1 /* @generated by `generate-fortify-tests.lua "stdio"` */
2
3 #define _FORTIFY_SOURCE 2
4 #define TMPFILE_SIZE (1024 * 32)
5
6 #include <sys/param.h>
7 #include <sys/jail.h>
8 #include <sys/random.h>
9 #include <sys/resource.h>
10 #include <sys/select.h>
11 #include <sys/socket.h>
12 #include <sys/time.h>
13 #include <sys/uio.h>
14 #include <sys/wait.h>
15 #include <dirent.h>
16 #include <errno.h>
17 #include <fcntl.h>
18 #include <limits.h>
19 #include <poll.h>
20 #include <signal.h>
21 #include <stdio.h>
22 #include <stdlib.h>
23 #include <string.h>
24 #include <strings.h>
25 #include <sysexits.h>
26 #include <unistd.h>
27 #include <wchar.h>
28 #include <atf-c.h>
29
30 static FILE * __unused
new_fp(size_t __len)31 new_fp(size_t __len)
32 {
33 static char fpbuf[LINE_MAX];
34 FILE *fp;
35
36 ATF_REQUIRE(__len <= sizeof(fpbuf));
37
38 memset(fpbuf, 'A', sizeof(fpbuf) - 1);
39 fpbuf[sizeof(fpbuf) - 1] = '\0';
40
41 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb");
42 ATF_REQUIRE(fp != NULL);
43
44 return (fp);
45 }
46
47 /*
48 * Create a new symlink to use for readlink(2) style tests, we'll just use a
49 * random target name to have something interesting to look at.
50 */
51 static const char * __unused
new_symlink(size_t __len)52 new_symlink(size_t __len)
53 {
54 static const char linkname[] = "link";
55 char target[MAXNAMLEN];
56 int error;
57
58 ATF_REQUIRE(__len <= sizeof(target));
59
60 arc4random_buf(target, sizeof(target));
61
62 error = unlink(linkname);
63 ATF_REQUIRE(error == 0 || errno == ENOENT);
64
65 error = symlink(target, linkname);
66 ATF_REQUIRE(error == 0);
67
68 return (linkname);
69 }
70
71 /*
72 * For our purposes, first descriptor will be the reader; we'll send both
73 * raw data and a control message over it so that the result can be used for
74 * any of our recv*() tests.
75 */
76 static void __unused
new_socket(int sock[2])77 new_socket(int sock[2])
78 {
79 unsigned char ctrl[CMSG_SPACE(sizeof(int))] = { 0 };
80 static char sockbuf[256];
81 ssize_t rv;
82 size_t total = 0;
83 struct msghdr hdr = { 0 };
84 struct cmsghdr *cmsg;
85 int error, fd;
86
87 error = socketpair(AF_UNIX, SOCK_STREAM, 0, sock);
88 ATF_REQUIRE(error == 0);
89
90 while (total != sizeof(sockbuf)) {
91 rv = send(sock[1], &sockbuf[total], sizeof(sockbuf) - total, 0);
92
93 ATF_REQUIRE_MSG(rv > 0,
94 "expected bytes sent, got %zd with %zu left (size %zu, total %zu)",
95 rv, sizeof(sockbuf) - total, sizeof(sockbuf), total);
96 ATF_REQUIRE_MSG(total + (size_t)rv <= sizeof(sockbuf),
97 "%zd exceeds total %zu", rv, sizeof(sockbuf));
98 total += rv;
99 }
100
101 hdr.msg_control = ctrl;
102 hdr.msg_controllen = sizeof(ctrl);
103
104 cmsg = CMSG_FIRSTHDR(&hdr);
105 cmsg->cmsg_level = SOL_SOCKET;
106 cmsg->cmsg_type = SCM_RIGHTS;
107 cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
108 fd = STDIN_FILENO;
109 memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
110
111 error = sendmsg(sock[1], &hdr, 0);
112 ATF_REQUIRE(error != -1);
113 }
114
115 /*
116 * Constructs a tmpfile that we can use for testing read(2) and friends.
117 */
118 static int __unused
new_tmpfile(void)119 new_tmpfile(void)
120 {
121 char buf[1024];
122 ssize_t rv;
123 size_t written;
124 int fd;
125
126 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644);
127 ATF_REQUIRE(fd >= 0);
128
129 written = 0;
130 while (written < TMPFILE_SIZE) {
131 rv = write(fd, buf, sizeof(buf));
132 ATF_REQUIRE(rv > 0);
133
134 written += rv;
135 }
136
137 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET));
138 return (fd);
139 }
140
141 static void
disable_coredumps(void)142 disable_coredumps(void)
143 {
144 struct rlimit rl = { 0 };
145
146 if (setrlimit(RLIMIT_CORE, &rl) == -1)
147 _exit(EX_OSERR);
148 }
149
150 /*
151 * Replaces stdin with a file that we can actually read from, for tests where
152 * we want a FILE * or fd that we can get data from.
