1 /* Copyright (C) 2004-2023 Free Software Foundation, Inc.
2 Copyright The GNU Toolchain Authors.
3 This file is part of the GNU C Library.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, see
17 <https://www.gnu.org/licenses/>. */
19 /* This file tests gets. Force it to be declared. */
21 #undef __GLIBC_USE_DEPRECATED_GETS
22 #define __GLIBC_USE_DEPRECATED_GETS 1
36 #include <sys/select.h>
37 #include <sys/socket.h>
41 # define MEMPCPY memcpy
42 # define WMEMPCPY wmemcpy
43 # define MEMPCPY_RET(x) 0
44 # define WMEMPCPY_RET(x) 0
46 # define MEMPCPY mempcpy
47 # define WMEMPCPY wmempcpy
48 # define MEMPCPY_RET(x) __builtin_strlen (x)
49 # define WMEMPCPY_RET(x) wcslen (x)
52 #define obstack_chunk_alloc malloc
53 #define obstack_chunk_free free
56 static void do_prepare (void);
57 static int do_test (void);
58 #define PREPARE(argc, argv) do_prepare ()
59 #define TEST_FUNCTION do_test ()
60 #include "../test-skeleton.c"
65 int temp_fd
= create_temp_file ("tst-chk1.", &temp_filename
);
68 printf ("cannot create temporary file: %m\n");
72 const char *strs
= "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
73 if ((size_t) write (temp_fd
, strs
, strlen (strs
)) != strlen (strs
))
75 puts ("could not write test strings into file");
76 unlink (temp_filename
);
81 volatile int chk_fail_ok
;
91 longjmp (chk_fail_buf
, 1);
97 #if __USE_FORTIFY_LEVEL == 3
98 volatile size_t buf_size
= 10;
102 #define buf_size sizeof (buf)
107 volatile wchar_t *wp
;
108 const char *str1
= "JIHGFEDCBA";
109 const char *str2
= "F";
110 const char *str3
= "%s%n%s%n";
111 const char *str4
= "Hello, ";
112 const char *str5
= "World!\n";
113 const wchar_t *wstr1
= L
"JIHGFEDCBA";
114 const wchar_t *wstr2
= L
"F";
115 const wchar_t *wstr3
= L
"%s%n%s%n";
116 const wchar_t *wstr4
= L
"Hello, ";
117 const wchar_t *wstr5
= L
"World!\n";
118 char buf2
[10] = "%s";
123 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
124 #define CHK_FAIL_START \
126 if (! setjmp (chk_fail_buf)) \
128 #define CHK_FAIL_END \
132 #if __USE_FORTIFY_LEVEL >= 2 && (!defined __cplusplus || defined __va_arg_pack)
133 # define CHK_FAIL2_START CHK_FAIL_START
134 # define CHK_FAIL2_END CHK_FAIL_END
136 # define CHK_FAIL2_START
137 # define CHK_FAIL2_END
143 #if __USE_FORTIFY_LEVEL == 3
144 char *buf
= (char *) malloc (buf_size
);
145 wchar_t *wbuf
= (wchar_t *) malloc (buf_size
* sizeof (wchar_t));
147 set_fortify_handler (handler
);
149 struct A
{ char buf1
[9]; char buf2
[1]; } a
;
150 struct wA
{ wchar_t buf1
[9]; wchar_t buf2
[1]; } wa
;
152 printf ("Test checking routines at fortify level %d\n",
153 #ifdef __USE_FORTIFY_LEVEL
154 (int) __USE_FORTIFY_LEVEL
160 #if defined __USE_FORTIFY_LEVEL && !defined __fortify_function
161 printf ("Test skipped");
166 /* These ops can be done without runtime checking of object size. */
167 memcpy (buf
, "abcdefghij", 10);
168 memmove (buf
+ 1, buf
, 9);
169 if (memcmp (buf
, "aabcdefghi", 10))
172 memcpy (buf
, "abcdefghij", 10);
173 bcopy (buf
, buf
+ 1, 9);
174 if (memcmp (buf
, "aabcdefghi", 10))
177 if (MEMPCPY (buf
+ 5, "abcde", 5) != buf
+ 5 + MEMPCPY_RET ("abcde")
178 || memcmp (buf
, "aabcdabcde", 10))
181 memset (buf
+ 8, 'j', 2);
182 if (memcmp (buf
, "aabcdabcjj", 10))
186 if (memcmp (buf
, "aabcdabc\0\0", 10))
189 explicit_bzero (buf
+ 6, 4);
190 if (memcmp (buf
, "aabcda\0\0\0\0", 10))
193 strcpy (buf
