search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
* wcsmbs/bits/wchar2.h (swprintf): Remove format argument.
[glibc.git] / debug / tst-chk1.c
blobc22c2e8fc223d5252b05f582aff3494d51082572
1 /* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
4
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
9
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
14
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
18 02111-1307 USA. */
19
20 /* Hack: make sure GCC doesn't know __chk_fail () will not return. */
21 #define __noreturn__
22
23 #include <fcntl.h>
24 #include <locale.h>
25 #include <paths.h>
26 #include <setjmp.h>
27 #include <signal.h>
28 #include <stdio.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <unistd.h>
32 #include <wchar.h>
33 #include <sys/socket.h>
34 #include <sys/un.h>
35
36 char *temp_filename;
37 static void do_prepare (void);
38 static int do_test (void);
39 #define PREPARE(argc, argv) do_prepare ()
40 #define TEST_FUNCTION do_test ()
41 #include "../test-skeleton.c"
42
43 static void
44 do_prepare (void)
45 {
46 int temp_fd = create_temp_file ("tst-chk1.", &temp_filename);
47 if (temp_fd == -1)
48 {
49 printf ("cannot create temporary file: %m\n");
50 exit (1);
51 }
52
53 const char *strs = "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
54 if (write (temp_fd, strs, strlen (strs)) != strlen (strs))
55 {
56 puts ("could not write test strings into file");
57 unlink (temp_filename);
58 exit (1);
59 }
60 }
61
62 volatile int chk_fail_ok;
63 volatile int ret;
64 jmp_buf chk_fail_buf;
65
66 static void
67 handler (int sig)
68 {
69 if (chk_fail_ok)
70 {
71 chk_fail_ok = 0;
72 longjmp (chk_fail_buf, 1);
73 }
74 else
75 _exit (127);
76 }
77
78 char buf[10];
79 wchar_t wbuf[10];
80 volatile size_t l0;
81 volatile char *p;
82 volatile wchar_t *wp;
83 const char *str1 = "JIHGFEDCBA";
84 const char *str2 = "F";
85 const char *str3 = "%s%n%s%n";
86 const char *str4 = "Hello, ";
87 const char *str5 = "World!\n";
88 const wchar_t *wstr1 = L"JIHGFEDCBA";
89 const wchar_t *wstr2 = L"F";
90 const wchar_t *wstr3 = L"%s%n%s%n";
91 const wchar_t *wstr4 = L"Hello, ";
92 const wchar_t *wstr5 = L"World!\n";
93 char buf2[10] = "%s";
94 int num1 = 67;
95 int num2 = 987654;
96
97 #define FAIL() \
98 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
99 #define CHK_FAIL_START \
100 chk_fail_ok = 1; \
101 if (! setjmp (chk_fail_buf)) \
102 {
103 #define CHK_FAIL_END \
104 chk_fail_ok = 0; \
105 FAIL (); \
106 }
107 #if __USE_FORTIFY_LEVEL >= 2
108 #define CHK_FAIL2_START CHK_FAIL_START
109 #define CHK_FAIL2_END CHK_FAIL_END
110 #else
111 #define CHK_FAIL2_START
112 #define CHK_FAIL2_END
113 #endif
114
115 static int
116 do_test (void)
117 {
118 struct sigaction sa;
119 sa.sa_handler = handler;
120 sa.sa_flags = 0;
121 sigemptyset (&sa.sa_mask);
122
123 sigaction (SIGABRT, &sa, NULL);
124
125 /* Avoid all the buffer overflow messages on stderr. */
126 int fd = open (_PATH_DEVNULL, O_WRONLY);
127 if (fd == -1)
128 close (STDERR_FILENO);
129 else
130 {
131 dup2 (fd, STDERR_FILENO);
132 close (fd);
133 }
134 setenv ("LIBC_FATAL_STDERR_", "1", 1);
135
136 struct A { char buf1[9]; char buf2[1]; } a;
137 struct wA { wchar_t buf1[9]; wchar_t buf2[1]; } wa;
138
139 printf ("Test checking routines at fortify level %d\n",
140 #ifdef __USE_FORTIFY_LEVEL
141 (int) __USE_FORTIFY_LEVEL
142 #else
143 0
144 #endif
145 );
146
147 /* These ops can be done without runtime checking of object size. */
148 memcpy (buf, "abcdefghij", 10);
149 memmove (buf + 1, buf, 9);
150 if (memcmp (buf, "aabcdefghi", 10))
151 FAIL ();
152
153 if (mempcpy (buf + 5, "abcde", 5) != buf + 10
154 || memcmp (buf, "aabcdabcde", 10))
155 FAIL ();
156
157 memset (buf + 8, 'j', 2);
158 if (memcmp (buf, "aabcdabcjj", 10))
159 FAIL ();
160
161 strcpy (buf + 4, "EDCBA");
162 if (memcmp (buf, "aabcEDCBA", 10))
163 FAIL ();
164
165 if (stpcpy (buf + 8, "F") != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
