1 /* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
20 /* Hack: make sure GCC doesn't know __chk_fail () will not return. */
33 #include <sys/socket.h>
37 static void do_prepare (void);
38 static int do_test (void);
39 #define PREPARE(argc, argv) do_prepare ()
40 #define TEST_FUNCTION do_test ()
41 #include "../test-skeleton.c"
46 int temp_fd
= create_temp_file ("tst-chk1.", &temp_filename
);
49 printf ("cannot create temporary file: %m\n");
53 const char *strs
= "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
54 if (write (temp_fd
, strs
, strlen (strs
)) != strlen (strs
))
56 puts ("could not write test strings into file");
57 unlink (temp_filename
);
62 volatile int chk_fail_ok
;
72 longjmp (chk_fail_buf
, 1);
83 const char *str1
= "JIHGFEDCBA";
84 const char *str2
= "F";
85 const char *str3
= "%s%n%s%n";
86 const char *str4
= "Hello, ";
87 const char *str5
= "World!\n";
88 const wchar_t *wstr1
= L
"JIHGFEDCBA";
89 const wchar_t *wstr2
= L
"F";
90 const wchar_t *wstr3
= L
"%s%n%s%n";
91 const wchar_t *wstr4
= L
"Hello, ";
92 const wchar_t *wstr5
= L
"World!\n";
98 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
99 #define CHK_FAIL_START \
101 if (! setjmp (chk_fail_buf)) \
103 #define CHK_FAIL_END \
107 #if __USE_FORTIFY_LEVEL >= 2
108 #define CHK_FAIL2_START CHK_FAIL_START
109 #define CHK_FAIL2_END CHK_FAIL_END
111 #define CHK_FAIL2_START
112 #define CHK_FAIL2_END
119 sa
.sa_handler
= handler
;
121 sigemptyset (&sa
.sa_mask
);
123 sigaction (SIGABRT
, &sa
, NULL
);
125 /* Avoid all the buffer overflow messages on stderr. */
126 int fd
= open (_PATH_DEVNULL
, O_WRONLY
);
128 close (STDERR_FILENO
);
131 dup2 (fd
, STDERR_FILENO
);
134 setenv ("LIBC_FATAL_STDERR_", "1", 1);
136 struct A
{ char buf1
[9]; char buf2
[1]; } a
;
137 struct wA
{ wchar_t buf1
[9]; wchar_t buf2
[1]; } wa
;
139 printf ("Test checking routines at fortify level %d\n",
140 #ifdef __USE_FORTIFY_LEVEL
141 (int) __USE_FORTIFY_LEVEL
147 /* These ops can be done without runtime checking of object size. */
148 memcpy (buf
, "abcdefghij", 10);
149 memmove (buf
+ 1, buf
, 9);
150 if (memcmp (buf
, "aabcdefghi", 10))
153 if (mempcpy (buf
+ 5, "abcde", 5) != buf
+ 10
154 || memcmp (buf
, "aabcdabcde", 10))
157 memset (buf
+ 8, 'j', 2);
158 if (memcmp (buf
, "aabcdabcjj", 10))
161 strcpy (buf
+ 4, "EDCBA");
162 if (memcmp (buf
, "aabcEDCBA", 10))
165 if (stpcpy (buf
+ 8, "F") != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
168 strncpy (buf
+ 6, "X", 4);
169 if (memcmp (buf
, "aabcEDX\0\0", 10))
172 if (sprintf (buf
+ 7, "%s", "67") != 2 || memcmp (buf
, "aabcEDX67", 10))
175 if (snprintf (buf
+ 7, 3, "%s", "987654") != 6
176 || memcmp (buf
, "aabcEDX98", 10))
179 /* These ops need runtime checking, but shouldn't __chk_fail. */
180 memcpy (buf
, "abcdefghij", l0
+ 10);
