1 /* Copyright (C) 2004-2017 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <http://www.gnu.org/licenses/>. */
31 #include <sys/select.h>
32 #include <sys/socket.h>
36 #define obstack_chunk_alloc malloc
37 #define obstack_chunk_free free
40 static void do_prepare (void);
41 static int do_test (void);
42 #define PREPARE(argc, argv) do_prepare ()
43 #define TEST_FUNCTION do_test ()
44 #include "../test-skeleton.c"
49 int temp_fd
= create_temp_file ("tst-chk1.", &temp_filename
);
52 printf ("cannot create temporary file: %m\n");
56 const char *strs
= "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
57 if ((size_t) write (temp_fd
, strs
, strlen (strs
)) != strlen (strs
))
59 puts ("could not write test strings into file");
60 unlink (temp_filename
);
65 volatile int chk_fail_ok
;
75 longjmp (chk_fail_buf
, 1);
86 const char *str1
= "JIHGFEDCBA";
87 const char *str2
= "F";
88 const char *str3
= "%s%n%s%n";
89 const char *str4
= "Hello, ";
90 const char *str5
= "World!\n";
91 const wchar_t *wstr1
= L
"JIHGFEDCBA";
92 const wchar_t *wstr2
= L
"F";
93 const wchar_t *wstr3
= L
"%s%n%s%n";
94 const wchar_t *wstr4
= L
"Hello, ";
95 const wchar_t *wstr5
= L
"World!\n";
101 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
102 #define CHK_FAIL_START \
104 if (! setjmp (chk_fail_buf)) \
106 #define CHK_FAIL_END \
110 #if __USE_FORTIFY_LEVEL >= 2 && (!defined __cplusplus || defined __va_arg_pack)
111 # define CHK_FAIL2_START CHK_FAIL_START
112 # define CHK_FAIL2_END CHK_FAIL_END
114 # define CHK_FAIL2_START
115 # define CHK_FAIL2_END
121 set_fortify_handler (handler
);
123 struct A
{ char buf1
[9]; char buf2
[1]; } a
;
124 struct wA
{ wchar_t buf1
[9]; wchar_t buf2
[1]; } wa
;
126 printf ("Test checking routines at fortify level %d\n",
127 #ifdef __USE_FORTIFY_LEVEL
128 (int) __USE_FORTIFY_LEVEL
134 #if defined __USE_FORTIFY_LEVEL && !defined __fortify_function
135 printf ("Test skipped");
140 /* These ops can be done without runtime checking of object size. */
141 memcpy (buf
, "abcdefghij", 10);
142 memmove (buf
+ 1, buf
, 9);
143 if (memcmp (buf
, "aabcdefghi", 10))
146 memcpy (buf
, "abcdefghij", 10);
147 bcopy (buf
, buf
+ 1, 9);
148 if (memcmp (buf
, "aabcdefghi", 10))
151 if (mempcpy (buf
+ 5, "abcde", 5) != buf
+ 10
152 || memcmp (buf
, "aabcdabcde", 10))
155 memset (buf
+ 8, 'j', 2);
156 if (memcmp (buf
, "aabcdabcjj", 10))
160 if (memcmp (buf
, "aabcdabc\0\0", 10))
163 explicit_bzero (buf
+ 6, 4);
164 if (memcmp (buf
, "aabcda\0\0\0\0", 10))
167 strcpy (buf
+ 4, "EDCBA");
168 if (memcmp (buf
, "aabcEDCBA", 10))
171 if (stpcpy (buf
+ 8, "F") != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
174 strncpy (buf
+ 6, "X", 4);
175 if (memcmp (buf
, "aabcEDX\0\0", 10))
178 if (sprintf (buf
+ 7, "%s", "67") != 2 || memcmp (buf
, "aabcEDX67", 10))
181 if (snprintf (buf
+ 7, 3, "%s", "987654") != 6
182 || memcmp (buf
, "aabcEDX98", 10))
185 /* These ops need runtime checking, but shouldn't __chk_fail. */
186 memcpy (buf
, "abcdefghij", l0
+ 10);
187 memmove (buf
+ 1, buf
, l0
+ 9);
188 if (memcmp (buf
, "aabcdefghi", 10))
191 memcpy (buf
, "abcdefghij", l0
+ 10);
192 bcopy (buf
, buf
+ 1, l0
+ 9);
193 if (memcmp (buf
, "aabcdefghi", 10))
196 if (mempcpy (buf
+ 5, "abcde", l0
+ 5) != buf
+ 10
197 || memcmp (buf
, "aabcdabcde", 10))
200 memset (buf
+ 8, 'j', l0
+ 2);
201 if (memcmp (buf
, "aabcdabcjj", 10))
204 bzero (buf
+ 8, l0
+ 2);
205 if (memcmp (buf
, "aabcdabc\0\0", 10))
208 explicit_bzero (buf
+ 6, l0
+ 4);
209 if (memcmp (buf
, "aabcda\0\0\0\0", 10))
212 strcpy (buf
+ 4, str1
+ 5);
213 if (memcmp (buf
, "aabcEDCBA", 10))
216 if (stpcpy (buf
+ 8, str2
) != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
219 strncpy (buf
+ 6, "X", l0
+ 4);
220 if (memcmp (buf
, "aabcEDX\0\0", 10))
223 if (stpncpy (buf
