CVE-2015-1472: wscanf allocates too little memory
[glibc.git] / rt / tst-mqueue4.c
blob294b85f730f734b632cbb8a96b04e146cf4dd88f
1 /* Test message queue passing.
2 Copyright (C) 2004-2015 Free Software Foundation, Inc.
3 This file is part of the GNU C Library.
4 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
6 The GNU C Library is free software; you can redistribute it and/or
7 modify it under the terms of the GNU Lesser General Public
8 License as published by the Free Software Foundation; either
9 version 2.1 of the License, or (at your option) any later version.
11 The GNU C Library is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
14 Lesser General Public License for more details.
16 You should have received a copy of the GNU Lesser General Public
17 License along with the GNU C Library; if not, see
18 <http://www.gnu.org/licenses/>. */
20 #include <errno.h>
21 #include <fcntl.h>
22 #include <mqueue.h>
23 #include <limits.h>
24 #include <signal.h>
25 #include <stdio.h>
26 #include <stdlib.h>
27 #include <string.h>
28 #include <sys/time.h>
29 #include <sys/wait.h>
30 #include <time.h>
31 #include <unistd.h>
32 #include "tst-mqueue.h"
34 #define TIMEOUT 4
35 #define TEST_FUNCTION do_test ()
36 static int
37 do_test (void)
39 int result = 0;
41 char name[sizeof "/tst-mqueue4-" + sizeof (pid_t) * 3 + NAME_MAX];
42 char *p;
43 p = name + snprintf (name, sizeof (name), "/tst-mqueue4-%u", getpid ());
44 struct mq_attr attr = { .mq_maxmsg = 2, .mq_msgsize = 2 };
45 mqd_t q = mq_open (name, O_CREAT | O_EXCL | O_RDWR, 0600, &attr);
47 if (q == (mqd_t) -1)
49 printf ("mq_open failed with: %m\n");
50 return result;
52 else
53 add_temp_mq (name);
55 *p = '.';
56 memset (p + 1, 'x', NAME_MAX + 1 - (p - name));
57 name[NAME_MAX + 1] = '\0';
59 mqd_t q2 = mq_open (name, O_CREAT | O_EXCL | O_RDWR, 0600, &attr);
60 if (q2 == (mqd_t) -1)
62 printf ("mq_open with NAME_MAX long name compoment failed with: %m\n");
63 result = 1;
66 if (mq_unlink (name) != 0)
68 printf ("mq_unlink failed: %m\n");
69 result = 1;
72 if (mq_close (q2) != 0)
74 printf ("mq_close failed: %m\n");
75 result = 1;
78 name[NAME_MAX + 1] = 'x';
79 name[NAME_MAX + 2] = '\0';
80 q2 = mq_open (name, O_CREAT | O_EXCL | O_RDWR, 0600, &attr);
81 if (q2 != (mqd_t) -1)
83 puts ("mq_open with too long name component unexpectedly succeeded");
84 mq_unlink (name);
85 mq_close (q2);
86 result = 1;
88 else if (errno != ENAMETOOLONG)
90 printf ("mq_open with too long name component did not fail with "
91 "ENAMETOOLONG: %m\n");
92 result = 1;
95 if (mq_unlink (name) == 0)
97 puts ("mq_unlink with too long name component unexpectedly succeeded");
98 result = 1;
100 else if (errno != ENAMETOOLONG)
102 printf ("mq_unlink with too long name component did not fail with "
103 "ENAMETOOLONG: %m\n");
104 result = 1;
107 *p = '\0';
108 attr.mq_maxmsg = 1;
109 attr.mq_msgsize = 3;
110 q2 = mq_open (name, O_CREAT | O_RDWR, 0600, &attr);
111 if (q2 == (mqd_t) -1)
113 printf ("mq_open without O_EXCL failed with %m\n");
114 result = 1;
117 char buf[3];
118 strcpy (buf, "jk");
119 if (mq_send (q, buf, 2, 4) != 0)
121 printf ("mq_send failed: %m\n");
122 result = 1;
125 if (mq_send (q, buf + 1, 1, 5) != 0)
127 printf ("mq_send failed: %m\n");
128 result = 1;
131 if (mq_getattr (q2, &attr) != 0)
