.
40 #define DEATHTEST_PASTER(name) name##_DeathTest
41 #define DEATHTEST_EVALUATOR(name) DEATHTEST_PASTER(name)
42 #define DEATHTEST DEATHTEST_EVALUATOR(TEST_NAME)
43
44 using DEATHTEST = SilentDeathTest;
45
46 #if defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE == 2
47 struct foo {
48 char empty[0];
49 char one[1];
50 char a[10];
51 char b[10];
52 };
53
TEST_F(DEATHTEST,stpncpy_fortified2)54 TEST_F(DEATHTEST, stpncpy_fortified2) {
55 foo myfoo;
56 int copy_amt = atoi("11");
57 ASSERT_FORTIFY(stpncpy(myfoo.a, "01234567890", copy_amt));
58 }
59
TEST_F(DEATHTEST,stpncpy2_fortified2)60 TEST_F(DEATHTEST, stpncpy2_fortified2) {
61 foo myfoo;
62 memset(&myfoo, 0, sizeof(myfoo));
63 myfoo.one[0] = 'A'; // not null terminated string
64 ASSERT_FORTIFY(stpncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
65 }
66
TEST_F(DEATHTEST,strncpy_fortified2)67 TEST_F(DEATHTEST, strncpy_fortified2) {
68 foo myfoo;
69 int copy_amt = atoi("11");
70 ASSERT_FORTIFY(strncpy(myfoo.a, "01234567890", copy_amt));
71 }
72
TEST_F(DEATHTEST,strncpy2_fortified2)73 TEST_F(DEATHTEST, strncpy2_fortified2) {
74 foo myfoo;
75 memset(&myfoo, 0, sizeof(myfoo));
76 myfoo.one[0] = 'A'; // not null terminated string
77 ASSERT_FORTIFY(strncpy(myfoo.b, myfoo.one, sizeof(myfoo.b)));
78 }
79
TEST_F(DEATHTEST,sprintf_fortified2)80 TEST_F(DEATHTEST, sprintf_fortified2) {
81 foo myfoo;
82 char source_buf[15];
83 memcpy(source_buf, "12345678901234", 15);
84 ASSERT_FORTIFY(sprintf(myfoo.a, "%s", source_buf));
85 }
86
TEST_F(DEATHTEST,sprintf2_fortified2)87 TEST_F(DEATHTEST, sprintf2_fortified2) {
88 foo myfoo;
89 ASSERT_FORTIFY(sprintf(myfoo.a, "0123456789"));
90 }
91
vsprintf_helper2(const char * fmt,...)92 static int vsprintf_helper2(const char *fmt, ...) {
93 foo myfoo;
94 va_list va;
95 int result;
96
97 va_start(va, fmt);
98 result = vsprintf(myfoo.a, fmt, va); // should crash here
99 va_end(va);
100 return result;
101 }
102
TEST_F(DEATHTEST,vsprintf_fortified2)103 TEST_F(DEATHTEST, vsprintf_fortified2) {
104 ASSERT_FORTIFY(vsprintf_helper2("%s", "0123456789"));
105 }
106
TEST_F(DEATHTEST,vsprintf2_fortified2)107 TEST_F(DEATHTEST, vsprintf2_fortified2) {
108 ASSERT_FORTIFY(vsprintf_helper2("0123456789"));
109 }
110
vsnprintf_helper2(const char * fmt,...)111 static int vsnprintf_helper2(const char *fmt, ...) {
112 foo myfoo;
113 va_list va;
114 int result;
115 size_t size = atoi("11");
116
117 va_start(va, fmt);
118 result = vsnprintf(myfoo.a, size, fmt, va); // should crash here
119 va_end(va);
120 return result;
121 }
122
TEST_F(DEATHTEST,vsnprintf_fortified2)123 TEST_F(DEATHTEST, vsnprintf_fortified2) {
124 ASSERT_FORTIFY(vsnprintf_helper2("%s", "0123456789"));
125 }
126
TEST_F(DEATHTEST,vsnprintf2_fortified2)127 TEST_F(DEATHTEST, vsnprintf2_fortified2) {
128 ASSERT_FORTIFY(vsnprintf_helper2("0123456789"));
129 }
130
131 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,stpcpy_fortified2)132 TEST_F(DEATHTEST, stpcpy_fortified2) {
133 #if defined(__BIONIC__)
134 foo myfoo;
135 char* src = strdup("");
136 ASSERT_FORTIFY(stpcpy(myfoo.empty, src));
137 free(src);
138 #else // __BIONIC__
139 GTEST_SKIP() << "stpcpy not available";
140 #endif // __BIONIC__
141 }
142
143 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy_fortified2)144 TEST_F(DEATHTEST, strcpy_fortified2) {
145 #if defined(__BIONIC__)
146 foo myfoo;
147 char* src = strdup("");
148 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
149 free(src);
150 #else // __BIONIC__
151 GTEST_SKIP() << "glibc is broken";
152 #endif // __BIONIC__
153 }
154
155 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified2)156 TEST_F(DEATHTEST, strcpy2_fortified2) {
157 #if defined(__BIONIC__)
158 foo myfoo;
159 char* src = strdup("1");
160 ASSERT_FORTIFY(strcpy(myfoo.empty, src));
161 free(src);
162 #else // __BIONIC__
163 GTEST_SKIP() << "glibc is broken";
164 #endif // __BIONIC__
165 }
166
167 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified2)168 TEST_F(DEATHTEST, strcpy3_fortified2) {
169 #if defined(__BIONIC__)
170 foo myfoo;