+ 5, "cd", l0
+ 5) != buf
+ 7
224 || memcmp (buf
, "aabcEcd\0\0", 10))
227 if (sprintf (buf
+ 7, "%d", num1
) != 2 || memcmp (buf
, "aabcEcd67", 10))
230 if (snprintf (buf
+ 7, 3, "%d", num2
) != 6 || memcmp (buf
, "aabcEcd98", 10))
235 if (memcmp (buf
, "aabcEcd9A", 10))
239 strncat (buf
, "ZYXWV", l0
+ 2);
240 if (memcmp (buf
, "aabcEcdZY", 10))
243 /* The following tests are supposed to succeed at all fortify
244 levels, even though they overflow a.buf1 into a.buf2. */
245 memcpy (a
.buf1
, "abcdefghij", l0
+ 10);
246 memmove (a
.buf1
+ 1, a
.buf1
, l0
+ 9);
247 if (memcmp (a
.buf1
, "aabcdefghi", 10))
250 memcpy (a
.buf1
, "abcdefghij", l0
+ 10);
251 bcopy (a
.buf1
, a
.buf1
+ 1, l0
+ 9);
252 if (memcmp (a
.buf1
, "aabcdefghi", 10))
255 if (mempcpy (a
.buf1
+ 5, "abcde", l0
+ 5) != a
.buf1
+ 10
256 || memcmp (a
.buf1
, "aabcdabcde", 10))
259 memset (a
.buf1
+ 8, 'j', l0
+ 2);
260 if (memcmp (a
.buf1
, "aabcdabcjj", 10))
263 bzero (a
.buf1
+ 8, l0
+ 2);
264 if (memcmp (a
.buf1
, "aabcdabc\0\0", 10))
267 explicit_bzero (a
.buf1
+ 6, l0
+ 4);
268 if (memcmp (a
.buf1
, "aabcda\0\0\0\0", 10))
271 #if __USE_FORTIFY_LEVEL < 2
272 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
273 and sufficient GCC support, as the string operations overflow
274 from a.buf1 into a.buf2. */
275 strcpy (a
.buf1
+ 4, str1
+ 5);
276 if (memcmp (a
.buf1
, "aabcEDCBA", 10))
279 if (stpcpy (a
.buf1
+ 8, str2
) != a
.buf1
+ 9
280 || memcmp (a
.buf1
, "aabcEDCBF", 10))
283 strncpy (a
.buf1
+ 6, "X", l0
+ 4);
284 if (memcmp (a
.buf1
, "aabcEDX\0\0", 10))
287 if (sprintf (a
.buf1
+ 7, "%d", num1
) != 2
288 || memcmp (a
.buf1
, "aabcEDX67", 10))
291 if (snprintf (a
.buf1
+ 7, 3, "%d", num2
) != 6
292 || memcmp (a
.buf1
, "aabcEDX98", 10))
295 a
.buf1
[l0
+ 8] = '\0';
296 strcat (a
.buf1
, "A");
297 if (memcmp (a
.buf1
, "aabcEDX9A", 10))
300 a
.buf1
[l0
+ 7] = '\0';
301 strncat (a
.buf1
, "ZYXWV", l0
+ 2);
302 if (memcmp (a
.buf1
, "aabcEDXZY", 10))
307 #if __USE_FORTIFY_LEVEL >= 1
308 /* Now check if all buffer overflows are caught at runtime.
309 N.B. All tests involving a length parameter need to be done
310 twice: once with the length a compile-time constant, once without. */
313 memcpy (buf
+ 1, "abcdefghij", 10);
317 memcpy (buf
+ 1, "abcdefghij", l0
+ 10);
321 memmove (buf
+ 2, buf
+ 1, 9);
325 memmove (buf
+ 2, buf
+ 1, l0
+ 9);
329 bcopy (buf
+ 1, buf
+ 2, 9);
333 bcopy (buf
+ 1, buf
+ 2, l0
+ 9);
337 p
= (char *) mempcpy (buf
+ 6, "abcde", 5);
341 p
= (char *) mempcpy (buf
+ 6, "abcde", l0
+ 5);
345 memset (buf
+ 9, 'j', 2);
349 memset (buf
+ 9, 'j', l0
+ 2);
357 bzero (buf
+ 9, l0
+ 2);
361 explicit_bzero (buf
+ 9, 2);
365 explicit_bzero (buf
+ 9, l0
+ 2);
369 strcpy (buf
+ 5, str1
+ 5);
373 p
= stpcpy (buf
+ 9, str2
);
377 strncpy (buf
+ 7, "X", 4);
381 strncpy (buf
+ 7, "X", l0
+ 4);
385 stpncpy (buf
+ 6, "cd", 5);
389 stpncpy (buf
+ 6, "cd", l0
+ 5);
392 # if !defined __cplusplus || defined __va_arg_pack
394 sprintf (buf
+ 8, "%d", num1
);
398 snprintf (buf
+ 8, 3, "%d", num2
);
402 snprintf (buf
+ 8, l0
+ 3, "%d", num2
);
406 swprintf (wbuf
+ 8, 3, L
"%d", num1
);
410 swprintf (wbuf
+ 8, l0
+ 3, L
"%d", num1
);
414 memcpy (buf
, str1
+ 2, 9);
419 memcpy (buf
, str1
+ 3, 8);
421 strncat (buf
, "ZYXWV", 3);
424 memcpy (buf
, str1
+ 3, 8);
426 strncat (buf
, "ZYXWV", l0
+ 3);
430 memcpy (a
.buf1
+ 1, "abcdefghij", 10);
434 memcpy (a
.buf1
+ 1, "abcdefghij", l0
+ 10);
438 memmove (a
.buf1
+ 2, a
.buf1
+ 1, 9);
442 memmove (a
.buf1
+ 2, a
.buf1
+ 1, l0
+ 9);
446 bcopy (a
.buf1
+ 1, a
.buf1
+ 2, 9);
450 bcopy (a
.buf1
+ 1, a
.buf1
+ 2, l0
+ 9);
454 p
= (char *) mempcpy (a
.buf1
+ 6, "abcde", 5);
458 p
= (char *) mempcpy (a
.buf1
+ 6, "abcde", l0
+ 5);
462 memset (a
.buf1
+ 9, 'j', 2);
466 memset (a
.buf1
+ 9, 'j', l0
+ 2);