181 memmove (buf
+ 1, buf
, l0
+ 9);
182 if (memcmp (buf
, "aabcdefghi", 10))
185 if (mempcpy (buf
+ 5, "abcde", l0
+ 5) != buf
+ 10
186 || memcmp (buf
, "aabcdabcde", 10))
189 memset (buf
+ 8, 'j', l0
+ 2);
190 if (memcmp (buf
, "aabcdabcjj", 10))
193 strcpy (buf
+ 4, str1
+ 5);
194 if (memcmp (buf
, "aabcEDCBA", 10))
197 if (stpcpy (buf
+ 8, str2
) != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
200 strncpy (buf
+ 6, "X", l0
+ 4);
201 if (memcmp (buf
, "aabcEDX\0\0", 10))
204 if (stpncpy (buf
+ 5, "cd", l0
+ 5) != buf
+ 7
205 || memcmp (buf
, "aabcEcd\0\0", 10))
208 if (sprintf (buf
+ 7, "%d", num1
) != 2 || memcmp (buf
, "aabcEcd67", 10))
211 if (snprintf (buf
+ 7, 3, "%d", num2
) != 6 || memcmp (buf
, "aabcEcd98", 10))
216 if (memcmp (buf
, "aabcEcd9A", 10))
220 strncat (buf
, "ZYXWV", l0
+ 2);
221 if (memcmp (buf
, "aabcEcdZY", 10))
224 memcpy (a
.buf1
, "abcdefghij", l0
+ 10);
225 memmove (a
.buf1
+ 1, a
.buf1
, l0
+ 9);
226 if (memcmp (a
.buf1
, "aabcdefghi", 10))
229 if (mempcpy (a
.buf1
+ 5, "abcde", l0
+ 5) != a
.buf1
+ 10
230 || memcmp (a
.buf1
, "aabcdabcde", 10))
233 memset (a
.buf1
+ 8, 'j', l0
+ 2);
234 if (memcmp (a
.buf1
, "aabcdabcjj", 10))
237 #if __USE_FORTIFY_LEVEL < 2 || !__GNUC_PREREQ (4, 0)
238 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
239 and sufficient GCC support, as the string operations overflow
240 from a.buf1 into a.buf2. */
241 strcpy (a
.buf1
+ 4, str1
+ 5);
242 if (memcmp (a
.buf1
, "aabcEDCBA", 10))
245 if (stpcpy (a
.buf1
+ 8, str2
) != a
.buf1
+ 9
246 || memcmp (a
.buf1
, "aabcEDCBF", 10))
249 strncpy (a
.buf1
+ 6, "X", l0
+ 4);
250 if (memcmp (a
.buf1
, "aabcEDX\0\0", 10))
253 if (sprintf (a
.buf1
+ 7, "%d", num1
) != 2
254 || memcmp (a
.buf1
, "aabcEDX67", 10))
257 if (snprintf (a
.buf1
+ 7, 3, "%d", num2
) != 6
258 || memcmp (a
.buf1
, "aabcEDX98", 10))
261 a
.buf1
[l0
+ 8] = '\0';
262 strcat (a
.buf1
, "A");
263 if (memcmp (a
.buf1
, "aabcEDX9A", 10))
266 a
.buf1
[l0
+ 7] = '\0';
267 strncat (a
.buf1
, "ZYXWV", l0
+ 2);
268 if (memcmp (a
.buf1
, "aabcEDXZY", 10))
273 #if __USE_FORTIFY_LEVEL >= 1
274 /* Now check if all buffer overflows are caught at runtime. */
277 memcpy (buf
+ 1, "abcdefghij", l0
+ 10);
281 memmove (buf
+ 2, buf
+ 1, l0
+ 9);
285 p
= mempcpy (buf
+ 6, "abcde", l0
+ 5);
289 memset (buf
+ 9, 'j', l0
+ 2);
293 strcpy (buf
+ 5, str1
+ 5);
297 p
= stpcpy (buf
+ 9, str2
);
301 strncpy (buf
+ 7, "X", l0
+ 4);
305 stpncpy (buf
+ 6, "cd", l0
+ 5);
309 sprintf (buf
+ 8, "%d", num1
);
313 snprintf (buf
+ 8, l0
+ 3, "%d", num2
);
316 memcpy (buf
, str1
+ 2, l0
+ 9);
321 memcpy (buf
, str1
+ 3, l0
+ 8);
323 strncat (buf
, "ZYXWV", l0
+ 3);
327 memcpy (a
.buf1
+ 1, "abcdefghij", l0
+ 10);
331 memmove (a
.buf1
+ 2, a
.buf1
+ 1, l0
+ 9);
335 p
= mempcpy (a
.buf1
+ 6, "abcde", l0
+ 5);
339 memset (a
.buf1