166 FAIL ();
167
168 strncpy (buf + 6, "X", 4);
169 if (memcmp (buf, "aabcEDX\0\0", 10))
170 FAIL ();
171
172 if (sprintf (buf + 7, "%s", "67") != 2 || memcmp (buf, "aabcEDX67", 10))
173 FAIL ();
174
175 if (snprintf (buf + 7, 3, "%s", "987654") != 6
176 || memcmp (buf, "aabcEDX98", 10))
177 FAIL ();
178
179 /* These ops need runtime checking, but shouldn't __chk_fail. */
180 memcpy (buf, "abcdefghij", l0 + 10);
181 memmove (buf + 1, buf, l0 + 9);
182 if (memcmp (buf, "aabcdefghi", 10))
183 FAIL ();
184
185 if (mempcpy (buf + 5, "abcde", l0 + 5) != buf + 10
186 || memcmp (buf, "aabcdabcde", 10))
187 FAIL ();
188
189 memset (buf + 8, 'j', l0 + 2);
190 if (memcmp (buf, "aabcdabcjj", 10))
191 FAIL ();
192
193 strcpy (buf + 4, str1 + 5);
194 if (memcmp (buf, "aabcEDCBA", 10))
195 FAIL ();
196
197 if (stpcpy (buf + 8, str2) != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
198 FAIL ();
199
200 strncpy (buf + 6, "X", l0 + 4);
201 if (memcmp (buf, "aabcEDX\0\0", 10))
202 FAIL ();
203
204 if (stpncpy (buf + 5, "cd", l0 + 5) != buf + 7
205 || memcmp (buf, "aabcEcd\0\0", 10))
206 FAIL ();
207
208 if (sprintf (buf + 7, "%d", num1) != 2 || memcmp (buf, "aabcEcd67", 10))
209 FAIL ();
210
211 if (snprintf (buf + 7, 3, "%d", num2) != 6 || memcmp (buf, "aabcEcd98", 10))
212 FAIL ();
213
214 buf[l0 + 8] = '\0';
215 strcat (buf, "A");
216 if (memcmp (buf, "aabcEcd9A", 10))
217 FAIL ();
218
219 buf[l0 + 7] = '\0';
220 strncat (buf, "ZYXWV", l0 + 2);
221 if (memcmp (buf, "aabcEcdZY", 10))
222 FAIL ();
223
224 memcpy (a.buf1, "abcdefghij", l0 + 10);
225 memmove (a.buf1 + 1, a.buf1, l0 + 9);
226 if (memcmp (a.buf1, "aabcdefghi", 10))
227 FAIL ();
228
229 if (mempcpy (a.buf1 + 5, "abcde", l0 + 5) != a.buf1 + 10
230 || memcmp (a.buf1, "aabcdabcde", 10))
231 FAIL ();
232
233 memset (a.buf1 + 8, 'j', l0 + 2);
234 if (memcmp (a.buf1, "aabcdabcjj", 10))
235 FAIL ();
236
237 #if __USE_FORTIFY_LEVEL < 2 || !__GNUC_PREREQ (4, 0)
238 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
239 and sufficient GCC support, as the string operations overflow
240 from a.buf1 into a.buf2. */
241 strcpy (a.buf1 + 4, str1 + 5);
242 if (memcmp (a.buf1, "aabcEDCBA", 10))
243 FAIL ();
244
245 if (stpcpy (a.buf1 + 8, str2) != a.buf1 + 9
246 || memcmp (a.buf1, "aabcEDCBF", 10))
247 FAIL ();
248
249 strncpy (a.buf1 + 6, "X", l0 + 4);
250 if (memcmp (a.buf1, "aabcEDX\0\0", 10))
251 FAIL ();
252
253 if (sprintf (a.buf1 + 7, "%d", num1) != 2
254 || memcmp (a.buf1, "aabcEDX67", 10))
255 FAIL ();
256
257 if (snprintf (a.buf1 + 7, 3, "%d", num2) != 6
258 || memcmp (a.buf1, "aabcEDX98", 10))
259 FAIL ();
260
261 a.buf1[l0 + 8] = '\0';
262 strcat (a.buf1, "A");
263 if (memcmp (a.buf1, "aabcEDX9A", 10))
264 FAIL ();
265
266 a.buf1[l0 + 7] = '\0';
267 strncat (a.buf1, "ZYXWV", l0 + 2);
268 if (memcmp (a.buf1, "aabcEDXZY", 10))
269 FAIL ();
270
271 #endif
272
273 #if __USE_FORTIFY_LEVEL >= 1
274 /* Now check if all buffer overflows are caught at runtime. */
275
276 CHK_FAIL_START
277 memcpy (buf + 1, "abcdefghij", l0 + 10);
278 CHK_FAIL_END
279
280 CHK_FAIL_START
281 memmove (buf + 2, buf + 1, l0 + 9);
282 CHK_FAIL_END
283
284 CHK_FAIL_START
285 p = mempcpy (buf + 6, "abcde", l0 + 5);
286 CHK_FAIL_END
287
288 CHK_FAIL_START
289 memset (buf + 9, 'j', l0 + 2);
290 CHK_FAIL_END
291
292 CHK_FAIL_START
293 strcpy (buf + 5, str1 + 5);
294 CHK_FAIL_END
295
296 CHK_FAIL_START
297 p = stpcpy (buf + 9, str2);
298 CHK_FAIL_END
299
300 CHK_FAIL_START
301 strncpy (buf + 7, "X", l0 + 4);
302 CHK_FAIL_END
303
304 CHK_FAIL_START
305 stpncpy (buf + 6, "cd", l0 + 5);
306 CHK_FAIL_END
307
308 CHK_FAIL_START
309 sprintf (buf + 8, "%d", num1);
310 CHK_FAIL_END
311
312 CHK_FAIL_START
313 snprintf (buf + 8, l0 + 3, "%d", num2);
314 CHK_FAIL_END
315
316 memcpy (buf, str1 + 2, l0 + 9);
317 CHK_FAIL_START
318 strcat (buf, "AB");
319 CHK_FAIL_END
320
321 memcpy (buf, str1 + 3, l0 + 8);
322 CHK_FAIL_START
323 strncat (buf, "ZYXWV", l0 + 3);
324 CHK_FAIL_END
325
