1 /* Copyright (C) 2004-2018 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
19 /* This file tests gets. Force it to be declared. */
21 #undef __GLIBC_USE_DEPRECATED_GETS
22 #define __GLIBC_USE_DEPRECATED_GETS 1
36 #include <sys/select.h>
37 #include <sys/socket.h>
41 #define obstack_chunk_alloc malloc
42 #define obstack_chunk_free free
45 static void do_prepare (void);
46 static int do_test (void);
47 #define PREPARE(argc, argv) do_prepare ()
48 #define TEST_FUNCTION do_test ()
49 #include "../test-skeleton.c"
54 int temp_fd
= create_temp_file ("tst-chk1.", &temp_filename
);
57 printf ("cannot create temporary file: %m\n");
61 const char *strs
= "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
62 if ((size_t) write (temp_fd
, strs
, strlen (strs
)) != strlen (strs
))
64 puts ("could not write test strings into file");
65 unlink (temp_filename
);
70 volatile int chk_fail_ok
;
80 longjmp (chk_fail_buf
, 1);
91 const char *str1
= "JIHGFEDCBA";
92 const char *str2
= "F";
93 const char *str3
= "%s%n%s%n";
94 const char *str4
= "Hello, ";
95 const char *str5
= "World!\n";
96 const wchar_t *wstr1
= L
"JIHGFEDCBA";
97 const wchar_t *wstr2
= L
"F";
98 const wchar_t *wstr3
= L
"%s%n%s%n";
99 const wchar_t *wstr4
= L
"Hello, ";
100 const wchar_t *wstr5
= L
"World!\n";
101 char buf2
[10] = "%s";
106 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
107 #define CHK_FAIL_START \
109 if (! setjmp (chk_fail_buf)) \
111 #define CHK_FAIL_END \
115 #if __USE_FORTIFY_LEVEL >= 2 && (!defined __cplusplus || defined __va_arg_pack)
116 # define CHK_FAIL2_START CHK_FAIL_START
117 # define CHK_FAIL2_END CHK_FAIL_END
119 # define CHK_FAIL2_START
120 # define CHK_FAIL2_END
126 set_fortify_handler (handler
);
128 struct A
{ char buf1
[9]; char buf2
[1]; } a
;
129 struct wA
{ wchar_t buf1
[9]; wchar_t buf2
[1]; } wa
;
131 printf ("Test checking routines at fortify level %d\n",
132 #ifdef __USE_FORTIFY_LEVEL
133 (int) __USE_FORTIFY_LEVEL
139 #if defined __USE_FORTIFY_LEVEL && !defined __fortify_function
140 printf ("Test skipped");
145 /* These ops can be done without runtime checking of object size. */
146 memcpy (buf
, "abcdefghij", 10);
147 memmove (buf
+ 1, buf
, 9);
148 if (memcmp (buf
, "aabcdefghi", 10))
151 memcpy (buf
, "abcdefghij", 10);
152 bcopy (buf
, buf
+ 1, 9);
153 if (memcmp (buf
, "aabcdefghi", 10))
156 if (mempcpy (buf
+ 5, "abcde", 5) != buf
+ 10
157 || memcmp (buf
, "aabcdabcde", 10))
160 memset (buf
+ 8, 'j', 2);
161 if (memcmp (buf
, "aabcdabcjj", 10))
165 if (memcmp (buf
, "aabcdabc\0\0", 10))
168 explicit_bzero (buf
+ 6, 4);
169 if (memcmp (buf
, "aabcda\0\0\0\0", 10))
172 strcpy (buf
+ 4, "EDCBA");
173 if (memcmp (buf
, "aabcEDCBA", 10))
176 if (stpcpy (buf
+ 8, "F") != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
179 strncpy (buf
+ 6, "X", 4);
180 if (memcmp (buf
, "aabcEDX\0\0", 10))
183 if (sprintf (buf
+ 7, "%s", "67") != 2 || memcmp (buf
, "aabcEDX67", 10))
186 if (snprintf (buf
+ 7, 3, "%s", "987654") != 6
187 || memcmp (buf
, "aabcEDX98", 10))
190 /* These ops need runtime checking, but shouldn't __chk_fail. */
191 memcpy (buf
, "abcdefghij", l0
+ 10);
192 memmove (buf
+ 1, buf
, l0
+ 9);
193 if (memcmp (buf
, "aabcdefghi", 10))
196 memcpy (buf
, "abcdefghij", l0
+ 10);
197 bcopy (buf
, buf
+ 1, l0
+ 9);
198 if (memcmp (buf
, "aabcdefghi", 10))
201 if (mempcpy (buf
+ 5, "abcde", l0
+ 5) != buf
+ 10
202 || memcmp (buf
, "aabcdabcde", 10))
205 memset (buf
+ 8, 'j', l0
+ 2);
206 if (memcmp (buf
, "aabcdabcjj", 10))
209 bzero (buf
+ 8, l0
+ 2);
210 if (memcmp (buf
, "aabcdabc\0\0", 10))
213 explicit_bzero (buf
+ 6, l0
+ 4);
214 if (memcmp (buf
, "aabcda\0\0\0\0", 10))
217 strcpy (buf
+ 4, str1
+ 5);
218 if (memcmp (buf
, "aabcEDCBA", 10))