+ 9, 'j', l0
+ 2);
342 #if __USE_FORTIFY_LEVEL >= 2 && __GNUC_PREREQ (4, 0)
349 strcpy (a
.buf1
+ (O
+ 4), str1
+ 5);
353 p
= stpcpy (a
.buf1
+ (O
+ 8), str2
);
357 strncpy (a
.buf1
+ (O
+ 6), "X", l0
+ 4);
361 sprintf (a
.buf1
+ (O
+ 7), "%d", num1
);
365 snprintf (a
.buf1
+ (O
+ 7), l0
+ 3, "%d", num2
);
368 memcpy (a
.buf1
, str1
+ (3 - O
), l0
+ 8 + O
);
370 strcat (a
.buf1
, "AB");
373 memcpy (a
.buf1
, str1
+ (4 - O
), l0
+ 7 + O
);
375 strncat (a
.buf1
, "ZYXWV", l0
+ 3);
380 /* These ops can be done without runtime checking of object size. */
381 wmemcpy (wbuf
, L
"abcdefghij", 10);
382 wmemmove (wbuf
+ 1, wbuf
, 9);
383 if (wmemcmp (wbuf
, L
"aabcdefghi", 10))
386 if (wmempcpy (wbuf
+ 5, L
"abcde", 5) != wbuf
+ 10
387 || wmemcmp (wbuf
, L
"aabcdabcde", 10))
390 wmemset (wbuf
+ 8, L
'j', 2);
391 if (wmemcmp (wbuf
, L
"aabcdabcjj", 10))
394 wcscpy (wbuf
+ 4, L
"EDCBA");
395 if (wmemcmp (wbuf
, L
"aabcEDCBA", 10))
398 if (wcpcpy (wbuf
+ 8, L
"F") != wbuf
+ 9 || wmemcmp (wbuf
, L
"aabcEDCBF", 10))
401 wcsncpy (wbuf
+ 6, L
"X", 4);
402 if (wmemcmp (wbuf
, L
"aabcEDX\0\0", 10))
405 if (swprintf (wbuf
+ 7, 3, L
"%ls", L
"987654") >= 0
406 || wmemcmp (wbuf
, L
"aabcEDX98", 10))
409 /* These ops need runtime checking, but shouldn't __chk_fail. */
410 wmemcpy (wbuf
, L
"abcdefghij", l0
+ 10);
411 wmemmove (wbuf
+ 1, wbuf
, l0
+ 9);
412 if (wmemcmp (wbuf
, L
"aabcdefghi", 10))
415 if (wmempcpy (wbuf
+ 5, L
"abcde", l0
+ 5) != wbuf
+ 10
416 || wmemcmp (wbuf
, L
"aabcdabcde", 10))
419 wmemset (wbuf
+ 8, L
'j', l0
+ 2);
420 if (wmemcmp (wbuf
, L
"aabcdabcjj", 10))
423 wcscpy (wbuf
+ 4, wstr1
+ 5);
424 if (wmemcmp (wbuf
, L
"aabcEDCBA", 10))
427 if (wcpcpy (wbuf
+ 8, wstr2
) != wbuf
+ 9 || wmemcmp (wbuf
, L
"aabcEDCBF", 10))
430 wcsncpy (wbuf
+ 6, L
"X", l0
+ 4);
431 if (wmemcmp (wbuf
, L
"aabcEDX\0\0", 10))
434 if (wcpncpy (wbuf
+ 5, L
"cd", l0
+ 5) != wbuf
+ 7
435 || wmemcmp (wbuf
, L
"aabcEcd\0\0", 10))
438 if (swprintf (wbuf
+ 7, 3, L
"%d", num2
) >= 0
439 || wmemcmp (wbuf
, L
"aabcEcd98", 10))
442 wbuf
[l0
+ 8] = L
'\0';
444 if (wmemcmp (wbuf
, L
"aabcEcd9A", 10))
447 wbuf
[l0
+ 7] = L
'\0';
448 wcsncat (wbuf
, L
"ZYXWV", l0
+ 2);
449 if (wmemcmp (wbuf
, L
"aabcEcdZY", 10))
452 wmemcpy (wa
.buf1
, L
"abcdefghij", l0
+ 10);
453 wmemmove (wa
.buf1
+ 1, wa
.buf1
, l0
+ 9);
454 if (wmemcmp (wa
.buf1
, L
"aabcdefghi", 10))
457 if (wmempcpy (wa
.buf1
+ 5, L
"abcde", l0
+ 5) != wa
.buf1
+ 10
458 || wmemcmp (wa
.buf1
, L
"aabcdabcde", 10))
461 wmemset (wa
.buf1
+ 8, L
'j', l0
+ 2);
462 if (wmemcmp (wa
.buf1
, L
"aabcdabcjj", 10))
465 #if __USE_FORTIFY_LEVEL < 2
466 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
467 and sufficient GCC support, as the string operations overflow
468 from a.buf1 into a.buf2. */
469 wcscpy (wa
.buf1
+ 4, wstr1
+ 5);
470 if (wmemcmp (wa