+ 4, "EDCBA");
194 if (memcmp (buf
, "aabcEDCBA", 10))
197 if (stpcpy (buf
+ 8, "F") != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
200 strncpy (buf
+ 6, "X", 4);
201 if (memcmp (buf
, "aabcEDX\0\0", 10))
204 if (sprintf (buf
+ 7, "%s", "67") != 2 || memcmp (buf
, "aabcEDX67", 10))
207 if (snprintf (buf
+ 7, 3, "%s", "987654") != 6
208 || memcmp (buf
, "aabcEDX98", 10))
211 /* These ops need runtime checking, but shouldn't __chk_fail. */
212 memcpy (buf
, "abcdefghij", l0
+ 10);
213 memmove (buf
+ 1, buf
, l0
+ 9);
214 if (memcmp (buf
, "aabcdefghi", 10))
217 memcpy (buf
, "abcdefghij", l0
+ 10);
218 bcopy (buf
, buf
+ 1, l0
+ 9);
219 if (memcmp (buf
, "aabcdefghi", 10))
222 if (MEMPCPY (buf
+ 5, "abcde", l0
+ 5) != buf
+ 5 + MEMPCPY_RET ("abcde")
223 || memcmp (buf
, "aabcdabcde", 10))
226 memset (buf
+ 8, 'j', l0
+ 2);
227 if (memcmp (buf
, "aabcdabcjj", 10))
230 bzero (buf
+ 8, l0
+ 2);
231 if (memcmp (buf
, "aabcdabc\0\0", 10))
234 explicit_bzero (buf
+ 6, l0
+ 4);
235 if (memcmp (buf
, "aabcda\0\0\0\0", 10))
238 strcpy (buf
+ 4, str1
+ 5);
239 if (memcmp (buf
, "aabcEDCBA", 10))
242 if (stpcpy (buf
+ 8, str2
) != buf
+ 9 || memcmp (buf
, "aabcEDCBF", 10))
245 strncpy (buf
+ 6, "X", l0
+ 4);
246 if (memcmp (buf
, "aabcEDX\0\0", 10))
249 if (stpncpy (buf
+ 5, "cd", l0
+ 5) != buf
+ 7
250 || memcmp (buf
, "aabcEcd\0\0", 10))
253 if (sprintf (buf
+ 7, "%d", num1
) != 2 || memcmp (buf
, "aabcEcd67", 10))
256 if (snprintf (buf
+ 7, 3, "%d", num2
) != 6 || memcmp (buf
, "aabcEcd98", 10))
261 if (memcmp (buf
, "aabcEcd9A", 10))
265 strncat (buf
, "ZYXWV", l0
+ 2);
266 if (memcmp (buf
, "aabcEcdZY", 10))
269 /* The following tests are supposed to succeed at all fortify
270 levels, even though they overflow a.buf1 into a.buf2. */
271 memcpy (a
.buf1
, "abcdefghij", l0
+ 10);
272 memmove (a
.buf1
+ 1, a
.buf1
, l0
+ 9);
273 if (memcmp (a
.buf1
, "aabcdefghi", 10))
276 memcpy (a
.buf1
, "abcdefghij", l0
+ 10);
277 bcopy (a
.buf1
, a
.buf1
+ 1, l0
+ 9);
278 if (memcmp (a
.buf1
, "aabcdefghi", 10))
281 if (MEMPCPY (a
.buf1
+ 5, "abcde", l0
+ 5)
282 != a
.buf1
+ 5 + MEMPCPY_RET ("abcde")
283 || memcmp (a
.buf1
, "aabcdabcde", 10))
286 memset (a
.buf1
+ 8, 'j', l0
+ 2);
287 if (memcmp (a
.buf1
, "aabcdabcjj", 10))
290 bzero (a
.buf1
+ 8, l0
+ 2);
291 if (memcmp (a
.buf1
, "aabcdabc\0\0", 10))
294 explicit_bzero (a
.buf1
+ 6, l0
+ 4);
295 if (memcmp (a
.buf1
, "aabcda\0\0\0\0", 10))
298 #if __USE_FORTIFY_LEVEL < 2
299 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
300 and sufficient GCC support, as the string operations overflow
301 from a.buf1 into a.buf2. */
302 strcpy (a
.buf1
+ 4, str1
+ 5);
303 if (memcmp (a
.buf1
, "aabcEDCBA", 10))
306 if (stpcpy (a
.buf1
+ 8, str2
) != a
.buf1
+ 9
307 || memcmp (a
.buf1
, "aabcEDCBF", 10))
310 strncpy (a
.buf1
+ 6, "X", l0
+ 4);
311 if (memcmp (a
.buf1
, "aabcEDX\0\0", 10))
314 if (sprintf (a
.buf1
+ 7, "%d", num1
) != 2
315 || memcmp (a
.buf1
, "aabcEDX67", 10))
318 if (snprintf (a
.buf1
+ 7, 3, "%d", num2
) != 6
319 || memcmp (a
.buf1
, "aabcEDX98", 10))
322 a
.buf1
[l0
+ 8] = '\0';
323 strcat (a
.buf1
, "A");
324 if (memcmp (a
.buf1
, "aabcEDX9A", 10))
327 a
.buf1
[l0
+ 7] = '\0';
328 strncat (a
.buf1
, "ZYXWV", l0
+ 2);
329 if (memcmp (a
.buf1
, "aabcEDXZY", 10))
334 #if __USE_FORTIFY_LEVEL >= 1
335 /* Now check if all buffer overflows are caught at runtime.
