search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Updated to fedora-glibc-20050721T0814
[glibc.git] / debug / tst-chk1.c
blobf444a14c2a9a2fbc29acc5643a0ba0e255aaca53
1 /* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
18 02111-1307 USA. */
19
20 /* Hack: make sure GCC doesn't know __chk_fail () will not return. */
21 #define __noreturn__
22
23 #include <fcntl.h>
24 #include <locale.h>
25 #include <paths.h>
26 #include <setjmp.h>
27 #include <signal.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <unistd.h>
32 #include <wchar.h>
33 #include <sys/socket.h>
34 #include <sys/un.h>
35
36 char *temp_filename;
37 static void do_prepare (void);
38 static int do_test (void);
39 #define PREPARE(argc, argv) do_prepare ()
40 #define TEST_FUNCTION do_test ()
41 #include "../test-skeleton.c"
42
43 static void
44 do_prepare (void)
45 {
46 int temp_fd = create_temp_file ("tst-chk1.", &temp_filename);
47 if (temp_fd == -1)
48 {
49 printf ("cannot create temporary file: %m\n");
50 exit (1);
51 }
52
53 const char *strs = "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
54 if (write (temp_fd, strs, strlen (strs)) != strlen (strs))
55 {
56 puts ("could not write test strings into file");
57 unlink (temp_filename);
58 exit (1);
59 }
60 }
61
62 volatile int chk_fail_ok;
63 volatile int ret;
64 jmp_buf chk_fail_buf;
65
66 static void
67 handler (int sig)
68 {
69 if (chk_fail_ok)
70 {
71 chk_fail_ok = 0;
72 longjmp (chk_fail_buf, 1);
73 }
74 else
75 _exit (127);
76 }
77
78 char buf[10];
79 wchar_t wbuf[10];
80 volatile size_t l0;
81 volatile char *p;
82 volatile wchar_t *wp;
83 const char *str1 = "JIHGFEDCBA";
84 const char *str2 = "F";
85 const char *str3 = "%s%n%s%n";
86 const char *str4 = "Hello, ";
87 const char *str5 = "World!\n";
88 const wchar_t *wstr1 = L"JIHGFEDCBA";
89 const wchar_t *wstr2 = L"F";
90 const wchar_t *wstr3 = L"%s%n%s%n";
91 const wchar_t *wstr4 = L"Hello, ";
92 const wchar_t *wstr5 = L"World!\n";
93 char buf2[10] = "%s";
94 int num1 = 67;
95 int num2 = 987654;
96
97 #define FAIL() \
98 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
99 #define CHK_FAIL_START \
100 chk_fail_ok = 1; \
101 if (! setjmp (chk_fail_buf)) \
102 {
103 #define CHK_FAIL_END \
104 chk_fail_ok = 0; \
105 FAIL (); \
106 }
107 #if __USE_FORTIFY_LEVEL >= 2
108 #define CHK_FAIL2_START CHK_FAIL_START
109 #define CHK_FAIL2_END CHK_FAIL_END
110 #else
111 #define CHK_FAIL2_START
112 #define CHK_FAIL2_END
113 #endif
114
115 static int
116 do_test (void)
117 {
118 struct sigaction sa;
119 sa.sa_handler = handler;
120 sa.sa_flags = 0;
121 sigemptyset (&sa.sa_mask);
122
123 sigaction (SIGABRT, &sa, NULL);
124
125 /* Avoid all the buffer overflow messages on stderr. */
126 int fd = open (_PATH_DEVNULL, O_WRONLY);
127 if (fd == -1)
128 close (STDERR_FILENO);
129 else
130 {
131 dup2 (fd, STDERR_FILENO);
132 close (fd);
133 }
134 setenv ("LIBC_FATAL_STDERR_", "1", 1);
135
136 struct A { char buf1[9]; char buf2[1]; } a;
137 struct wA { wchar_t buf1[9]; wchar_t buf2[1]; } wa;
138
139 printf ("Test checking routines at fortify level %d\n",
140 #ifdef __USE_FORTIFY_LEVEL
141 (int) __USE_FORTIFY_LEVEL
142 #else
143 0
144 #endif
145 );
146
147 /* These ops can be done without runtime checking of object size. */
148 memcpy (buf, "abcdefghij", 10);
149 memmove (buf + 1, buf, 9);
150 if (memcmp (buf, "aabcdefghi", 10))
151 FAIL ();
152
153 if (mempcpy (buf + 5, "abcde", 5) != buf + 10
154 || memcmp (buf, "aabcdabcde", 10))
155 FAIL ();
156
157 memset (buf + 8, 'j', 2);
158 if (memcmp (buf, "aabcdabcjj", 10))
159 FAIL ();
160
161 strcpy (buf + 4, "EDCBA");
162 if (memcmp (buf, "aabcEDCBA", 10))
163 FAIL ();
164
165 if (stpcpy (buf + 8, "F") != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
166 FAIL ();
167
168 strncpy (buf + 6, "X", 4);
169 if (memcmp (buf, "aabcEDX\0\0", 10))
170 FAIL ();
171
172 if (sprintf (buf + 7, "%s", "67") != 2 || memcmp (buf, "aabcEDX67", 10))