153 */
154 static void __unused
replace_stdin(void)155 replace_stdin(void)
156 {
157 int fd;
158
159 fd = new_tmpfile();
160
161 (void)dup2(fd, STDIN_FILENO);
162 if (fd != STDIN_FILENO)
163 close(fd);
164 }
165
166 ATF_TC(ctermid_before_end);
ATF_TC_HEAD(ctermid_before_end,tc)167 ATF_TC_HEAD(ctermid_before_end, tc)
168 {
169 }
ATF_TC_BODY(ctermid_before_end,tc)170 ATF_TC_BODY(ctermid_before_end, tc)
171 {
172 #define BUF &__stack.__buf
173 struct {
174 uint8_t padding_l;
175 unsigned char __buf[L_ctermid + 1];
176 uint8_t padding_r;
177 } __stack;
178 const size_t __bufsz __unused = sizeof(__stack.__buf);
179 const size_t __len = L_ctermid + 1;
180 const size_t __idx __unused = __len - 1;
181
182 ctermid(__stack.__buf);
183 #undef BUF
184
185 }
186
187 ATF_TC(ctermid_end);
ATF_TC_HEAD(ctermid_end,tc)188 ATF_TC_HEAD(ctermid_end, tc)
189 {
190 }
ATF_TC_BODY(ctermid_end,tc)191 ATF_TC_BODY(ctermid_end, tc)
192 {
193 #define BUF &__stack.__buf
194 struct {
195 uint8_t padding_l;
196 unsigned char __buf[L_ctermid];
197 uint8_t padding_r;
198 } __stack;
199 const size_t __bufsz __unused = sizeof(__stack.__buf);
200 const size_t __len = L_ctermid;
201 const size_t __idx __unused = __len - 1;
202
203 ctermid(__stack.__buf);
204 #undef BUF
205
206 }
207
208 ATF_TC(ctermid_heap_before_end);
ATF_TC_HEAD(ctermid_heap_before_end,tc)209 ATF_TC_HEAD(ctermid_heap_before_end, tc)
210 {
211 }
ATF_TC_BODY(ctermid_heap_before_end,tc)212 ATF_TC_BODY(ctermid_heap_before_end, tc)
213 {
214 #define BUF __stack.__buf
215 struct {
216 uint8_t padding_l;
217 unsigned char * __buf;
218 uint8_t padding_r;
219 } __stack;
220 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid + 1);
221 const size_t __len = L_ctermid + 1;
222 const size_t __idx __unused = __len - 1;
223
224 __stack.__buf = malloc(__bufsz);
225
226 ctermid(__stack.__buf);
227 #undef BUF
228
229 }
230
231 ATF_TC(ctermid_heap_end);
ATF_TC_HEAD(ctermid_heap_end,tc)232 ATF_TC_HEAD(ctermid_heap_end, tc)
233 {
234 }
ATF_TC_BODY(ctermid_heap_end,tc)235 ATF_TC_BODY(ctermid_heap_end, tc)
236 {
237 #define BUF __stack.__buf
238 struct {
239 uint8_t padding_l;
240 unsigned char * __buf;
241 uint8_t padding_r;
242 } __stack;
243 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid);
244 const size_t __len = L_ctermid;
245 const size_t __idx __unused = __len - 1;
246
247 __stack.__buf = malloc(__bufsz);
248
249 ctermid(__stack.__buf);
250 #undef BUF
251
252 }
253
254 ATF_TC(ctermid_heap_after_end);
ATF_TC_HEAD(ctermid_heap_after_end,tc)255 ATF_TC_HEAD(ctermid_heap_after_end, tc)
256 {
257 }
ATF_TC_BODY(ctermid_heap_after_end,tc)258 ATF_TC_BODY(ctermid_heap_after_end, tc)
259 {
260 #define BUF __stack.__buf
261 struct {
262 uint8_t padding_l;
263 unsigned char * __buf;
264 uint8_t padding_r;
265 } __stack;
266 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid - 1);
267 const size_t __len = L_ctermid - 1;
268 const size_t __idx __unused = __len - 1;
269 pid_t __child;
270 int __status;
271
272 __child = fork();
273 ATF_REQUIRE(__child >= 0);
274 if (__child > 0)
275 goto monitor;
276
277 /* Child */
278 disable_coredumps();
279 __stack.__buf = malloc(__bufsz);
280
281 ctermid(__stack.__buf);
282 _exit(EX_SOFTWARE); /* Should have aborted. */
283
284 monitor:
285 while (waitpid(__child, &__status, 0) != __child) {
286 ATF_REQUIRE_EQ(EINTR, errno);
287 }
288
289 if (!WIFSIGNALED(__status)) {
290 switch (WEXITSTATUS(__status)) {
291 case EX_SOFTWARE:
292 atf_tc_fail("FORTIFY_SOURCE failed to abort");
293 break;
294 case EX_OSERR:
295 atf_tc_fail("setrlimit(2) failed");
296 break;
297 default:
298 atf_tc_fail("child exited with status %d",
299 WEXITSTATUS(__status));
300 }
301 } else {
302 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
303 }
304 #undef BUF
305
306 }
307
308 ATF_TC(ctermid_r_before_end);