470 bzero (a
.buf1
+ 9, 2);
474 bzero (a
.buf1
+ 9, l0
+ 2);
478 explicit_bzero (a
.buf1
+ 9, 2);
482 explicit_bzero (a
.buf1
+ 9, l0
+ 2);
485 # if __USE_FORTIFY_LEVEL >= 2
492 strcpy (a
.buf1
+ (O
+ 4), str1
+ 5);
496 p
= stpcpy (a
.buf1
+ (O
+ 8), str2
);
500 strncpy (a
.buf1
+ (O
+ 6), "X", 4);
504 strncpy (a
.buf1
+ (O
+ 6), "X", l0
+ 4);
507 # if !defined __cplusplus || defined __va_arg_pack
509 sprintf (a
.buf1
+ (O
+ 7), "%d", num1
);
513 snprintf (a
.buf1
+ (O
+ 7), 3, "%d", num2
);
517 snprintf (a
.buf1
+ (O
+ 7), l0
+ 3, "%d", num2
);
521 memcpy (a
.buf1
, str1
+ (3 - O
), 8 + O
);
523 strcat (a
.buf1
, "AB");
526 memcpy (a
.buf1
, str1
+ (4 - O
), 7 + O
);
528 strncat (a
.buf1
, "ZYXWV", l0
+ 3);
533 /* These ops can be done without runtime checking of object size. */
534 wmemcpy (wbuf
, L
"abcdefghij", 10);
535 wmemmove (wbuf
+ 1, wbuf
, 9);
536 if (wmemcmp (wbuf
, L
"aabcdefghi", 10))
539 if (wmempcpy (wbuf
+ 5, L
"abcde", 5) != wbuf
+ 10
540 || wmemcmp (wbuf
, L
"aabcdabcde", 10))
543 wmemset (wbuf
+ 8, L
'j', 2);
544 if (wmemcmp (wbuf
, L
"aabcdabcjj", 10))
547 wcscpy (wbuf
+ 4, L
"EDCBA");
548 if (wmemcmp (wbuf
, L
"aabcEDCBA", 10))
551 if (wcpcpy (wbuf
+ 8, L
"F") != wbuf
+ 9 || wmemcmp (wbuf
, L
"aabcEDCBF", 10))
554 wcsncpy (wbuf
+ 6, L
"X", 4);
555 if (wmemcmp (wbuf
, L
"aabcEDX\0\0", 10))
558 if (swprintf (wbuf
+ 7, 3, L
"%ls", L
"987654") >= 0
559 || wmemcmp (wbuf
, L
"aabcEDX98", 10))
562 if (swprintf (wbuf
+ 7, 3, L
"64") != 2
563 || wmemcmp (wbuf
, L
"aabcEDX64", 10))
566 /* These ops need runtime checking, but shouldn't __chk_fail. */
567 wmemcpy (wbuf
, L
"abcdefghij", l0
+ 10);
568 wmemmove (wbuf
+ 1, wbuf
, l0
+ 9);
569 if (wmemcmp (wbuf
, L
"aabcdefghi", 10))
572 if (wmempcpy (wbuf
+ 5, L
"abcde", l0
+ 5) != wbuf
+ 10
573 || wmemcmp (wbuf
, L
"aabcdabcde", 10))
576 wmemset (wbuf
+ 8, L
'j', l0
+ 2);
577 if (wmemcmp (wbuf
, L
"aabcdabcjj", 10))
580 wcscpy (wbuf
+ 4, wstr1
+ 5);
581 if (wmemcmp (wbuf
, L
"aabcEDCBA", 10))
584 if (wcpcpy (wbuf
+ 8, wstr2
) != wbuf
+ 9 || wmemcmp (wbuf
, L
"aabcEDCBF", 10))
587 wcsncpy (wbuf
+ 6, L
"X", l0
+ 4);
588 if (wmemcmp (wbuf
, L
"aabcEDX\0\0", 10))
591 if (wcpncpy (wbuf
+ 5, L
"cd", l0
+ 5) != wbuf
+ 7
592 || wmemcmp (wbuf
, L
"aabcEcd\0\0", 10))
595 if (swprintf (wbuf
+ 7, 3, L
"%d", num2
) >= 0
596 || wmemcmp (wbuf
, L
"aabcEcd98", 10))
599 wbuf
[l0
+ 8] = L
'\0';
601 if (wmemcmp (wbuf
, L
"aabcEcd9A", 10))
604 wbuf
[l0
+ 7] = L
'\0';
605 wcsncat (wbuf
, L
"ZYXWV", l0
+ 2);
606 if (wmemcmp (wbuf
, L
"aabcEcdZY", 10))
609 wmemcpy (wa
.buf1
, L
"abcdefghij", l0
+ 10);
610 wmemmove (wa
.buf1
+ 1, wa
.buf1
, l0
+ 9);
611 if (wmemcmp (wa
.buf1
, L
"aabcdefghi", 10))
614 if (wmempcpy (wa
.buf1
+ 5, L
"abcde", l0
+ 5) != wa
.buf1
+ 10
615 || wmemcmp (wa
.buf1
, L
"aabcdabcde", 10))
618 wmemset (wa
.buf1
+ 8, L
'j', l0
+ 2);
619 if (wmemcmp (wa
.buf1
, L
"aabcdabcjj", 10))
622 #if __USE_FORTIFY_LEVEL < 2
623 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
624 and sufficient GCC support, as the string operations overflow
625 from a.buf1 into a.buf2. */
626 wcscpy (wa
.buf1
+ 4, wstr1
+ 5);
627 if (wmemcmp (wa
.buf1
, L
"aabcEDCBA", 10))
630 if (wcpcpy (wa
.buf1
+ 8, wstr2
) != wa
.buf1
+ 9
631 || wmemcmp (wa
.buf1
, L
"aabcEDCBF", 10))
634 wcsncpy (wa
.buf1
+ 6, L
"X", l0
+ 4);
635 if (wmemcmp (wa
.buf1
, L
"aabcEDX\0\0", 10))
638 if (swprintf (wa
.buf1
+ 7, 3, L
"%d", num2
) >= 0
639 || wmemcmp (wa
.buf1
, L
"aabcEDX98", 10))
642 wa
.buf1
[l0
+ 8] = L
'\0';
643 wcscat (wa
.buf1
, L
"A");
644 if (wmemcmp (wa
.buf1
, L
"aabcEDX9A", 10))
647 wa
.buf1
[l0
+ 7] = L
'\0';
648 wcsncat (wa
.buf1
, L
"ZYXWV", l0
+ 2);
649 if (wmemcmp (wa
.buf1
, L
"aabcEDXZY", 10))
654 #if __USE_FORTIFY_LEVEL >= 1
655 /* Now check if all buffer overflows are caught at runtime.