221 if (stpcpy (buf
+ 8, str2
) != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
224 strncpy (buf
+ 6, "X", l0
+ 4);
225 if (memcmp (buf
, "aabcEDX\0\0", 10))
228 if (stpncpy (buf
+ 5, "cd", l0
+ 5) != buf
+ 7
229 || memcmp (buf
, "aabcEcd\0\0", 10))
232 if (sprintf (buf
+ 7, "%d", num1
) != 2 || memcmp (buf
, "aabcEcd67", 10))
235 if (snprintf (buf
+ 7, 3, "%d", num2
) != 6 || memcmp (buf
, "aabcEcd98", 10))
240 if (memcmp (buf
, "aabcEcd9A", 10))
244 strncat (buf
, "ZYXWV", l0
+ 2);
245 if (memcmp (buf
, "aabcEcdZY", 10))
248 /* The following tests are supposed to succeed at all fortify
249 levels, even though they overflow a.buf1 into a.buf2. */
250 memcpy (a
.buf1
, "abcdefghij", l0
+ 10);
251 memmove (a
.buf1
+ 1, a
.buf1
, l0
+ 9);
252 if (memcmp (a
.buf1
, "aabcdefghi", 10))
255 memcpy (a
.buf1
, "abcdefghij", l0
+ 10);
256 bcopy (a
.buf1
, a
.buf1
+ 1, l0
+ 9);
257 if (memcmp (a
.buf1
, "aabcdefghi", 10))
260 if (mempcpy (a
.buf1
+ 5, "abcde", l0
+ 5) != a
.buf1
+ 10
261 || memcmp (a
.buf1
, "aabcdabcde", 10))
264 memset (a
.buf1
+ 8, 'j', l0
+ 2);
265 if (memcmp (a
.buf1
, "aabcdabcjj", 10))
268 bzero (a
.buf1
+ 8, l0
+ 2);
269 if (memcmp (a
.buf1
, "aabcdabc\0\0", 10))
272 explicit_bzero (a
.buf1
+ 6, l0
+ 4);
273 if (memcmp (a
.buf1
, "aabcda\0\0\0\0", 10))
276 #if __USE_FORTIFY_LEVEL < 2
277 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
278 and sufficient GCC support, as the string operations overflow
279 from a.buf1 into a.buf2. */
280 strcpy (a
.buf1
+ 4, str1
+ 5);
281 if (memcmp (a
.buf1
, "aabcEDCBA", 10))
284 if (stpcpy (a
.buf1
+ 8, str2
) != a
.buf1
+ 9
285 || memcmp (a
.buf1
, "aabcEDCBF", 10))
288 strncpy (a
.buf1
+ 6, "X", l0
+ 4);
289 if (memcmp (a
.buf1
, "aabcEDX\0\0", 10))
292 if (sprintf (a
.buf1
+ 7, "%d", num1
) != 2
293 || memcmp (a
.buf1
, "aabcEDX67", 10))
296 if (snprintf (a
.buf1
+ 7, 3, "%d", num2
) != 6
297 || memcmp (a
.buf1
, "aabcEDX98", 10))
300 a
.buf1
[l0
+ 8] = '\0';
301 strcat (a
.buf1
, "A");
302 if (memcmp (a
.buf1
, "aabcEDX9A", 10))
305 a
.buf1
[l0
+ 7] = '\0';
306 strncat (a
.buf1
, "ZYXWV", l0
+ 2);
307 if (memcmp (a
.buf1
, "aabcEDXZY", 10))
312 #if __USE_FORTIFY_LEVEL >= 1
313 /* Now check if all buffer overflows are caught at runtime.
314 N.B. All tests involving a length parameter need to be done
315 twice: once with the length a compile-time constant, once without. */
318 memcpy (buf
+ 1, "abcdefghij", 10);
322 memcpy (buf
+ 1, "abcdefghij", l0
+ 10);
326 memmove (buf
+ 2, buf
+ 1, 9);
330 memmove (buf
+ 2, buf
+ 1, l0
+ 9);
334 bcopy (buf
+ 1, buf
+ 2, 9);
338 bcopy (buf
+ 1, buf
+ 2, l0
+ 9);
342 p
= (char *) mempcpy (buf
+ 6, "abcde", 5);
346 p
= (char *) mempcpy (buf
+ 6, "abcde", l0
+ 5);
350 memset (buf
+ 9, 'j', 2);
354 memset (buf
+ 9, 'j', l0
+ 2);
362 bzero (buf
+ 9, l0
+ 2);
366 explicit_bzero (buf
+ 9, 2);
370 explicit_bzero (buf
+ 9, l0
+ 2);
374 strcpy (buf
+ 5, str1
+ 5);
378 p
= stpcpy (buf
+ 9, str2
);
382 strncpy (buf
+ 7, "X", 4);
386 strncpy (buf
+ 7, "X", l0
+ 4);
390 stpncpy (buf
+ 6, "cd", 5);
394 stpncpy (buf
+ 6, "cd", l0
+ 5);
397 # if !defined __cplusplus || defined __va_arg_pack
399 sprintf (buf
+ 8, "%d", num1
);
403 snprintf (buf
+ 8, 3, "%d", num2
);
407 snprintf (buf
+ 8, l0
+ 3, "%d", num2
);
411 swprintf (wbuf
+ 8, 3, L
"%d", num1
);
415 swprintf (wbuf
+ 8, l0
+ 3, L
"%d", num1
);
419 memcpy (buf
, str1
+ 2, 9);
424 memcpy (buf
, str1
+ 3, 8);
426 strncat (buf
, "ZYXWV", 3);
429 memcpy (buf
, str1
+ 3, 8);
431 strncat (buf
, "ZYXWV", l0
+ 3);
435 memcpy (a
.buf1
+ 1, "abcdefghij", 10);
439 memcpy (a
.buf1
+ 1, "abcdefghij", l0
+ 10);
443 memmove (a
.buf1
+ 2, a
.buf1
+ 1, 9);
447 memmove (a
.buf1
+ 2, a
.buf1
+ 1, l0
+ 9);
451 bcopy (a
.buf1