173 FAIL ();
174
175 if (snprintf (buf + 7, 3, "%s", "987654") != 6
176 || memcmp (buf, "aabcEDX98", 10))
177 FAIL ();
178
179 /* These ops need runtime checking, but shouldn't __chk_fail. */
180 memcpy (buf, "abcdefghij", l0 + 10);
181 memmove (buf + 1, buf, l0 + 9);
182 if (memcmp (buf, "aabcdefghi", 10))
183 FAIL ();
184
185 if (mempcpy (buf + 5, "abcde", l0 + 5) != buf + 10
186 || memcmp (buf, "aabcdabcde", 10))
187 FAIL ();
188
189 memset (buf + 8, 'j', l0 + 2);
190 if (memcmp (buf, "aabcdabcjj", 10))
191 FAIL ();
192
193 strcpy (buf + 4, str1 + 5);
194 if (memcmp (buf, "aabcEDCBA", 10))
195 FAIL ();
196
197 if (stpcpy (buf + 8, str2) != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
198 FAIL ();
199
200 strncpy (buf + 6, "X", l0 + 4);
201 if (memcmp (buf, "aabcEDX\0\0", 10))
202 FAIL ();
203
204 if (stpncpy (buf + 5, "cd", l0 + 5) != buf + 7
205 || memcmp (buf, "aabcEcd\0\0", 10))
206 FAIL ();
207
208 if (sprintf (buf + 7, "%d", num1) != 2 || memcmp (buf, "aabcEcd67", 10))
209 FAIL ();
210
211 if (snprintf (buf + 7, 3, "%d", num2) != 6 || memcmp (buf, "aabcEcd98", 10))
212 FAIL ();
213
214 buf[l0 + 8] = '\0';
215 strcat (buf, "A");
216 if (memcmp (buf, "aabcEcd9A", 10))
217 FAIL ();
218
219 buf[l0 + 7] = '\0';
220 strncat (buf, "ZYXWV", l0 + 2);
221 if (memcmp (buf, "aabcEcdZY", 10))
222 FAIL ();
223
224 memcpy (a.buf1, "abcdefghij", l0 + 10);
225 memmove (a.buf1 + 1, a.buf1, l0 + 9);
226 if (memcmp (a.buf1, "aabcdefghi", 10))
227 FAIL ();
228
229 if (mempcpy (a.buf1 + 5, "abcde", l0 + 5) != a.buf1 + 10
230 || memcmp (a.buf1, "aabcdabcde", 10))
231 FAIL ();
232
233 memset (a.buf1 + 8, 'j', l0 + 2);
234 if (memcmp (a.buf1, "aabcdabcjj", 10))
235 FAIL ();
236
237 #if __USE_FORTIFY_LEVEL < 2 || !__GNUC_PREREQ (4, 0)
238 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
239 and sufficient GCC support, as the string operations overflow
240 from a.buf1 into a.buf2. */
241 strcpy (a.buf1 + 4, str1 + 5);
242 if (memcmp (a.buf1, "aabcEDCBA", 10))
243 FAIL ();
244
245 if (stpcpy (a.buf1 + 8, str2) != a.buf1 + 9
246 || memcmp (a.buf1, "aabcEDCBF", 10))
247 FAIL ();
248
249 strncpy (a.buf1 + 6, "X", l0 + 4);
250 if (memcmp (a.buf1, "aabcEDX\0\0", 10))
251 FAIL ();
252
253 if (sprintf (a.buf1 + 7, "%d", num1) != 2
254 || memcmp (a.buf1, "aabcEDX67", 10))
255 FAIL ();
256
257 if (snprintf (a.buf1 + 7, 3, "%d", num2) != 6
258 || memcmp (a.buf1, "aabcEDX98", 10))
259 FAIL ();
260
261 a.buf1[l0 + 8] = '\0';
262 strcat (a.buf1, "A");
263 if (memcmp (a.buf1, "aabcEDX9A", 10))
264 FAIL ();
265
266 a.buf1[l0 + 7] = '\0';
267 strncat (a.buf1, "ZYXWV", l0 + 2);
268 if (memcmp (a.buf1, "aabcEDXZY", 10))
269 FAIL ();
270
271 #endif
272
273 #if __USE_FORTIFY_LEVEL >= 1
274 /* Now check if all buffer overflows are caught at runtime. */
275
276 CHK_FAIL_START
277 memcpy (buf + 1, "abcdefghij", l0 + 10);
278 CHK_FAIL_END
279
280 CHK_FAIL_START
281 memmove (buf + 2, buf + 1, l0 + 9);
282 CHK_FAIL_END
283
284 CHK_FAIL_START
285 p = mempcpy (buf + 6, "abcde", l0 + 5);
286 CHK_FAIL_END
287
288 CHK_FAIL_START
289 memset (buf + 9, 'j', l0 + 2);
290 CHK_FAIL_END
291
292 CHK_FAIL_START
293 strcpy (buf + 5, str1 + 5);
294 CHK_FAIL_END
295
296 CHK_FAIL_START
297 p = stpcpy (buf + 9, str2);
298 CHK_FAIL_END
299
300 CHK_FAIL_START
301 strncpy (buf + 7, "X", l0 + 4);
302 CHK_FAIL_END
303
304 CHK_FAIL_START
305 stpncpy (buf + 6, "cd", l0 + 5);
306 CHK_FAIL_END
307
308 CHK_FAIL_START
309 sprintf (buf + 8, "%d", num1);
310 CHK_FAIL_END
311
312 CHK_FAIL_START
313 snprintf (buf + 8, l0 + 3, "%d", num2);
314 CHK_FAIL_END
315
316 memcpy (buf, str1 + 2, l0 + 9);
317 CHK_FAIL_START
318 strcat (buf, "AB");
319 CHK_FAIL_END
320
321 memcpy (buf, str1 + 3, l0 + 8);
322 CHK_FAIL_START
323 strncat (buf, "ZYXWV", l0 + 3);
324 CHK_FAIL_END
325
326 CHK_FAIL_START
327 memcpy (a.buf1 + 1, "abcdefghij", l0 + 10);
328 CHK_FAIL_END
329
330 CHK_FAIL_START
331 memmove (a.buf1 + 2, a.buf1 + 1, l0 + 9);