ATF_TC_HEAD(ctermid_r_before_end,tc)309 ATF_TC_HEAD(ctermid_r_before_end, tc)
310 {
311 }
ATF_TC_BODY(ctermid_r_before_end,tc)312 ATF_TC_BODY(ctermid_r_before_end, tc)
313 {
314 #define BUF &__stack.__buf
315 struct {
316 uint8_t padding_l;
317 unsigned char __buf[L_ctermid + 1];
318 uint8_t padding_r;
319 } __stack;
320 const size_t __bufsz __unused = sizeof(__stack.__buf);
321 const size_t __len = L_ctermid + 1;
322 const size_t __idx __unused = __len - 1;
323
324 ctermid_r(__stack.__buf);
325 #undef BUF
326
327 }
328
329 ATF_TC(ctermid_r_end);
ATF_TC_HEAD(ctermid_r_end,tc)330 ATF_TC_HEAD(ctermid_r_end, tc)
331 {
332 }
ATF_TC_BODY(ctermid_r_end,tc)333 ATF_TC_BODY(ctermid_r_end, tc)
334 {
335 #define BUF &__stack.__buf
336 struct {
337 uint8_t padding_l;
338 unsigned char __buf[L_ctermid];
339 uint8_t padding_r;
340 } __stack;
341 const size_t __bufsz __unused = sizeof(__stack.__buf);
342 const size_t __len = L_ctermid;
343 const size_t __idx __unused = __len - 1;
344
345 ctermid_r(__stack.__buf);
346 #undef BUF
347
348 }
349
350 ATF_TC(ctermid_r_heap_before_end);
ATF_TC_HEAD(ctermid_r_heap_before_end,tc)351 ATF_TC_HEAD(ctermid_r_heap_before_end, tc)
352 {
353 }
ATF_TC_BODY(ctermid_r_heap_before_end,tc)354 ATF_TC_BODY(ctermid_r_heap_before_end, tc)
355 {
356 #define BUF __stack.__buf
357 struct {
358 uint8_t padding_l;
359 unsigned char * __buf;
360 uint8_t padding_r;
361 } __stack;
362 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid + 1);
363 const size_t __len = L_ctermid + 1;
364 const size_t __idx __unused = __len - 1;
365
366 __stack.__buf = malloc(__bufsz);
367
368 ctermid_r(__stack.__buf);
369 #undef BUF
370
371 }
372
373 ATF_TC(ctermid_r_heap_end);
ATF_TC_HEAD(ctermid_r_heap_end,tc)374 ATF_TC_HEAD(ctermid_r_heap_end, tc)
375 {
376 }
ATF_TC_BODY(ctermid_r_heap_end,tc)377 ATF_TC_BODY(ctermid_r_heap_end, tc)
378 {
379 #define BUF __stack.__buf
380 struct {
381 uint8_t padding_l;
382 unsigned char * __buf;
383 uint8_t padding_r;
384 } __stack;
385 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid);
386 const size_t __len = L_ctermid;
387 const size_t __idx __unused = __len - 1;
388
389 __stack.__buf = malloc(__bufsz);
390
391 ctermid_r(__stack.__buf);
392 #undef BUF
393
394 }
395
396 ATF_TC(ctermid_r_heap_after_end);
ATF_TC_HEAD(ctermid_r_heap_after_end,tc)397 ATF_TC_HEAD(ctermid_r_heap_after_end, tc)
398 {
399 }
ATF_TC_BODY(ctermid_r_heap_after_end,tc)400 ATF_TC_BODY(ctermid_r_heap_after_end, tc)
401 {
402 #define BUF __stack.__buf
403 struct {
404 uint8_t padding_l;
405 unsigned char * __buf;
406 uint8_t padding_r;
407 } __stack;
408 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid - 1);
409 const size_t __len = L_ctermid - 1;
410 const size_t __idx __unused = __len - 1;
411 pid_t __child;
412 int __status;
413
414 __child = fork();
415 ATF_REQUIRE(__child >= 0);
416 if (__child > 0)
417 goto monitor;
418
419 /* Child */
420 disable_coredumps();
421 __stack.__buf = malloc(__bufsz);
422
423 ctermid_r(__stack.__buf);
424 _exit(EX_SOFTWARE); /* Should have aborted. */
425
426 monitor:
427 while (waitpid(__child, &__status, 0) != __child) {
428 ATF_REQUIRE_EQ(EINTR, errno);
429 }
430
431 if (!WIFSIGNALED(__status)) {
432 switch (WEXITSTATUS(__status)) {
433 case EX_SOFTWARE:
434 atf_tc_fail("FORTIFY_SOURCE failed to abort");
435 break;
436 case EX_OSERR:
437 atf_tc_fail("setrlimit(2) failed");
438 break;
439 default:
440 atf_tc_fail("child exited with status %d",
441 WEXITSTATUS(__status));
442 }
443 } else {
444 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
445 }
446 #undef BUF
447
448 }
449
450 ATF_TC(fread_before_end);
ATF_TC_HEAD(fread_before_end,tc)451 ATF_TC_HEAD(fread_before_end, tc)
452 {
453 }
ATF_TC_BODY(fread_before_end,tc)454 ATF_TC_BODY(fread_before_end, tc)
455 {
456 #define BUF &__stack.__buf
457 struct {
458 uint8_t padding_l;