336 N.B. All tests involving a length parameter need to be done
337 twice: once with the length a compile-time constant, once without. */
340 memcpy (buf
+ 1, "abcdefghij", 10);
344 memcpy (buf
+ 1, "abcdefghij", l0
+ 10);
348 memmove (buf
+ 2, buf
+ 1, 9);
352 memmove (buf
+ 2, buf
+ 1, l0
+ 9);
356 bcopy (buf
+ 1, buf
+ 2, 9);
360 bcopy (buf
+ 1, buf
+ 2, l0
+ 9);
365 p
= (char *) mempcpy (buf
+ 6, "abcde", 5);
369 p
= (char *) mempcpy (buf
+ 6, "abcde", l0
+ 5);
374 memset (buf
+ 9, 'j', 2);
378 memset (buf
+ 9, 'j', l0
+ 2);
386 bzero (buf
+ 9, l0
+ 2);
390 explicit_bzero (buf
+ 9, 2);
394 explicit_bzero (buf
+ 9, l0
+ 2);
398 strcpy (buf
+ 5, str1
+ 5);
402 p
= stpcpy (buf
+ 9, str2
);
406 strncpy (buf
+ 7, "X", 4);
410 strncpy (buf
+ 7, "X", l0
+ 4);
414 stpncpy (buf
+ 6, "cd", 5);
418 stpncpy (buf
+ 6, "cd", l0
+ 5);
421 # if !defined __cplusplus || defined __va_arg_pack
423 sprintf (buf
+ 8, "%d", num1
);
427 snprintf (buf
+ 8, 3, "%d", num2
);
431 snprintf (buf
+ 8, l0
+ 3, "%d", num2
);
435 swprintf (wbuf
+ 8, 3, L
"%d", num1
);
439 swprintf (wbuf
+ 8, l0
+ 3, L
"%d", num1
);
443 memcpy (buf
, str1
+ 2, 9);
448 memcpy (buf
, str1
+ 3, 8);
450 strncat (buf
, "ZYXWV", 3);
453 memcpy (buf
, str1
+ 3, 8);
455 strncat (buf
, "ZYXWV", l0
+ 3);
459 memcpy (a
.buf1
+ 1, "abcdefghij", 10);
463 memcpy (a
.buf1
+ 1, "abcdefghij", l0
+ 10);
467 memmove (a
.buf1
+ 2, a
.buf1
+ 1, 9);
471 memmove (a
.buf1
+ 2, a
.buf1
+ 1, l0
+ 9);
475 bcopy (a
.buf1
+ 1, a
.buf1
+ 2, 9);
479 bcopy (a
.buf1
+ 1, a
.buf1
+ 2, l0
+ 9);
484 p
= (char *) mempcpy (a
.buf1
+ 6, "abcde", 5);
488 p
= (char *) mempcpy (a
.buf1
+ 6, "abcde", l0
+ 5);
493 memset (a
.buf1
+ 9, 'j', 2);
497 memset (a
.buf1
+ 9, 'j', l0
+ 2);
501 bzero (a
.buf1
+ 9, 2);
505 bzero (a
.buf1
+ 9, l0
+ 2);
509 explicit_bzero (a
.buf1
+ 9, 2);
513 explicit_bzero (a
.buf1
+ 9, l0
+ 2);
516 # if __USE_FORTIFY_LEVEL >= 2
523 strcpy (a
.buf1
+ (O
+ 4), str1
+ 5);
527 p
= stpcpy (a
.buf1
+ (O
+ 8), str2
);
531 strncpy (a
.buf1
+ (O
+ 6), "X", 4);
535 strncpy (a
.buf1
+ (O
+ 6), "X", l0
+ 4);
538 # if !defined __cplusplus || defined __va_arg_pack
540 sprintf (a
.buf1
+ (O
+ 7), "%d", num1
);
544 snprintf (a
.buf1
+ (O
+ 7), 3, "%d", num2
);
548 snprintf (a
.buf1
+ (O
+ 7), l0
+ 3, "%d", num2
);
552 memcpy (a
.buf1
, str1
+ (3 - O
), 8 + O
);
554 strcat (a
.buf1
, "AB");
557 memcpy (a
.buf1
, str1
+ (4 - O
), 7 + O
);
559 strncat (a
.buf1
, "ZYXWV", l0
+ 3);
564 /* These ops can be done without runtime checking of object size. */
565 wmemcpy (wbuf
, L
"abcdefghij", 10);
566 wmemmove (wbuf
+ 1, wbuf
, 9);
567 if (wmemcmp (wbuf
, L
"aabcdefghi", 10))
570 if (WMEMPCPY (wbuf
+ 5, L
"abcde", 5) != wbuf
+ 5 + WMEMPCPY_RET (L
"abcde")
571 || wmemcmp (wbuf
, L
"aabcdabcde", 10))
574 wmemset (wbuf
+ 8, L
'j', 2);
575 if (wmemcmp (wbuf
, L
"aabcdabcjj", 10))
578 wcscpy (wbuf
+ 4, L
"EDCBA");
579 if (wmemcmp (wbuf
, L
"aabcEDCBA", 10))
582 if (wcpcpy (wbuf
+ 8, L
"F") != wbuf
+ 9 || wmemcmp (wbuf
, L
"aabcEDCBF", 10))
585 wcsncpy (wbuf
+ 6, L
"X", 4);
586 if (wmemcmp (wbuf
, L
"aabcEDX\0\0", 10))
589 if (swprintf (wbuf
+ 7, 3, L
"%ls", L
"987654") >= 0
590 || wmemcmp (wbuf
, L
"aabcEDX98", 10))
593 if (swprintf (wbuf
+ 7, 3, L
"64") != 2
594 || wmemcmp (wbuf
, L
"aabcEDX64", 10))
597 /* These ops need runtime checking, but shouldn't __chk_fail. */
598 wmemcpy (wbuf
, L
"abcdefghij", l0
+ 10);
599 wmemmove (wbuf
+ 1, wbuf
, l0
+ 9);
600 if (wmemcmp (wbuf
, L
"aabcdefghi", 10))
603 if (WMEMPCPY (wbuf
+ 5, L
"abcde", l0
+ 5)
604 != wbuf
+ 5 + WMEMPCPY_RET (L
"abcde")
605 || wmemcmp (wbuf
, L
"aabcdabcde", 10))
608 wmemset (wbuf
+ 8, L
'j', l0
+ 2);
609 if (wmemcmp (wbuf
, L
"aabcdabcjj", 10))
612 wcscpy (wbuf
+ 4, wstr1
+ 5);
613 if (wmemcmp (wbuf
, L
"aabcEDCBA", 10))
616 if (wcpcpy (wbuf
+ 8, wstr2
) != wbuf
+ 9 || wmemcmp (wbuf
, L
"aabcEDCBF", 10))
619 wcsncpy (wbuf
+ 6, L
"X", l0
+ 4);
620 if (wmemcmp (wbuf
, L
"aabcEDX\0\0", 10))
623 if (wcpncpy (wbuf