332 CHK_FAIL_END
333
334 CHK_FAIL_START
335 p = mempcpy (a.buf1 + 6, "abcde", l0 + 5);
336 CHK_FAIL_END
337
338 CHK_FAIL_START
339 memset (a.buf1 + 9, 'j', l0 + 2);
340 CHK_FAIL_END
341
342 #if __USE_FORTIFY_LEVEL >= 2 && __GNUC_PREREQ (4, 0)
343 # define O 0
344 #else
345 # define O 1
346 #endif
347
348 CHK_FAIL_START
349 strcpy (a.buf1 + (O + 4), str1 + 5);
350 CHK_FAIL_END
351
352 CHK_FAIL_START
353 p = stpcpy (a.buf1 + (O + 8), str2);
354 CHK_FAIL_END
355
356 CHK_FAIL_START
357 strncpy (a.buf1 + (O + 6), "X", l0 + 4);
358 CHK_FAIL_END
359
360 CHK_FAIL_START
361 sprintf (a.buf1 + (O + 7), "%d", num1);
362 CHK_FAIL_END
363
364 CHK_FAIL_START
365 snprintf (a.buf1 + (O + 7), l0 + 3, "%d", num2);
366 CHK_FAIL_END
367
368 memcpy (a.buf1, str1 + (3 - O), l0 + 8 + O);
369 CHK_FAIL_START
370 strcat (a.buf1, "AB");
371 CHK_FAIL_END
372
373 memcpy (a.buf1, str1 + (4 - O), l0 + 7 + O);
374 CHK_FAIL_START
375 strncat (a.buf1, "ZYXWV", l0 + 3);
376 CHK_FAIL_END
377 #endif
378
379
380 /* These ops can be done without runtime checking of object size. */
381 wmemcpy (wbuf, L"abcdefghij", 10);
382 wmemmove (wbuf + 1, wbuf, 9);
383 if (wmemcmp (wbuf, L"aabcdefghi", 10))
384 FAIL ();
385
386 if (wmempcpy (wbuf + 5, L"abcde", 5) != wbuf + 10
387 || wmemcmp (wbuf, L"aabcdabcde", 10))
388 FAIL ();
389
390 wmemset (wbuf + 8, L'j', 2);
391 if (wmemcmp (wbuf, L"aabcdabcjj", 10))
392 FAIL ();
393
394 wcscpy (wbuf + 4, L"EDCBA");
395 if (wmemcmp (wbuf, L"aabcEDCBA", 10))
396 FAIL ();
397
398 if (wcpcpy (wbuf + 8, L"F") != wbuf + 9 || wmemcmp (wbuf, L"aabcEDCBF", 10))
399 FAIL ();
400
401 wcsncpy (wbuf + 6, L"X", 4);
402 if (wmemcmp (wbuf, L"aabcEDX\0\0", 10))
403 FAIL ();
404
405 if (swprintf (wbuf + 7, 3, L"%ls", L"987654") >= 0
406 || wmemcmp (wbuf, L"aabcEDX98", 10))
407 FAIL ();
408
409 /* These ops need runtime checking, but shouldn't __chk_fail. */
410 wmemcpy (wbuf, L"abcdefghij", l0 + 10);
411 wmemmove (wbuf + 1, wbuf, l0 + 9);
412 if (wmemcmp (wbuf, L"aabcdefghi", 10))
413 FAIL ();
414
415 if (wmempcpy (wbuf + 5, L"abcde", l0 + 5) != wbuf + 10
416 || wmemcmp (wbuf, L"aabcdabcde", 10))
417 FAIL ();
418
419 wmemset (wbuf + 8, L'j', l0 + 2);
420 if (wmemcmp (wbuf, L"aabcdabcjj", 10))
421 FAIL ();
422
423 wcscpy (wbuf + 4, wstr1 + 5);
424 if (wmemcmp (wbuf, L"aabcEDCBA", 10))
425 FAIL ();
426
427 if (wcpcpy (wbuf + 8, wstr2) != wbuf + 9 || wmemcmp (wbuf, L"aabcEDCBF", 10))
428 FAIL ();
429
430 wcsncpy (wbuf + 6, L"X", l0 + 4);
431 if (wmemcmp (wbuf, L"aabcEDX\0\0", 10))
432 FAIL ();
433
434 if (wcpncpy (wbuf + 5, L"cd", l0 + 5) != wbuf + 7
435 || wmemcmp (wbuf, L"aabcEcd\0\0", 10))
436 FAIL ();
437
438 if (swprintf (wbuf + 7, 3, L"%d", num2) >= 0
439 || wmemcmp (wbuf, L"aabcEcd98", 10))
440 FAIL ();
441
442 wbuf[l0 + 8] = L'\0';
443 wcscat (wbuf, L"A");
444 if (wmemcmp (wbuf, L"aabcEcd9A", 10))
445 FAIL ();
446
447 wbuf[l0 + 7] = L'\0';
448 wcsncat (wbuf, L"ZYXWV", l0 + 2);
449 if (wmemcmp (wbuf, L"aabcEcdZY", 10))
450 FAIL ();
451
452 wmemcpy (wa.buf1, L"abcdefghij", l0 + 10);
453 wmemmove (wa.buf1 + 1, wa.buf1, l0 + 9);
454 if (wmemcmp (wa.buf1, L"aabcdefghi", 10))
455 FAIL ();
456
457 if (wmempcpy (wa.buf1 + 5, L"abcde", l0 + 5) != wa.buf1 + 10
458 || wmemcmp (wa.buf1, L"aabcdabcde", 10))
459 FAIL ();
460
461 wmemset (wa.buf1 + 8, L'j', l0 + 2);
462 if (wmemcmp (wa.buf1, L"aabcdabcjj", 10))
463 FAIL ();
464
465 #if __USE_FORTIFY_LEVEL < 2
466 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
467 and sufficient GCC support, as the string operations overflow
468 from a.buf1 into a.buf2. */
469 wcscpy (wa.buf1 + 4, wstr1 + 5);
470 if (wmemcmp (wa.buf1, L"aabcEDCBA", 10))
471 FAIL ();
472
473 if (wcpcpy (wa.buf1 + 8, wstr2) != wa.buf1 + 9
474 || wmemcmp (wa.buf1, L"aabcEDCBF", 10))
475 FAIL ();
476
477 wcsncpy (wa.buf1 + 6, L"X", l0 + 4);
478 if (wmemcmp (wa.buf1, L"aabcEDX\0\0", 10))
479 FAIL ();
480
481 if (swprintf (wa.buf1 + 7, 3, L"%d", num2) >= 0