171 char* src = strdup("12");
172 ASSERT_FORTIFY(strcpy(myfoo.one, src));
173 free(src);
174 #else // __BIONIC__
175 GTEST_SKIP() << "glibc is broken";
176 #endif // __BIONIC__
177 }
178
TEST_F(DEATHTEST,strchr_fortified2)179 TEST_F(DEATHTEST, strchr_fortified2) {
180 #if defined(__BIONIC__)
181 foo myfoo;
182 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
183 myfoo.b[0] = '\0';
184 ASSERT_FORTIFY(printf("%s", strchr(myfoo.a, 'a')));
185 ASSERT_FORTIFY(printf("%s", strchr(static_cast<const char*>(myfoo.a), 'a')));
186 #else // __BIONIC__
187 GTEST_SKIP() << "glibc is broken";
188 #endif // __BIONIC__
189 }
190
TEST_F(DEATHTEST,strrchr_fortified2)191 TEST_F(DEATHTEST, strrchr_fortified2) {
192 #if defined(__BIONIC__)
193 foo myfoo;
194 memcpy(myfoo.a, "0123456789", 10);
195 memcpy(myfoo.b, "01234", 6);
196 ASSERT_FORTIFY(printf("%s", strrchr(myfoo.a, 'a')));
197 ASSERT_FORTIFY(printf("%s", strrchr(static_cast<const char*>(myfoo.a), 'a')));
198 #else // __BIONIC__
199 GTEST_SKIP() << "glibc is broken";
200 #endif // __BIONIC__
201 }
202
TEST_F(DEATHTEST,memchr_fortified2)203 TEST_F(DEATHTEST, memchr_fortified2) {
204 #if defined(__BIONIC__)
205 foo myfoo;
206 volatile int asize = sizeof(myfoo.a) + 1;
207 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
208 ASSERT_FORTIFY(printf("%s", static_cast<const char*>(memchr(myfoo.a, 'a', asize))));
209 ASSERT_FORTIFY(printf(
210 "%s", static_cast<const char*>(memchr(static_cast<const void*>(myfoo.a), 'a', asize))));
211 #else // __BIONIC__
212 GTEST_SKIP() << "glibc is broken";
213 #endif // __BIONIC__
214 }
215
TEST_F(DEATHTEST,memrchr_fortified2)216 TEST_F(DEATHTEST, memrchr_fortified2) {
217 #if defined(__BIONIC__)
218 foo myfoo;
219 volatile int asize = sizeof(myfoo.a) + 1;
220 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a));
221 ASSERT_FORTIFY(printf("%s", static_cast<const char*>(memrchr(myfoo.a, 'a', asize))));
222 ASSERT_FORTIFY(printf(
223 "%s", static_cast<const char*>(memrchr(static_cast<const void*>(myfoo.a), 'a', asize))));
224 #else // __BIONIC__
225 GTEST_SKIP() << "glibc is broken";
226 #endif // __BIONIC__
227 }
228
TEST_F(DEATHTEST,strlcpy_fortified2)229 TEST_F(DEATHTEST, strlcpy_fortified2) {
230 #if defined(__BIONIC__)
231 foo myfoo;
232 strcpy(myfoo.a, "01");
233 size_t n = strlen(myfoo.a);
234 ASSERT_FORTIFY(strlcpy(myfoo.one, myfoo.a, n));
235 #else // __BIONIC__
236 GTEST_SKIP() << "strlcpy not available";
237 #endif // __BIONIC__
238 }
239
TEST_F(DEATHTEST,strlcat_fortified2)240 TEST_F(DEATHTEST, strlcat_fortified2) {
241 #if defined(__BIONIC__)
242 foo myfoo;
243 strcpy(myfoo.a, "01");
244 myfoo.one[0] = '\0';
245 size_t n = strlen(myfoo.a);
246 ASSERT_FORTIFY(strlcat(myfoo.one, myfoo.a, n));
247 #else // __BIONIC__
248 GTEST_SKIP() << "strlcat not available";
249 #endif // __BIONIC__
250 }
251
TEST_F(DEATHTEST,strncat_fortified2)252 TEST_F(DEATHTEST, strncat_fortified2) {
253 foo myfoo;
254 size_t n = atoi("10"); // avoid compiler optimizations
255 strncpy(myfoo.a, "012345678", n);
256 ASSERT_FORTIFY(strncat(myfoo.a, "9", n));
257 }
258
TEST_F(DEATHTEST,strncat2_fortified2)259 TEST_F(DEATHTEST, strncat2_fortified2) {
260 foo myfoo;
261 myfoo.a[0] = '\0';
262 size_t n = atoi("10"); // avoid compiler optimizations
263 ASSERT_FORTIFY(strncat(myfoo.a, "0123456789", n));
264 }
265
TEST_F(DEATHTEST,strncat3_fortified2)266 TEST_F(DEATHTEST, strncat3_fortified2) {
267 foo myfoo;
268 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
269 myfoo.b[0] = '\0';
270 size_t n = atoi("10"); // avoid compiler optimizations
271 ASSERT_FORTIFY(strncat(myfoo.b, myfoo.a, n));
272 }
273
TEST_F(DEATHTEST,strcat_fortified2)274 TEST_F(DEATHTEST, strcat_fortified2) {
275 char src[11];
276 strcpy(src, "0123456789");
277 foo myfoo;
278 myfoo.a[0] = '\0';
279 ASSERT_FORTIFY(strcat(myfoo.a, src));
280 }
281
TEST_F(DEATHTEST,strcat2_fortified2)282 TEST_F(DEATHTEST, strcat2_fortified2) {
283 foo myfoo;
284 memcpy(myfoo.a, "0123456789", sizeof(myfoo.a)); // unterminated string
285 myfoo.b[0] = '\0';