459 unsigned char __buf[42];
460 uint8_t padding_r;
461 } __stack;
462 const size_t __bufsz __unused = sizeof(__stack.__buf);
463 const size_t __len = 42 - 1;
464 const size_t __idx __unused = __len - 1;
465
466 replace_stdin();
467
468 fread(__stack.__buf, __len, 1, stdin);
469 #undef BUF
470
471 }
472
473 ATF_TC(fread_end);
ATF_TC_HEAD(fread_end,tc)474 ATF_TC_HEAD(fread_end, tc)
475 {
476 }
ATF_TC_BODY(fread_end,tc)477 ATF_TC_BODY(fread_end, tc)
478 {
479 #define BUF &__stack.__buf
480 struct {
481 uint8_t padding_l;
482 unsigned char __buf[42];
483 uint8_t padding_r;
484 } __stack;
485 const size_t __bufsz __unused = sizeof(__stack.__buf);
486 const size_t __len = 42;
487 const size_t __idx __unused = __len - 1;
488
489 replace_stdin();
490
491 fread(__stack.__buf, __len, 1, stdin);
492 #undef BUF
493
494 }
495
496 ATF_TC(fread_heap_before_end);
ATF_TC_HEAD(fread_heap_before_end,tc)497 ATF_TC_HEAD(fread_heap_before_end, tc)
498 {
499 }
ATF_TC_BODY(fread_heap_before_end,tc)500 ATF_TC_BODY(fread_heap_before_end, tc)
501 {
502 #define BUF __stack.__buf
503 struct {
504 uint8_t padding_l;
505 unsigned char * __buf;
506 uint8_t padding_r;
507 } __stack;
508 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
509 const size_t __len = 42 - 1;
510 const size_t __idx __unused = __len - 1;
511
512 __stack.__buf = malloc(__bufsz);
513 replace_stdin();
514
515 fread(__stack.__buf, __len, 1, stdin);
516 #undef BUF
517
518 }
519
520 ATF_TC(fread_heap_end);
ATF_TC_HEAD(fread_heap_end,tc)521 ATF_TC_HEAD(fread_heap_end, tc)
522 {
523 }
ATF_TC_BODY(fread_heap_end,tc)524 ATF_TC_BODY(fread_heap_end, tc)
525 {
526 #define BUF __stack.__buf
527 struct {
528 uint8_t padding_l;
529 unsigned char * __buf;
530 uint8_t padding_r;
531 } __stack;
532 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
533 const size_t __len = 42;
534 const size_t __idx __unused = __len - 1;
535
536 __stack.__buf = malloc(__bufsz);
537 replace_stdin();
538
539 fread(__stack.__buf, __len, 1, stdin);
540 #undef BUF
541
542 }
543
544 ATF_TC(fread_heap_after_end);
ATF_TC_HEAD(fread_heap_after_end,tc)545 ATF_TC_HEAD(fread_heap_after_end, tc)
546 {
547 }
ATF_TC_BODY(fread_heap_after_end,tc)548 ATF_TC_BODY(fread_heap_after_end, tc)
549 {
550 #define BUF __stack.__buf
551 struct {
552 uint8_t padding_l;
553 unsigned char * __buf;
554 uint8_t padding_r;
555 } __stack;
556 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
557 const size_t __len = 42 + 1;
558 const size_t __idx __unused = __len - 1;
559 pid_t __child;
560 int __status;
561
562 __child = fork();
563 ATF_REQUIRE(__child >= 0);
564 if (__child > 0)
565 goto monitor;
566
567 /* Child */
568 disable_coredumps();
569 __stack.__buf = malloc(__bufsz);
570 replace_stdin();
571
572 fread(__stack.__buf, __len, 1, stdin);
573 _exit(EX_SOFTWARE); /* Should have aborted. */
574
575 monitor:
576 while (waitpid(__child, &__status, 0) != __child) {
577 ATF_REQUIRE_EQ(EINTR, errno);
578 }
579
580 if (!WIFSIGNALED(__status)) {
581 switch (WEXITSTATUS(__status)) {
582 case EX_SOFTWARE:
583 atf_tc_fail("FORTIFY_SOURCE failed to abort");
584 break;
585 case EX_OSERR:
586 atf_tc_fail("setrlimit(2) failed");
587 break;
588 default:
589 atf_tc_fail("child exited with status %d",
590 WEXITSTATUS(__status));
591 }
592 } else {
593 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
594 }
595 #undef BUF
596
597 }
598
599 ATF_TC(fread_unlocked_before_end);
ATF_TC_HEAD(fread_unlocked_before_end,tc)600 ATF_TC_HEAD(fread_unlocked_before_end, tc)
601 {
602 }
ATF_TC_BODY(fread_unlocked_before_end,tc)603 ATF_TC_BODY(fread_unlocked_before_end, tc)
604 {
605 #define BUF &__stack.__buf
606 struct {
607 uint8_t padding_l;
608 unsigned char __buf[42];
609 uint8_t padding_r;
610 } __stack;
611 const size_t __bufsz __unused = sizeof(__stack.__buf);