+ 5, L
"cd", l0
+ 5) != wbuf
+ 7
624 || wmemcmp (wbuf
, L
"aabcEcd\0\0", 10))
627 if (swprintf (wbuf
+ 7, 3, L
"%d", num2
) >= 0
628 || wmemcmp (wbuf
, L
"aabcEcd98", 10))
631 wbuf
[l0
+ 8] = L
'\0';
633 if (wmemcmp (wbuf
, L
"aabcEcd9A", 10))
636 wbuf
[l0
+ 7] = L
'\0';
637 wcsncat (wbuf
, L
"ZYXWV", l0
+ 2);
638 if (wmemcmp (wbuf
, L
"aabcEcdZY", 10))
641 wmemcpy (wa
.buf1
, L
"abcdefghij", l0
+ 10);
642 wmemmove (wa
.buf1
+ 1, wa
.buf1
, l0
+ 9);
643 if (wmemcmp (wa
.buf1
, L
"aabcdefghi", 10))
646 if (WMEMPCPY (wa
.buf1
+ 5, L
"abcde", l0
+ 5)
647 != wa
.buf1
+ 5 + WMEMPCPY_RET (L
"abcde")
648 || wmemcmp (wa
.buf1
, L
"aabcdabcde", 10))
651 wmemset (wa
.buf1
+ 8, L
'j', l0
+ 2);
652 if (wmemcmp (wa
.buf1
, L
"aabcdabcjj", 10))
655 #if __USE_FORTIFY_LEVEL < 2
656 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
657 and sufficient GCC support, as the string operations overflow
658 from a.buf1 into a.buf2. */
659 wcscpy (wa
.buf1
+ 4, wstr1
+ 5);
660 if (wmemcmp (wa
.buf1
, L
"aabcEDCBA", 10))
663 if (wcpcpy (wa
.buf1
+ 8, wstr2
) != wa
.buf1
+ 9
664 || wmemcmp (wa
.buf1
, L
"aabcEDCBF", 10))
667 wcsncpy (wa
.buf1
+ 6, L
"X", l0
+ 4);
668 if (wmemcmp (wa
.buf1
, L
"aabcEDX\0\0", 10))
671 if (swprintf (wa
.buf1
+ 7, 3, L
"%d", num2
) >= 0
672 || wmemcmp (wa
.buf1
, L
"aabcEDX98", 10))
675 wa
.buf1
[l0
+ 8] = L
'\0';
676 wcscat (wa
.buf1
, L
"A");
677 if (wmemcmp (wa
.buf1
, L
"aabcEDX9A", 10))
680 wa
.buf1
[l0
+ 7] = L
'\0';
681 wcsncat (wa
.buf1
, L
"ZYXWV", l0
+ 2);
682 if (wmemcmp (wa
.buf1
, L
"aabcEDXZY", 10))
687 #if __USE_FORTIFY_LEVEL >= 1
688 /* Now check if all buffer overflows are caught at runtime.
689 N.B. All tests involving a length parameter need to be done
690 twice: once with the length a compile-time constant, once without. */
693 wmemcpy (wbuf
+ 1, L
"abcdefghij", 10);
697 wmemcpy (wbuf
+ 1, L
"abcdefghij", l0
+ 10);
701 wmemcpy (wbuf
+ 9, L
"abcdefghij", 10);
705 wmemcpy (wbuf
+ 9, L
"abcdefghij", l0
+ 10);
709 wmemmove (wbuf
+ 2, wbuf
+ 1, 9);
713 wmemmove (wbuf
+ 2, wbuf
+ 1, l0
+ 9);
718 wp
= wmempcpy (wbuf
+ 6, L
"abcde", 5);
722 wp
= wmempcpy (wbuf
+ 6, L
"abcde", l0
+ 5);
727 wmemset (wbuf
+ 9, L
'j', 2);
731 wmemset (wbuf
+ 9, L
'j', l0
+ 2);
735 wcscpy (wbuf
+ 5, wstr1
+ 5);
739 wp
= wcpcpy (wbuf
+ 9, wstr2
);
743 wcsncpy (wbuf
+ 7, L
"X", 4);
747 wcsncpy (wbuf
+ 7, L
"X", l0
+ 4);
751 wcsncpy (wbuf
+ 9, L
"XABCDEFGH", 8);
755 wcpncpy (wbuf
+ 9, L
"XABCDEFGH", 8);
759 wcpncpy (wbuf
+ 6, L
"cd", 5);
763 wcpncpy (wbuf
+ 6, L
"cd", l0
+ 5);
766 wmemcpy (wbuf
, wstr1
+ 2, 9);
768 wcscat (wbuf
, L
"AB");
771 wmemcpy (wbuf
, wstr1
+ 3, 8);
773 wcsncat (wbuf
, L
"ZYXWV", l0
+ 3);
777 wmemcpy (wa
.buf1
+ 1, L
"abcdefghij", 10);
781 wmemcpy (wa
.buf1
+ 1, L
"abcdefghij", l0
+ 10);
785 wmemmove (wa
.buf1
+ 2, wa
.buf1
+ 1, 9);
789 wmemmove (wa
.buf1
+ 2, wa
.buf1
+ 1, l0
+ 9);
794 wp
= wmempcpy (wa
.buf1
+ 6, L
"abcde", 5);
798 wp
= wmempcpy (wa
.buf1
+ 6, L
"abcde", l0
+ 5);
803 wmemset (wa
.buf1
+ 9, L
'j', 2);
807 wmemset (wa
.buf1
+ 9, L
'j', l0
+ 2);
810 #if __USE_FORTIFY_LEVEL >= 2
817 wcscpy (wa
.buf1
+ (O
+ 4), wstr1
+ 5);
821 wp
= wcpcpy (wa
.buf1
+ (O
+ 8), wstr2
);
825 wcsncpy (wa
.buf1
+ (O
+ 6), L
"X", 4);
829 wcsncpy (wa
.buf1
+ (O
+ 6), L
"X", l0
+ 4);
832 wmemcpy (wa
.buf1
, wstr1
+ (3 - O
), 8 + O
);
834 wcscat (wa
.buf1
, L
"AB");
837 wmemcpy (wa
.buf1
, wstr1
+ (4 - O
), 7 + O
);
839 wcsncat (wa
.buf1
, L
"ZYXWV", l0
+ 3);
844 /* Now checks for %n protection. */
846 /* Constant literals passed directly are always ok
847 (even with warnings about possible bugs from GCC). */
849 if (sprintf (buf
, "%s%n%s%n", str2
, &n1
, str2
, &n2
) != 2
850 || n1
!= 1 || n2
!= 2)
853 /* In this case the format string is not known at compile time,
854 but resides in read-only memory, so is ok. */
855 if (snprintf (buf
, 4, str3
, str2
, &n1
, str2
, &n2
) != 2
856 || n1
!= 1 || n2
!= 2)
859 strcpy (buf2
+ 2, "%n%s%n");