656 N.B. All tests involving a length parameter need to be done
657 twice: once with the length a compile-time constant, once without. */
660 wmemcpy (wbuf
+ 1, L
"abcdefghij", 10);
664 wmemcpy (wbuf
+ 1, L
"abcdefghij", l0
+ 10);
668 wmemcpy (wbuf
+ 9, L
"abcdefghij", 10);
672 wmemcpy (wbuf
+ 9, L
"abcdefghij", l0
+ 10);
676 wmemmove (wbuf
+ 2, wbuf
+ 1, 9);
680 wmemmove (wbuf
+ 2, wbuf
+ 1, l0
+ 9);
684 wp
= wmempcpy (wbuf
+ 6, L
"abcde", 5);
688 wp
= wmempcpy (wbuf
+ 6, L
"abcde", l0
+ 5);
692 wmemset (wbuf
+ 9, L
'j', 2);
696 wmemset (wbuf
+ 9, L
'j', l0
+ 2);
700 wcscpy (wbuf
+ 5, wstr1
+ 5);
704 wp
= wcpcpy (wbuf
+ 9, wstr2
);
708 wcsncpy (wbuf
+ 7, L
"X", 4);
712 wcsncpy (wbuf
+ 7, L
"X", l0
+ 4);
716 wcsncpy (wbuf
+ 9, L
"XABCDEFGH", 8);
720 wcpncpy (wbuf
+ 9, L
"XABCDEFGH", 8);
724 wcpncpy (wbuf
+ 6, L
"cd", 5);
728 wcpncpy (wbuf
+ 6, L
"cd", l0
+ 5);
731 wmemcpy (wbuf
, wstr1
+ 2, 9);
733 wcscat (wbuf
, L
"AB");
736 wmemcpy (wbuf
, wstr1
+ 3, 8);
738 wcsncat (wbuf
, L
"ZYXWV", l0
+ 3);
742 wmemcpy (wa
.buf1
+ 1, L
"abcdefghij", 10);
746 wmemcpy (wa
.buf1
+ 1, L
"abcdefghij", l0
+ 10);
750 wmemmove (wa
.buf1
+ 2, wa
.buf1
+ 1, 9);
754 wmemmove (wa
.buf1
+ 2, wa
.buf1
+ 1, l0
+ 9);
758 wp
= wmempcpy (wa
.buf1
+ 6, L
"abcde", 5);
762 wp
= wmempcpy (wa
.buf1
+ 6, L
"abcde", l0
+ 5);
766 wmemset (wa
.buf1
+ 9, L
'j', 2);
770 wmemset (wa
.buf1
+ 9, L
'j', l0
+ 2);
773 #if __USE_FORTIFY_LEVEL >= 2
780 wcscpy (wa
.buf1
+ (O
+ 4), wstr1
+ 5);
784 wp
= wcpcpy (wa
.buf1
+ (O
+ 8), wstr2
);
788 wcsncpy (wa
.buf1
+ (O
+ 6), L
"X", 4);
792 wcsncpy (wa
.buf1
+ (O
+ 6), L
"X", l0
+ 4);
795 wmemcpy (wa
.buf1
, wstr1
+ (3 - O
), 8 + O
);
797 wcscat (wa
.buf1
, L
"AB");
800 wmemcpy (wa
.buf1
, wstr1
+ (4 - O
), 7 + O
);
802 wcsncat (wa
.buf1
, L
"ZYXWV", l0
+ 3);
807 /* Now checks for %n protection. */
809 /* Constant literals passed directly are always ok
810 (even with warnings about possible bugs from GCC). */
812 if (sprintf (buf
, "%s%n%s%n", str2
, &n1
, str2
, &n2
) != 2
813 || n1
!= 1 || n2
!= 2)
816 /* In this case the format string is not known at compile time,
817 but resides in read-only memory, so is ok. */
818 if (snprintf (buf
, 4, str3
, str2
, &n1
, str2
, &n2
) != 2
819 || n1
!= 1 || n2
!= 2)
822 strcpy (buf2
+ 2, "%n%s%n");
823 /* When the format string is writable and contains %n,
824 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
826 if (sprintf (buf
, buf2
, str2
, &n1
, str2
, &n1
) != 2)
831 if (snprintf (buf
, 3, buf2
, str2
, &n1
, str2
, &n1
) != 2)
835 /* But if there is no %n, even writable format string
838 if (sprintf (buf
, buf2
+ 4, str2
) != 1)
841 /* Constant literals passed directly are always ok
842 (even with warnings about possible bugs from GCC). */
843 if (printf ("%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
844 || n1
!= 7 || n2
!= 14)
847 /* In this case the format string is not known at compile time,
848 but resides in read-only memory, so is ok. */
849 if (printf (str3
, str4
, &n1
, str5
, &n2
) != 14
850 || n1
!= 7 || n2
!= 14)
853 strcpy (buf2
+ 2, "%n%s%n");
854 /* When the format string is writable and contains %n,
855 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
857 if (printf (buf2
, str4
, &n1
, str5
, &n1
) != 14)
861 /* But if there is no %n, even writable format string
864 if (printf (buf2
+ 4, str5
) != 7)
869 /* Constant literals passed directly are always ok
870 (even with warnings about possible bugs from GCC). */
871 if (fprintf (fp
, "%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
872 || n1
!= 7 || n2
!= 14)
875 /* In this case the format string is not known at compile time,
876 but resides in read-only memory, so is ok. */