+ 1, a
.buf1
+ 2, 9);
455 bcopy (a
.buf1
+ 1, a
.buf1
+ 2, l0
+ 9);
459 p
= (char *) mempcpy (a
.buf1
+ 6, "abcde", 5);
463 p
= (char *) mempcpy (a
.buf1
+ 6, "abcde", l0
+ 5);
467 memset (a
.buf1
+ 9, 'j', 2);
471 memset (a
.buf1
+ 9, 'j', l0
+ 2);
475 bzero (a
.buf1
+ 9, 2);
479 bzero (a
.buf1
+ 9, l0
+ 2);
483 explicit_bzero (a
.buf1
+ 9, 2);
487 explicit_bzero (a
.buf1
+ 9, l0
+ 2);
490 # if __USE_FORTIFY_LEVEL >= 2
497 strcpy (a
.buf1
+ (O
+ 4), str1
+ 5);
501 p
= stpcpy (a
.buf1
+ (O
+ 8), str2
);
505 strncpy (a
.buf1
+ (O
+ 6), "X", 4);
509 strncpy (a
.buf1
+ (O
+ 6), "X", l0
+ 4);
512 # if !defined __cplusplus || defined __va_arg_pack
514 sprintf (a
.buf1
+ (O
+ 7), "%d", num1
);
518 snprintf (a
.buf1
+ (O
+ 7), 3, "%d", num2
);
522 snprintf (a
.buf1
+ (O
+ 7), l0
+ 3, "%d", num2
);
526 memcpy (a
.buf1
, str1
+ (3 - O
), 8 + O
);
528 strcat (a
.buf1
, "AB");
531 memcpy (a
.buf1
, str1
+ (4 - O
), 7 + O
);
533 strncat (a
.buf1
, "ZYXWV", l0
+ 3);
538 /* These ops can be done without runtime checking of object size. */
539 wmemcpy (wbuf
, L
"abcdefghij", 10);
540 wmemmove (wbuf
+ 1, wbuf
, 9);
541 if (wmemcmp (wbuf
, L
"aabcdefghi", 10))
544 if (wmempcpy (wbuf
+ 5, L
"abcde", 5) != wbuf
+ 10
545 || wmemcmp (wbuf
, L
"aabcdabcde", 10))
548 wmemset (wbuf
+ 8, L
'j', 2);
549 if (wmemcmp (wbuf
, L
"aabcdabcjj", 10))
552 wcscpy (wbuf
+ 4, L
"EDCBA");
553 if (wmemcmp (wbuf
, L
"aabcEDCBA", 10))
556 if (wcpcpy (wbuf
+ 8, L
"F") != wbuf
+ 9 || wmemcmp (wbuf
, L
"aabcEDCBF", 10))
559 wcsncpy (wbuf
+ 6, L
"X", 4);
560 if (wmemcmp (wbuf
, L
"aabcEDX\0\0", 10))
563 if (swprintf (wbuf
+ 7, 3, L
"%ls", L
"987654") >= 0
564 || wmemcmp (wbuf
, L
"aabcEDX98", 10))
567 if (swprintf (wbuf
+ 7, 3, L
"64") != 2
568 || wmemcmp (wbuf
, L
"aabcEDX64", 10))
571 /* These ops need runtime checking, but shouldn't __chk_fail. */
572 wmemcpy (wbuf
, L
"abcdefghij", l0
+ 10);
573 wmemmove (wbuf
+ 1, wbuf
, l0
+ 9);
574 if (wmemcmp (wbuf
, L
"aabcdefghi", 10))
577 if (wmempcpy (wbuf
+ 5, L
"abcde", l0
+ 5) != wbuf
+ 10
578 || wmemcmp (wbuf
, L
"aabcdabcde", 10))
581 wmemset (wbuf
+ 8, L
'j', l0
+ 2);
582 if (wmemcmp (wbuf
, L
"aabcdabcjj", 10))
585 wcscpy (wbuf
+ 4, wstr1
+ 5);
586 if (wmemcmp (wbuf
, L
"aabcEDCBA", 10))
589 if (wcpcpy (wbuf
+ 8, wstr2
) != wbuf
+ 9 || wmemcmp (wbuf
, L
"aabcEDCBF", 10))
592 wcsncpy (wbuf
+ 6, L
"X", l0
+ 4);
593 if (wmemcmp (wbuf
, L
"aabcEDX\0\0", 10))
596 if (wcpncpy (wbuf
+ 5, L
"cd", l0
+ 5) != wbuf
+ 7
597 || wmemcmp (wbuf
, L
"aabcEcd\0\0", 10))
600 if (swprintf (wbuf
+ 7, 3, L
"%d", num2
) >= 0
601 || wmemcmp (wbuf
, L
"aabcEcd98", 10))
604 wbuf
[l0
+ 8] = L
'\0';
606 if (wmemcmp (wbuf
, L
"aabcEcd9A", 10))
609 wbuf
[l0
+ 7] = L
'\0';
610 wcsncat (wbuf
, L
"ZYXWV", l0
+ 2);
611 if (wmemcmp (wbuf
, L
"aabcEcdZY", 10))
614 wmemcpy (wa
.buf1
, L
"abcdefghij", l0
+ 10);
615 wmemmove (wa
.buf1
+ 1, wa
.buf1
, l0
+ 9);
616 if (wmemcmp (wa
.buf1
, L
"aabcdefghi", 10))
619 if (wmempcpy (wa
.buf1
+ 5, L
"abcde", l0
+ 5) != wa
.buf1
+ 10
620 || wmemcmp (wa
.buf1
, L
"aabcdabcde", 10))
623 wmemset (wa
.buf1
+ 8, L
'j', l0
+ 2);
624 if (wmemcmp (wa
.buf1
, L
"aabcdabcjj", 10))
627 #if __USE_FORTIFY_LEVEL < 2
628 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
629 and sufficient GCC support, as the string operations overflow
630 from a.buf1 into a.buf2. */
631 wcscpy (wa
.buf1
+ 4, wstr1
+ 5);
632 if (wmemcmp (wa
.buf1
, L
"aabcEDCBA", 10))
635 if (wcpcpy (wa
.buf1
+ 8, wstr2
) != wa
.buf1
+ 9
636 || wmemcmp (wa
.buf1
, L
"aabcEDCBF", 10))
639 wcsncpy (wa
.buf1
+ 6, L
"X", l0
+ 4);
640 if (wmemcmp (wa
.buf1
, L
"aabcEDX\0\0", 10))
643 if (swprintf (wa
.buf1
+ 7, 3, L
"%d", num2
) >= 0
644 || wmemcmp (wa
.buf1
, L
"aabcEDX98", 10))
647 wa
.buf1
[l0