326 CHK_FAIL_START
327 memcpy (a.buf1 + 1, "abcdefghij", l0 + 10);
328 CHK_FAIL_END
329
330 CHK_FAIL_START
331 memmove (a.buf1 + 2, a.buf1 + 1, l0 + 9);
332 CHK_FAIL_END
333
334 CHK_FAIL_START
335 p = mempcpy (a.buf1 + 6, "abcde", l0 + 5);
336 CHK_FAIL_END
337
338 CHK_FAIL_START
339 memset (a.buf1 + 9, 'j', l0 + 2);
340 CHK_FAIL_END
341
342 #if __USE_FORTIFY_LEVEL >= 2 && __GNUC_PREREQ (4, 0)
343 # define O 0
344 #else
345 # define O 1
346 #endif
347
348 CHK_FAIL_START
349 strcpy (a.buf1 + (O + 4), str1 + 5);
350 CHK_FAIL_END
351
352 CHK_FAIL_START
353 p = stpcpy (a.buf1 + (O + 8), str2);
354 CHK_FAIL_END
355
356 CHK_FAIL_START
357 strncpy (a.buf1 + (O + 6), "X", l0 + 4);
358 CHK_FAIL_END
359
360 CHK_FAIL_START
361 sprintf (a.buf1 + (O + 7), "%d", num1);
362 CHK_FAIL_END
363
364 CHK_FAIL_START
365 snprintf (a.buf1 + (O + 7), l0 + 3, "%d", num2);
366 CHK_FAIL_END
367
368 memcpy (a.buf1, str1 + (3 - O), l0 + 8 + O);
369 CHK_FAIL_START
370 strcat (a.buf1, "AB");
371 CHK_FAIL_END
372
373 memcpy (a.buf1, str1 + (4 - O), l0 + 7 + O);
374 CHK_FAIL_START
375 strncat (a.buf1, "ZYXWV", l0 + 3);
376 CHK_FAIL_END
377 #endif
378
379
380 /* These ops can be done without runtime checking of object size. */
381 wmemcpy (wbuf, L"abcdefghij", 10);
382 wmemmove (wbuf + 1, wbuf, 9);
383 if (wmemcmp (wbuf, L"aabcdefghi", 10))
384 FAIL ();
385
386 if (wmempcpy (wbuf + 5, L"abcde", 5) != wbuf + 10
387 || wmemcmp (wbuf, L"aabcdabcde", 10))
388 FAIL ();
389
390 wmemset (wbuf + 8, L'j', 2);
391 if (wmemcmp (wbuf, L"aabcdabcjj", 10))
392 FAIL ();
393
394 wcscpy (wbuf + 4, L"EDCBA");
395 if (wmemcmp (wbuf, L"aabcEDCBA", 10))
396 FAIL ();
397
398 if (wcpcpy (wbuf + 8, L"F") != wbuf + 9 || wmemcmp (wbuf, L"aabcEDCBF", 10))
399 FAIL ();
400
401 wcsncpy (wbuf + 6, L"X", 4);
402 if (wmemcmp (wbuf, L"aabcEDX\0\0", 10))
403 FAIL ();
404
405 if (swprintf (wbuf + 7, 3, L"%ls", L"987654") >= 0
406 || wmemcmp (wbuf, L"aabcEDX98", 10))
407 FAIL ();
408
409 if (swprintf (wbuf + 7, 3, L"64") != 2
410 || wmemcmp (wbuf, L"aabcEDX64", 10))
411 FAIL ();
412
413 /* These ops need runtime checking, but shouldn't __chk_fail. */
414 wmemcpy (wbuf, L"abcdefghij", l0 + 10);
415 wmemmove (wbuf + 1, wbuf, l0 + 9);
416 if (wmemcmp (wbuf, L"aabcdefghi", 10))
417 FAIL ();
418
419 if (wmempcpy (wbuf + 5, L"abcde", l0 + 5) != wbuf + 10
420 || wmemcmp (wbuf, L"aabcdabcde", 10))
421 FAIL ();
422
423 wmemset (wbuf + 8, L'j', l0 + 2);
424 if (wmemcmp (wbuf, L"aabcdabcjj", 10))
425 FAIL ();
426
427 wcscpy (wbuf + 4, wstr1 + 5);
428 if (wmemcmp (wbuf, L"aabcEDCBA", 10))
429 FAIL ();
430
431 if (wcpcpy (wbuf + 8, wstr2) != wbuf + 9 || wmemcmp (wbuf, L"aabcEDCBF", 10))
432 FAIL ();
433
434 wcsncpy (wbuf + 6, L"X", l0 + 4);
435 if (wmemcmp (wbuf, L"aabcEDX\0\0", 10))
436 FAIL ();
437
438 if (wcpncpy (wbuf + 5, L"cd", l0 + 5) != wbuf + 7
439 || wmemcmp (wbuf, L"aabcEcd\0\0", 10))
440 FAIL ();
441
442 if (swprintf (wbuf + 7, 3, L"%d", num2) >= 0
443 || wmemcmp (wbuf, L"aabcEcd98", 10))
444 FAIL ();
445
446 wbuf[l0 + 8] = L'\0';
447 wcscat (wbuf, L"A");
448 if (wmemcmp (wbuf, L"aabcEcd9A", 10))
449 FAIL ();
450
451 wbuf[l0 + 7] = L'\0';
452 wcsncat (wbuf, L"ZYXWV", l0 + 2);
453 if (wmemcmp (wbuf, L"aabcEcdZY", 10))
454 FAIL ();
455
456 wmemcpy (wa.buf1, L"abcdefghij", l0 + 10);
457 wmemmove (wa.buf1 + 1, wa.buf1, l0 + 9);
458 if (wmemcmp (wa.buf1, L"aabcdefghi", 10))
459 FAIL ();
460
461 if (wmempcpy (wa.buf1 + 5, L"abcde", l0 + 5) != wa.buf1 + 10
462 || wmemcmp (wa.buf1, L"aabcdabcde", 10))
463 FAIL ();
464
465 wmemset (wa.buf1 + 8, L'j', l0 + 2);
466 if (wmemcmp (wa.buf1, L"aabcdabcjj", 10))
467 FAIL ();
468
469 #if __USE_FORTIFY_LEVEL < 2
470 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
471 and sufficient GCC support, as the string operations overflow
472 from a.buf1 into a.buf2. */
473 wcscpy (wa.buf1 + 4, wstr1 + 5);
474 if (wmemcmp (wa.buf1, L"aabcEDCBA", 10))
475 FAIL ();
476
477 if (wcpcpy (wa.buf1 + 8, wstr2) != wa.buf1 + 9