.buf1
, L
"aabcEDCBA", 10))
473 if (wcpcpy (wa
.buf1
+ 8, wstr2
) != wa
.buf1
+ 9
474 || wmemcmp (wa
.buf1
, L
"aabcEDCBF", 10))
477 wcsncpy (wa
.buf1
+ 6, L
"X", l0
+ 4);
478 if (wmemcmp (wa
.buf1
, L
"aabcEDX\0\0", 10))
481 if (swprintf (wa
.buf1
+ 7, 3, L
"%d", num2
) >= 0
482 || wmemcmp (wa
.buf1
, L
"aabcEDX98", 10))
485 wa
.buf1
[l0
+ 8] = L
'\0';
486 wcscat (wa
.buf1
, L
"A");
487 if (wmemcmp (wa
.buf1
, L
"aabcEDX9A", 10))
490 wa
.buf1
[l0
+ 7] = L
'\0';
491 wcsncat (wa
.buf1
, L
"ZYXWV", l0
+ 2);
492 if (wmemcmp (wa
.buf1
, L
"aabcEDXZY", 10))
497 #if __USE_FORTIFY_LEVEL >= 1
498 /* Now check if all buffer overflows are caught at runtime. */
501 wmemcpy (wbuf
+ 1, L
"abcdefghij", l0
+ 10);
505 wmemmove (wbuf
+ 2, wbuf
+ 1, l0
+ 9);
509 wp
= wmempcpy (wbuf
+ 6, L
"abcde", l0
+ 5);
513 wmemset (wbuf
+ 9, L
'j', l0
+ 2);
517 wcscpy (wbuf
+ 5, wstr1
+ 5);
521 wp
= wcpcpy (wbuf
+ 9, wstr2
);
525 wcsncpy (wbuf
+ 7, L
"X", l0
+ 4);
529 wcpncpy (wbuf
+ 6, L
"cd", l0
+ 5);
532 wmemcpy (wbuf
, wstr1
+ 2, l0
+ 9);
534 wcscat (wbuf
, L
"AB");
537 wmemcpy (wbuf
, wstr1
+ 3, l0
+ 8);
539 wcsncat (wbuf
, L
"ZYXWV", l0
+ 3);
543 wmemcpy (wa
.buf1
+ 1, L
"abcdefghij", l0
+ 10);
547 wmemmove (wa
.buf1
+ 2, wa
.buf1
+ 1, l0
+ 9);
551 wp
= wmempcpy (wa
.buf1
+ 6, L
"abcde", l0
+ 5);
555 wmemset (wa
.buf1
+ 9, L
'j', l0
+ 2);
558 #if __USE_FORTIFY_LEVEL >= 2
565 wcscpy (wa
.buf1
+ (O
+ 4), wstr1
+ 5);
569 wp
= wcpcpy (wa
.buf1
+ (O
+ 8), wstr2
);
573 wcsncpy (wa
.buf1
+ (O
+ 6), L
"X", l0
+ 4);
576 wmemcpy (wa
.buf1
, wstr1
+ (3 - O
), l0
+ 8 + O
);
578 wcscat (wa
.buf1
, L
"AB");
581 wmemcpy (wa
.buf1
, wstr1
+ (4 - O
), l0
+ 7 + O
);
583 wcsncat (wa
.buf1
, L
"ZYXWV", l0
+ 3);
588 /* Now checks for %n protection. */
590 /* Constant literals passed directly are always ok
591 (even with warnings about possible bugs from GCC). */
593 if (sprintf (buf
, "%s%n%s%n", str2
, &n1
, str2
, &n2
) != 2
594 || n1
!= 1 || n2
!= 2)
597 /* In this case the format string is not known at compile time,
598 but resides in read-only memory, so is ok. */
599 if (snprintf (buf
, 4, str3
, str2
, &n1
, str2
, &n2
) != 2
600 || n1
!= 1 || n2
!= 2)
603 strcpy (buf2
+ 2, "%n%s%n");
604 /* When the format string is writable and contains %n,
605 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
607 if (sprintf (buf
, buf2
, str2
, &n1
, str2
, &n1
) != 2)
612 if (snprintf (buf
, 3, buf2
, str2
, &n1
, str2
, &n1
) != 2)
616 /* But if there is no %n, even writable format string
619 if (sprintf (buf
, buf2
+ 4, str2
) != 1)
622 /* Constant literals passed directly are always ok
623 (even with warnings about possible bugs from GCC). */
624 if (printf ("%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
625 || n1
!= 7 || n2
!= 14)
628 /* In this case the format string is not known at compile time,