286 ASSERT_FORTIFY(strcat(myfoo.b, myfoo.a));
287 }
288
TEST_F(DEATHTEST,snprintf_fortified2)289 TEST_F(DEATHTEST, snprintf_fortified2) {
290 foo myfoo;
291 strcpy(myfoo.a, "012345678");
292 size_t n = strlen(myfoo.a) + 2;
293 ASSERT_FORTIFY(snprintf(myfoo.b, n, "a%s", myfoo.a));
294 }
295
TEST_F(DEATHTEST,bzero_fortified2)296 TEST_F(DEATHTEST, bzero_fortified2) {
297 foo myfoo;
298 memcpy(myfoo.b, "0123456789", sizeof(myfoo.b));
299 size_t n = atoi("11");
300 ASSERT_FORTIFY(bzero(myfoo.b, n));
301 }
302
303 #endif /* defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE=2 */
304
305 // multibyte target where we over fill (should fail)
TEST_F(DEATHTEST,strcpy_fortified)306 TEST_F(DEATHTEST, strcpy_fortified) {
307 #if defined(__BIONIC__)
308 char buf[10];
309 char *orig = strdup("0123456789");
310 ASSERT_FORTIFY(strcpy(buf, orig));
311 free(orig);
312 #else // __BIONIC__
313 GTEST_SKIP() << "glibc is broken";
314 #endif // __BIONIC__
315 }
316
317 // zero sized target with "\0" source (should fail)
TEST_F(DEATHTEST,strcpy2_fortified)318 TEST_F(DEATHTEST, strcpy2_fortified) {
319 #if defined(__BIONIC__)
320 char buf[0];
321 char *orig = strdup("");
322 ASSERT_FORTIFY(strcpy(buf, orig));
323 free(orig);
324 #else // __BIONIC__
325 GTEST_SKIP() << "glibc is broken";
326 #endif // __BIONIC__
327 }
328
329 // zero sized target with longer source (should fail)
TEST_F(DEATHTEST,strcpy3_fortified)330 TEST_F(DEATHTEST, strcpy3_fortified) {
331 #if defined(__BIONIC__)
332 char buf[0];
333 char *orig = strdup("1");
334 ASSERT_FORTIFY(strcpy(buf, orig));
335 free(orig);
336 #else // __BIONIC__
337 GTEST_SKIP() << "glibc is broken";
338 #endif // __BIONIC__
339 }
340
341 // one byte target with longer source (should fail)
TEST_F(DEATHTEST,strcpy4_fortified)342 TEST_F(DEATHTEST, strcpy4_fortified) {
343 #if defined(__BIONIC__)
344 char buf[1];
345 char *orig = strdup("12");
346 ASSERT_FORTIFY(strcpy(buf, orig));
347 free(orig);
348 #else // __BIONIC__
349 GTEST_SKIP() << "glibc is broken";
350 #endif // __BIONIC__
351 }
352
TEST_F(DEATHTEST,strlen_fortified)353 TEST_F(DEATHTEST, strlen_fortified) {
354 #if defined(__BIONIC__)
355 char buf[10];
356 memcpy(buf, "0123456789", sizeof(buf));
357 ASSERT_FORTIFY(printf("%zd", strlen(buf)));
358 #else // __BIONIC__
359 GTEST_SKIP() << "glibc is broken";
360 #endif // __BIONIC__
361 }
362
TEST_F(DEATHTEST,strchr_fortified)363 TEST_F(DEATHTEST, strchr_fortified) {
364 #if defined(__BIONIC__)
365 char buf[10];
366 memcpy(buf, "0123456789", sizeof(buf));
367 ASSERT_FORTIFY(printf("%s", strchr(buf, 'a')));
368 #else // __BIONIC__
369 GTEST_SKIP() << "glibc is broken";
370 #endif // __BIONIC__
371 }
372
TEST_F(DEATHTEST,strrchr_fortified)373 TEST_F(DEATHTEST, strrchr_fortified) {
374 #if defined(__BIONIC__)
375 char buf[10];
376 memcpy(buf, "0123456789", sizeof(buf));
377 ASSERT_FORTIFY(printf("%s", strrchr(buf, 'a')));
378 #else // __BIONIC__
379 GTEST_SKIP() << "glibc is broken";
380 #endif // __BIONIC__
381 }
382
TEST_F(DEATHTEST,strlcpy_fortified)383 TEST_F(DEATHTEST, strlcpy_fortified) {
384 #if defined(__BIONIC__)
385 char bufa[15];
386 char bufb[10];
387 strcpy(bufa, "01234567890123");
388 size_t n = strlen(bufa);
389 ASSERT_FORTIFY(strlcpy(bufb, bufa, n));
390 #else // __BIONIC__
391 GTEST_SKIP() << "strlcpy not available";
392 #endif // __BIONIC__
393 }
394
TEST_F(DEATHTEST,strlcat_fortified)395 TEST_F(DEATHTEST, strlcat_fortified) {
396 #if defined(__BIONIC__)
397 char bufa[15];
398 char bufb[10];
399 bufb[0] = '\0';
400 strcpy(bufa, "01234567890123");
401 size_t n = strlen(bufa);
402 ASSERT_FORTIFY(strlcat(bufb, bufa, n));
403 #else // __BIONIC__
404 GTEST_SKIP() << "strlcat not available";
405 #endif // __BIONIC__
406 }
407
TEST_F(DEATHTEST,sprintf_fortified)408 TEST_F(DEATHTEST, sprintf_fortified) {
409 char buf[10];
410 char source_buf[15];
411 memcpy(source_buf, "12345678901234", 15);
412 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
413 }
414
415 #if !__has_attribute(alloc_size)
416 // TODO: remove this after Clang prebuilt rebase.