478 || wmemcmp (wa.buf1, L"aabcEDCBF", 10))
479 FAIL ();
480
481 wcsncpy (wa.buf1 + 6, L"X", l0 + 4);
482 if (wmemcmp (wa.buf1, L"aabcEDX\0\0", 10))
483 FAIL ();
484
485 if (swprintf (wa.buf1 + 7, 3, L"%d", num2) >= 0
486 || wmemcmp (wa.buf1, L"aabcEDX98", 10))
487 FAIL ();
488
489 wa.buf1[l0 + 8] = L'\0';
490 wcscat (wa.buf1, L"A");
491 if (wmemcmp (wa.buf1, L"aabcEDX9A", 10))
492 FAIL ();
493
494 wa.buf1[l0 + 7] = L'\0';
495 wcsncat (wa.buf1, L"ZYXWV", l0 + 2);
496 if (wmemcmp (wa.buf1, L"aabcEDXZY", 10))
497 FAIL ();
498
499 #endif
500
501 #if __USE_FORTIFY_LEVEL >= 1
502 /* Now check if all buffer overflows are caught at runtime. */
503
504 CHK_FAIL_START
505 wmemcpy (wbuf + 1, L"abcdefghij", l0 + 10);
506 CHK_FAIL_END
507
508 CHK_FAIL_START
509 wmemmove (wbuf + 2, wbuf + 1, l0 + 9);
510 CHK_FAIL_END
511
512 CHK_FAIL_START
513 wp = wmempcpy (wbuf + 6, L"abcde", l0 + 5);
514 CHK_FAIL_END
515
516 CHK_FAIL_START
517 wmemset (wbuf + 9, L'j', l0 + 2);
518 CHK_FAIL_END
519
520 CHK_FAIL_START
521 wcscpy (wbuf + 5, wstr1 + 5);
522 CHK_FAIL_END
523
524 CHK_FAIL_START
525 wp = wcpcpy (wbuf + 9, wstr2);
526 CHK_FAIL_END
527
528 CHK_FAIL_START
529 wcsncpy (wbuf + 7, L"X", l0 + 4);
530 CHK_FAIL_END
531
532 CHK_FAIL_START
533 wcpncpy (wbuf + 6, L"cd", l0 + 5);
534 CHK_FAIL_END
535
536 wmemcpy (wbuf, wstr1 + 2, l0 + 9);
537 CHK_FAIL_START
538 wcscat (wbuf, L"AB");
539 CHK_FAIL_END
540
541 wmemcpy (wbuf, wstr1 + 3, l0 + 8);
542 CHK_FAIL_START
543 wcsncat (wbuf, L"ZYXWV", l0 + 3);
544 CHK_FAIL_END
545
546 CHK_FAIL_START
547 wmemcpy (wa.buf1 + 1, L"abcdefghij", l0 + 10);
548 CHK_FAIL_END
549
550 CHK_FAIL_START
551 wmemmove (wa.buf1 + 2, wa.buf1 + 1, l0 + 9);
552 CHK_FAIL_END
553
554 CHK_FAIL_START
555 wp = wmempcpy (wa.buf1 + 6, L"abcde", l0 + 5);
556 CHK_FAIL_END
557
558 CHK_FAIL_START
559 wmemset (wa.buf1 + 9, L'j', l0 + 2);
560 CHK_FAIL_END
561
562 #if __USE_FORTIFY_LEVEL >= 2
563 # define O 0
564 #else
565 # define O 1
566 #endif
567
568 CHK_FAIL_START
569 wcscpy (wa.buf1 + (O + 4), wstr1 + 5);
570 CHK_FAIL_END
571
572 CHK_FAIL_START
573 wp = wcpcpy (wa.buf1 + (O + 8), wstr2);
574 CHK_FAIL_END
575
576 CHK_FAIL_START
577 wcsncpy (wa.buf1 + (O + 6), L"X", l0 + 4);
578 CHK_FAIL_END
579
580 wmemcpy (wa.buf1, wstr1 + (3 - O), l0 + 8 + O);
581 CHK_FAIL_START
582 wcscat (wa.buf1, L"AB");
583 CHK_FAIL_END
584
585 wmemcpy (wa.buf1, wstr1 + (4 - O), l0 + 7 + O);
586 CHK_FAIL_START
587 wcsncat (wa.buf1, L"ZYXWV", l0 + 3);
588 CHK_FAIL_END
589 #endif
590
591
592 /* Now checks for %n protection. */
593
594 /* Constant literals passed directly are always ok
595 (even with warnings about possible bugs from GCC). */
596 int n1, n2;
597 if (sprintf (buf, "%s%n%s%n", str2, &n1, str2, &n2) != 2
598 || n1 != 1 || n2 != 2)
599 FAIL ();
600
601 /* In this case the format string is not known at compile time,
602 but resides in read-only memory, so is ok. */
603 if (snprintf (buf, 4, str3, str2, &n1, str2, &n2) != 2
604 || n1 != 1 || n2 != 2)
605 FAIL ();
606
607 strcpy (buf2 + 2, "%n%s%n");
608 /* When the format string is writable and contains %n,
609 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
610 CHK_FAIL2_START
611 if (sprintf (buf, buf2, str2, &n1, str2, &n1) != 2)
612 FAIL ();
613 CHK_FAIL2_END
614
615 CHK_FAIL2_START
616 if (snprintf (buf, 3, buf2, str2, &n1, str2, &n1) != 2)
617 FAIL ();
618 CHK_FAIL2_END
619
620 /* But if there is no %n, even writable format string
621 should work. */
622 buf2[6] = '\0';
623 if (sprintf (buf, buf2 + 4, str2) != 1)
624 FAIL ();
625
626 /* Constant literals passed directly are always ok
627 (even with warnings about possible bugs from GCC). */
628 if (printf ("%s%n%s%n", str4, &n1, str5, &n2) != 14
629 || n1 != 7 || n2 != 14)
630 FAIL ();
631
632 /* In this case the format string is not known at compile time,
633 but resides in read-only memory, so is ok. */
634 if (printf (str3, str4, &n1, str5, &n2) != 14
635 || n1 != 7 || n2 != 14)
636 FAIL ();
637
638 strcpy (buf2 + 2, "%n%s%n");