482 || wmemcmp (wa.buf1, L"aabcEDX98", 10))
483 FAIL ();
484
485 wa.buf1[l0 + 8] = L'\0';
486 wcscat (wa.buf1, L"A");
487 if (wmemcmp (wa.buf1, L"aabcEDX9A", 10))
488 FAIL ();
489
490 wa.buf1[l0 + 7] = L'\0';
491 wcsncat (wa.buf1, L"ZYXWV", l0 + 2);
492 if (wmemcmp (wa.buf1, L"aabcEDXZY", 10))
493 FAIL ();
494
495 #endif
496
497 #if __USE_FORTIFY_LEVEL >= 1
498 /* Now check if all buffer overflows are caught at runtime. */
499
500 CHK_FAIL_START
501 wmemcpy (wbuf + 1, L"abcdefghij", l0 + 10);
502 CHK_FAIL_END
503
504 CHK_FAIL_START
505 wmemmove (wbuf + 2, wbuf + 1, l0 + 9);
506 CHK_FAIL_END
507
508 CHK_FAIL_START
509 wp = wmempcpy (wbuf + 6, L"abcde", l0 + 5);
510 CHK_FAIL_END
511
512 CHK_FAIL_START
513 wmemset (wbuf + 9, L'j', l0 + 2);
514 CHK_FAIL_END
515
516 CHK_FAIL_START
517 wcscpy (wbuf + 5, wstr1 + 5);
518 CHK_FAIL_END
519
520 CHK_FAIL_START
521 wp = wcpcpy (wbuf + 9, wstr2);
522 CHK_FAIL_END
523
524 CHK_FAIL_START
525 wcsncpy (wbuf + 7, L"X", l0 + 4);
526 CHK_FAIL_END
527
528 CHK_FAIL_START
529 wcpncpy (wbuf + 6, L"cd", l0 + 5);
530 CHK_FAIL_END
531
532 wmemcpy (wbuf, wstr1 + 2, l0 + 9);
533 CHK_FAIL_START
534 wcscat (wbuf, L"AB");
535 CHK_FAIL_END
536
537 wmemcpy (wbuf, wstr1 + 3, l0 + 8);
538 CHK_FAIL_START
539 wcsncat (wbuf, L"ZYXWV", l0 + 3);
540 CHK_FAIL_END
541
542 CHK_FAIL_START
543 wmemcpy (wa.buf1 + 1, L"abcdefghij", l0 + 10);
544 CHK_FAIL_END
545
546 CHK_FAIL_START
547 wmemmove (wa.buf1 + 2, wa.buf1 + 1, l0 + 9);
548 CHK_FAIL_END
549
550 CHK_FAIL_START
551 wp = wmempcpy (wa.buf1 + 6, L"abcde", l0 + 5);
552 CHK_FAIL_END
553
554 CHK_FAIL_START
555 wmemset (wa.buf1 + 9, L'j', l0 + 2);
556 CHK_FAIL_END
557
558 #if __USE_FORTIFY_LEVEL >= 2
559 # define O 0
560 #else
561 # define O 1
562 #endif
563
564 CHK_FAIL_START
565 wcscpy (wa.buf1 + (O + 4), wstr1 + 5);
566 CHK_FAIL_END
567
568 CHK_FAIL_START
569 wp = wcpcpy (wa.buf1 + (O + 8), wstr2);
570 CHK_FAIL_END
571
572 CHK_FAIL_START
573 wcsncpy (wa.buf1 + (O + 6), L"X", l0 + 4);
574 CHK_FAIL_END
575
576 wmemcpy (wa.buf1, wstr1 + (3 - O), l0 + 8 + O);
577 CHK_FAIL_START
578 wcscat (wa.buf1, L"AB");
579 CHK_FAIL_END
580
581 wmemcpy (wa.buf1, wstr1 + (4 - O), l0 + 7 + O);
582 CHK_FAIL_START
583 wcsncat (wa.buf1, L"ZYXWV", l0 + 3);
584 CHK_FAIL_END
585 #endif
586
587
588 /* Now checks for %n protection. */
589
590 /* Constant literals passed directly are always ok
591 (even with warnings about possible bugs from GCC). */
592 int n1, n2;
593 if (sprintf (buf, "%s%n%s%n", str2, &n1, str2, &n2) != 2
594 || n1 != 1 || n2 != 2)
595 FAIL ();
596
597 /* In this case the format string is not known at compile time,
598 but resides in read-only memory, so is ok. */
599 if (snprintf (buf, 4, str3, str2, &n1, str2, &n2) != 2
600 || n1 != 1 || n2 != 2)
601 FAIL ();
602
603 strcpy (buf2 + 2, "%n%s%n");
604 /* When the format string is writable and contains %n,
605 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
606 CHK_FAIL2_START
607 if (sprintf (buf, buf2, str2, &n1, str2, &n1) != 2)
608 FAIL ();
609 CHK_FAIL2_END
610
611 CHK_FAIL2_START
612 if (snprintf (buf, 3, buf2, str2, &n1, str2, &n1) != 2)
613 FAIL ();
614 CHK_FAIL2_END
615
616 /* But if there is no %n, even writable format string
617 should work. */
618 buf2[6] = '\0';
619 if (sprintf (buf, buf2 + 4, str2) != 1)
620 FAIL ();
621
622 /* Constant literals passed directly are always ok
623 (even with warnings about possible bugs from GCC). */
624 if (printf ("%s%n%s%n", str4, &n1, str5, &n2) != 14
625 || n1 != 7 || n2 != 14)
626 FAIL ();
627
628 /* In this case the format string is not known at compile time,
629 but resides in read-only memory, so is ok. */
630 if (printf (str3, str4, &n1, str5, &n2) != 14
631 || n1 != 7 || n2 != 14)
632 FAIL ();
633
634 strcpy (buf2 + 2, "%n%s%n");
635 /* When the format string is writable and contains %n,
636 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
637 CHK_FAIL2_START