860 /* When the format string is writable and contains %n,
861 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
863 if (sprintf (buf
, buf2
, str2
, &n1
, str2
, &n1
) != 2)
868 if (snprintf (buf
, 3, buf2
, str2
, &n1
, str2
, &n1
) != 2)
872 /* But if there is no %n, even writable format string
875 if (sprintf (buf
, buf2
+ 4, str2
) != 1)
878 /* Constant literals passed directly are always ok
879 (even with warnings about possible bugs from GCC). */
880 if (printf ("%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
881 || n1
!= 7 || n2
!= 14)
884 /* In this case the format string is not known at compile time,
885 but resides in read-only memory, so is ok. */
886 if (printf (str3
, str4
, &n1
, str5
, &n2
) != 14
887 || n1
!= 7 || n2
!= 14)
890 strcpy (buf2
+ 2, "%n%s%n");
891 /* When the format string is writable and contains %n,
892 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
894 if (printf (buf2
, str4
, &n1
, str5
, &n1
) != 14)
898 /* But if there is no %n, even writable format string
901 if (printf (buf2
+ 4, str5
) != 7)
906 /* Constant literals passed directly are always ok
907 (even with warnings about possible bugs from GCC). */
908 if (fprintf (fp
, "%s%n%s%n", str4
, &n1
, str5
, &n2
) != 14
909 || n1
!= 7 || n2
!= 14)
912 /* In this case the format string is not known at compile time,
913 but resides in read-only memory, so is ok. */
914 if (fprintf (fp
, str3
, str4
, &n1
, str5
, &n2
) != 14
915 || n1
!= 7 || n2
!= 14)
918 strcpy (buf2
+ 2, "%n%s%n");
919 /* When the format string is writable and contains %n,
920 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
922 if (fprintf (fp
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
926 /* But if there is no %n, even writable format string
929 if (fprintf (fp
, buf2
+ 4, str5
) != 7)
934 strcpy (buf2
+ 2, "%n%s%n");
935 /* When the format string is writable and contains %n,
936 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
938 if (asprintf (&my_ptr
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
947 if (obstack_printf (&obs
, buf2
, str4
, &n1
, str5
, &n1
) != 14)
950 obstack_free (&obs
, NULL
);
953 if (asprintf (&my_ptr
, "%s%n%s%n", str4
, &n1
, str5
, &n1
) != 14)
959 if (obstack_printf (&obs
, "%s%n%s%n", str4
, &n1
, str5
, &n1
) != 14)
961 obstack_free (&obs
, NULL
);
964 if (freopen (temp_filename
, "r", stdin
) == NULL
)
966 puts ("could not open temporary file");
970 if (gets (buf
) != buf
|| memcmp (buf
, "abcdefgh", 9))
972 if (gets (buf
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
975 #if __USE_FORTIFY_LEVEL >= 1
977 if (gets (buf
) != buf
)
984 if (fgets (buf
, buf_size
, stdin
) != buf
985 || memcmp (buf
, "abcdefgh\n", 10))
987 if (fgets (buf
, buf_size
, stdin
) != buf
|| memcmp (buf
, "ABCDEFGHI", 10))
992 if (fgets (buf
, l0
+ buf_size
, stdin
) != buf
993 || memcmp (buf
, "abcdefgh\n", 10))
996 #if __USE_FORTIFY_LEVEL >= 1
998 if (fgets (buf
, buf_size
+ 1, stdin
) != buf
)
1003 if (fgets (buf
, l0
+ buf_size
+ 1, stdin
) != buf
)
1011 if (fgets_unlocked (buf
, buf_size
, stdin
) != buf
1012 || memcmp (buf
, "abcdefgh\n", 10))
1014 if (fgets_unlocked (buf
, buf_size
, stdin
) != buf
1015 || memcmp (buf
, "ABCDEFGHI", 10))
1020 if (fgets_unlocked (buf
, l0
+ buf_size
, stdin
) != buf
1021 || memcmp (buf
, "abcdefgh\n", 10))
1024 #if __USE_FORTIFY_LEVEL >= 1
1026 if (fgets_unlocked (buf
, buf_size
+ 1, stdin
) != buf
)
1031 if (fgets_unlocked (buf
, l0
+ buf_size
+ 1, stdin
) != buf
)
1039 if (fread (buf
, 1, buf_size
, stdin
) != buf_size
1040 || memcmp (buf
, "abcdefgh\nA", 10))
1042 if (fread (buf
, buf_size
, 1, stdin
) != 1
1043 || memcmp (buf
, "BCDEFGHI\na", 10))
1048 if (fread (buf
, l0
+ 1, buf_size
, stdin
) != buf_size
1049 || memcmp (buf
, "abcdefgh\nA", 10))
1051 if (fread (buf
, buf_size
, l0
+ 1, stdin
) != 1
1052 || memcmp (buf
, "BCDEFGHI\na", 10))
1055 #if __USE_FORTIFY_LEVEL >= 1
1057 if (fread (buf
, 1, buf_size
+ 1, stdin
) != buf_size
+ 1)