639 /* When the format string is writable and contains %n,
640 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
641 CHK_FAIL2_START
642 if (printf (buf2, str4, &n1, str5, &n1) != 14)
643 FAIL ();
644 CHK_FAIL2_END
645
646 /* But if there is no %n, even writable format string
647 should work. */
648 buf2[6] = '\0';
649 if (printf (buf2 + 4, str5) != 7)
650 FAIL ();
651
652 FILE *fp = stdout;
653
654 /* Constant literals passed directly are always ok
655 (even with warnings about possible bugs from GCC). */
656 if (fprintf (fp, "%s%n%s%n", str4, &n1, str5, &n2) != 14
657 || n1 != 7 || n2 != 14)
658 FAIL ();
659
660 /* In this case the format string is not known at compile time,
661 but resides in read-only memory, so is ok. */
662 if (fprintf (fp, str3, str4, &n1, str5, &n2) != 14
663 || n1 != 7 || n2 != 14)
664 FAIL ();
665
666 strcpy (buf2 + 2, "%n%s%n");
667 /* When the format string is writable and contains %n,
668 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
669 CHK_FAIL2_START
670 if (fprintf (fp, buf2, str4, &n1, str5, &n1) != 14)
671 FAIL ();
672 CHK_FAIL2_END
673
674 /* But if there is no %n, even writable format string
675 should work. */
676 buf2[6] = '\0';
677 if (fprintf (fp, buf2 + 4, str5) != 7)
678 FAIL ();
679
680 if (freopen (temp_filename, "r", stdin) == NULL)
681 {
682 puts ("could not open temporary file");
683 exit (1);
684 }
685
686 if (gets (buf) != buf || memcmp (buf, "abcdefgh", 9))
687 FAIL ();
688 if (gets (buf) != buf || memcmp (buf, "ABCDEFGHI", 10))
689 FAIL ();
690
691 #if __USE_FORTIFY_LEVEL >= 1
692 CHK_FAIL_START
693 if (gets (buf) != buf)
694 FAIL ();
695 CHK_FAIL_END
696 #endif
697
698 rewind (stdin);
699
700 if (fgets (buf, sizeof (buf), stdin) != buf
701 || memcmp (buf, "abcdefgh\n", 10))
702 FAIL ();
703 if (fgets (buf, sizeof (buf), stdin) != buf || memcmp (buf, "ABCDEFGHI", 10))
704 FAIL ();
705
706 rewind (stdin);
707
708 if (fgets (buf, l0 + sizeof (buf), stdin) != buf
709 || memcmp (buf, "abcdefgh\n", 10))
710 FAIL ();
711
712 #if __USE_FORTIFY_LEVEL >= 1
713 CHK_FAIL_START
714 if (fgets (buf, sizeof (buf) + 1, stdin) != buf)
715 FAIL ();
716 CHK_FAIL_END
717
718 CHK_FAIL_START
719 if (fgets (buf, l0 + sizeof (buf) + 1, stdin) != buf)
720 FAIL ();
721 CHK_FAIL_END
722 #endif
723
724 rewind (stdin);
725
726 if (fgets_unlocked (buf, sizeof (buf), stdin) != buf
727 || memcmp (buf, "abcdefgh\n", 10))
728 FAIL ();
729 if (fgets_unlocked (buf, sizeof (buf), stdin) != buf
730 || memcmp (buf, "ABCDEFGHI", 10))
731 FAIL ();
732
733 rewind (stdin);
734
735 if (fgets_unlocked (buf, l0 + sizeof (buf), stdin) != buf
736 || memcmp (buf, "abcdefgh\n", 10))
737 FAIL ();
738
739 #if __USE_FORTIFY_LEVEL >= 1
740 CHK_FAIL_START
741 if (fgets_unlocked (buf, sizeof (buf) + 1, stdin) != buf)
742 FAIL ();
743 CHK_FAIL_END
744
745 CHK_FAIL_START
746 if (fgets_unlocked (buf, l0 + sizeof (buf) + 1, stdin) != buf)
747 FAIL ();
748 CHK_FAIL_END
749 #endif
750
751 lseek (fileno (stdin), 0, SEEK_SET);
752
753 if (read (fileno (stdin), buf, sizeof (buf) - 1) != sizeof (buf) - 1
754 || memcmp (buf, "abcdefgh\n", 9))
755 FAIL ();
756 if (read (fileno (stdin), buf, sizeof (buf) - 1) != sizeof (buf) - 1
757 || memcmp (buf, "ABCDEFGHI", 9))
758 FAIL ();
759
760 lseek (fileno (stdin), 0, SEEK_SET);
761
762 if (read (fileno (stdin), buf, l0 + sizeof (buf) - 1) != sizeof (buf) - 1
763 || memcmp (buf, "abcdefgh\n", 9))
764 FAIL ();
765
766 #if __USE_FORTIFY_LEVEL >= 1
767 CHK_FAIL_START
768 if (read (fileno (stdin), buf, sizeof (buf) + 1) != sizeof (buf) + 1)
769 FAIL ();
770 CHK_FAIL_END
771 #endif
772
773 if (pread (fileno (stdin), buf, sizeof (buf) - 1, sizeof (buf) - 2)
774 != sizeof (buf) - 1
775 || memcmp (buf, "\nABCDEFGH", 9))
776 FAIL ();
777 if (pread (fileno (stdin), buf, sizeof (buf) - 1, 0) != sizeof (buf) - 1
778 || memcmp (buf, "abcdefgh\n", 9))
779 FAIL ();
780 if (pread (fileno (stdin), buf, l0 + sizeof (buf) - 1, sizeof (buf) - 3)