417 #else
TEST_F(DEATHTEST,sprintf_malloc_fortified)418 TEST_F(DEATHTEST, sprintf_malloc_fortified) {
419 char* buf = (char *) malloc(10);
420 char source_buf[11];
421 memcpy(source_buf, "1234567890", 11);
422 ASSERT_FORTIFY(sprintf(buf, "%s", source_buf));
423 free(buf);
424 }
425 #endif
426
TEST_F(DEATHTEST,sprintf2_fortified)427 TEST_F(DEATHTEST, sprintf2_fortified) {
428 char buf[5];
429 ASSERT_FORTIFY(sprintf(buf, "aaaaa"));
430 }
431
vsprintf_helper(const char * fmt,...)432 static int vsprintf_helper(const char *fmt, ...) {
433 char buf[10];
434 va_list va;
435 int result;
436
437 va_start(va, fmt);
438 result = vsprintf(buf, fmt, va); // should crash here
439 va_end(va);
440 return result;
441 }
442
TEST_F(DEATHTEST,vsprintf_fortified)443 TEST_F(DEATHTEST, vsprintf_fortified) {
444 ASSERT_FORTIFY(vsprintf_helper("%s", "0123456789"));
445 }
446
TEST_F(DEATHTEST,vsprintf2_fortified)447 TEST_F(DEATHTEST, vsprintf2_fortified) {
448 ASSERT_FORTIFY(vsprintf_helper("0123456789"));
449 }
450
vsnprintf_helper(const char * fmt,...)451 static int vsnprintf_helper(const char *fmt, ...) {
452 char buf[10];
453 va_list va;
454 int result;
455 size_t size = atoi("11");
456
457 va_start(va, fmt);
458 result = vsnprintf(buf, size, fmt, va); // should crash here
459 va_end(va);
460 return result;
461 }
462
TEST_F(DEATHTEST,vsnprintf_fortified)463 TEST_F(DEATHTEST, vsnprintf_fortified) {
464 ASSERT_FORTIFY(vsnprintf_helper("%s", "0123456789"));
465 }
466
TEST_F(DEATHTEST,vsnprintf2_fortified)467 TEST_F(DEATHTEST, vsnprintf2_fortified) {
468 ASSERT_FORTIFY(vsnprintf_helper("0123456789"));
469 }
470
TEST_F(DEATHTEST,strncat_fortified)471 TEST_F(DEATHTEST, strncat_fortified) {
472 char buf[10];
473 size_t n = atoi("10"); // avoid compiler optimizations
474 strncpy(buf, "012345678", n);
475 ASSERT_FORTIFY(strncat(buf, "9", n));
476 }
477
TEST_F(DEATHTEST,strncat2_fortified)478 TEST_F(DEATHTEST, strncat2_fortified) {
479 char buf[10];
480 buf[0] = '\0';
481 size_t n = atoi("10"); // avoid compiler optimizations
482 ASSERT_FORTIFY(strncat(buf, "0123456789", n));
483 }
484
TEST_F(DEATHTEST,strcat_fortified)485 TEST_F(DEATHTEST, strcat_fortified) {
486 char src[11];
487 strcpy(src, "0123456789");
488 char buf[10];
489 buf[0] = '\0';
490 ASSERT_FORTIFY(strcat(buf, src));
491 }
492
TEST_F(DEATHTEST,memmove_fortified)493 TEST_F(DEATHTEST, memmove_fortified) {
494 char buf[20];
495 strcpy(buf, "0123456789");
496 size_t n = atoi("10");
497 ASSERT_FORTIFY(memmove(buf + 11, buf, n));
498 }
499
TEST_F(DEATHTEST,memcpy_fortified)500 TEST_F(DEATHTEST, memcpy_fortified) {
501 char bufa[10];
502 char bufb[10];
503 strcpy(bufa, "012345678");
504 size_t n = atoi("11");
505 ASSERT_FORTIFY(memcpy(bufb, bufa, n));
506 }
507
TEST_F(DEATHTEST,memset_fortified)508 TEST_F(DEATHTEST, memset_fortified) {
509 char buf[10];
510 size_t n = atoi("11");
511 ASSERT_FORTIFY(memset(buf, 0, n));
512 }
513
TEST_F(DEATHTEST,stpncpy_fortified)514 TEST_F(DEATHTEST, stpncpy_fortified) {
515 char bufa[15];
516 char bufb[10];
517 strcpy(bufa, "01234567890123");
518 size_t n = strlen(bufa);
519 ASSERT_FORTIFY(stpncpy(bufb, bufa, n));
520 }
521
TEST_F(DEATHTEST,stpncpy2_fortified)522 TEST_F(DEATHTEST, stpncpy2_fortified) {
523 char dest[11];
524 char src[10];
525 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
526 ASSERT_FORTIFY(stpncpy(dest, src, sizeof(dest)));
527 }
528
TEST_F(DEATHTEST,strncpy_fortified)529 TEST_F(DEATHTEST, strncpy_fortified) {
530 char bufa[15];
531 char bufb[10];
532 strcpy(bufa, "01234567890123");
533 size_t n = strlen(bufa);
534 ASSERT_FORTIFY(strncpy(bufb, bufa, n));
535 }
536
537
TEST_F(DEATHTEST,strncpy2_fortified)538 TEST_F(DEATHTEST, strncpy2_fortified) {
539 char dest[11];
540 char src[10];
541 memcpy(src, "0123456789", sizeof(src)); // src is not null terminated
542 ASSERT_FORTIFY(strncpy(dest, src, sizeof(dest)));
543 }
544
TEST_F(DEATHTEST,snprintf_fortified)545 TEST_F(DEATHTEST, snprintf_fortified) {
546 char bufa[15];
547 char bufb[10];
548 strcpy(bufa, "0123456789");
549 size_t n = strlen(bufa) + 1;
550 ASSERT_FORTIFY(snprintf(bufb, n, "%s", bufa));
551 }
552
TEST_F(DEATHTEST,bzero_fortified)553 TEST_F(DEATHTEST, bzero_fortified) {
554 char buf[10];
555 memcpy(buf, "0123456789", sizeof(buf));
556 size_t n = atoi("11");
557 ASSERT_FORTIFY(bzero(buf, n));
558 }
559
TEST_F(DEATHTEST,umask_fortified)560 TEST_F(DEATHTEST, umask_fortified) {
561 mode_t mask = atoi("1023"); // 01777 in octal
562 ASSERT_FORTIFY(umask(mask));
563 }
564
TEST_F(DEATHTEST,recv_fortified)565 TEST_F(DEATHTEST, recv_fortified) {
566 size_t data_len = atoi("11"); // suppress compiler optimizations
567 char buf[10];
568 ASSERT_FORTIFY(recv(0, buf, data_len, 0));
569 }
570
TEST_F(DEATHTEST,send_fortified)571 TEST_F(DEATHTEST, send_fortified) {
572 size_t data_len = atoi("11"); // suppress compiler optimizations
573 char buf[10] = {0};
574 ASSERT_FORTIFY(send(0, buf, data_len, 0));
575 }
576
TEST_F(DEATHTEST,FD_ISSET_fortified)577 TEST_F(DEATHTEST, FD_ISSET_fortified) {
578 #if defined(__BIONIC__) // glibc catches this at compile-time.