612 const size_t __len = 42 - 1;
613 const size_t __idx __unused = __len - 1;
614
615 replace_stdin();
616
617 fread_unlocked(__stack.__buf, __len, 1, stdin);
618 #undef BUF
619
620 }
621
622 ATF_TC(fread_unlocked_end);
ATF_TC_HEAD(fread_unlocked_end,tc)623 ATF_TC_HEAD(fread_unlocked_end, tc)
624 {
625 }
ATF_TC_BODY(fread_unlocked_end,tc)626 ATF_TC_BODY(fread_unlocked_end, tc)
627 {
628 #define BUF &__stack.__buf
629 struct {
630 uint8_t padding_l;
631 unsigned char __buf[42];
632 uint8_t padding_r;
633 } __stack;
634 const size_t __bufsz __unused = sizeof(__stack.__buf);
635 const size_t __len = 42;
636 const size_t __idx __unused = __len - 1;
637
638 replace_stdin();
639
640 fread_unlocked(__stack.__buf, __len, 1, stdin);
641 #undef BUF
642
643 }
644
645 ATF_TC(fread_unlocked_heap_before_end);
ATF_TC_HEAD(fread_unlocked_heap_before_end,tc)646 ATF_TC_HEAD(fread_unlocked_heap_before_end, tc)
647 {
648 }
ATF_TC_BODY(fread_unlocked_heap_before_end,tc)649 ATF_TC_BODY(fread_unlocked_heap_before_end, tc)
650 {
651 #define BUF __stack.__buf
652 struct {
653 uint8_t padding_l;
654 unsigned char * __buf;
655 uint8_t padding_r;
656 } __stack;
657 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
658 const size_t __len = 42 - 1;
659 const size_t __idx __unused = __len - 1;
660
661 __stack.__buf = malloc(__bufsz);
662 replace_stdin();
663
664 fread_unlocked(__stack.__buf, __len, 1, stdin);
665 #undef BUF
666
667 }
668
669 ATF_TC(fread_unlocked_heap_end);
ATF_TC_HEAD(fread_unlocked_heap_end,tc)670 ATF_TC_HEAD(fread_unlocked_heap_end, tc)
671 {
672 }
ATF_TC_BODY(fread_unlocked_heap_end,tc)673 ATF_TC_BODY(fread_unlocked_heap_end, tc)
674 {
675 #define BUF __stack.__buf
676 struct {
677 uint8_t padding_l;
678 unsigned char * __buf;
679 uint8_t padding_r;
680 } __stack;
681 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
682 const size_t __len = 42;
683 const size_t __idx __unused = __len - 1;
684
685 __stack.__buf = malloc(__bufsz);
686 replace_stdin();
687
688 fread_unlocked(__stack.__buf, __len, 1, stdin);
689 #undef BUF
690
691 }
692
693 ATF_TC(fread_unlocked_heap_after_end);
ATF_TC_HEAD(fread_unlocked_heap_after_end,tc)694 ATF_TC_HEAD(fread_unlocked_heap_after_end, tc)
695 {
696 }
ATF_TC_BODY(fread_unlocked_heap_after_end,tc)697 ATF_TC_BODY(fread_unlocked_heap_after_end, tc)
698 {
699 #define BUF __stack.__buf
700 struct {
701 uint8_t padding_l;
702 unsigned char * __buf;
703 uint8_t padding_r;
704 } __stack;
705 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
706 const size_t __len = 42 + 1;
707 const size_t __idx __unused = __len - 1;
708 pid_t __child;
709 int __status;
710
711 __child = fork();
712 ATF_REQUIRE(__child >= 0);
713 if (__child > 0)
714 goto monitor;
715
716 /* Child */
717 disable_coredumps();
718 __stack.__buf = malloc(__bufsz);
719 replace_stdin();
720
721 fread_unlocked(__stack.__buf, __len, 1, stdin);
722 _exit(EX_SOFTWARE); /* Should have aborted. */
723
724 monitor:
725 while (waitpid(__child, &__status, 0) != __child) {
726 ATF_REQUIRE_EQ(EINTR, errno);
727 }
728
729 if (!WIFSIGNALED(__status)) {
730 switch (WEXITSTATUS(__status)) {
731 case EX_SOFTWARE:
732 atf_tc_fail("FORTIFY_SOURCE failed to abort");
733 break;
734 case EX_OSERR:
735 atf_tc_fail("setrlimit(2) failed");
736 break;
737 default:
738 atf_tc_fail("child exited with status %d",
739 WEXITSTATUS(__status));
740 }
741 } else {
742 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
743 }
744 #undef BUF
745
746 }
747
748 ATF_TC(gets_s_before_end);
ATF_TC_HEAD(gets_s_before_end,tc)749 ATF_TC_HEAD(gets_s_before_end, tc)
750 {
751 }
ATF_TC_BODY(gets_s_before_end,tc)752 ATF_TC_BODY(gets_s_before_end, tc)
753 {
754 #define BUF &__stack.__buf
755 struct {
756 uint8_t padding_l;
757 unsigned char __buf[42];
758 uint8_t padding_r;
759 } __stack;
760 const size_t __bufsz __unused = sizeof(__stack.__buf);