781 != sizeof (buf) - 1
782 || memcmp (buf, "h\nABCDEFG", 9))
783 FAIL ();
784
785 #if __USE_FORTIFY_LEVEL >= 1
786 CHK_FAIL_START
787 if (pread (fileno (stdin), buf, sizeof (buf) + 1, 2 * sizeof (buf))
788 != sizeof (buf) + 1)
789 FAIL ();
790 CHK_FAIL_END
791 #endif
792
793 if (pread64 (fileno (stdin), buf, sizeof (buf) - 1, sizeof (buf) - 2)
794 != sizeof (buf) - 1
795 || memcmp (buf, "\nABCDEFGH", 9))
796 FAIL ();
797 if (pread64 (fileno (stdin), buf, sizeof (buf) - 1, 0) != sizeof (buf) - 1
798 || memcmp (buf, "abcdefgh\n", 9))
799 FAIL ();
800 if (pread64 (fileno (stdin), buf, l0 + sizeof (buf) - 1, sizeof (buf) - 3)
801 != sizeof (buf) - 1
802 || memcmp (buf, "h\nABCDEFG", 9))
803 FAIL ();
804
805 #if __USE_FORTIFY_LEVEL >= 1
806 CHK_FAIL_START
807 if (pread64 (fileno (stdin), buf, sizeof (buf) + 1, 2 * sizeof (buf))
808 != sizeof (buf) + 1)
809 FAIL ();
810 CHK_FAIL_END
811 #endif
812
813 if (freopen (temp_filename, "r", stdin) == NULL)
814 {
815 puts ("could not open temporary file");
816 exit (1);
817 }
818
819 if (fseek (stdin, 9 + 10 + 11, SEEK_SET))
820 {
821 puts ("could not seek in test file");
822 exit (1);
823 }
824
825 #if __USE_FORTIFY_LEVEL >= 1
826 CHK_FAIL_START
827 if (gets (buf) != buf)
828 FAIL ();
829 CHK_FAIL_END
830 #endif
831
832 /* Check whether missing N$ formats are detected. */
833 CHK_FAIL2_START
834 printf ("%3$d\n", 1, 2, 3, 4);
835 CHK_FAIL2_END
836
837 CHK_FAIL2_START
838 fprintf (stdout, "%3$d\n", 1, 2, 3, 4);
839 CHK_FAIL2_END
840
841 CHK_FAIL2_START
842 sprintf (buf, "%3$d\n", 1, 2, 3, 4);
843 CHK_FAIL2_END
844
845 CHK_FAIL2_START
846 snprintf (buf, sizeof (buf), "%3$d\n", 1, 2, 3, 4);
847 CHK_FAIL2_END
848
849 int sp[2];
850 if (socketpair (PF_UNIX, SOCK_STREAM, 0, sp))
851 FAIL ();
852 else
853 {
854 const char *sendstr = "abcdefgh\nABCDEFGH\n0123456789\n";
855 if (send (sp[0], sendstr, strlen (sendstr), 0) != strlen (sendstr))
856 FAIL ();
857
858 char recvbuf[12];
859 if (recv (sp[1], recvbuf, sizeof recvbuf, MSG_PEEK)
860 != sizeof recvbuf
861 || memcmp (recvbuf, sendstr, sizeof recvbuf) != 0)
862 FAIL ();
863
864 if (recv (sp[1], recvbuf + 6, l0 + sizeof recvbuf - 7, MSG_PEEK)
865 != sizeof recvbuf - 7
866 || memcmp (recvbuf + 6, sendstr, sizeof recvbuf - 7) != 0)
867 FAIL ();
868
869 #if __USE_FORTIFY_LEVEL >= 1
870 CHK_FAIL_START
871 if (recv (sp[1], recvbuf + 1, sizeof recvbuf, MSG_PEEK)
872 != sizeof recvbuf)
873 FAIL ();
874 CHK_FAIL_END
875
876 CHK_FAIL_START
877 if (recv (sp[1], recvbuf + 4, l0 + sizeof recvbuf - 3, MSG_PEEK)
878 != sizeof recvbuf - 3)
879 FAIL ();
880 CHK_FAIL_END
881 #endif
882
883 socklen_t sl;
884 struct sockaddr_un sa_un;
885
886 sl = sizeof (sa_un);
887 if (recvfrom (sp[1], recvbuf, sizeof recvbuf, MSG_PEEK, &sa_un, &sl)
888 != sizeof recvbuf
889 || memcmp (recvbuf, sendstr, sizeof recvbuf) != 0)
890 FAIL ();
891
892 sl = sizeof (sa_un);
893 if (recvfrom (sp[1], recvbuf + 6, l0 + sizeof recvbuf - 7, MSG_PEEK,
894 &sa_un, &sl) != sizeof recvbuf - 7
895 || memcmp (recvbuf + 6, sendstr, sizeof recvbuf - 7) != 0)
896 FAIL ();
897
898 #if __USE_FORTIFY_LEVEL >= 1
899 CHK_FAIL_START
900 sl = sizeof (sa_un);
901 if (recvfrom (sp[1], recvbuf + 1, sizeof recvbuf, MSG_PEEK, &sa_un, &sl)
902 != sizeof recvbuf)
903 FAIL ();
904 CHK_FAIL_END
905
906 CHK_FAIL_START
907 sl = sizeof (sa_un);
908 if (recvfrom (sp[1], recvbuf + 4, l0 + sizeof recvbuf - 3, MSG_PEEK,
909 &sa_un, &sl) != sizeof recvbuf - 3)
910 FAIL ();
911 CHK_FAIL_END
912 #endif
913
914 close (sp[0]);
915 close (sp[1]);
916 }
917
918 char fname[] = "/tmp/tst-chk1-dir-XXXXXX\0foo";
919 char *enddir = strchr (fname, '\0');
920 if (mkdtemp (fname) == NULL)
921 {
922 printf ("mkdtemp failed: %m\n");
923 return 1;
924 }
925 *enddir = '/';
926 if (symlink ("bar", fname) != 0)
927 FAIL ();
928
929 char readlinkbuf[4];
930 if (readlink (fname, readlinkbuf, 4) != 3
931 || memcmp (readlinkbuf, "bar", 3) != 0)
932 FAIL ();
933 if (readlink (fname, readlinkbuf + 1, l0 + 3) != 3