638 if (printf (buf2, str4, &n1, str5, &n1) != 14)
639 FAIL ();
640 CHK_FAIL2_END
641
642 /* But if there is no %n, even writable format string
643 should work. */
644 buf2[6] = '\0';
645 if (printf (buf2 + 4, str5) != 7)
646 FAIL ();
647
648 FILE *fp = stdout;
649
650 /* Constant literals passed directly are always ok
651 (even with warnings about possible bugs from GCC). */
652 if (fprintf (fp, "%s%n%s%n", str4, &n1, str5, &n2) != 14
653 || n1 != 7 || n2 != 14)
654 FAIL ();
655
656 /* In this case the format string is not known at compile time,
657 but resides in read-only memory, so is ok. */
658 if (fprintf (fp, str3, str4, &n1, str5, &n2) != 14
659 || n1 != 7 || n2 != 14)
660 FAIL ();
661
662 strcpy (buf2 + 2, "%n%s%n");
663 /* When the format string is writable and contains %n,
664 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
665 CHK_FAIL2_START
666 if (fprintf (fp, buf2, str4, &n1, str5, &n1) != 14)
667 FAIL ();
668 CHK_FAIL2_END
669
670 /* But if there is no %n, even writable format string
671 should work. */
672 buf2[6] = '\0';
673 if (fprintf (fp, buf2 + 4, str5) != 7)
674 FAIL ();
675
676 if (freopen (temp_filename, "r", stdin) == NULL)
677 {
678 puts ("could not open temporary file");
679 exit (1);
680 }
681
682 if (gets (buf) != buf || memcmp (buf, "abcdefgh", 9))
683 FAIL ();
684 if (gets (buf) != buf || memcmp (buf, "ABCDEFGHI", 10))
685 FAIL ();
686
687 #if __USE_FORTIFY_LEVEL >= 1
688 CHK_FAIL_START
689 if (gets (buf) != buf)
690 FAIL ();
691 CHK_FAIL_END
692 #endif
693
694 rewind (stdin);
695
696 if (fgets (buf, sizeof (buf), stdin) != buf
697 || memcmp (buf, "abcdefgh\n", 10))
698 FAIL ();
699 if (fgets (buf, sizeof (buf), stdin) != buf || memcmp (buf, "ABCDEFGHI", 10))
700 FAIL ();
701
702 rewind (stdin);
703
704 if (fgets (buf, l0 + sizeof (buf), stdin) != buf
705 || memcmp (buf, "abcdefgh\n", 10))
706 FAIL ();
707
708 #if __USE_FORTIFY_LEVEL >= 1
709 CHK_FAIL_START
710 if (fgets (buf, sizeof (buf) + 1, stdin) != buf)
711 FAIL ();
712 CHK_FAIL_END
713
714 CHK_FAIL_START
715 if (fgets (buf, l0 + sizeof (buf) + 1, stdin) != buf)
716 FAIL ();
717 CHK_FAIL_END
718 #endif
719
720 rewind (stdin);
721
722 if (fgets_unlocked (buf, sizeof (buf), stdin) != buf
723 || memcmp (buf, "abcdefgh\n", 10))
724 FAIL ();
725 if (fgets_unlocked (buf, sizeof (buf), stdin) != buf
726 || memcmp (buf, "ABCDEFGHI", 10))
727 FAIL ();
728
729 rewind (stdin);
730
731 if (fgets_unlocked (buf, l0 + sizeof (buf), stdin) != buf
732 || memcmp (buf, "abcdefgh\n", 10))
733 FAIL ();
734
735 #if __USE_FORTIFY_LEVEL >= 1
736 CHK_FAIL_START
737 if (fgets_unlocked (buf, sizeof (buf) + 1, stdin) != buf)
738 FAIL ();
739 CHK_FAIL_END
740
741 CHK_FAIL_START
742 if (fgets_unlocked (buf, l0 + sizeof (buf) + 1, stdin) != buf)
743 FAIL ();
744 CHK_FAIL_END
745 #endif
746
747 lseek (fileno (stdin), 0, SEEK_SET);
748
749 if (read (fileno (stdin), buf, sizeof (buf) - 1) != sizeof (buf) - 1
750 || memcmp (buf, "abcdefgh\n", 9))
751 FAIL ();
752 if (read (fileno (stdin), buf, sizeof (buf) - 1) != sizeof (buf) - 1
753 || memcmp (buf, "ABCDEFGHI", 9))
754 FAIL ();
755
756 lseek (fileno (stdin), 0, SEEK_SET);
757
758 if (read (fileno (stdin), buf, l0 + sizeof (buf) - 1) != sizeof (buf) - 1
759 || memcmp (buf, "abcdefgh\n", 9))
760 FAIL ();
761
762 #if __USE_FORTIFY_LEVEL >= 1
763 CHK_FAIL_START
764 if (read (fileno (stdin), buf, sizeof (buf) + 1) != sizeof (buf) + 1)
765 FAIL ();
766 CHK_FAIL_END
767 #endif
768
769 if (pread (fileno (stdin), buf, sizeof (buf) - 1, sizeof (buf) - 2)
770 != sizeof (buf) - 1
771 || memcmp (buf, "\nABCDEFGH", 9))
772 FAIL ();
773 if (pread (fileno (stdin), buf, sizeof (buf) - 1, 0) != sizeof (buf) - 1
774 || memcmp (buf, "abcdefgh\n", 9))
775 FAIL ();
776 if (pread (fileno (stdin), buf, l0 + sizeof (buf) - 1, sizeof (buf) - 3)
777 != sizeof (buf) - 1
778 || memcmp (buf, "h\nABCDEFG", 9))
779 FAIL ();
780
781 #if __USE_FORTIFY_LEVEL >= 1