+ 8] = L
'\0';
648 wcscat (wa
.buf1
, L
"A");
649 if (wmemcmp (wa
.buf1
, L
"aabcEDX9A", 10))
652 wa
.buf1
[l0
+ 7] = L
'\0';
653 wcsncat (wa
.buf1
, L
"ZYXWV", l0
+ 2);
654 if (wmemcmp (wa
.buf1
, L
"aabcEDXZY", 10))
659 #if __USE_FORTIFY_LEVEL >= 1
660 /* Now check if all buffer overflows are caught at runtime.
661 N.B. All tests involving a length parameter need to be done
662 twice: once with the length a compile-time constant, once without. */
665 wmemcpy (wbuf
+ 1, L
"abcdefghij", 10);
669 wmemcpy (wbuf
+ 1, L
"abcdefghij", l0
+ 10);
673 wmemcpy (wbuf
+ 9, L
"abcdefghij", 10);
677 wmemcpy (wbuf
+ 9, L
"abcdefghij", l0
+ 10);
681 wmemmove (wbuf
+ 2, wbuf
+ 1, 9);
685 wmemmove (wbuf
+ 2, wbuf
+ 1, l0
+ 9);
689 wp
= wmempcpy (wbuf
+ 6, L
"abcde", 5);
693 wp
= wmempcpy (wbuf
+ 6, L
"abcde", l0
+ 5);
697 wmemset (wbuf
+ 9, L
'j', 2);
701 wmemset (wbuf
+ 9, L
'j', l0
+ 2);
705 wcscpy (wbuf
+ 5, wstr1
+ 5);
709 wp
= wcpcpy (wbuf
+ 9, wstr2
);
713 wcsncpy (wbuf
+ 7, L
"X", 4);
717 wcsncpy (wbuf
+ 7, L
"X", l0
+ 4);
721 wcsncpy (wbuf
+ 9, L
"XABCDEFGH", 8);
725 wcpncpy (wbuf
+ 9, L
"XABCDEFGH", 8);
729 wcpncpy (wbuf
+ 6, L
"cd", 5);
733 wcpncpy (wbuf
+ 6, L
"cd", l0
+ 5);
736 wmemcpy (wbuf
, wstr1
+ 2, 9);
738 wcscat (wbuf
, L
"AB");
741 wmemcpy (wbuf
, wstr1
+ 3, 8);
743 wcsncat (wbuf
, L
"ZYXWV", l0
+ 3);
747 wmemcpy (wa
.buf1
+ 1, L
"abcdefghij", 10);
751 wmemcpy (wa
.buf1
+ 1, L
"abcdefghij", l0
+ 10);
755 wmemmove (wa
.buf1
+ 2, wa
.buf1
+ 1, 9);
759 wmemmove (wa
.buf1
+ 2, wa
.buf1
+ 1, l0
+ 9);
763 wp
= wmempcpy (wa
.buf1
+ 6, L
"abcde", 5);
767 wp
= wmempcpy (wa
.buf1
+ 6, L
"abcde", l0
+ 5);
771 wmemset (wa
.buf1
+ 9, L
'j', 2);
775 wmemset (wa
.buf1
+ 9, L
'j', l0
+ 2);
778 #if __USE_FORTIFY_LEVEL >= 2
785 wcscpy (wa
.buf1
+ (O
+ 4), wstr1
+ 5);
789 wp
= wcpcpy (wa
.buf1
+ (O
+ 8), wstr2
);
793 wcsncpy (wa
.buf1
+ (O
+ 6), L
"X", 4);
797 wcsncpy (wa
.buf1
+ (O
+ 6), L
"X", l0
+ 4);
800 wmemcpy (wa
.buf1
, wstr1
+ (3 - O
), 8 + O
);
802 wcscat (wa
.buf1
, L
"AB");
805 wmemcpy (wa
.buf1
, wstr1
+ (4 - O
), 7 + O
);
807 wcsncat (wa
.buf1
, L
"ZYXWV", l0
+ 3);
812 /* Now checks for %n protection. */
814 /* Constant literals passed directly are always ok
815 (even with warnings about possible bugs from GCC). */
817 if (sprintf (buf
, "%s%n%s%n", str2
, &n1
, str2
, &n2
) != 2
818 || n1
!= 1 || n2
!= 2)
821 /* In this case the format string is not known at compile time,
822 but resides in read-only memory, so is ok. */
823 if (snprintf (buf
, 4, str3
, str2
, &n1
, str2
, &n2
) != 2
824 || n1
!= 1 || n2
!= 2)
827 strcpy (buf2
+ 2, "%n%s%n");
828 /* When the format string is writable and contains %n,
829 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
831 if (sprintf (buf
, buf2
, str2
, &n1
, str2
, &n1
) != 2)
836 if (snprintf (buf
, 3, buf2
, str2
, &n1
, str2
, &n1
) != 2)
840 /* But if there is no %n, even writable format string
843 if (sprintf (buf
, buf2
+ 4, str2
) != 1)
846 /* Constant literals passed directly are always ok
847 (even with warnings about possible bugs from GCC). */
848 if (printf ("%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
849 || n1
!= 7 || n2
!= 14)
852 /* In this case the format string is not known at compile time,
853 but resides in read-only memory, so is ok. */
854 if (printf (str3
, str4
, &n1
, str5
, &n2
) != 14
855 || n1
!= 7 || n2
!= 14)
858 strcpy (buf2
+ 2, "%n%s%n");
859 /* When the format string is writable and contains %n,
860 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
862 if (printf (buf2
, str4
, &n1
, str5
, &n1
) != 14)
866 /* But if there is no %n, even writable format string
869 if (printf (buf2
+ 4, str5
) != 7)
874 /* Constant literals passed directly are always ok