934 || memcmp (readlinkbuf, "bbar", 4) != 0)
935 FAIL ();
936
937 #if __USE_FORTIFY_LEVEL >= 1
938 CHK_FAIL_START
939 if (readlink (fname, readlinkbuf + 2, l0 + 3) != 3)
940 FAIL ();
941 CHK_FAIL_END
942
943 CHK_FAIL_START
944 if (readlink (fname, readlinkbuf + 3, 4) != 3)
945 FAIL ();
946 CHK_FAIL_END
947 #endif
948
949 char *cwd1 = getcwd (NULL, 0);
950 if (cwd1 == NULL)
951 FAIL ();
952
953 char *cwd2 = getcwd (NULL, 250);
954 if (cwd2 == NULL)
955 FAIL ();
956
957 if (cwd1 && cwd2)
958 {
959 if (strcmp (cwd1, cwd2) != 0)
960 FAIL ();
961
962 *enddir = '\0';
963 if (chdir (fname))
964 FAIL ();
965
966 char *cwd3 = getcwd (NULL, 0);
967 if (cwd3 == NULL)
968 FAIL ();
969 if (strcmp (fname, cwd3) != 0)
970 printf ("getcwd after chdir is '%s' != '%s',"
971 "get{c,}wd tests skipped\n", cwd3, fname);
972 else
973 {
974 char getcwdbuf[sizeof fname - 3];
975
976 char *cwd4 = getcwd (getcwdbuf, sizeof getcwdbuf);
977 if (cwd4 != getcwdbuf
978 || strcmp (getcwdbuf, fname) != 0)
979 FAIL ();
980
981 cwd4 = getcwd (getcwdbuf + 1, l0 + sizeof getcwdbuf - 1);
982 if (cwd4 != getcwdbuf + 1
983 || getcwdbuf[0] != fname[0]
984 || strcmp (getcwdbuf + 1, fname) != 0)
985 FAIL ();
986
987 #if __USE_FORTIFY_LEVEL >= 1
988 CHK_FAIL_START
989 if (getcwd (getcwdbuf + 2, l0 + sizeof getcwdbuf)
990 != getcwdbuf + 2)
991 FAIL ();
992 CHK_FAIL_END
993
994 CHK_FAIL_START
995 if (getcwd (getcwdbuf + 2, sizeof getcwdbuf)
996 != getcwdbuf + 2)
997 FAIL ();
998 CHK_FAIL_END
999 #endif
1000
1001 if (getwd (getcwdbuf) != getcwdbuf
1002 || strcmp (getcwdbuf, fname) != 0)
1003 FAIL ();
1004
1005 if (getwd (getcwdbuf + 1) != getcwdbuf + 1
1006 || strcmp (getcwdbuf + 1, fname) != 0)
1007 FAIL ();
1008
1009 #if __USE_FORTIFY_LEVEL >= 1
1010 CHK_FAIL_START
1011 if (getwd (getcwdbuf + 2) != getcwdbuf + 2)
1012 FAIL ();
1013 CHK_FAIL_END
1014 #endif
1015 }
1016
1017 if (chdir (cwd1) != 0)
1018 FAIL ();
1019 free (cwd3);
1020 }
1021
1022 free (cwd1);
1023 free (cwd2);
1024 *enddir = '/';
1025 if (unlink (fname) != 0)
1026 FAIL ();
1027
1028 *enddir = '\0';
1029 if (rmdir (fname) != 0)
1030 FAIL ();
1031
1032
1033 #if PATH_MAX > 0
1034 char largebuf[PATH_MAX];
1035 char *realres = realpath (".", largebuf);
1036 #endif
1037 #if __USE_FORTIFY_LEVEL >= 1
1038 CHK_FAIL_START
1039 char realbuf[1];
1040 realres = realpath (".", realbuf);
1041 CHK_FAIL_END
1042 #endif
1043
1044 if (setlocale (LC_ALL, "de_DE.UTF-8") != NULL)
1045 {
1046 /* First a simple test. */
1047 char enough[MB_CUR_MAX];
1048 if (wctomb (enough, L'A') != 1)
1049 {
1050 puts ("first wctomb test failed");
1051 ret = 1;
1052 }
1053
1054 #if __USE_FORTIFY_LEVEL >= 1
1055 /* We know the wchar_t encoding is ISO 10646. So pick a
1056 character which has a multibyte representation which does not
1057 fit. */
1058 CHK_FAIL_START
1059 char smallbuf[2];
1060 if (wctomb (smallbuf, L'\x100') != 2)
1061 {
1062 puts ("second wctomb test failed");
1063 ret = 1;
1064 }
1065 CHK_FAIL_END
1066 #endif
1067
1068 mbstate_t s;
1069 memset (&s, '\0', sizeof (s));
1070 if (wcrtomb (enough, L'A', &s) != 1)
1071 {
1072 puts ("first wcrtomb test failed");
1073 ret = 1;
1074 }
1075
1076 #if __USE_FORTIFY_LEVEL >= 1
1077 /* We know the wchar_t encoding is ISO 10646. So pick a
1078 character which has a multibyte representation which does not
1079 fit. */
1080 CHK_FAIL_START
1081 char smallbuf[2];
1082 if (wcrtomb (smallbuf, L'\x100', &s) != 2)
1083 {
1084 puts ("second wcrtomb test failed");
1085 ret = 1;
1086 }
1087 CHK_FAIL_END
1088 #endif
1089
1090 wchar_t wenough[10];
1091 memset (&s, '\0', sizeof (s));
1092 const char *cp = "A";
1093 if (mbsrtowcs (wenough, &cp, 10, &s) != 1)
1094 {
1095 puts ("first mbsrtowcs test failed");
1096 ret = 1;
1097 }
1098
1099 #if __USE_FORTIFY_LEVEL >= 1
1100 /* We know the wchar_t encoding is ISO 10646. So pick a
1101 character which has a multibyte representation which does not
1102 fit. */
1103 CHK_FAIL_START
1104 wchar_t wsmallbuf[2];