877 if (fprintf (fp
, str3
, str4
, &n1
, str5
, &n2
) != 14
878 || n1
!= 7 || n2
!= 14)
881 strcpy (buf2
+ 2, "%n%s%n");
882 /* When the format string is writable and contains %n,
883 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
885 if (fprintf (fp
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
889 /* But if there is no %n, even writable format string
892 if (fprintf (fp
, buf2
+ 4, str5
) != 7)
896 strcpy (buf2
+ 2, "%n%s%n");
897 /* When the format string is writable and contains %n,
898 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
900 if (asprintf (&my_ptr
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
909 if (obstack_printf (&obs
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
912 obstack_free (&obs
, NULL
);
915 if (asprintf (&my_ptr
, "%s%n%s%n", str4
, &n1
, str5
, &n1
) != 14)
921 if (obstack_printf (&obs
, "%s%n%s%n", str4
, &n1
, str5
, &n1
) != 14)
923 obstack_free (&obs
, NULL
);
925 if (freopen (temp_filename
, "r", stdin
) == NULL
)
927 puts ("could not open temporary file");
931 if (gets (buf
) != buf
|| memcmp (buf
, "abcdefgh", 9))
933 if (gets (buf
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
936 #if __USE_FORTIFY_LEVEL >= 1
938 if (gets (buf
) != buf
)
945 if (fgets (buf
, sizeof (buf
), stdin
) != buf
946 || memcmp (buf
, "abcdefgh\n", 10))
948 if (fgets (buf
, sizeof (buf
), stdin
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
953 if (fgets (buf
, l0
+ sizeof (buf
), stdin
) != buf
954 || memcmp (buf
, "abcdefgh\n", 10))
957 #if __USE_FORTIFY_LEVEL >= 1
959 if (fgets (buf
, sizeof (buf
) + 1, stdin
) != buf
)
964 if (fgets (buf
, l0
+ sizeof (buf
) + 1, stdin
) != buf
)
971 if (fgets_unlocked (buf
, sizeof (buf
), stdin
) != buf
972 || memcmp (buf
, "abcdefgh\n", 10))
974 if (fgets_unlocked (buf
, sizeof (buf
), stdin
) != buf
975 || memcmp (buf
, "ABCDEFGHI", 10))
980 if (fgets_unlocked (buf
, l0
+ sizeof (buf
), stdin
) != buf
981 || memcmp (buf
, "abcdefgh\n", 10))
984 #if __USE_FORTIFY_LEVEL >= 1
986 if (fgets_unlocked (buf
, sizeof (buf
) + 1, stdin
) != buf
)
991 if (fgets_unlocked (buf
, l0
+ sizeof (buf
) + 1, stdin
) != buf
)
998 if (fread (buf
, 1, sizeof (buf
), stdin
) != sizeof (buf
)
999 || memcmp (buf
, "abcdefgh\nA", 10))
1001 if (fread (buf
, sizeof (buf
), 1, stdin
) != 1
1002 || memcmp (buf
, "BCDEFGHI\na", 10))
1007 if (fread (buf
, l0
+ 1, sizeof (buf
), stdin
) != sizeof (buf
)
1008 || memcmp (buf
, "abcdefgh\nA", 10))
1010 if (fread (buf
, sizeof (buf
), l0
+ 1, stdin
) != 1
1011 || memcmp (buf
, "BCDEFGHI\na", 10))
1014 #if __USE_FORTIFY_LEVEL >= 1
1016 if (fread (buf
, 1, sizeof (buf
) + 1, stdin
) != sizeof (buf
) + 1)
1021 if (fread (buf
, sizeof (buf
) + 1, l0
+ 1, stdin
) != 1)
1028 if (fread_unlocked (buf
, 1, sizeof (buf
), stdin
) != sizeof (buf
)
1029 || memcmp (buf
, "abcdefgh\nA", 10))
1031 if (fread_unlocked (buf
, sizeof (buf
), 1, stdin
) != 1
1032 || memcmp (buf
, "BCDEFGHI\na", 10))
1037 if (fread_unlocked (buf
, 1, 4, stdin
) != 4
1038 || memcmp (buf
, "abcdFGHI\na", 10))
1040 if (fread_unlocked (buf
, 4, 1, stdin
) != 1
1041 || memcmp (buf
, "efghFGHI\na", 10))
1046 if (fread_unlocked (buf
, l0
+ 1, sizeof (buf
), stdin
) != sizeof (buf
)
1047 || memcmp (buf
, "abcdefgh\nA", 10))
1049 if (fread_unlocked (buf
, sizeof (buf
), l0
+ 1, stdin
) != 1
1050 || memcmp (buf
, "BCDEFGHI\na", 10))
1053 #if __USE_FORTIFY_LEVEL >= 1
1055 if (fread_unlocked (buf
, 1, sizeof (buf
) + 1, stdin
) != sizeof (buf
) + 1)
1060 if (fread_unlocked (buf
, sizeof (buf
) + 1, l0
+ 1, stdin
) != 1)
1065 lseek (fileno (stdin
), 0, SEEK_SET
);
1067 if (read (fileno (stdin
), buf
, sizeof (buf