133 printf ("mq_getattr failed: %m\n");
134 result = 1;
137 if ((attr.mq_flags & O_NONBLOCK)
138 || attr.mq_maxmsg != 2
139 || attr.mq_msgsize != 2
140 || attr.mq_curmsgs != 2)
142 printf ("mq_getattr returned unexpected { .mq_flags = %jd,\n"
143 ".mq_maxmsg = %jd, .mq_msgsize = %jd, .mq_curmsgs = %jd }\n",
144 (intmax_t) attr.mq_flags, (intmax_t) attr.mq_maxmsg,
145 (intmax_t) attr.mq_msgsize, (intmax_t) attr.mq_curmsgs);
146 result = 1;
149 struct timespec ts;
150 if (clock_gettime (CLOCK_REALTIME, &ts) == 0)
151 ++ts.tv_sec;
152 else
154 ts.tv_sec = time (NULL) + 1;
155 ts.tv_nsec = 0;
158 if (mq_timedsend (q2, buf, 1, 1, &ts) == 0)
160 puts ("mq_timedsend unexpectedly succeeded");
161 result = 1;
163 else if (errno != ETIMEDOUT)
165 printf ("mq_timedsend did not fail with ETIMEDOUT: %m\n");
166 result = 1;
169 if (mq_close (q2) != 0)
171 printf ("mq_close failed: %m\n");
172 result = 1;
175 q2 = mq_open (name, O_RDONLY, 0600);
176 if (q2 == (mqd_t) -1)
178 printf ("mq_open without O_CREAT failed with %m\n");
179 result = 1;
182 mqd_t q3 = mq_open (name, O_RDONLY, 0600);
183 if (q3 == (mqd_t) -1)
185 printf ("mq_open without O_CREAT failed with %m\n");
186 result = 1;
189 memset (buf, ' ', sizeof (buf));
191 unsigned int prio;
192 ssize_t rets = mq_receive (q2, buf, 2, &prio);
193 if (rets != 1)
195 if (rets == -1)
196 printf ("mq_receive failed with: %m\n");
197 else
198 printf ("mq_receive returned %zd != 1\n", rets);
199 result = 1;
201 else if (prio != 5 || memcmp (buf, "k ", 3) != 0)
203 printf ("mq_receive returned prio %u (2) buf \"%c%c%c\" (\"k \")\n",
204 prio, buf[0], buf[1], buf[2]);
205 result = 1;
208 if (mq_getattr (q3, &attr) != 0)
210 printf ("mq_getattr failed: %m\n");
211 result = 1;
214 if ((attr.mq_flags & O_NONBLOCK)
215 || attr.mq_maxmsg != 2
216 || attr.mq_msgsize != 2
217 || attr.mq_curmsgs != 1)
219 printf ("mq_getattr returned unexpected { .mq_flags = %jd,\n"
220 ".mq_maxmsg = %jd, .mq_msgsize = %jd, .mq_curmsgs = %jd }\n",
221 (intmax_t) attr.mq_flags, (intmax_t) attr.mq_maxmsg,
222 (intmax_t) attr.mq_msgsize, (intmax_t) attr.mq_curmsgs);
223 result = 1;
226 rets = mq_receive (q3, buf, 2, NULL);
227 if (rets != 2)
229 if (rets == -1)
230 printf ("mq_receive failed with: %m\n");
231 else
232 printf ("mq_receive returned %zd != 2\n", rets);
233 result = 1;
235 else if (memcmp (buf, "jk ", 3) != 0)
237 printf ("mq_receive returned buf \"%c%c%c\" != \"jk \"\n",
238 buf[0], buf[1], buf[2]);
239 result = 1;
242 if (clock_gettime (CLOCK_REALTIME, &ts) == 0)
243 ++ts.tv_sec;
244 else
246 ts.tv_sec = time (NULL) + 1;
247 ts.tv_nsec = 0;
250 if (mq_timedreceive (q2, buf, 2, NULL, &ts) != -1)
252 puts ("mq_timedreceive on empty queue unexpectedly succeeded");
253 result = 1;
255 else if (errno != ETIMEDOUT)
257 printf ("mq_timedreceive on empty queue did not fail with "
258 "ETIMEDOUT: %m\n");
259 result = 1;
262 if (mq_unlink (name) != 0)
264 printf ("mq_unlink failed: %m\n");
265 result = 1;
268 if (mq_close (q) != 0)
270 printf ("mq_close failed: %m\n");
271 result = 1;
274 if (mq_close (q2) != 0)
276 printf ("mq_close failed: %m\n");
277 result = 1;
280 if (mq_close (q3) != 0)
282 printf ("mq_close failed: %m\n");
283 result = 1;
286 return result;
289 #include "../test-skeleton.c"