782 CHK_FAIL_START
783 if (pread (fileno (stdin), buf, sizeof (buf) + 1, 2 * sizeof (buf))
784 != sizeof (buf) + 1)
785 FAIL ();
786 CHK_FAIL_END
787 #endif
788
789 if (pread64 (fileno (stdin), buf, sizeof (buf) - 1, sizeof (buf) - 2)
790 != sizeof (buf) - 1
791 || memcmp (buf, "\nABCDEFGH", 9))
792 FAIL ();
793 if (pread64 (fileno (stdin), buf, sizeof (buf) - 1, 0) != sizeof (buf) - 1
794 || memcmp (buf, "abcdefgh\n", 9))
795 FAIL ();
796 if (pread64 (fileno (stdin), buf, l0 + sizeof (buf) - 1, sizeof (buf) - 3)
797 != sizeof (buf) - 1
798 || memcmp (buf, "h\nABCDEFG", 9))
799 FAIL ();
800
801 #if __USE_FORTIFY_LEVEL >= 1
802 CHK_FAIL_START
803 if (pread64 (fileno (stdin), buf, sizeof (buf) + 1, 2 * sizeof (buf))
804 != sizeof (buf) + 1)
805 FAIL ();
806 CHK_FAIL_END
807 #endif
808
809 if (freopen (temp_filename, "r", stdin) == NULL)
810 {
811 puts ("could not open temporary file");
812 exit (1);
813 }
814
815 if (fseek (stdin, 9 + 10 + 11, SEEK_SET))
816 {
817 puts ("could not seek in test file");
818 exit (1);
819 }
820
821 #if __USE_FORTIFY_LEVEL >= 1
822 CHK_FAIL_START
823 if (gets (buf) != buf)
824 FAIL ();
825 CHK_FAIL_END
826 #endif
827
828 /* Check whether missing N$ formats are detected. */
829 CHK_FAIL2_START
830 printf ("%3$d\n", 1, 2, 3, 4);
831 CHK_FAIL2_END
832
833 CHK_FAIL2_START
834 fprintf (stdout, "%3$d\n", 1, 2, 3, 4);
835 CHK_FAIL2_END
836
837 CHK_FAIL2_START
838 sprintf (buf, "%3$d\n", 1, 2, 3, 4);
839 CHK_FAIL2_END
840
841 CHK_FAIL2_START
842 snprintf (buf, sizeof (buf), "%3$d\n", 1, 2, 3, 4);
843 CHK_FAIL2_END
844
845 int sp[2];
846 if (socketpair (PF_UNIX, SOCK_STREAM, 0, sp))
847 FAIL ();
848 else
849 {
850 const char *sendstr = "abcdefgh\nABCDEFGH\n0123456789\n";
851 if (send (sp[0], sendstr, strlen (sendstr), 0) != strlen (sendstr))
852 FAIL ();
853
854 char recvbuf[12];
855 if (recv (sp[1], recvbuf, sizeof recvbuf, MSG_PEEK)
856 != sizeof recvbuf
857 || memcmp (recvbuf, sendstr, sizeof recvbuf) != 0)
858 FAIL ();
859
860 if (recv (sp[1], recvbuf + 6, l0 + sizeof recvbuf - 7, MSG_PEEK)
861 != sizeof recvbuf - 7
862 || memcmp (recvbuf + 6, sendstr, sizeof recvbuf - 7) != 0)
863 FAIL ();
864
865 #if __USE_FORTIFY_LEVEL >= 1
866 CHK_FAIL_START
867 if (recv (sp[1], recvbuf + 1, sizeof recvbuf, MSG_PEEK)
868 != sizeof recvbuf)
869 FAIL ();
870 CHK_FAIL_END
871
872 CHK_FAIL_START
873 if (recv (sp[1], recvbuf + 4, l0 + sizeof recvbuf - 3, MSG_PEEK)
874 != sizeof recvbuf - 3)
875 FAIL ();
876 CHK_FAIL_END
877 #endif
878
879 socklen_t sl;
880 struct sockaddr_un sa_un;
881
882 sl = sizeof (sa_un);
883 if (recvfrom (sp[1], recvbuf, sizeof recvbuf, MSG_PEEK, &sa_un, &sl)
884 != sizeof recvbuf
885 || memcmp (recvbuf, sendstr, sizeof recvbuf) != 0)
886 FAIL ();
887
888 sl = sizeof (sa_un);
889 if (recvfrom (sp[1], recvbuf + 6, l0 + sizeof recvbuf - 7, MSG_PEEK,
890 &sa_un, &sl) != sizeof recvbuf - 7
891 || memcmp (recvbuf + 6, sendstr, sizeof recvbuf - 7) != 0)
892 FAIL ();
893
894 #if __USE_FORTIFY_LEVEL >= 1
895 CHK_FAIL_START
896 sl = sizeof (sa_un);
897 if (recvfrom (sp[1], recvbuf + 1, sizeof recvbuf, MSG_PEEK, &sa_un, &sl)
898 != sizeof recvbuf)
899 FAIL ();
900 CHK_FAIL_END
901
902 CHK_FAIL_START
903 sl = sizeof (sa_un);
904 if (recvfrom (sp[1], recvbuf + 4, l0 + sizeof recvbuf - 3, MSG_PEEK,
905 &sa_un, &sl) != sizeof recvbuf - 3)
906 FAIL ();
907 CHK_FAIL_END
908 #endif
909
910 close (sp[0]);
911 close (sp[1]);
912 }
913
914 char fname[] = "/tmp/tst-chk1-dir-XXXXXX\0foo";
915 char *enddir = strchr (fname, '\0');
916 if (mkdtemp (fname) == NULL)
917 {
918 printf ("mkdtemp failed: %m\n");
919 return 1;
920 }
921 *enddir = '/';
922 if (symlink ("bar", fname) != 0)
923 FAIL ();
924
925 char readlinkbuf[4];
926 if (readlink (fname, readlinkbuf, 4) != 3
927 || memcmp (readlinkbuf, "bar", 3) != 0)
928 FAIL ();
929 if (readlink (fname, readlinkbuf + 1, l0 + 3) != 3
930 || memcmp (readlinkbuf, "bbar", 4) != 0)
931 FAIL ();
932