579 fd_set set;
580 memset(&set, 0, sizeof(set));
581 ASSERT_FORTIFY(FD_ISSET(-1, &set));
582 #endif
583 }
584
TEST_F(DEATHTEST,FD_ISSET_2_fortified)585 TEST_F(DEATHTEST, FD_ISSET_2_fortified) {
586 char buf[1];
587 fd_set* set = (fd_set*) buf;
588 ASSERT_FORTIFY(FD_ISSET(0, set));
589 }
590
TEST_F(DEATHTEST,getcwd_fortified)591 TEST_F(DEATHTEST, getcwd_fortified) {
592 char buf[1];
593 size_t ct = atoi("2"); // prevent optimizations
594 ASSERT_FORTIFY(getcwd(buf, ct));
595 }
596
TEST_F(DEATHTEST,pread_fortified)597 TEST_F(DEATHTEST, pread_fortified) {
598 char buf[1];
599 size_t ct = atoi("2"); // prevent optimizations
600 int fd = open("/dev/null", O_RDONLY);
601 ASSERT_FORTIFY(pread(fd, buf, ct, 0));
602 close(fd);
603 }
604
TEST_F(DEATHTEST,pread64_fortified)605 TEST_F(DEATHTEST, pread64_fortified) {
606 char buf[1];
607 size_t ct = atoi("2"); // prevent optimizations
608 int fd = open("/dev/null", O_RDONLY);
609 ASSERT_FORTIFY(pread64(fd, buf, ct, 0));
610 close(fd);
611 }
612
TEST_F(DEATHTEST,pwrite_fortified)613 TEST_F(DEATHTEST, pwrite_fortified) {
614 char buf[1] = {0};
615 size_t ct = atoi("2"); // prevent optimizations
616 int fd = open("/dev/null", O_WRONLY);
617 ASSERT_FORTIFY(pwrite(fd, buf, ct, 0));
618 close(fd);
619 }
620
TEST_F(DEATHTEST,pwrite64_fortified)621 TEST_F(DEATHTEST, pwrite64_fortified) {
622 char buf[1] = {0};
623 size_t ct = atoi("2"); // prevent optimizations
624 int fd = open("/dev/null", O_WRONLY);
625 ASSERT_FORTIFY(pwrite64(fd, buf, ct, 0));
626 close(fd);
627 }
628
TEST_F(DEATHTEST,read_fortified)629 TEST_F(DEATHTEST, read_fortified) {
630 char buf[1];
631 size_t ct = atoi("2"); // prevent optimizations
632 int fd = open("/dev/null", O_RDONLY);
633 ASSERT_FORTIFY(read(fd, buf, ct));
634 close(fd);
635 }
636
TEST_F(DEATHTEST,write_fortified)637 TEST_F(DEATHTEST, write_fortified) {
638 char buf[1] = {0};
639 size_t ct = atoi("2"); // prevent optimizations
640 int fd = open("/dev/null", O_WRONLY);
641 ASSERT_EXIT(write(fd, buf, ct), testing::KilledBySignal(SIGABRT), "");
642 close(fd);
643 }
644
TEST_F(DEATHTEST,fread_fortified)645 TEST_F(DEATHTEST, fread_fortified) {
646 char buf[1];
647 size_t ct = atoi("2"); // prevent optimizations
648 FILE* fp = fopen("/dev/null", "r");
649 ASSERT_FORTIFY(fread(buf, 1, ct, fp));
650 fclose(fp);
651 }
652
TEST_F(DEATHTEST,fwrite_fortified)653 TEST_F(DEATHTEST, fwrite_fortified) {
654 char buf[1] = {0};
655 size_t ct = atoi("2"); // prevent optimizations
656 FILE* fp = fopen("/dev/null", "w");
657 ASSERT_FORTIFY(fwrite(buf, 1, ct, fp));
658 fclose(fp);
659 }
660
TEST_F(DEATHTEST,readlink_fortified)661 TEST_F(DEATHTEST, readlink_fortified) {
662 char buf[1];
663 size_t ct = atoi("2"); // prevent optimizations
664 ASSERT_FORTIFY(readlink("/dev/null", buf, ct));
665 }
666
TEST_F(DEATHTEST,readlinkat_fortified)667 TEST_F(DEATHTEST, readlinkat_fortified) {
668 char buf[1];
669 size_t ct = atoi("2"); // prevent optimizations
670 ASSERT_FORTIFY(readlinkat(AT_FDCWD, "/dev/null", buf, ct));
671 }
672
673 extern "C" char* __strncat_chk(char*, const char*, size_t, size_t);
674 extern "C" char* __strcat_chk(char*, const char*, size_t);
675
TEST(TEST_NAME,strncat)676 TEST(TEST_NAME, strncat) {
677 char buf[10];
678 memset(buf, 'A', sizeof(buf));
679 buf[0] = 'a';
680 buf[1] = '\0';
681 char* res = __strncat_chk(buf, "01234", sizeof(buf) - strlen(buf) - 1, sizeof(buf));
682 ASSERT_EQ(buf, res);
683 ASSERT_EQ('a', buf[0]);
684 ASSERT_EQ('0', buf[1]);
685 ASSERT_EQ('1', buf[2]);
686 ASSERT_EQ('2', buf[3]);
687 ASSERT_EQ('3', buf[4]);