629 but resides in read-only memory, so is ok. */
630 if (printf (str3
, str4
, &n1
, str5
, &n2
) != 14
631 || n1
!= 7 || n2
!= 14)
634 strcpy (buf2
+ 2, "%n%s%n");
635 /* When the format string is writable and contains %n,
636 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
638 if (printf (buf2
, str4
, &n1
, str5
, &n1
) != 14)
642 /* But if there is no %n, even writable format string
645 if (printf (buf2
+ 4, str5
) != 7)
650 /* Constant literals passed directly are always ok
651 (even with warnings about possible bugs from GCC). */
652 if (fprintf (fp
, "%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
653 || n1
!= 7 || n2
!= 14)
656 /* In this case the format string is not known at compile time,
657 but resides in read-only memory, so is ok. */
658 if (fprintf (fp
, str3
, str4
, &n1
, str5
, &n2
) != 14
659 || n1
!= 7 || n2
!= 14)
662 strcpy (buf2
+ 2, "%n%s%n");
663 /* When the format string is writable and contains %n,
664 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
666 if (fprintf (fp
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
670 /* But if there is no %n, even writable format string
673 if (fprintf (fp
, buf2
+ 4, str5
) != 7)
676 if (freopen (temp_filename
, "r", stdin
) == NULL
)
678 puts ("could not open temporary file");
682 if (gets (buf
) != buf
|| memcmp (buf
, "abcdefgh", 9))
684 if (gets (buf
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
687 #if __USE_FORTIFY_LEVEL >= 1
689 if (gets (buf
) != buf
)
696 if (fgets (buf
, sizeof (buf
), stdin
) != buf
697 || memcmp (buf
, "abcdefgh\n", 10))
699 if (fgets (buf
, sizeof (buf
), stdin
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
704 if (fgets (buf
, l0
+ sizeof (buf
), stdin
) != buf
705 || memcmp (buf
, "abcdefgh\n", 10))
708 #if __USE_FORTIFY_LEVEL >= 1
710 if (fgets (buf
, sizeof (buf
) + 1, stdin
) != buf
)
715 if (fgets (buf
, l0
+ sizeof (buf
) + 1, stdin
) != buf
)
722 if (fgets_unlocked (buf
, sizeof (buf
), stdin
) != buf
723 || memcmp (buf
, "abcdefgh\n", 10))
725 if (fgets_unlocked (buf
, sizeof (buf
), stdin
) != buf
726 || memcmp (buf
, "ABCDEFGHI", 10))
731 if (fgets_unlocked (buf
, l0
+ sizeof (buf
), stdin
) != buf
732 || memcmp (buf
, "abcdefgh\n", 10))
735 #if __USE_FORTIFY_LEVEL >= 1
737 if (fgets_unlocked (buf
, sizeof (buf
) + 1, stdin
) != buf
)
742 if (fgets_unlocked (buf
, l0
+ sizeof (buf
) + 1, stdin
) != buf
)
747 lseek (fileno (stdin
), 0, SEEK_SET
);
749 if (read (fileno (stdin
), buf
, sizeof (buf
) - 1) != sizeof (buf
) - 1
750 || memcmp (buf
, "abcdefgh\n", 9))
752 if (read (fileno (stdin
), buf
, sizeof (buf
) - 1) != sizeof (buf
) - 1
753 || memcmp (buf
, "ABCDEFGHI", 9))
756 lseek (fileno (stdin
), 0, SEEK_SET
);
758 if (read (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1) != sizeof (buf
) - 1