761 const size_t __len = 42 - 1;
762 const size_t __idx __unused = __len - 1;
763
764 replace_stdin();
765
766 gets_s(__stack.__buf, __len);
767 #undef BUF
768
769 }
770
771 ATF_TC(gets_s_end);
ATF_TC_HEAD(gets_s_end,tc)772 ATF_TC_HEAD(gets_s_end, tc)
773 {
774 }
ATF_TC_BODY(gets_s_end,tc)775 ATF_TC_BODY(gets_s_end, tc)
776 {
777 #define BUF &__stack.__buf
778 struct {
779 uint8_t padding_l;
780 unsigned char __buf[42];
781 uint8_t padding_r;
782 } __stack;
783 const size_t __bufsz __unused = sizeof(__stack.__buf);
784 const size_t __len = 42;
785 const size_t __idx __unused = __len - 1;
786
787 replace_stdin();
788
789 gets_s(__stack.__buf, __len);
790 #undef BUF
791
792 }
793
794 ATF_TC(gets_s_heap_before_end);
ATF_TC_HEAD(gets_s_heap_before_end,tc)795 ATF_TC_HEAD(gets_s_heap_before_end, tc)
796 {
797 }
ATF_TC_BODY(gets_s_heap_before_end,tc)798 ATF_TC_BODY(gets_s_heap_before_end, tc)
799 {
800 #define BUF __stack.__buf
801 struct {
802 uint8_t padding_l;
803 unsigned char * __buf;
804 uint8_t padding_r;
805 } __stack;
806 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
807 const size_t __len = 42 - 1;
808 const size_t __idx __unused = __len - 1;
809
810 __stack.__buf = malloc(__bufsz);
811 replace_stdin();
812
813 gets_s(__stack.__buf, __len);
814 #undef BUF
815
816 }
817
818 ATF_TC(gets_s_heap_end);
ATF_TC_HEAD(gets_s_heap_end,tc)819 ATF_TC_HEAD(gets_s_heap_end, tc)
820 {
821 }
ATF_TC_BODY(gets_s_heap_end,tc)822 ATF_TC_BODY(gets_s_heap_end, tc)
823 {
824 #define BUF __stack.__buf
825 struct {
826 uint8_t padding_l;
827 unsigned char * __buf;
828 uint8_t padding_r;
829 } __stack;
830 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
831 const size_t __len = 42;
832 const size_t __idx __unused = __len - 1;
833
834 __stack.__buf = malloc(__bufsz);
835 replace_stdin();
836
837 gets_s(__stack.__buf, __len);
838 #undef BUF
839
840 }
841
842 ATF_TC(gets_s_heap_after_end);
ATF_TC_HEAD(gets_s_heap_after_end,tc)843 ATF_TC_HEAD(gets_s_heap_after_end, tc)
844 {
845 }
ATF_TC_BODY(gets_s_heap_after_end,tc)846 ATF_TC_BODY(gets_s_heap_after_end, tc)
847 {
848 #define BUF __stack.__buf
849 struct {
850 uint8_t padding_l;
851 unsigned char * __buf;
852 uint8_t padding_r;
853 } __stack;
854 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
855 const size_t __len = 42 + 1;
856 const size_t __idx __unused = __len - 1;
857 pid_t __child;
858 int __status;
859
860 __child = fork();
861 ATF_REQUIRE(__child >= 0);
862 if (__child > 0)
863 goto monitor;
864
865 /* Child */
866 disable_coredumps();
867 __stack.__buf = malloc(__bufsz);
868 replace_stdin();
869
870 gets_s(__stack.__buf, __len);
871 _exit(EX_SOFTWARE); /* Should have aborted. */
872
873 monitor:
874 while (waitpid(__child, &__status, 0) != __child) {
875 ATF_REQUIRE_EQ(EINTR, errno);
876 }
877
878 if (!WIFSIGNALED(__status)) {
879 switch (WEXITSTATUS(__status)) {
880 case EX_SOFTWARE:
881 atf_tc_fail("FORTIFY_SOURCE failed to abort");
882 break;
883 case EX_OSERR:
884 atf_tc_fail("setrlimit(2) failed");
885 break;
886 default:
887 atf_tc_fail("child exited with status %d",
888 WEXITSTATUS(__status));
889 }
890 } else {
891 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
892 }
893 #undef BUF
894
895 }
896
897 ATF_TC(sprintf_before_end);
ATF_TC_HEAD(sprintf_before_end,tc)898 ATF_TC_HEAD(sprintf_before_end, tc)
899 {
900 }
ATF_TC_BODY(sprintf_before_end,tc)901 ATF_TC_BODY(sprintf_before_end, tc)
902 {
903 #define BUF &__stack.__buf
904 struct {
905 uint8_t padding_l;
906 unsigned char __buf[42];
907 uint8_t padding_r;
908 } __stack;
909 const size_t __bufsz __unused = sizeof(__stack.__buf);
910 const size_t __len = 42 - 1;
911 const size_t __idx __unused = __len - 1;
912 char srcvar[__len + 10];
913
914 memset(srcvar, 'A', sizeof(srcvar) - 1);
915 srcvar[sizeof(srcvar) - 1] = '\0';