688 ASSERT_EQ('4', buf[5]);
689 ASSERT_EQ('\0', buf[6]);
690 ASSERT_EQ('A', buf[7]);
691 ASSERT_EQ('A', buf[8]);
692 ASSERT_EQ('A', buf[9]);
693 }
694
TEST(TEST_NAME,strncat2)695 TEST(TEST_NAME, strncat2) {
696 char buf[10];
697 memset(buf, 'A', sizeof(buf));
698 buf[0] = 'a';
699 buf[1] = '\0';
700 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
701 ASSERT_EQ(buf, res);
702 ASSERT_EQ('a', buf[0]);
703 ASSERT_EQ('0', buf[1]);
704 ASSERT_EQ('1', buf[2]);
705 ASSERT_EQ('2', buf[3]);
706 ASSERT_EQ('3', buf[4]);
707 ASSERT_EQ('4', buf[5]);
708 ASSERT_EQ('\0', buf[6]);
709 ASSERT_EQ('A', buf[7]);
710 ASSERT_EQ('A', buf[8]);
711 ASSERT_EQ('A', buf[9]);
712 }
713
TEST(TEST_NAME,strncat3)714 TEST(TEST_NAME, strncat3) {
715 char buf[10];
716 memset(buf, 'A', sizeof(buf));
717 buf[0] = '\0';
718 char* res = __strncat_chk(buf, "0123456789", 5, sizeof(buf));
719 ASSERT_EQ(buf, res);
720 ASSERT_EQ('0', buf[0]);
721 ASSERT_EQ('1', buf[1]);
722 ASSERT_EQ('2', buf[2]);
723 ASSERT_EQ('3', buf[3]);
724 ASSERT_EQ('4', buf[4]);
725 ASSERT_EQ('\0', buf[5]);
726 ASSERT_EQ('A', buf[6]);
727 ASSERT_EQ('A', buf[7]);
728 ASSERT_EQ('A', buf[8]);
729 ASSERT_EQ('A', buf[9]);
730 }
731
TEST(TEST_NAME,strncat4)732 TEST(TEST_NAME, strncat4) {
733 char buf[10];
734 memset(buf, 'A', sizeof(buf));
735 buf[9] = '\0';
736 char* res = __strncat_chk(buf, "", 5, sizeof(buf));
737 ASSERT_EQ(buf, res);
738 ASSERT_EQ('A', buf[0]);
739 ASSERT_EQ('A', buf[1]);
740 ASSERT_EQ('A', buf[2]);
741 ASSERT_EQ('A', buf[3]);
742 ASSERT_EQ('A', buf[4]);
743 ASSERT_EQ('A', buf[5]);
744 ASSERT_EQ('A', buf[6]);
745 ASSERT_EQ('A', buf[7]);
746 ASSERT_EQ('A', buf[8]);
747 ASSERT_EQ('\0', buf[9]);
748 }
749
TEST(TEST_NAME,strncat5)750 TEST(TEST_NAME, strncat5) {
751 char buf[10];
752 memset(buf, 'A', sizeof(buf));
753 buf[0] = 'a';
754 buf[1] = '\0';
755 char* res = __strncat_chk(buf, "01234567", 8, sizeof(buf));
756 ASSERT_EQ(buf, res);
757 ASSERT_EQ('a', buf[0]);
758 ASSERT_EQ('0', buf[1]);
759 ASSERT_EQ('1', buf[2]);
760 ASSERT_EQ('2', buf[3]);
761 ASSERT_EQ('3', buf[4]);
762 ASSERT_EQ('4', buf[5]);
763 ASSERT_EQ('5', buf[6]);
764 ASSERT_EQ('6', buf[7]);
765 ASSERT_EQ('7', buf[8]);
766 ASSERT_EQ('\0', buf[9]);
767 }
768
TEST(TEST_NAME,strncat6)769 TEST(TEST_NAME, strncat6) {
770 char buf[10];
771 memset(buf, 'A', sizeof(buf));
772 buf[0] = 'a';
773 buf[1] = '\0';
774 char* res = __strncat_chk(buf, "01234567", 9, sizeof(buf));
775 ASSERT_EQ(buf, res);
776 ASSERT_EQ('a', buf[0]);
777 ASSERT_EQ('0', buf[1]);
778 ASSERT_EQ('1', buf[2]);
779 ASSERT_EQ('2', buf[3]);
780 ASSERT_EQ('3', buf[4]);
781 ASSERT_EQ('4', buf[5]);
782 ASSERT_EQ('5', buf[6]);
783 ASSERT_EQ('6', buf[7]);
784 ASSERT_EQ('7', buf[8]);
785 ASSERT_EQ('\0', buf[9]);
786 }
787
788
TEST(TEST_NAME,strcat)789 TEST(TEST_NAME, strcat) {
790 char buf[10];
791 memset(buf, 'A', sizeof(buf));
792 buf[0] = 'a';
793 buf[1] = '\0';
794 char* res = __strcat_chk(buf, "01234", sizeof(buf));
795 ASSERT_EQ(buf, res);
796 ASSERT_EQ('a', buf[0]);
797 ASSERT_EQ('0', buf[1]);
798 ASSERT_EQ('1', buf[2]);
799 ASSERT_EQ('2', buf[3]);
800 ASSERT_EQ('3', buf[4]);
801 ASSERT_EQ('4', buf[5]);
802 ASSERT_EQ('\0', buf[6]);
803 ASSERT_EQ('A', buf[7]);
804 ASSERT_EQ('A', buf[8]);
805 ASSERT_EQ('A', buf[9]);
806 }
807
TEST(TEST_NAME,strcat2)808 TEST(TEST_NAME, strcat2) {
809 char buf[10];
810 memset(buf, 'A', sizeof(buf));
811 buf[0] = 'a';
812 buf[1] = '\0';
813 char* res = __strcat_chk(buf, "01234567", sizeof(buf));
814 ASSERT_EQ(buf, res);
815 ASSERT_EQ('a', buf[0]);
816 ASSERT_EQ('0', buf[1]);
817 ASSERT_EQ('1', buf[2]);