933 #if __USE_FORTIFY_LEVEL >= 1
934 CHK_FAIL_START
935 if (readlink (fname, readlinkbuf + 2, l0 + 3) != 3)
936 FAIL ();
937 CHK_FAIL_END
938
939 CHK_FAIL_START
940 if (readlink (fname, readlinkbuf + 3, 4) != 3)
941 FAIL ();
942 CHK_FAIL_END
943 #endif
944
945 char *cwd1 = getcwd (NULL, 0);
946 if (cwd1 == NULL)
947 FAIL ();
948
949 char *cwd2 = getcwd (NULL, 250);
950 if (cwd2 == NULL)
951 FAIL ();
952
953 if (cwd1 && cwd2)
954 {
955 if (strcmp (cwd1, cwd2) != 0)
956 FAIL ();
957
958 *enddir = '\0';
959 if (chdir (fname))
960 FAIL ();
961
962 char *cwd3 = getcwd (NULL, 0);
963 if (cwd3 == NULL)
964 FAIL ();
965 if (strcmp (fname, cwd3) != 0)
966 printf ("getcwd after chdir is '%s' != '%s',"
967 "get{c,}wd tests skipped\n", cwd3, fname);
968 else
969 {
970 char getcwdbuf[sizeof fname - 3];
971
972 char *cwd4 = getcwd (getcwdbuf, sizeof getcwdbuf);
973 if (cwd4 != getcwdbuf
974 || strcmp (getcwdbuf, fname) != 0)
975 FAIL ();
976
977 cwd4 = getcwd (getcwdbuf + 1, l0 + sizeof getcwdbuf - 1);
978 if (cwd4 != getcwdbuf + 1
979 || getcwdbuf[0] != fname[0]
980 || strcmp (getcwdbuf + 1, fname) != 0)
981 FAIL ();
982
983 #if __USE_FORTIFY_LEVEL >= 1
984 CHK_FAIL_START
985 if (getcwd (getcwdbuf + 2, l0 + sizeof getcwdbuf)
986 != getcwdbuf + 2)
987 FAIL ();
988 CHK_FAIL_END
989
990 CHK_FAIL_START
991 if (getcwd (getcwdbuf + 2, sizeof getcwdbuf)
992 != getcwdbuf + 2)
993 FAIL ();
994 CHK_FAIL_END
995 #endif
996
997 if (getwd (getcwdbuf) != getcwdbuf
998 || strcmp (getcwdbuf, fname) != 0)
999 FAIL ();
1000
1001 if (getwd (getcwdbuf + 1) != getcwdbuf + 1
1002 || strcmp (getcwdbuf + 1, fname) != 0)
1003 FAIL ();
1004
1005 #if __USE_FORTIFY_LEVEL >= 1
1006 CHK_FAIL_START
1007 if (getwd (getcwdbuf + 2) != getcwdbuf + 2)
1008 FAIL ();
1009 CHK_FAIL_END
1010 #endif
1011 }
1012
1013 if (chdir (cwd1) != 0)
1014 FAIL ();
1015 free (cwd3);
1016 }
1017
1018 free (cwd1);
1019 free (cwd2);
1020 *enddir = '/';
1021 if (unlink (fname) != 0)
1022 FAIL ();
1023
1024 *enddir = '\0';
1025 if (rmdir (fname) != 0)
1026 FAIL ();
1027
1028
1029 #if PATH_MAX > 0
1030 char largebuf[PATH_MAX];
1031 char *realres = realpath (".", largebuf);
1032 #endif
1033 #if __USE_FORTIFY_LEVEL >= 1
1034 CHK_FAIL_START
1035 char realbuf[1];
1036 realres = realpath (".", realbuf);
1037 CHK_FAIL_END
1038 #endif
1039
1040 if (setlocale (LC_ALL, "de_DE.UTF-8") != NULL)
1041 {
1042 /* First a simple test. */
1043 char enough[MB_CUR_MAX];
1044 if (wctomb (enough, L'A') != 1)
1045 {
1046 puts ("first wctomb test failed");
1047 ret = 1;
1048 }
1049
1050 #if __USE_FORTIFY_LEVEL >= 1
1051 /* We know the wchar_t encoding is ISO 10646. So pick a
1052 character which has a multibyte representation which does not
1053 fit. */
1054 CHK_FAIL_START
1055 char smallbuf[2];
1056 if (wctomb (smallbuf, L'\x100') != 2)
1057 {
1058 puts ("second wctomb test failed");
1059 ret = 1;
1060 }
1061 CHK_FAIL_END
1062 #endif
1063
1064 mbstate_t s;
1065 memset (&s, '\0', sizeof (s));
1066 if (wcrtomb (enough, L'A', &s) != 1)
1067 {
1068 puts ("first wcrtomb test failed");
1069 ret = 1;
1070 }
1071
1072 #if __USE_FORTIFY_LEVEL >= 1
1073 /* We know the wchar_t encoding is ISO 10646. So pick a
1074 character which has a multibyte representation which does not
1075 fit. */
1076 CHK_FAIL_START
1077 char smallbuf[2];
1078 if (wcrtomb (smallbuf, L'\x100', &s) != 2)
1079 {
1080 puts ("second wcrtomb test failed");
1081 ret = 1;
1082 }
1083 CHK_FAIL_END
1084 #endif
1085
1086 wchar_t wenough[10];
1087 memset (&s, '\0', sizeof (s));
1088 const char *cp = "A";
1089 if (mbsrtowcs (wenough, &cp, 10, &s) != 1)
1090 {
1091 puts ("first mbsrtowcs test failed");
1092 ret = 1;
1093 }
1094
1095 #if __USE_FORTIFY_LEVEL >= 1
1096 /* We know the wchar_t encoding is ISO 10646. So pick a
1097 character which has a multibyte representation which does not
1098 fit. */
1099 CHK_FAIL_START
1100 wchar_t wsmallbuf[2];
1101 cp = "ABC";
1102 mbsrtowcs (wsmallbuf, &cp, 10, &s);