1062 if (fread (buf
, buf_size
+ 1, l0
+ 1, stdin
) != 1)
1069 if (fread_unlocked (buf
, 1, buf_size
, stdin
) != buf_size
1070 || memcmp (buf
, "abcdefgh\nA", 10))
1072 if (fread_unlocked (buf
, buf_size
, 1, stdin
) != 1
1073 || memcmp (buf
, "BCDEFGHI\na", 10))
1078 if (fread_unlocked (buf
, 1, 4, stdin
) != 4
1079 || memcmp (buf
, "abcdFGHI\na", 10))
1081 if (fread_unlocked (buf
, 4, 1, stdin
) != 1
1082 || memcmp (buf
, "efghFGHI\na", 10))
1087 if (fread_unlocked (buf
, l0
+ 1, buf_size
, stdin
) != buf_size
1088 || memcmp (buf
, "abcdefgh\nA", 10))
1090 if (fread_unlocked (buf
, buf_size
, l0
+ 1, stdin
) != 1
1091 || memcmp (buf
, "BCDEFGHI\na", 10))
1094 #if __USE_FORTIFY_LEVEL >= 1
1096 if (fread_unlocked (buf
, 1, buf_size
+ 1, stdin
) != buf_size
+ 1)
1101 if (fread_unlocked (buf
, buf_size
+ 1, l0
+ 1, stdin
) != 1)
1106 lseek (fileno (stdin
), 0, SEEK_SET
);
1108 if (read (fileno (stdin
), buf
, buf_size
- 1) != buf_size
- 1
1109 || memcmp (buf
, "abcdefgh\n", 9))
1111 if (read (fileno (stdin
), buf
, buf_size
- 1) != buf_size
- 1
1112 || memcmp (buf
, "ABCDEFGHI", 9))
1115 lseek (fileno (stdin
), 0, SEEK_SET
);
1117 if (read (fileno (stdin
), buf
, l0
+ buf_size
- 1) != buf_size
- 1
1118 || memcmp (buf
, "abcdefgh\n", 9))
1121 #if __USE_FORTIFY_LEVEL >= 1
1123 if (read (fileno (stdin
), buf
, buf_size
+ 1) != buf_size
+ 1)
1128 if (read (fileno (stdin
), buf
, l0
+ buf_size
+ 1) != buf_size
+ 1)
1133 if (pread (fileno (stdin
), buf
, buf_size
- 1, buf_size
- 2)
1135 || memcmp (buf
, "\nABCDEFGH", 9))
1137 if (pread (fileno (stdin
), buf
, buf_size
- 1, 0) != buf_size
- 1
1138 || memcmp (buf
, "abcdefgh\n", 9))
1140 if (pread (fileno (stdin
), buf
, l0
+ buf_size
- 1, buf_size
- 3)
1142 || memcmp (buf
, "h\nABCDEFG", 9))
1145 #if __USE_FORTIFY_LEVEL >= 1
1147 if (pread (fileno (stdin
), buf
, buf_size
+ 1, 2 * buf_size
)
1153 if (pread (fileno (stdin
), buf
, l0
+ buf_size
+ 1, 2 * buf_size
)
1159 if (pread64 (fileno (stdin
), buf
, buf_size
- 1, buf_size
- 2)
1161 || memcmp (buf
, "\nABCDEFGH", 9))
1163 if (pread64 (fileno (stdin
), buf
, buf_size
- 1, 0) != buf_size
- 1
1164 || memcmp (buf
, "abcdefgh\n", 9))
1166 if (pread64 (fileno (stdin
), buf
, l0
+ buf_size
- 1, buf_size
- 3)
1168 || memcmp (buf
, "h\nABCDEFG", 9))
1171 #if __USE_FORTIFY_LEVEL >= 1
1173 if (pread64 (fileno (stdin
), buf
, buf_size
+ 1, 2 * buf_size
)
1179 if (pread64 (fileno (stdin
), buf
, l0
+ buf_size
+ 1, 2 * buf_size
)
1185 if (freopen (temp_filename
, "r", stdin
) == NULL
)
1187 puts ("could not open temporary file");
1191 if (fseek (stdin
, 9 + 10 + 11, SEEK_SET
))
1193 puts ("could not seek in test file");
1197 #if __USE_FORTIFY_LEVEL >= 1
1199 if (gets (buf
) != buf
)
1204 /* Check whether missing N$ formats are detected. */
1206 printf ("%3$d\n", 1, 2, 3, 4);
1210 fprintf (stdout
, "%3$d\n", 1, 2, 3, 4);
1214 sprintf (buf
, "%3$d\n", 1, 2, 3, 4);
1218 snprintf (buf
, buf_size
, "%3$d\n", 1, 2, 3, 4);
1222 if (socketpair (PF_UNIX
, SOCK_STREAM
, 0, sp
))
1226 const char *sendstr
= "abcdefgh\nABCDEFGH\n0123456789\n";
1227 if ((size_t) send (sp
[0], sendstr
, strlen (sendstr
), 0)
1228 != strlen (sendstr
))
1232 if (recv (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
)
1234 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
1237 if (recv (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
)
1238 != sizeof recvbuf
- 7
1239 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
1242 #if __USE_FORTIFY_LEVEL >= 1
1244 if (recv (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
)
1250 if (recv (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
)
1251 != sizeof recvbuf
- 3)
1257 struct sockaddr_un sa_un
;
1259 sl
= sizeof (sa_un
);
1260 if (recvfrom (sp
[1], recvbuf
, sizeof recvbuf
, MSG_PEEK
,
1261 (struct sockaddr
*) &sa_un
, &sl
)
1263 || memcmp (recvbuf
, sendstr
, sizeof recvbuf
) != 0)
1266 sl
= sizeof (sa_un
);
1267 if (recvfrom (sp
[1], recvbuf
+ 6, l0
+ sizeof recvbuf