759 || memcmp (buf
, "abcdefgh\n", 9))
762 #if __USE_FORTIFY_LEVEL >= 1
764 if (read (fileno (stdin
), buf
, sizeof (buf
) + 1) != sizeof (buf
) + 1)
769 if (pread (fileno (stdin
), buf
, sizeof (buf
) - 1, sizeof (buf
) - 2)
771 || memcmp (buf
, "\nABCDEFGH", 9))
773 if (pread (fileno (stdin
), buf
, sizeof (buf
) - 1, 0) != sizeof (buf
) - 1
774 || memcmp (buf
, "abcdefgh\n", 9))
776 if (pread (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1, sizeof (buf
) - 3)
778 || memcmp (buf
, "h\nABCDEFG", 9))
781 #if __USE_FORTIFY_LEVEL >= 1
783 if (pread (fileno (stdin
), buf
, sizeof (buf
) + 1, 2 * sizeof (buf
))
789 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) - 1, sizeof (buf
) - 2)
791 || memcmp (buf
, "\nABCDEFGH", 9))
793 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) - 1, 0) != sizeof (buf
) - 1
794 || memcmp (buf
, "abcdefgh\n", 9))
796 if (pread64 (fileno (stdin
), buf
, l0
+ sizeof (buf
) - 1, sizeof (buf
) - 3)
798 || memcmp (buf
, "h\nABCDEFG", 9))
801 #if __USE_FORTIFY_LEVEL >= 1
803 if (pread64 (fileno (stdin
), buf
, sizeof (buf
) + 1, 2 * sizeof (buf
))
809 if (freopen (temp_filename
, "r", stdin
) == NULL
)
811 puts ("could not open temporary file");
815 if (fseek (stdin
, 9 + 10 + 11, SEEK_SET
))
817 puts ("could not seek in test file");
821 #if __USE_FORTIFY_LEVEL >= 1
823 if (gets (buf
) != buf
)
828 /* Check whether missing N$ formats are detected. */
830 printf ("%3$d\n", 1, 2, 3, 4);
834 fprintf (stdout
, "%3$d\n", 1, 2, 3, 4);
838 sprintf (buf
, "%3$d\n", 1, 2, 3, 4);
842 snprintf (buf
, sizeof (buf
), "%3$d\n", 1, 2, 3, 4);
846 if (socketpair (PF_UNIX
, SOCK_STREAM
, 0, sp
))
850 const char *sendstr
= "abcdefgh\nABCDEFGH\n0123456789\n";
851 if (send (sp
[0], sendstr
, strlen (sendstr
), 0) != strlen (sendstr
))
855 if (recv (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
)
857 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
860 if (recv (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
)
861 != sizeof recvbuf
- 7
862 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
865 #if __USE_FORTIFY_LEVEL >= 1
867 if (recv (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
)
873 if (recv (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
)
874 != sizeof recvbuf
- 3)
880 struct sockaddr_un sa_un
;
883 if (recvfrom (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
, &sa_un
, &sl
)
885 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
889 if (recvfrom (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
,
890 &sa_un
, &sl
) != sizeof recvbuf
- 7
891 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
894 #if __USE_FORTIFY_LEVEL >= 1
897 if (recvfrom (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
, &sa_un
, &sl
)
904 if (recvfrom (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
,