) - 1) != sizeof (buf
) - 1
1068 || memcmp (buf
, "abcdefgh\n", 9))
1070 if (read (fileno (stdin
), buf
, sizeof (buf
) - 1) != sizeof (buf
) - 1
1071 || memcmp (buf
, "ABCDEFGHI", 9))
1074 lseek (fileno (stdin
), 0, SEEK_SET
);
1076 if (read (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1) != sizeof (buf
) - 1
1077 || memcmp (buf
, "abcdefgh\n", 9))
1080 #if __USE_FORTIFY_LEVEL >= 1
1082 if (read (fileno (stdin
), buf
, sizeof (buf
) + 1) != sizeof (buf
) + 1)
1087 if (read (fileno (stdin
), buf
, l0
+ sizeof (buf
) + 1) != sizeof (buf
) + 1)
1092 if (pread (fileno (stdin
), buf
, sizeof (buf
) - 1, sizeof (buf
) - 2)
1094 || memcmp (buf
, "\nABCDEFGH", 9))
1096 if (pread (fileno (stdin
), buf
, sizeof (buf
) - 1, 0) != sizeof (buf
) - 1
1097 || memcmp (buf
, "abcdefgh\n", 9))
1099 if (pread (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1, sizeof (buf
) - 3)
1101 || memcmp (buf
, "h\nABCDEFG", 9))
1104 #if __USE_FORTIFY_LEVEL >= 1
1106 if (pread (fileno (stdin
), buf
, sizeof (buf
) + 1, 2 * sizeof (buf
))
1107 != sizeof (buf
) + 1)
1112 if (pread (fileno (stdin
), buf
, l0
+ sizeof (buf
) + 1, 2 * sizeof (buf
))
1113 != sizeof (buf
) + 1)
1118 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) - 1, sizeof (buf
) - 2)
1120 || memcmp (buf
, "\nABCDEFGH", 9))
1122 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) - 1, 0) != sizeof (buf
) - 1
1123 || memcmp (buf
, "abcdefgh\n", 9))
1125 if (pread64 (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1, sizeof (buf
) - 3)
1127 || memcmp (buf
, "h\nABCDEFG", 9))
1130 #if __USE_FORTIFY_LEVEL >= 1
1132 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) + 1, 2 * sizeof (buf
))
1133 != sizeof (buf
) + 1)
1138 if (pread64 (fileno (stdin
), buf
, l0
+ sizeof (buf
) + 1, 2 * sizeof (buf
))
1139 != sizeof (buf
) + 1)
1144 if (freopen (temp_filename
, "r", stdin
) == NULL
)
1146 puts ("could not open temporary file");
1150 if (fseek (stdin
, 9 + 10 + 11, SEEK_SET
))
1152 puts ("could not seek in test file");
1156 #if __USE_FORTIFY_LEVEL >= 1
1158 if (gets (buf
) != buf
)
1163 /* Check whether missing N$ formats are detected. */
1165 printf ("%3$d\n", 1, 2, 3, 4);
1169 fprintf (stdout
, "%3$d\n", 1, 2, 3, 4);
1173 sprintf (buf
, "%3$d\n", 1, 2, 3, 4);
1177 snprintf (buf
, sizeof (buf
), "%3$d\n", 1, 2, 3, 4);
1181 if (socketpair (PF_UNIX
, SOCK_STREAM
, 0, sp
))
1185 const char *sendstr
= "abcdefgh\nABCDEFGH\n0123456789\n";
1186 if ((size_t) send (sp
[0], sendstr
, strlen (sendstr
), 0)
1187 != strlen (sendstr
))
1191 if (recv (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
)
1193 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
1196 if (recv (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
)
1197 != sizeof recvbuf
- 7
1198 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
1201 #if __USE_FORTIFY_LEVEL >= 1
1203 if (recv (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
)
1209 if (recv (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
)
1210 != sizeof recvbuf
- 3)
1216 struct sockaddr_un sa_un
;
1218 sl
= sizeof (sa_un
);
1219 if (recvfrom (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
,
1220 (struct sockaddr
*) &sa_un
, &sl
)
1222 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
1225 sl
= sizeof (sa_un
);
1226 if (recvfrom (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
,
1227 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
- 7
1228 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
1231 #if __USE_FORTIFY_LEVEL >= 1
1233 sl
= sizeof (sa_un
);
1234 if (recvfrom (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
,
1235 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