- 7, MSG_PEEK
,
1268 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
- 7
1269 || memcmp (recvbuf
+ 6, sendstr
, sizeof recvbuf
- 7) != 0)
1272 #if __USE_FORTIFY_LEVEL >= 1
1274 sl
= sizeof (sa_un
);
1275 if (recvfrom (sp
[1], recvbuf
+ 1, sizeof recvbuf
, MSG_PEEK
,
1276 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
)
1281 sl
= sizeof (sa_un
);
1282 if (recvfrom (sp
[1], recvbuf
+ 4, l0
+ sizeof recvbuf
- 3, MSG_PEEK
,
1283 (struct sockaddr
*) &sa_un
, &sl
) != sizeof recvbuf
- 3)
1292 char fname
[] = "/tmp/tst-chk1-dir-XXXXXX\0foo";
1293 char *enddir
= strchr (fname
, '\0');
1294 if (mkdtemp (fname
) == NULL
)
1296 printf ("mkdtemp failed: %m\n");
1300 if (symlink ("bar", fname
) != 0)
1303 char readlinkbuf
[4];
1304 if (readlink (fname
, readlinkbuf
, 4) != 3
1305 || memcmp (readlinkbuf
, "bar", 3) != 0)
1307 if (readlink (fname
, readlinkbuf
+ 1, l0
+ 3) != 3
1308 || memcmp (readlinkbuf
, "bbar", 4) != 0)
1311 #if __USE_FORTIFY_LEVEL >= 1
1313 if (readlink (fname
, readlinkbuf
+ 2, l0
+ 3) != 3)
1318 if (readlink (fname
, readlinkbuf
+ 3, 4) != 3)
1323 int tmpfd
= open ("/tmp", O_RDONLY
| O_DIRECTORY
);
1327 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
, 4) != 3
1328 || memcmp (readlinkbuf
, "bar", 3) != 0)
1330 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 1,
1332 || memcmp (readlinkbuf
, "bbar", 4) != 0)
1335 #if __USE_FORTIFY_LEVEL >= 1
1337 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 2,
1343 if (readlinkat (tmpfd
, fname
+ sizeof ("/tmp/") - 1, readlinkbuf
+ 3,
1351 char *cwd1
= getcwd (NULL
, 0);
1355 char *cwd2
= getcwd (NULL
, 250);
1361 if (strcmp (cwd1
, cwd2
) != 0)
1368 char *cwd3
= getcwd (NULL
, 0);
1371 if (strcmp (fname
, cwd3
) != 0)
1372 printf ("getcwd after chdir is '%s' != '%s',"
1373 "get{c,}wd tests skipped\n", cwd3
, fname
);
1376 char getcwdbuf
[sizeof fname
- 3];
1378 char *cwd4
= getcwd (getcwdbuf
, sizeof getcwdbuf
);
1379 if (cwd4
!= getcwdbuf
1380 || strcmp (getcwdbuf
, fname
) != 0)
1383 cwd4
= getcwd (getcwdbuf
+ 1, l0
+ sizeof getcwdbuf
- 1);
1384 if (cwd4
!= getcwdbuf
+ 1
1385 || getcwdbuf
[0] != fname
[0]
1386 || strcmp (getcwdbuf
+ 1, fname
) != 0)
1389 #if __USE_FORTIFY_LEVEL >= 1
1391 if (getcwd (getcwdbuf
+ 2, l0
+ sizeof getcwdbuf
)
1397 if (getcwd (getcwdbuf
+ 2, sizeof getcwdbuf
)
1403 if (getwd (getcwdbuf
) != getcwdbuf
1404 || strcmp (getcwdbuf
, fname
) != 0)
1407 if (getwd (getcwdbuf
+ 1) != getcwdbuf
+ 1
1408 || strcmp (getcwdbuf
+ 1, fname
) != 0)
1411 #if __USE_FORTIFY_LEVEL >= 1
1413 if (getwd (getcwdbuf
+ 2) != getcwdbuf
+ 2)
1419 if (chdir (cwd1
) != 0)
1427 if (unlink (fname
) != 0)
1431 if (rmdir (fname
) != 0)
1436 char largebuf
[PATH_MAX
];
1437 char *realres
= realpath (".", largebuf
);
1438 if (realres
!= largebuf
)
1441 # if __USE_FORTIFY_LEVEL >= 1
1444 realres
= realpath (".", realbuf
);
1445 if (realres
!= realbuf
)
1451 if (setlocale (LC_ALL
, "de_DE.UTF-8") != NULL
)
1453 assert (MB_CUR_MAX
<= 10);
1455 /* First a simple test. */
1457 if (wctomb (enough
, L
'A') != 1)
1460 #if __USE_FORTIFY_LEVEL >= 1
1461 /* We know the wchar_t encoding is ISO 10646. So pick a
1462 character which has a multibyte representation which does not
1466 if (wctomb (smallbuf
, L
'\x100') != 2)
1472 memset (&s
, '\0', sizeof (s
));
1473 if (wcrtomb (enough
, L
'D', &s
) != 1 || enough
[0] != 'D')
1476 #if __USE_FORTIFY_LEVEL >= 1
1477 /* We know the wchar_t encoding is ISO 10646. So pick a
1478 character which has a multibyte representation which does not
1482 if (wcrtomb (smallbuf
, L
'\x100', &s
) != 2)
1486 /* Same input with a large enough buffer and we're good. */
1487 char bigenoughbuf
[2];
1488 if (wcrtomb (bigenoughbuf
, L
'\x100', &s
) != 2)
1492 wchar_t wenough
[10];
1493 memset (&s
, '\0', sizeof (s
));
1494 const char *cp
= "A";
1495 if (mbsrtowcs (wenough
, &cp
, 10, &s
) != 1
1496 || wcscmp (wenough
, L
"A") != 0)
1500 if (mbsrtowcs (wenough
, &cp
, l0
+ 10, &s
) != 2