905 &sa_un
, &sl
) != sizeof recvbuf
- 3)
914 char fname
[] = "/tmp/tst-chk1-dir-XXXXXX\0foo";
915 char *enddir
= strchr (fname
, '\0');
916 if (mkdtemp (fname
) == NULL
)
918 printf ("mkdtemp failed: %m\n");
922 if (symlink ("bar", fname
) != 0)
926 if (readlink (fname
, readlinkbuf
, 4) != 3
927 || memcmp (readlinkbuf
, "bar", 3) != 0)
929 if (readlink (fname
, readlinkbuf
+ 1, l0
+ 3) != 3
930 || memcmp (readlinkbuf
, "bbar", 4) != 0)
933 #if __USE_FORTIFY_LEVEL >= 1
935 if (readlink (fname
, readlinkbuf
+ 2, l0
+ 3) != 3)
940 if (readlink (fname
, readlinkbuf
+ 3, 4) != 3)
945 char *cwd1
= getcwd (NULL
, 0);
949 char *cwd2
= getcwd (NULL
, 250);
955 if (strcmp (cwd1
, cwd2
) != 0)
962 char *cwd3
= getcwd (NULL
, 0);
965 if (strcmp (fname
, cwd3
) != 0)
966 printf ("getcwd after chdir is '%s' != '%s',"
967 "get{c,}wd tests skipped\n", cwd3
, fname
);
970 char getcwdbuf
[sizeof fname
- 3];
972 char *cwd4
= getcwd (getcwdbuf
, sizeof getcwdbuf
);
973 if (cwd4
!= getcwdbuf
974 || strcmp (getcwdbuf
, fname
) != 0)
977 cwd4
= getcwd (getcwdbuf
+ 1, l0
+ sizeof getcwdbuf
- 1);
978 if (cwd4
!= getcwdbuf
+ 1
979 || getcwdbuf
[0] != fname
[0]
980 || strcmp (getcwdbuf
+ 1, fname
) != 0)
983 #if __USE_FORTIFY_LEVEL >= 1
985 if (getcwd (getcwdbuf
+ 2, l0
+ sizeof getcwdbuf
)
991 if (getcwd (getcwdbuf
+ 2, sizeof getcwdbuf
)
997 if (getwd (getcwdbuf
) != getcwdbuf
998 || strcmp (getcwdbuf
, fname
) != 0)
1001 if (getwd (getcwdbuf
+ 1) != getcwdbuf
+ 1
1002 || strcmp (getcwdbuf
+ 1, fname
) != 0)
1005 #if __USE_FORTIFY_LEVEL >= 1
1007 if (getwd (getcwdbuf
+ 2) != getcwdbuf
+ 2)
1013 if (chdir (cwd1
) != 0)
1021 if (unlink (fname
) != 0)
1025 if (rmdir (fname
) != 0)
1030 char largebuf
[PATH_MAX
];
1031 char *realres
= realpath (".", largebuf
);
1033 #if __USE_FORTIFY_LEVEL >= 1
1036 realres
= realpath (".", realbuf
);
1040 if (setlocale (LC_ALL
, "de_DE.UTF-8") != NULL
)
1042 /* First a simple test. */
1043 char enough
[MB_CUR_MAX
];
1044 if (wctomb (enough
, L
'A') != 1)
1046 puts ("first wctomb test failed");
1050 #if __USE_FORTIFY_LEVEL >= 1
1051 /* We know the wchar_t encoding is ISO 10646. So pick a
1052 character which has a multibyte representation which does not
1056 if (wctomb (smallbuf
, L
'\x100') != 2)
1058 puts ("second wctomb test failed");
1065 memset (&s
, '\0', sizeof (s
));
1066 if (wcrtomb (enough
, L
'A', &s
) != 1)
1068 puts ("first wcrtomb test failed");
1072 #if __USE_FORTIFY_LEVEL >= 1
1073 /* We know the wchar_t encoding is ISO 10646. So pick a
1074 character which has a multibyte representation which does not
1078 if (wcrtomb (smallbuf
, L
'\x100', &s
) != 2)
1080 puts ("second wcrtomb test failed");
1086 wchar_t wenough
[10];
1087 memset (&s
, '\0', sizeof (s
));
1088 const char *cp
= "A";
1089 if (mbsrtowcs (wenough
, &cp
, 10, &s
) != 1)