1105 cp = "ABC";
1106 mbsrtowcs (wsmallbuf, &cp, 10, &s);
1107 CHK_FAIL_END
1108 #endif
1109
1110 memset (&s, '\0', sizeof (s));
1111 cp = "A";
1112 if (mbsnrtowcs (wenough, &cp, 1, 10, &s) != 1)
1113 {
1114 puts ("first mbsnrtowcs test failed");
1115 ret = 1;
1116 }
1117
1118 #if __USE_FORTIFY_LEVEL >= 1
1119 /* We know the wchar_t encoding is ISO 10646. So pick a
1120 character which has a multibyte representation which does not
1121 fit. */
1122 CHK_FAIL_START
1123 wchar_t wsmallbuf[2];
1124 cp = "ABC";
1125 mbsnrtowcs (wsmallbuf, &cp, 3, 10, &s);
1126 CHK_FAIL_END
1127 #endif
1128
1129 memset (&s, '\0', sizeof (s));
1130 const wchar_t *wcp = L"A";
1131 if (wcsrtombs (enough, &wcp, 10, &s) != 1)
1132 {
1133 puts ("first wcsrtombs test failed");
1134 ret = 1;
1135 }
1136
1137 #if __USE_FORTIFY_LEVEL >= 1
1138 /* We know the wchar_t encoding is ISO 10646. So pick a
1139 character which has a multibyte representation which does not
1140 fit. */
1141 CHK_FAIL_START
1142 char smallbuf[2];
1143 wcp = L"ABC";
1144 wcsrtombs (smallbuf, &wcp, 10, &s);
1145 CHK_FAIL_END
1146 #endif
1147
1148 memset (&s, '\0', sizeof (s));
1149 wcp = L"A";
1150 if (wcsnrtombs (enough, &wcp, 1, 10, &s) != 1)
1151 {
1152 puts ("first wcsnrtombs test failed");
1153 ret = 1;
1154 }
1155
1156 #if __USE_FORTIFY_LEVEL >= 1
1157 /* We know the wchar_t encoding is ISO 10646. So pick a
1158 character which has a multibyte representation which does not
1159 fit. */
1160 CHK_FAIL_START
1161 char smallbuf[2];
1162 wcp = L"ABC";
1163 wcsnrtombs (smallbuf, &wcp, 3, 10, &s);
1164 CHK_FAIL_END
1165 #endif
1166 }
1167 else
1168 {
1169 puts ("cannot set locale");
1170 ret = 1;
1171 }
1172
1173 fd = posix_openpt (O_RDWR);
1174 if (fd != -1)
1175 {
1176 char enough[1000];
1177 if (ptsname_r (fd, enough, sizeof (enough)) != 0)
1178 {
1179 puts ("first ptsname_r failed");
1180 ret = 1;
1181 }
1182
1183 #if __USE_FORTIFY_LEVEL >= 1
1184 CHK_FAIL_START
1185 char smallbuf[2];
1186 if (ptsname_r (fd, smallbuf, sizeof (smallbuf) + 1) == 0)
1187 {
1188 puts ("second ptsname_r somehow suceeded");
1189 ret = 1;
1190 }
1191 CHK_FAIL_END
1192 #endif
1193 close (fd);
1194 }
1195
1196 confstr (_CS_GNU_LIBC_VERSION, largebuf, sizeof (largebuf));
1197 #if __USE_FORTIFY_LEVEL >= 1
1198 CHK_FAIL_START
1199 char smallbuf[1];
1200 confstr (_CS_GNU_LIBC_VERSION, smallbuf, sizeof (largebuf));
1201 CHK_FAIL_END
1202 #endif
1203
1204 gid_t grpslarge[5];
1205 int ngr = getgroups (5, grpslarge);
1206 #if __USE_FORTIFY_LEVEL >= 1
1207 CHK_FAIL_START
1208 char smallbuf[1];
1209 ngr = getgroups (5, (gid_t *) smallbuf);
1210 CHK_FAIL_END
1211 #endif
1212
1213 fd = open (_PATH_TTY, O_RDONLY);
1214 if (fd != -1)
1215 {
1216 char enough[1000];
1217 if (ttyname_r (fd, enough, sizeof (enough)) != 0)
1218 {
1219 puts ("first ttyname_r failed");
1220 ret = 1;
1221 }
1222
1223 #if __USE_FORTIFY_LEVEL >= 1
1224 CHK_FAIL_START
1225 char smallbuf[2];
1226 if (ttyname_r (fd, smallbuf, sizeof (smallbuf) + 1) == 0)
1227 {
1228 puts ("second ttyname_r somehow suceeded");
1229 ret = 1;
1230 }
1231 CHK_FAIL_END
1232 #endif
1233 close (fd);
1234 }
1235
1236 char hostnamelarge[1000];
1237 gethostname (hostnamelarge, sizeof (hostnamelarge));
1238 #if __USE_FORTIFY_LEVEL >= 1
1239 CHK_FAIL_START
1240 char smallbuf[1];
1241 gethostname (smallbuf, sizeof (hostnamelarge));
1242 CHK_FAIL_END
1243 #endif
1244
1245 char loginlarge[1000];
1246 getlogin_r (loginlarge, sizeof (hostnamelarge));
1247 #if __USE_FORTIFY_LEVEL >= 1
1248 CHK_FAIL_START
1249 char smallbuf[1];
1250 getlogin_r (smallbuf, sizeof (loginlarge));
1251 CHK_FAIL_END
1252 #endif
1253
1254 char domainnamelarge[1000];
1255 int res = getdomainname (domainnamelarge, sizeof (domainnamelarge));
1256 #if __USE_FORTIFY_LEVEL >= 1
1257 CHK_FAIL_START
1258 char smallbuf[1];
1259 res = getdomainname (smallbuf, sizeof (domainnamelarge));
1260 CHK_FAIL_END
1261 #endif
1262
1263 return ret;
1264 }
sources.redhat.com git mirror of glibc CVS