)
1240 sl
= sizeof (sa_un
);
1241 if (recvfrom (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
,
1242 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
- 3)
1251 char fname
[] = "/tmp/tst-chk1-dir-XXXXXX\0foo";
1252 char *enddir
= strchr (fname
, '\0');
1253 if (mkdtemp (fname
) == NULL
)
1255 printf ("mkdtemp failed: %m\n");
1259 if (symlink ("bar", fname
) != 0)
1262 char readlinkbuf
[4];
1263 if (readlink (fname
, readlinkbuf
, 4) != 3
1264 || memcmp (readlinkbuf
, "bar", 3) != 0)
1266 if (readlink (fname
, readlinkbuf
+ 1, l0
+ 3) != 3
1267 || memcmp (readlinkbuf
, "bbar", 4) != 0)
1270 #if __USE_FORTIFY_LEVEL >= 1
1272 if (readlink (fname
, readlinkbuf
+ 2, l0
+ 3) != 3)
1277 if (readlink (fname
, readlinkbuf
+ 3, 4) != 3)
1282 int tmpfd
= open ("/tmp", O_RDONLY
| O_DIRECTORY
);
1286 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
, 4) != 3
1287 || memcmp (readlinkbuf
, "bar", 3) != 0)
1289 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 1,
1291 || memcmp (readlinkbuf
, "bbar", 4) != 0)
1294 #if __USE_FORTIFY_LEVEL >= 1
1296 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 2,
1302 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 3,
1310 char *cwd1
= getcwd (NULL
, 0);
1314 char *cwd2
= getcwd (NULL
, 250);
1320 if (strcmp (cwd1
, cwd2
) != 0)
1327 char *cwd3
= getcwd (NULL
, 0);
1330 if (strcmp (fname
, cwd3
) != 0)
1331 printf ("getcwd after chdir is '%s' != '%s',"
1332 "get{c,}wd tests skipped\n", cwd3
, fname
);
1335 char getcwdbuf
[sizeof fname
- 3];
1337 char *cwd4
= getcwd (getcwdbuf
, sizeof getcwdbuf
);
1338 if (cwd4
!= getcwdbuf
1339 || strcmp (getcwdbuf
, fname
) != 0)
1342 cwd4
= getcwd (getcwdbuf
+ 1, l0
+ sizeof getcwdbuf
- 1);
1343 if (cwd4
!= getcwdbuf
+ 1
1344 || getcwdbuf
[0] != fname
[0]
1345 || strcmp (getcwdbuf
+ 1, fname
) != 0)
1348 #if __USE_FORTIFY_LEVEL >= 1
1350 if (getcwd (getcwdbuf
+ 2, l0
+ sizeof getcwdbuf
)
1356 if (getcwd (getcwdbuf
+ 2, sizeof getcwdbuf
)
1362 if (getwd (getcwdbuf
) != getcwdbuf
1363 || strcmp (getcwdbuf
, fname
) != 0)
1366 if (getwd (getcwdbuf
+ 1) != getcwdbuf
+ 1
1367 || strcmp (getcwdbuf
+ 1, fname
) != 0)
1370 #if __USE_FORTIFY_LEVEL >= 1
1372 if (getwd (getcwdbuf
+ 2) != getcwdbuf
+ 2)
1378 if (chdir (cwd1
) != 0)
1386 if (unlink (fname
) != 0)
1390 if (rmdir (fname
) != 0)
1395 char largebuf
[PATH_MAX
];
1396 char *realres
= realpath (".", largebuf
);
1397 if (realres
!= largebuf
)
1400 # if __USE_FORTIFY_LEVEL >= 1
1403 realres
= realpath (".", realbuf
);
1404 if (realres
!= realbuf
)
1410 if (setlocale (LC_ALL
, "de_DE.UTF-8") != NULL
)
1412 assert (MB_CUR_MAX
<= 10);
1414 /* First a simple test. */
1416 if (wctomb (enough
, L
'A') != 1)
1419 #if __USE_FORTIFY_LEVEL >= 1
1420 /* We know the wchar_t encoding is ISO 10646. So pick a
1421 character which has a multibyte representation which does not
1425 if (wctomb (smallbuf
, L
'\x100') != 2)
1431 memset (&s
, '\0', sizeof (s
));
1432 if (wcrtomb (enough
, L
'D', &s
) != 1 || enough
[0] != 'D')
1435 #if __USE_FORTIFY_LEVEL >= 1
1436 /* We know the wchar_t encoding is ISO 10646. So pick a
1437 character which has a multibyte representation which does not
1441 if (wcrtomb (smallbuf
, L
'\x100', &s
) != 2)
1446 wchar_t wenough
[10];
1447 memset (&s
, '\0', sizeof (s
));
1448 const char *cp
= "A";
1449 if (mbsrtowcs (wenough
, &cp
, 10, &s
) != 1
1450 || wcscmp (wenough
, L
"A") != 0)
1454 if (mbsrtowcs (wenough
, &cp
, l0
+ 10, &s
) != 2
1455 || wcscmp (wenough
, L
"BC") != 0)
1458 #if __USE_FORTIFY_LEVEL >= 1
1460 wchar_t wsmallbuf
[2];
1462 mbsrtowcs (wsmallbuf
, &cp
, 10, &s
);
1467 if (mbstowcs (wenough
, cp
, 10) != 1
1468 || wcscmp (wenough