875 (even with warnings about possible bugs from GCC). */
876 if (fprintf (fp
, "%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
877 || n1
!= 7 || n2
!= 14)
880 /* In this case the format string is not known at compile time,
881 but resides in read-only memory, so is ok. */
882 if (fprintf (fp
, str3
, str4
, &n1
, str5
, &n2
) != 14
883 || n1
!= 7 || n2
!= 14)
886 strcpy (buf2
+ 2, "%n%s%n");
887 /* When the format string is writable and contains %n,
888 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
890 if (fprintf (fp
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
894 /* But if there is no %n, even writable format string
897 if (fprintf (fp
, buf2
+ 4, str5
) != 7)
901 strcpy (buf2
+ 2, "%n%s%n");
902 /* When the format string is writable and contains %n,
903 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
905 if (asprintf (&my_ptr
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
914 if (obstack_printf (&obs
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
917 obstack_free (&obs
, NULL
);
920 if (asprintf (&my_ptr
, "%s%n%s%n", str4
, &n1
, str5
, &n1
) != 14)
926 if (obstack_printf (&obs
, "%s%n%s%n", str4
, &n1
, str5
, &n1
) != 14)
928 obstack_free (&obs
, NULL
);
930 if (freopen (temp_filename
, "r", stdin
) == NULL
)
932 puts ("could not open temporary file");
936 if (gets (buf
) != buf
|| memcmp (buf
, "abcdefgh", 9))
938 if (gets (buf
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
941 #if __USE_FORTIFY_LEVEL >= 1
943 if (gets (buf
) != buf
)
950 if (fgets (buf
, sizeof (buf
), stdin
) != buf
951 || memcmp (buf
, "abcdefgh\n", 10))
953 if (fgets (buf
, sizeof (buf
), stdin
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
958 if (fgets (buf
, l0
+ sizeof (buf
), stdin
) != buf
959 || memcmp (buf
, "abcdefgh\n", 10))
962 #if __USE_FORTIFY_LEVEL >= 1
964 if (fgets (buf
, sizeof (buf
) + 1, stdin
) != buf
)
969 if (fgets (buf
, l0
+ sizeof (buf
) + 1, stdin
) != buf
)
976 if (fgets_unlocked (buf
, sizeof (buf
), stdin
) != buf
977 || memcmp (buf
, "abcdefgh\n", 10))
979 if (fgets_unlocked (buf
, sizeof (buf
), stdin
) != buf
980 || memcmp (buf
, "ABCDEFGHI", 10))
985 if (fgets_unlocked (buf
, l0
+ sizeof (buf
), stdin
) != buf
986 || memcmp (buf
, "abcdefgh\n", 10))
989 #if __USE_FORTIFY_LEVEL >= 1
991 if (fgets_unlocked (buf
, sizeof (buf
) + 1, stdin
) != buf
)
996 if (fgets_unlocked (buf
, l0
+ sizeof (buf
) + 1, stdin
) != buf
)
1003 if (fread (buf
, 1, sizeof (buf
), stdin
) != sizeof (buf
)
1004 || memcmp (buf
, "abcdefgh\nA", 10))
1006 if (fread (buf
, sizeof (buf
), 1, stdin
) != 1
1007 || memcmp (buf
, "BCDEFGHI\na", 10))
1012 if (fread (buf
, l0
+ 1, sizeof (buf
), stdin
) != sizeof (buf
)
1013 || memcmp (buf
, "abcdefgh\nA", 10))
1015 if (fread (buf
, sizeof (buf
), l0
+ 1, stdin
) != 1
1016 || memcmp (buf
, "BCDEFGHI\na", 10))
1019 #if __USE_FORTIFY_LEVEL >= 1
1021 if (fread (buf
, 1, sizeof (buf
) + 1, stdin
) != sizeof (buf
) + 1)
1026 if (fread (buf
, sizeof (buf
) + 1, l0
+ 1, stdin
) != 1)
1033 if (fread_unlocked (buf
, 1, sizeof (buf
), stdin
) != sizeof (buf
)
1034 || memcmp (buf
, "abcdefgh\nA", 10))
1036 if (fread_unlocked (buf
, sizeof (buf
), 1, stdin
) != 1
1037 || memcmp (buf
, "BCDEFGHI\na", 10))
1042 if (fread_unlocked (buf
, 1, 4, stdin
) != 4
1043 || memcmp (buf
, "abcdFGHI\na", 10))
1045 if (fread_unlocked (buf
, 4, 1, stdin
) != 1
1046 || memcmp (buf
, "efghFGHI\na", 10))
1051 if (fread_unlocked (buf
, l0
+ 1, sizeof (buf
), stdin
) != sizeof (buf
)
1052 || memcmp (buf
, "abcdefgh\nA", 10))
1054 if (fread_unlocked (buf
, sizeof (buf
), l0
+ 1, stdin
) != 1
1055 || memcmp (buf
, "BCDEFGHI\na", 10))
1058 #if __USE_FORTIFY_LEVEL >= 1
1060 if (fread_unlocked (buf
, 1, sizeof (buf
) + 1, stdin