1501 || wcscmp (wenough
, L
"BC") != 0)
1504 #if __USE_FORTIFY_LEVEL >= 1
1506 wchar_t wsmallbuf
[2];
1508 mbsrtowcs (wsmallbuf
, &cp
, 10, &s
);
1512 /* Bug 29030 regresion check */
1514 if (mbsrtowcs (NULL
, &cp
, (size_t)-1, &s
) != 10)
1518 if (mbstowcs (wenough
, cp
, 10) != 1
1519 || wcscmp (wenough
, L
"A") != 0)
1523 if (mbstowcs (wenough
, cp
, l0
+ 10) != 3
1524 || wcscmp (wenough
, L
"DEF") != 0)
1527 #if __USE_FORTIFY_LEVEL >= 1
1529 wchar_t wsmallbuf
[2];
1531 mbstowcs (wsmallbuf
, cp
, 10);
1535 memset (&s
, '\0', sizeof (s
));
1537 wcscpy (wenough
, L
"DEF");
1538 if (mbsnrtowcs (wenough
, &cp
, 1, 10, &s
) != 1
1539 || wcscmp (wenough
, L
"AEF") != 0)
1543 if (mbsnrtowcs (wenough
, &cp
, 1, l0
+ 10, &s
) != 1
1544 || wcscmp (wenough
, L
"IEF") != 0)
1547 #if __USE_FORTIFY_LEVEL >= 1
1549 wchar_t wsmallbuf
[2];
1551 mbsnrtowcs (wsmallbuf
, &cp
, 3, 10, &s
);
1555 memset (&s
, '\0', sizeof (s
));
1556 const wchar_t *wcp
= L
"A";
1557 if (wcsrtombs (enough
, &wcp
, 10, &s
) != 1
1558 || strcmp (enough
, "A") != 0)
1562 if (wcsrtombs (enough
, &wcp
, l0
+ 10, &s
) != 2
1563 || strcmp (enough
, "BC") != 0)
1566 #if __USE_FORTIFY_LEVEL >= 1
1570 wcsrtombs (smallbuf
, &wcp
, 10, &s
);
1574 memset (enough
, 'Z', sizeof (enough
));
1576 if (wcstombs (enough
, wcp
, 10) != 2
1577 || strcmp (enough
, "EF") != 0)
1581 if (wcstombs (enough
, wcp
, l0
+ 10) != 1
1582 || strcmp (enough
, "G") != 0)
1585 #if __USE_FORTIFY_LEVEL >= 1
1589 wcstombs (smallbuf
, wcp
, 10);
1593 memset (&s
, '\0', sizeof (s
));
1595 if (wcsnrtombs (enough
, &wcp
, 1, 10, &s
) != 1
1596 || strcmp (enough
, "A") != 0)
1600 if (wcsnrtombs (enough
, &wcp
, 1, l0
+ 10, &s
) != 1
1601 || strcmp (enough
, "B") != 0)
1604 #if __USE_FORTIFY_LEVEL >= 1
1608 wcsnrtombs (smallbuf
, &wcp
, 3, 10, &s
);
1614 puts ("cannot set locale");
1621 fd
= posix_openpt (O_RDWR
);
1625 if (ptsname_r (fd
, enough
, sizeof (enough
)) != 0)
1628 #if __USE_FORTIFY_LEVEL >= 1
1631 if (ptsname_r (fd
, smallbuf
, sizeof (smallbuf
) + 1) == 0)
1640 confstr (_CS_GNU_LIBC_VERSION
, largebuf
, sizeof (largebuf
));
1641 # if __USE_FORTIFY_LEVEL >= 1
1644 confstr (_CS_GNU_LIBC_VERSION
, smallbuf
, sizeof (largebuf
));
1650 int ngr
= getgroups (5, grpslarge
);
1651 asm volatile ("" : : "r" (ngr
));
1652 #if __USE_FORTIFY_LEVEL >= 1
1655 ngr
= getgroups (5, (gid_t
*) smallbuf
);
1656 asm volatile ("" : : "r" (ngr
));
1660 fd
= open (_PATH_TTY
, O_RDONLY
);
1664 if (ttyname_r (fd
, enough
, sizeof (enough
)) != 0)
1667 #if __USE_FORTIFY_LEVEL >= 1
1670 if (ttyname_r (fd
, smallbuf
, sizeof (smallbuf
) + 1) == 0)
1677 char hostnamelarge
[1000];
1678 gethostname (hostnamelarge
, sizeof (hostnamelarge
));
1679 #if __USE_FORTIFY_LEVEL >= 1
1682 gethostname (smallbuf
, sizeof (hostnamelarge
));
1686 char loginlarge
[1000];
1687 getlogin_r (loginlarge
, sizeof (hostnamelarge
));
1688 #if __USE_FORTIFY_LEVEL >= 1
1691 getlogin_r (smallbuf
, sizeof (loginlarge
));
1695 char domainnamelarge
[1000];
1696 int res
= getdomainname (domainnamelarge
, sizeof (domainnamelarge
));
1697 asm volatile ("" : : "r" (res
));
1698 #if __USE_FORTIFY_LEVEL >= 1
1701 res
= getdomainname (smallbuf
, sizeof (domainnamelarge
));
1702 asm volatile ("" : : "r" (res
));
1709 FD_SET (FD_SETSIZE
- 1, &s
);
1710 #if __USE_FORTIFY_LEVEL >= 1
1712 FD_SET (FD_SETSIZE
, &s
);
1716 FD_SET (l0
+ FD_SETSIZE
, &s
);
1720 FD_CLR (FD_SETSIZE
- 1, &s
);
1721 #if __USE_FORTIFY_LEVEL >= 1
1723 FD_CLR (FD_SETSIZE
, &s
);
1727 FD_SET (l0
+ FD_SETSIZE
, &s
);
1731 FD_ISSET (FD_SETSIZE
- 1, &s
);
1732 #if __USE_FORTIFY_LEVEL >= 1
1734 FD_ISSET (FD_SETSIZE
, &s
);
1738 FD_ISSET (l0
+ FD_SETSIZE
, &s
);
1742 struct pollfd fds
[1];
1743 fds
[0].fd
= STDOUT_FILENO
;
1744 fds
[0].events
= POLLOUT
;
1746 #if __USE_FORTIFY_LEVEL >= 1
1752 poll (fds
, l0
+ 2, 0);
1756 ppoll (fds
, 1, NULL
, NULL
);
1757 # if __USE_FORTIFY_LEVEL >= 1
1759 ppoll (fds
, 2, NULL
, NULL
);
1763 ppoll (fds
, l0
+ 2, NULL
, NULL
);