, L
"A") != 0)
1472 if (mbstowcs (wenough
, cp
, l0
+ 10) != 3
1473 || wcscmp (wenough
, L
"DEF") != 0)
1476 #if __USE_FORTIFY_LEVEL >= 1
1478 wchar_t wsmallbuf
[2];
1480 mbstowcs (wsmallbuf
, cp
, 10);
1484 memset (&s
, '\0', sizeof (s
));
1486 wcscpy (wenough
, L
"DEF");
1487 if (mbsnrtowcs (wenough
, &cp
, 1, 10, &s
) != 1
1488 || wcscmp (wenough
, L
"AEF") != 0)
1492 if (mbsnrtowcs (wenough
, &cp
, 1, l0
+ 10, &s
) != 1
1493 || wcscmp (wenough
, L
"IEF") != 0)
1496 #if __USE_FORTIFY_LEVEL >= 1
1498 wchar_t wsmallbuf
[2];
1500 mbsnrtowcs (wsmallbuf
, &cp
, 3, 10, &s
);
1504 memset (&s
, '\0', sizeof (s
));
1505 const wchar_t *wcp
= L
"A";
1506 if (wcsrtombs (enough
, &wcp
, 10, &s
) != 1
1507 || strcmp (enough
, "A") != 0)
1511 if (wcsrtombs (enough
, &wcp
, l0
+ 10, &s
) != 2
1512 || strcmp (enough
, "BC") != 0)
1515 #if __USE_FORTIFY_LEVEL >= 1
1519 wcsrtombs (smallbuf
, &wcp
, 10, &s
);
1523 memset (enough
, 'Z', sizeof (enough
));
1525 if (wcstombs (enough
, wcp
, 10) != 2
1526 || strcmp (enough
, "EF") != 0)
1530 if (wcstombs (enough
, wcp
, l0
+ 10) != 1
1531 || strcmp (enough
, "G") != 0)
1534 #if __USE_FORTIFY_LEVEL >= 1
1538 wcstombs (smallbuf
, wcp
, 10);
1542 memset (&s
, '\0', sizeof (s
));
1544 if (wcsnrtombs (enough
, &wcp
, 1, 10, &s
) != 1
1545 || strcmp (enough
, "A") != 0)
1549 if (wcsnrtombs (enough
, &wcp
, 1, l0
+ 10, &s
) != 1
1550 || strcmp (enough
, "B") != 0)
1553 #if __USE_FORTIFY_LEVEL >= 1
1557 wcsnrtombs (smallbuf
, &wcp
, 3, 10, &s
);
1563 puts ("cannot set locale");
1567 int fd
= posix_openpt (O_RDWR
);
1571 if (ptsname_r (fd
, enough
, sizeof (enough
)) != 0)
1574 #if __USE_FORTIFY_LEVEL >= 1
1577 if (ptsname_r (fd
, smallbuf
, sizeof (smallbuf
) + 1) == 0)
1585 confstr (_CS_GNU_LIBC_VERSION
, largebuf
, sizeof (largebuf
));
1586 # if __USE_FORTIFY_LEVEL >= 1
1589 confstr (_CS_GNU_LIBC_VERSION
, smallbuf
, sizeof (largebuf
));
1595 int ngr
= getgroups (5, grpslarge
);
1596 asm volatile ("" : : "r" (ngr
));
1597 #if __USE_FORTIFY_LEVEL >= 1
1600 ngr
= getgroups (5, (gid_t
*) smallbuf
);
1601 asm volatile ("" : : "r" (ngr
));
1605 fd
= open (_PATH_TTY
, O_RDONLY
);
1609 if (ttyname_r (fd
, enough
, sizeof (enough
)) != 0)
1612 #if __USE_FORTIFY_LEVEL >= 1
1615 if (ttyname_r (fd
, smallbuf
, sizeof (smallbuf
) + 1) == 0)
1622 char hostnamelarge
[1000];
1623 gethostname (hostnamelarge
, sizeof (hostnamelarge
));
1624 #if __USE_FORTIFY_LEVEL >= 1
1627 gethostname (smallbuf
, sizeof (hostnamelarge
));
1631 char loginlarge
[1000];
1632 getlogin_r (loginlarge
, sizeof (hostnamelarge
));
1633 #if __USE_FORTIFY_LEVEL >= 1
1636 getlogin_r (smallbuf
, sizeof (loginlarge
));
1640 char domainnamelarge
[1000];
1641 int res
= getdomainname (domainnamelarge
, sizeof (domainnamelarge
));
1642 asm volatile ("" : : "r" (res
));
1643 #if __USE_FORTIFY_LEVEL >= 1
1646 res
= getdomainname (smallbuf
, sizeof (domainnamelarge
));
1647 asm volatile ("" : : "r" (res
));
1654 FD_SET (FD_SETSIZE
- 1, &s
);
1655 #if __USE_FORTIFY_LEVEL >= 1
1657 FD_SET (FD_SETSIZE
, &s
);
1661 FD_SET (l0
+ FD_SETSIZE
, &s
);
1665 FD_CLR (FD_SETSIZE
- 1, &s
);
1666 #if __USE_FORTIFY_LEVEL >= 1
1668 FD_CLR (FD_SETSIZE
, &s
);
1672 FD_SET (l0
+ FD_SETSIZE
, &s
);
1676 FD_ISSET (FD_SETSIZE
- 1, &s
);
1677 #if __USE_FORTIFY_LEVEL >= 1
1679 FD_ISSET (FD_SETSIZE
, &s
);
1683 FD_ISSET (l0
+ FD_SETSIZE
, &s
);
1687 struct pollfd fds
[1];
1688 fds
[0].fd
= STDOUT_FILENO
;
1689 fds
[0].events
= POLLOUT
;
1691 #if __USE_FORTIFY_LEVEL >= 1
1697 poll (fds
, l0
+ 2, 0);
1700 ppoll (fds
, 1, NULL
, NULL
);
1701 #if __USE_FORTIFY_LEVEL >= 1
1703 ppoll (fds
, 2, NULL
, NULL
);
1707 ppoll (fds
, l0
+ 2, NULL
, NULL
);