) != sizeof (buf
) + 1)
1065 if (fread_unlocked (buf
, sizeof (buf
) + 1, l0
+ 1, stdin
) != 1)
1070 lseek (fileno (stdin
), 0, SEEK_SET
);
1072 if (read (fileno (stdin
), buf
, sizeof (buf
) - 1) != sizeof (buf
) - 1
1073 || memcmp (buf
, "abcdefgh\n", 9))
1075 if (read (fileno (stdin
), buf
, sizeof (buf
) - 1) != sizeof (buf
) - 1
1076 || memcmp (buf
, "ABCDEFGHI", 9))
1079 lseek (fileno (stdin
), 0, SEEK_SET
);
1081 if (read (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1) != sizeof (buf
) - 1
1082 || memcmp (buf
, "abcdefgh\n", 9))
1085 #if __USE_FORTIFY_LEVEL >= 1
1087 if (read (fileno (stdin
), buf
, sizeof (buf
) + 1) != sizeof (buf
) + 1)
1092 if (read (fileno (stdin
), buf
, l0
+ sizeof (buf
) + 1) != sizeof (buf
) + 1)
1097 if (pread (fileno (stdin
), buf
, sizeof (buf
) - 1, sizeof (buf
) - 2)
1099 || memcmp (buf
, "\nABCDEFGH", 9))
1101 if (pread (fileno (stdin
), buf
, sizeof (buf
) - 1, 0) != sizeof (buf
) - 1
1102 || memcmp (buf
, "abcdefgh\n", 9))
1104 if (pread (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1, sizeof (buf
) - 3)
1106 || memcmp (buf
, "h\nABCDEFG", 9))
1109 #if __USE_FORTIFY_LEVEL >= 1
1111 if (pread (fileno (stdin
), buf
, sizeof (buf
) + 1, 2 * sizeof (buf
))
1112 != sizeof (buf
) + 1)
1117 if (pread (fileno (stdin
), buf
, l0
+ sizeof (buf
) + 1, 2 * sizeof (buf
))
1118 != sizeof (buf
) + 1)
1123 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) - 1, sizeof (buf
) - 2)
1125 || memcmp (buf
, "\nABCDEFGH", 9))
1127 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) - 1, 0) != sizeof (buf
) - 1
1128 || memcmp (buf
, "abcdefgh\n", 9))
1130 if (pread64 (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1, sizeof (buf
) - 3)
1132 || memcmp (buf
, "h\nABCDEFG", 9))
1135 #if __USE_FORTIFY_LEVEL >= 1
1137 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) + 1, 2 * sizeof (buf
))
1138 != sizeof (buf
) + 1)
1143 if (pread64 (fileno (stdin
), buf
, l0
+ sizeof (buf
) + 1, 2 * sizeof (buf
))
1144 != sizeof (buf
) + 1)
1149 if (freopen (temp_filename
, "r", stdin
) == NULL
)
1151 puts ("could not open temporary file");
1155 if (fseek (stdin
, 9 + 10 + 11, SEEK_SET
))
1157 puts ("could not seek in test file");
1161 #if __USE_FORTIFY_LEVEL >= 1
1163 if (gets (buf
) != buf
)
1168 /* Check whether missing N$ formats are detected. */
1170 printf ("%3$d\n", 1, 2, 3, 4);
1174 fprintf (stdout
, "%3$d\n", 1, 2, 3, 4);
1178 sprintf (buf
, "%3$d\n", 1, 2, 3, 4);
1182 snprintf (buf
, sizeof (buf
), "%3$d\n", 1, 2, 3, 4);
1186 if (socketpair (PF_UNIX
, SOCK_STREAM
, 0, sp
))
1190 const char *sendstr
= "abcdefgh\nABCDEFGH\n0123456789\n";
1191 if ((size_t) send (sp
[0], sendstr
, strlen (sendstr
), 0)
1192 != strlen (sendstr
))
1196 if (recv (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
)
1198 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
1201 if (recv (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
)
1202 != sizeof recvbuf
- 7
1203 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
1206 #if __USE_FORTIFY_LEVEL >= 1
1208 if (recv (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
)
1214 if (recv (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
)
1215 != sizeof recvbuf
- 3)
1221 struct sockaddr_un sa_un
;
1223 sl
= sizeof (sa_un
);
1224 if (recvfrom (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
,
1225 (struct sockaddr
*) &sa_un
, &sl
)
1227 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
1230 sl
= sizeof (sa_un
);
1231 if (recvfrom (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
,
1232 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
- 7
1233 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
1236 #if __USE_FORTIFY_LEVEL >= 1
1238 sl
= sizeof (sa_un