916
917 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar);
918 #undef BUF
919
920 }
921
922 ATF_TC(sprintf_end);
ATF_TC_HEAD(sprintf_end,tc)923 ATF_TC_HEAD(sprintf_end, tc)
924 {
925 }
ATF_TC_BODY(sprintf_end,tc)926 ATF_TC_BODY(sprintf_end, tc)
927 {
928 #define BUF &__stack.__buf
929 struct {
930 uint8_t padding_l;
931 unsigned char __buf[42];
932 uint8_t padding_r;
933 } __stack;
934 const size_t __bufsz __unused = sizeof(__stack.__buf);
935 const size_t __len = 42;
936 const size_t __idx __unused = __len - 1;
937 char srcvar[__len + 10];
938
939 memset(srcvar, 'A', sizeof(srcvar) - 1);
940 srcvar[sizeof(srcvar) - 1] = '\0';
941
942 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar);
943 #undef BUF
944
945 }
946
947 ATF_TC(sprintf_heap_before_end);
ATF_TC_HEAD(sprintf_heap_before_end,tc)948 ATF_TC_HEAD(sprintf_heap_before_end, tc)
949 {
950 }
ATF_TC_BODY(sprintf_heap_before_end,tc)951 ATF_TC_BODY(sprintf_heap_before_end, tc)
952 {
953 #define BUF __stack.__buf
954 struct {
955 uint8_t padding_l;
956 unsigned char * __buf;
957 uint8_t padding_r;
958 } __stack;
959 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
960 const size_t __len = 42 - 1;
961 const size_t __idx __unused = __len - 1;
962 char srcvar[__len + 10];
963
964 __stack.__buf = malloc(__bufsz);
965 memset(srcvar, 'A', sizeof(srcvar) - 1);
966 srcvar[sizeof(srcvar) - 1] = '\0';
967
968 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar);
969 #undef BUF
970
971 }
972
973 ATF_TC(sprintf_heap_end);
ATF_TC_HEAD(sprintf_heap_end,tc)974 ATF_TC_HEAD(sprintf_heap_end, tc)
975 {
976 }
ATF_TC_BODY(sprintf_heap_end,tc)977 ATF_TC_BODY(sprintf_heap_end, tc)
978 {
979 #define BUF __stack.__buf
980 struct {
981 uint8_t padding_l;
982 unsigned char * __buf;
983 uint8_t padding_r;
984 } __stack;
985 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
986 const size_t __len = 42;
987 const size_t __idx __unused = __len - 1;
988 char srcvar[__len + 10];
989
990 __stack.__buf = malloc(__bufsz);
991 memset(srcvar, 'A', sizeof(srcvar) - 1);
992 srcvar[sizeof(srcvar) - 1] = '\0';
993
994 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar);
995 #undef BUF
996
997 }
998
999 ATF_TC(sprintf_heap_after_end);
ATF_TC_HEAD(sprintf_heap_after_end,tc)1000 ATF_TC_HEAD(sprintf_heap_after_end, tc)
1001 {
1002 }
ATF_TC_BODY(sprintf_heap_after_end,tc)1003 ATF_TC_BODY(sprintf_heap_after_end, tc)
1004 {
1005 #define BUF __stack.__buf
1006 struct {
1007 uint8_t padding_l;
1008 unsigned char * __buf;
1009 uint8_t padding_r;
1010 } __stack;
1011 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1012 const size_t __len = 42 + 1;
1013 const size_t __idx __unused = __len - 1;
1014 pid_t __child;
1015 int __status;
1016 char srcvar[__len + 10];
1017
1018 __child = fork();
1019 ATF_REQUIRE(__child >= 0);
1020 if (__child > 0)
1021 goto monitor;
1022
1023 /* Child */
1024 disable_coredumps();
1025 __stack.__buf = malloc(__bufsz);
1026 memset(srcvar, 'A', sizeof(srcvar) - 1);
1027 srcvar[sizeof(srcvar) - 1] = '\0';
1028
1029 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar);
1030 _exit(EX_SOFTWARE); /* Should have aborted. */
1031
1032 monitor:
1033 while (waitpid(__child, &__status, 0) != __child) {
1034 ATF_REQUIRE_EQ(EINTR, errno);
1035 }
1036
1037 if (!WIFSIGNALED(__status)) {
1038 switch (WEXITSTATUS(__status)) {
1039 case EX_SOFTWARE:
1040 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1041 break;
1042 case EX_OSERR:
1043 atf_tc_fail("setrlimit(2) failed");
1044 break;
1045 default:
1046 atf_tc_fail("child exited with status %d",
1047 WEXITSTATUS(__status));
1048 }
1049 } else {
1050 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1051 }
1052 #undef BUF
1053
1054 }
1055
1056 ATF_TC(snprintf_before_end);
ATF_TC_HEAD(snprintf_before_end,tc)1057 ATF_TC_HEAD(snprintf_before_end, tc)