1091 puts ("first mbsrtowcs test failed");
1095 #if __USE_FORTIFY_LEVEL >= 1
1096 /* We know the wchar_t encoding is ISO 10646. So pick a
1097 character which has a multibyte representation which does not
1100 wchar_t wsmallbuf
[2];
1102 mbsrtowcs (wsmallbuf
, &cp
, 10, &s
);
1106 memset (&s
, '\0', sizeof (s
));
1108 if (mbsnrtowcs (wenough
, &cp
, 1, 10, &s
) != 1)
1110 puts ("first mbsnrtowcs test failed");
1114 #if __USE_FORTIFY_LEVEL >= 1
1115 /* We know the wchar_t encoding is ISO 10646. So pick a
1116 character which has a multibyte representation which does not
1119 wchar_t wsmallbuf
[2];
1121 mbsnrtowcs (wsmallbuf
, &cp
, 3, 10, &s
);
1125 memset (&s
, '\0', sizeof (s
));
1126 const wchar_t *wcp
= L
"A";
1127 if (wcsrtombs (enough
, &wcp
, 10, &s
) != 1)
1129 puts ("first wcsrtombs test failed");
1133 #if __USE_FORTIFY_LEVEL >= 1
1134 /* We know the wchar_t encoding is ISO 10646. So pick a
1135 character which has a multibyte representation which does not
1140 wcsrtombs (smallbuf
, &wcp
, 10, &s
);
1144 memset (&s
, '\0', sizeof (s
));
1146 if (wcsnrtombs (enough
, &wcp
, 1, 10, &s
) != 1)
1148 puts ("first wcsnrtombs test failed");
1152 #if __USE_FORTIFY_LEVEL >= 1
1153 /* We know the wchar_t encoding is ISO 10646. So pick a
1154 character which has a multibyte representation which does not
1159 wcsnrtombs (smallbuf
, &wcp
, 3, 10, &s
);
1165 puts ("cannot set locale");
1169 fd
= posix_openpt (O_RDWR
);
1173 if (ptsname_r (fd
, enough
, sizeof (enough
)) != 0)
1175 puts ("first ptsname_r failed");
1179 #if __USE_FORTIFY_LEVEL >= 1
1182 if (ptsname_r (fd
, smallbuf
, sizeof (smallbuf
) + 1) == 0)
1184 puts ("second ptsname_r somehow suceeded");
1192 confstr (_CS_GNU_LIBC_VERSION
, largebuf
, sizeof (largebuf
));
1193 #if __USE_FORTIFY_LEVEL >= 1
1196 confstr (_CS_GNU_LIBC_VERSION
, smallbuf
, sizeof (largebuf
));
1201 int ngr
= getgroups (5, grpslarge
);
1202 #if __USE_FORTIFY_LEVEL >= 1
1205 ngr
= getgroups (5, (gid_t
*) smallbuf
);
1209 fd
= open (_PATH_TTY
, O_RDONLY
);
1213 if (ttyname_r (fd
, enough
, sizeof (enough
)) != 0)
1215 puts ("first ttyname_r failed");
1219 #if __USE_FORTIFY_LEVEL >= 1
1222 if (ttyname_r (fd
, smallbuf
, sizeof (smallbuf
) + 1) == 0)
1224 puts ("second ttyname_r somehow suceeded");
1232 char hostnamelarge
[1000];
1233 gethostname (hostnamelarge
, sizeof (hostnamelarge
));
1234 #if __USE_FORTIFY_LEVEL >= 1
1237 gethostname (smallbuf
, sizeof (hostnamelarge
));
1241 char loginlarge
[1000];
1242 getlogin_r (loginlarge
, sizeof (hostnamelarge
));
1243 #if __USE_FORTIFY_LEVEL >= 1
1246 getlogin_r (smallbuf
, sizeof (loginlarge
));
1250 char domainnamelarge
[1000];
1251 int res
= getdomainname (domainnamelarge
, sizeof (domainnamelarge
));
1252 #if __USE_FORTIFY_LEVEL >= 1
1255 res
= getdomainname (smallbuf
, sizeof (domainnamelarge
));