);
1239 if (recvfrom (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
,
1240 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
)
1245 sl
= sizeof (sa_un
);
1246 if (recvfrom (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
,
1247 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
- 3)
1256 char fname
[] = "/tmp/tst-chk1-dir-XXXXXX\0foo";
1257 char *enddir
= strchr (fname
, '\0');
1258 if (mkdtemp (fname
) == NULL
)
1260 printf ("mkdtemp failed: %m\n");
1264 if (symlink ("bar", fname
) != 0)
1267 char readlinkbuf
[4];
1268 if (readlink (fname
, readlinkbuf
, 4) != 3
1269 || memcmp (readlinkbuf
, "bar", 3) != 0)
1271 if (readlink (fname
, readlinkbuf
+ 1, l0
+ 3) != 3
1272 || memcmp (readlinkbuf
, "bbar", 4) != 0)
1275 #if __USE_FORTIFY_LEVEL >= 1
1277 if (readlink (fname
, readlinkbuf
+ 2, l0
+ 3) != 3)
1282 if (readlink (fname
, readlinkbuf
+ 3, 4) != 3)
1287 int tmpfd
= open ("/tmp", O_RDONLY
| O_DIRECTORY
);
1291 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
, 4) != 3
1292 || memcmp (readlinkbuf
, "bar", 3) != 0)
1294 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 1,
1296 || memcmp (readlinkbuf
, "bbar", 4) != 0)
1299 #if __USE_FORTIFY_LEVEL >= 1
1301 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 2,
1307 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 3,
1315 char *cwd1
= getcwd (NULL
, 0);
1319 char *cwd2
= getcwd (NULL
, 250);
1325 if (strcmp (cwd1
, cwd2
) != 0)
1332 char *cwd3
= getcwd (NULL
, 0);
1335 if (strcmp (fname
, cwd3
) != 0)
1336 printf ("getcwd after chdir is '%s' != '%s',"
1337 "get{c,}wd tests skipped\n", cwd3
, fname
);
1340 char getcwdbuf
[sizeof fname
- 3];
1342 char *cwd4
= getcwd (getcwdbuf
, sizeof getcwdbuf
);
1343 if (cwd4
!= getcwdbuf
1344 || strcmp (getcwdbuf
, fname
) != 0)
1347 cwd4
= getcwd (getcwdbuf
+ 1, l0
+ sizeof getcwdbuf
- 1);
1348 if (cwd4
!= getcwdbuf
+ 1
1349 || getcwdbuf
[0] != fname
[0]
1350 || strcmp (getcwdbuf
+ 1, fname
) != 0)
1353 #if __USE_FORTIFY_LEVEL >= 1
1355 if (getcwd (getcwdbuf
+ 2, l0
+ sizeof getcwdbuf
)
1361 if (getcwd (getcwdbuf
+ 2, sizeof getcwdbuf
)
1367 if (getwd (getcwdbuf
) != getcwdbuf
1368 || strcmp (getcwdbuf
, fname
) != 0)
1371 if (getwd (getcwdbuf
+ 1) != getcwdbuf
+ 1
1372 || strcmp (getcwdbuf
+ 1, fname
) != 0)
1375 #if __USE_FORTIFY_LEVEL >= 1
1377 if (getwd (getcwdbuf
+ 2) != getcwdbuf
+ 2)
1383 if (chdir (cwd1
) != 0)
1391 if (unlink (fname
) != 0)
1395 if (rmdir (fname
) != 0)
1400 char largebuf
[PATH_MAX
];
1401 char *realres
= realpath (".", largebuf
);
1402 if (realres
!= largebuf
)
1405 # if __USE_FORTIFY_LEVEL >= 1
1408 realres
= realpath (".", realbuf
);
1409 if (realres
!= realbuf
)
1415 if (setlocale (LC_ALL
, "de_DE.UTF-8") != NULL
)
1417 assert (MB_CUR_MAX
<= 10);
1419 /* First a simple test. */
1421 if (wctomb (enough
, L
'A') != 1)
1424 #if __USE_FORTIFY_LEVEL >= 1
1425 /* We know the wchar_t encoding is ISO 10646. So pick a
1426 character which has a multibyte representation which does not
1430 if (wctomb (smallbuf
, L
'\x100') != 2)
1436 memset (&s
, '\0', sizeof (s
));
1437 if (wcrtomb (enough
, L
'D', &s
) != 1 || enough
[0] != 'D')
1440 #if __USE_FORTIFY_LEVEL >= 1
1441 /* We know the wchar_t encoding is ISO 10646. So pick a
1442 character which has a multibyte representation which does not
1446 if (wcrtomb (smallbuf
, L
'\x100', &s
) != 2)
1451 wchar_t wenough
[10];
1452 memset (&s
, '\0', sizeof (s
));
1453 const char *cp
= "A";
1454 if (mbsrtowcs (wenough
, &cp
, 10, &s
) != 1
1455 || wcscmp (wenough
, L
"A") != 0)
1459 if (mbsrtowcs (wenough
, &cp
, l0
+ 10, &s
) != 2
1460 || wcscmp (wenough
, L
"BC") != 0)
1463 #if __USE_FORTIFY_LEVEL >= 1
1465 wchar_t wsmallbuf
[2];
1467 mbsrtowcs (wsmallbuf
, &cp
, 10, &s