818 ASSERT_EQ('2', buf[3]);
819 ASSERT_EQ('3', buf[4]);
820 ASSERT_EQ('4', buf[5]);
821 ASSERT_EQ('5', buf[6]);
822 ASSERT_EQ('6', buf[7]);
823 ASSERT_EQ('7', buf[8]);
824 ASSERT_EQ('\0', buf[9]);
825 }
826
TEST(TEST_NAME,stpncpy)827 TEST(TEST_NAME, stpncpy) {
828 char src[10];
829 char dst[10];
830 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
831 stpncpy(dst, src, sizeof(dst));
832 ASSERT_EQ('0', dst[0]);
833 ASSERT_EQ('1', dst[1]);
834 ASSERT_EQ('2', dst[2]);
835 ASSERT_EQ('3', dst[3]);
836 ASSERT_EQ('4', dst[4]);
837 ASSERT_EQ('5', dst[5]);
838 ASSERT_EQ('6', dst[6]);
839 ASSERT_EQ('7', dst[7]);
840 ASSERT_EQ('8', dst[8]);
841 ASSERT_EQ('9', dst[9]);
842 }
843
TEST(TEST_NAME,stpncpy2)844 TEST(TEST_NAME, stpncpy2) {
845 char src[10];
846 char dst[15];
847 memcpy(src, "012345678\0", sizeof(src));
848 stpncpy(dst, src, sizeof(dst));
849 ASSERT_EQ('0', dst[0]);
850 ASSERT_EQ('1', dst[1]);
851 ASSERT_EQ('2', dst[2]);
852 ASSERT_EQ('3', dst[3]);
853 ASSERT_EQ('4', dst[4]);
854 ASSERT_EQ('5', dst[5]);
855 ASSERT_EQ('6', dst[6]);
856 ASSERT_EQ('7', dst[7]);
857 ASSERT_EQ('8', dst[8]);
858 ASSERT_EQ('\0', dst[9]);
859 ASSERT_EQ('\0', dst[10]);
860 ASSERT_EQ('\0', dst[11]);
861 ASSERT_EQ('\0', dst[12]);
862 ASSERT_EQ('\0', dst[13]);
863 ASSERT_EQ('\0', dst[14]);
864 }
865
TEST(TEST_NAME,strncpy)866 TEST(TEST_NAME, strncpy) {
867 char src[10];
868 char dst[10];
869 memcpy(src, "0123456789", sizeof(src)); // non null terminated string
870 strncpy(dst, src, sizeof(dst));
871 ASSERT_EQ('0', dst[0]);
872 ASSERT_EQ('1', dst[1]);
873 ASSERT_EQ('2', dst[2]);
874 ASSERT_EQ('3', dst[3]);
875 ASSERT_EQ('4', dst[4]);
876 ASSERT_EQ('5', dst[5]);
877 ASSERT_EQ('6', dst[6]);
878 ASSERT_EQ('7', dst[7]);
879 ASSERT_EQ('8', dst[8]);
880 ASSERT_EQ('9', dst[9]);
881 }
882
TEST(TEST_NAME,strncpy2)883 TEST(TEST_NAME, strncpy2) {
884 char src[10];
885 char dst[15];
886 memcpy(src, "012345678\0", sizeof(src));
887 strncpy(dst, src, sizeof(dst));
888 ASSERT_EQ('0', dst[0]);
889 ASSERT_EQ('1', dst[1]);
890 ASSERT_EQ('2', dst[2]);
891 ASSERT_EQ('3', dst[3]);
892 ASSERT_EQ('4', dst[4]);
893 ASSERT_EQ('5', dst[5]);
894 ASSERT_EQ('6', dst[6]);
895 ASSERT_EQ('7', dst[7]);
896 ASSERT_EQ('8', dst[8]);
897 ASSERT_EQ('\0', dst[9]);
898 ASSERT_EQ('\0', dst[10]);
899 ASSERT_EQ('\0', dst[11]);
900 ASSERT_EQ('\0', dst[12]);
901 ASSERT_EQ('\0', dst[13]);
902 ASSERT_EQ('\0', dst[14]);
903 }
904
TEST(TEST_NAME,strcat_chk_max_int_size)905 TEST(TEST_NAME, strcat_chk_max_int_size) {
906 char buf[10];
907 memset(buf, 'A', sizeof(buf));
908 buf[0] = 'a';
909 buf[1] = '\0';
910 char* res = __strcat_chk(buf, "01234567", (size_t)-1);
911 ASSERT_EQ(buf, res);
912 ASSERT_EQ('a', buf[0]);
913 ASSERT_EQ('0', buf[1]);
914 ASSERT_EQ('1', buf[2]);
915 ASSERT_EQ('2', buf[3]);
916 ASSERT_EQ('3', buf[4]);
917 ASSERT_EQ('4', buf[5]);
918 ASSERT_EQ('5', buf[6]);
919 ASSERT_EQ('6', buf[7]);
920 ASSERT_EQ('7', buf[8]);
921 ASSERT_EQ('\0', buf[9]);
922 }
923
TEST(TEST_NAME,mempcpy_chk)924 TEST(TEST_NAME, mempcpy_chk) {
925 const char input_str[] = "abcdefg";
926 size_t input_str_size = strlen(input_str) + 1;
927
928 char buf1[10] = {};
929 char buf2[10] = {};
930
931 __builtin_mempcpy(buf1, input_str, input_str_size);
932 __builtin___mempcpy_chk(buf2, input_str, input_str_size, __bos0(buf2));
933
934 ASSERT_EQ(memcmp(buf1, buf2, sizeof(buf2)), 0);
935
936 void *builtin_ptr = __builtin_mempcpy(buf1, input_str, input_str_size);
937 void *fortify_ptr = __builtin___mempcpy_chk(buf1, input_str, input_str_size, __bos0(buf2));
938
939 ASSERT_EQ(builtin_ptr, fortify_ptr);