1103 CHK_FAIL_END
1104 #endif
1105
1106 memset (&s, '\0', sizeof (s));
1107 cp = "A";
1108 if (mbsnrtowcs (wenough, &cp, 1, 10, &s) != 1)
1109 {
1110 puts ("first mbsnrtowcs test failed");
1111 ret = 1;
1112 }
1113
1114 #if __USE_FORTIFY_LEVEL >= 1
1115 /* We know the wchar_t encoding is ISO 10646. So pick a
1116 character which has a multibyte representation which does not
1117 fit. */
1118 CHK_FAIL_START
1119 wchar_t wsmallbuf[2];
1120 cp = "ABC";
1121 mbsnrtowcs (wsmallbuf, &cp, 3, 10, &s);
1122 CHK_FAIL_END
1123 #endif
1124
1125 memset (&s, '\0', sizeof (s));
1126 const wchar_t *wcp = L"A";
1127 if (wcsrtombs (enough, &wcp, 10, &s) != 1)
1128 {
1129 puts ("first wcsrtombs test failed");
1130 ret = 1;
1131 }
1132
1133 #if __USE_FORTIFY_LEVEL >= 1
1134 /* We know the wchar_t encoding is ISO 10646. So pick a
1135 character which has a multibyte representation which does not
1136 fit. */
1137 CHK_FAIL_START
1138 char smallbuf[2];
1139 wcp = L"ABC";
1140 wcsrtombs (smallbuf, &wcp, 10, &s);
1141 CHK_FAIL_END
1142 #endif
1143
1144 memset (&s, '\0', sizeof (s));
1145 wcp = L"A";
1146 if (wcsnrtombs (enough, &wcp, 1, 10, &s) != 1)
1147 {
1148 puts ("first wcsnrtombs test failed");
1149 ret = 1;
1150 }
1151
1152 #if __USE_FORTIFY_LEVEL >= 1
1153 /* We know the wchar_t encoding is ISO 10646. So pick a
1154 character which has a multibyte representation which does not
1155 fit. */
1156 CHK_FAIL_START
1157 char smallbuf[2];
1158 wcp = L"ABC";
1159 wcsnrtombs (smallbuf, &wcp, 3, 10, &s);
1160 CHK_FAIL_END
1161 #endif
1162 }
1163 else
1164 {
1165 puts ("cannot set locale");
1166 ret = 1;
1167 }
1168
1169 fd = posix_openpt (O_RDWR);
1170 if (fd != -1)
1171 {
1172 char enough[1000];
1173 if (ptsname_r (fd, enough, sizeof (enough)) != 0)
1174 {
1175 puts ("first ptsname_r failed");
1176 ret = 1;
1177 }
1178
1179 #if __USE_FORTIFY_LEVEL >= 1
1180 CHK_FAIL_START
1181 char smallbuf[2];
1182 if (ptsname_r (fd, smallbuf, sizeof (smallbuf) + 1) == 0)
1183 {
1184 puts ("second ptsname_r somehow suceeded");
1185 ret = 1;
1186 }
1187 CHK_FAIL_END
1188 #endif
1189 close (fd);
1190 }
1191
1192 confstr (_CS_GNU_LIBC_VERSION, largebuf, sizeof (largebuf));
1193 #if __USE_FORTIFY_LEVEL >= 1
1194 CHK_FAIL_START
1195 char smallbuf[1];
1196 confstr (_CS_GNU_LIBC_VERSION, smallbuf, sizeof (largebuf));
1197 CHK_FAIL_END
1198 #endif
1199
1200 gid_t grpslarge[5];
1201 int ngr = getgroups (5, grpslarge);
1202 #if __USE_FORTIFY_LEVEL >= 1
1203 CHK_FAIL_START
1204 char smallbuf[1];
1205 ngr = getgroups (5, (gid_t *) smallbuf);
1206 CHK_FAIL_END
1207 #endif
1208
1209 fd = open (_PATH_TTY, O_RDONLY);
1210 if (fd != -1)
1211 {
1212 char enough[1000];
1213 if (ttyname_r (fd, enough, sizeof (enough)) != 0)
1214 {
1215 puts ("first ttyname_r failed");
1216 ret = 1;
1217 }
1218
1219 #if __USE_FORTIFY_LEVEL >= 1
1220 CHK_FAIL_START
1221 char smallbuf[2];
1222 if (ttyname_r (fd, smallbuf, sizeof (smallbuf) + 1) == 0)
1223 {
1224 puts ("second ttyname_r somehow suceeded");
1225 ret = 1;
1226 }
1227 CHK_FAIL_END
1228 #endif
1229 close (fd);
1230 }
1231
1232 char hostnamelarge[1000];
1233 gethostname (hostnamelarge, sizeof (hostnamelarge));
1234 #if __USE_FORTIFY_LEVEL >= 1
1235 CHK_FAIL_START
1236 char smallbuf[1];
1237 gethostname (smallbuf, sizeof (hostnamelarge));
1238 CHK_FAIL_END
1239 #endif
1240
1241 char loginlarge[1000];
1242 getlogin_r (loginlarge, sizeof (hostnamelarge));
1243 #if __USE_FORTIFY_LEVEL >= 1
1244 CHK_FAIL_START
1245 char smallbuf[1];
1246 getlogin_r (smallbuf, sizeof (loginlarge));
1247 CHK_FAIL_END
1248 #endif
1249
1250 char domainnamelarge[1000];
1251 int res = getdomainname (domainnamelarge, sizeof (domainnamelarge));
1252 #if __USE_FORTIFY_LEVEL >= 1
1253 CHK_FAIL_START
1254 char smallbuf[1];
1255 res = getdomainname (smallbuf, sizeof (domainnamelarge));
1256 CHK_FAIL_END
1257 #endif
1258
1259 return ret;
1260 }
sources.redhat.com git mirror of glibc CVS