);
1472 if (mbstowcs (wenough
, cp
, 10) != 1
1473 || wcscmp (wenough
, L
"A") != 0)
1477 if (mbstowcs (wenough
, cp
, l0
+ 10) != 3
1478 || wcscmp (wenough
, L
"DEF") != 0)
1481 #if __USE_FORTIFY_LEVEL >= 1
1483 wchar_t wsmallbuf
[2];
1485 mbstowcs (wsmallbuf
, cp
, 10);
1489 memset (&s
, '\0', sizeof (s
));
1491 wcscpy (wenough
, L
"DEF");
1492 if (mbsnrtowcs (wenough
, &cp
, 1, 10, &s
) != 1
1493 || wcscmp (wenough
, L
"AEF") != 0)
1497 if (mbsnrtowcs (wenough
, &cp
, 1, l0
+ 10, &s
) != 1
1498 || wcscmp (wenough
, L
"IEF") != 0)
1501 #if __USE_FORTIFY_LEVEL >= 1
1503 wchar_t wsmallbuf
[2];
1505 mbsnrtowcs (wsmallbuf
, &cp
, 3, 10, &s
);
1509 memset (&s
, '\0', sizeof (s
));
1510 const wchar_t *wcp
= L
"A";
1511 if (wcsrtombs (enough
, &wcp
, 10, &s
) != 1
1512 || strcmp (enough
, "A") != 0)
1516 if (wcsrtombs (enough
, &wcp
, l0
+ 10, &s
) != 2
1517 || strcmp (enough
, "BC") != 0)
1520 #if __USE_FORTIFY_LEVEL >= 1
1524 wcsrtombs (smallbuf
, &wcp
, 10, &s
);
1528 memset (enough
, 'Z', sizeof (enough
));
1530 if (wcstombs (enough
, wcp
, 10) != 2
1531 || strcmp (enough
, "EF") != 0)
1535 if (wcstombs (enough
, wcp
, l0
+ 10) != 1
1536 || strcmp (enough
, "G") != 0)
1539 #if __USE_FORTIFY_LEVEL >= 1
1543 wcstombs (smallbuf
, wcp
, 10);
1547 memset (&s
, '\0', sizeof (s
));
1549 if (wcsnrtombs (enough
, &wcp
, 1, 10, &s
) != 1
1550 || strcmp (enough
, "A") != 0)
1554 if (wcsnrtombs (enough
, &wcp
, 1, l0
+ 10, &s
) != 1
1555 || strcmp (enough
, "B") != 0)
1558 #if __USE_FORTIFY_LEVEL >= 1
1562 wcsnrtombs (smallbuf
, &wcp
, 3, 10, &s
);
1568 puts ("cannot set locale");
1572 int fd
= posix_openpt (O_RDWR
);
1576 if (ptsname_r (fd
, enough
, sizeof (enough
)) != 0)
1579 #if __USE_FORTIFY_LEVEL >= 1
1582 if (ptsname_r (fd
, smallbuf
, sizeof (smallbuf
) + 1) == 0)
1590 confstr (_CS_GNU_LIBC_VERSION
, largebuf
, sizeof (largebuf
));
1591 # if __USE_FORTIFY_LEVEL >= 1
1594 confstr (_CS_GNU_LIBC_VERSION
, smallbuf
, sizeof (largebuf
));
1600 int ngr
= getgroups (5, grpslarge
);
1601 asm volatile ("" : : "r" (ngr
));
1602 #if __USE_FORTIFY_LEVEL >= 1
1605 ngr
= getgroups (5, (gid_t
*) smallbuf
);
1606 asm volatile ("" : : "r" (ngr
));
1610 fd
= open (_PATH_TTY
, O_RDONLY
);
1614 if (ttyname_r (fd
, enough
, sizeof (enough
)) != 0)
1617 #if __USE_FORTIFY_LEVEL >= 1
1620 if (ttyname_r (fd
, smallbuf
, sizeof (smallbuf
) + 1) == 0)
1627 char hostnamelarge
[1000];
1628 gethostname (hostnamelarge
, sizeof (hostnamelarge
));
1629 #if __USE_FORTIFY_LEVEL >= 1
1632 gethostname (smallbuf
, sizeof (hostnamelarge
));
1636 char loginlarge
[1000];
1637 getlogin_r (loginlarge
, sizeof (hostnamelarge
));
1638 #if __USE_FORTIFY_LEVEL >= 1
1641 getlogin_r (smallbuf
, sizeof (loginlarge
));
1645 char domainnamelarge
[1000];
1646 int res
= getdomainname (domainnamelarge
, sizeof (domainnamelarge
));
1647 asm volatile ("" : : "r" (res
));
1648 #if __USE_FORTIFY_LEVEL >= 1
1651 res
= getdomainname (smallbuf
, sizeof (domainnamelarge
));
1652 asm volatile ("" : : "r" (res
));
1659 FD_SET (FD_SETSIZE
- 1, &s
);
1660 #if __USE_FORTIFY_LEVEL >= 1
1662 FD_SET (FD_SETSIZE
, &s
);
1666 FD_SET (l0
+ FD_SETSIZE
, &s
);
1670 FD_CLR (FD_SETSIZE
- 1, &s
);
1671 #if __USE_FORTIFY_LEVEL >= 1
1673 FD_CLR (FD_SETSIZE
, &s
);
1677 FD_SET (l0
+ FD_SETSIZE
, &s
);
1681 FD_ISSET (FD_SETSIZE
- 1, &s
);
1682 #if __USE_FORTIFY_LEVEL >= 1
1684 FD_ISSET (FD_SETSIZE
, &s
);
1688 FD_ISSET (l0
+ FD_SETSIZE
, &s
);
1692 struct pollfd fds
[1];
1693 fds
[0].fd
= STDOUT_FILENO
;
1694 fds
[0].events
= POLLOUT
;
1696 #if __USE_FORTIFY_LEVEL >= 1
1702 poll (fds
, l0
+ 2, 0);
1705 ppoll (fds
, 1, NULL
, NULL
);
1706 #if __USE_FORTIFY_LEVEL >= 1
1708 ppoll (fds
, 2, NULL
, NULL
);
1712 ppoll (fds
, l0
+ 2, NULL
, NULL
);