940 }
941
942 extern "C" char* __stpcpy_chk(char*, const char*, size_t);
943
TEST(TEST_NAME,stpcpy_chk_max_int_size)944 TEST(TEST_NAME, stpcpy_chk_max_int_size) {
945 char buf[10];
946 char* res = __stpcpy_chk(buf, "012345678", (size_t)-1);
947 ASSERT_EQ(buf + strlen("012345678"), res);
948 ASSERT_STREQ("012345678", buf);
949 }
950
951 extern "C" char* __strcpy_chk(char*, const char*, size_t);
952
TEST(TEST_NAME,strcpy_chk_max_int_size)953 TEST(TEST_NAME, strcpy_chk_max_int_size) {
954 char buf[10];
955 char* res = __strcpy_chk(buf, "012345678", (size_t)-1);
956 ASSERT_EQ(buf, res);
957 ASSERT_STREQ("012345678", buf);
958 }
959
960 extern "C" void* __memcpy_chk(void*, const void*, size_t, size_t);
961
TEST(TEST_NAME,memcpy_chk_max_int_size)962 TEST(TEST_NAME, memcpy_chk_max_int_size) {
963 char buf[10];
964 void* res = __memcpy_chk(buf, "012345678", sizeof(buf), (size_t)-1);
965 ASSERT_EQ((void*)buf, res);
966 ASSERT_EQ('0', buf[0]);
967 ASSERT_EQ('1', buf[1]);
968 ASSERT_EQ('2', buf[2]);
969 ASSERT_EQ('3', buf[3]);
970 ASSERT_EQ('4', buf[4]);
971 ASSERT_EQ('5', buf[5]);
972 ASSERT_EQ('6', buf[6]);
973 ASSERT_EQ('7', buf[7]);
974 ASSERT_EQ('8', buf[8]);
975 ASSERT_EQ('\0', buf[9]);
976 }
977
978 // Verify that macro expansion is done properly for sprintf/snprintf (which
979 // are defined as macros in stdio.h under clang).
980 #define CONTENTS "macro expansion"
981 #define BUF_AND_SIZE(A) A, sizeof(A)
982 #define BUF_AND_CONTENTS(A) A, CONTENTS
983 #define BUF_AND_SIZE_AND_CONTENTS(A) A, sizeof(A), CONTENTS
TEST(TEST_NAME,s_n_printf_macro_expansion)984 TEST(TEST_NAME, s_n_printf_macro_expansion) {
985 char buf[BUFSIZ];
986 snprintf(BUF_AND_SIZE(buf), CONTENTS);
987 EXPECT_STREQ(CONTENTS, buf);
988
989 snprintf(BUF_AND_SIZE_AND_CONTENTS(buf));
990 EXPECT_STREQ(CONTENTS, buf);
991
992 sprintf(BUF_AND_CONTENTS(buf));
993 EXPECT_STREQ(CONTENTS, buf);
994 }
995
TEST_F(DEATHTEST,poll_fortified)996 TEST_F(DEATHTEST, poll_fortified) {
997 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
998 pollfd buf[1] = {{0, POLLIN, 0}};
999 // Set timeout to zero to prevent waiting in poll when fortify test fails.
1000 ASSERT_FORTIFY(poll(buf, fd_count, 0));
1001 }
1002
TEST_F(DEATHTEST,ppoll_fortified)1003 TEST_F(DEATHTEST, ppoll_fortified) {
1004 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1005 pollfd buf[1] = {{0, POLLIN, 0}};
1006 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1007 timespec timeout;
1008 timeout.tv_sec = timeout.tv_nsec = 0;
1009 ASSERT_FORTIFY(ppoll(buf, fd_count, &timeout, nullptr));
1010 }
1011
TEST_F(DEATHTEST,ppoll64_fortified)1012 TEST_F(DEATHTEST, ppoll64_fortified) {
1013 #if __BIONIC__ // glibc doesn't have ppoll64.
1014 nfds_t fd_count = atoi("2"); // suppress compiler optimizations
1015 pollfd buf[1] = {{0, POLLIN, 0}};
1016 // Set timeout to zero to prevent waiting in ppoll when fortify test fails.
1017 timespec timeout;
1018 timeout.tv_sec = timeout.tv_nsec = 0;
1019 ASSERT_FORTIFY(ppoll64(buf, fd_count, &timeout, nullptr));
1020 #endif
1021 }
1022
TEST_F(DEATHTEST,open_O_CREAT_without_mode_fortified)1023 TEST_F(DEATHTEST, open_O_CREAT_without_mode_fortified) {
1024 int flags = O_CREAT; // Fool the compiler.
1025 ASSERT_FORTIFY(open("", flags));
1026 }
1027
TEST_F(DEATHTEST,open_O_TMPFILE_without_mode_fortified)1028 TEST_F(DEATHTEST, open_O_TMPFILE_without_mode_fortified) {
1029 #if __BIONIC__ // Our glibc is too old for O_TMPFILE.
1030 int flags = O_TMPFILE; // Fool the compiler.
1031 ASSERT_FORTIFY(open("", flags));
1032 #endif
1033 }
1034