1058 {
1059 }
ATF_TC_BODY(snprintf_before_end,tc)1060 ATF_TC_BODY(snprintf_before_end, tc)
1061 {
1062 #define BUF &__stack.__buf
1063 struct {
1064 uint8_t padding_l;
1065 unsigned char __buf[42];
1066 uint8_t padding_r;
1067 } __stack;
1068 const size_t __bufsz __unused = sizeof(__stack.__buf);
1069 const size_t __len = 42 - 1;
1070 const size_t __idx __unused = __len - 1;
1071 char srcvar[__len + 10];
1072
1073 memset(srcvar, 'A', sizeof(srcvar) - 1);
1074 srcvar[sizeof(srcvar) - 1] = '\0';
1075
1076 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar);
1077 #undef BUF
1078
1079 }
1080
1081 ATF_TC(snprintf_end);
ATF_TC_HEAD(snprintf_end,tc)1082 ATF_TC_HEAD(snprintf_end, tc)
1083 {
1084 }
ATF_TC_BODY(snprintf_end,tc)1085 ATF_TC_BODY(snprintf_end, tc)
1086 {
1087 #define BUF &__stack.__buf
1088 struct {
1089 uint8_t padding_l;
1090 unsigned char __buf[42];
1091 uint8_t padding_r;
1092 } __stack;
1093 const size_t __bufsz __unused = sizeof(__stack.__buf);
1094 const size_t __len = 42;
1095 const size_t __idx __unused = __len - 1;
1096 char srcvar[__len + 10];
1097
1098 memset(srcvar, 'A', sizeof(srcvar) - 1);
1099 srcvar[sizeof(srcvar) - 1] = '\0';
1100
1101 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar);
1102 #undef BUF
1103
1104 }
1105
1106 ATF_TC(snprintf_heap_before_end);
ATF_TC_HEAD(snprintf_heap_before_end,tc)1107 ATF_TC_HEAD(snprintf_heap_before_end, tc)
1108 {
1109 }
ATF_TC_BODY(snprintf_heap_before_end,tc)1110 ATF_TC_BODY(snprintf_heap_before_end, tc)
1111 {
1112 #define BUF __stack.__buf
1113 struct {
1114 uint8_t padding_l;
1115 unsigned char * __buf;
1116 uint8_t padding_r;
1117 } __stack;
1118 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1119 const size_t __len = 42 - 1;
1120 const size_t __idx __unused = __len - 1;
1121 char srcvar[__len + 10];
1122
1123 __stack.__buf = malloc(__bufsz);
1124 memset(srcvar, 'A', sizeof(srcvar) - 1);
1125 srcvar[sizeof(srcvar) - 1] = '\0';
1126
1127 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar);
1128 #undef BUF
1129
1130 }
1131
1132 ATF_TC(snprintf_heap_end);
ATF_TC_HEAD(snprintf_heap_end,tc)1133 ATF_TC_HEAD(snprintf_heap_end, tc)
1134 {
1135 }
ATF_TC_BODY(snprintf_heap_end,tc)1136 ATF_TC_BODY(snprintf_heap_end, tc)
1137 {
1138 #define BUF __stack.__buf
1139 struct {
1140 uint8_t padding_l;
1141 unsigned char * __buf;
1142 uint8_t padding_r;
1143 } __stack;
1144 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1145 const size_t __len = 42;
1146 const size_t __idx __unused = __len - 1;
1147 char srcvar[__len + 10];
1148
1149 __stack.__buf = malloc(__bufsz);
1150 memset(srcvar, 'A', sizeof(srcvar) - 1);
1151 srcvar[sizeof(srcvar) - 1] = '\0';
1152
1153 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar);
1154 #undef BUF
1155
1156 }
1157
1158 ATF_TC(snprintf_heap_after_end);
ATF_TC_HEAD(snprintf_heap_after_end,tc)1159 ATF_TC_HEAD(snprintf_heap_after_end, tc)
1160 {
1161 }
ATF_TC_BODY(snprintf_heap_after_end,tc)1162 ATF_TC_BODY(snprintf_heap_after_end, tc)
1163 {
1164 #define BUF __stack.__buf
1165 struct {
1166 uint8_t padding_l;
1167 unsigned char * __buf;
1168 uint8_t padding_r;
1169 } __stack;
1170 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1171 const size_t __len = 42 + 1;
1172 const size_t __idx __unused = __len - 1;
1173 pid_t __child;
1174 int __status;
1175 char srcvar[__len + 10];
1176
1177 __child = fork();
1178 ATF_REQUIRE(__child >= 0);
1179 if (__child > 0)
1180 goto monitor;
1181
1182 /* Child */
1183 disable_coredumps();
1184 __stack.__buf = malloc(__bufsz);
1185 memset(srcvar, 'A', sizeof(srcvar) - 1);
1186 srcvar[sizeof(srcvar) - 1] = '\0';
1187
1188 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar);
1189 _exit(EX_SOFTWARE); /* Should have aborted. */
1190
1191 monitor:
1192 while (waitpid(__child, &__status, 0) != __child) {
1193 ATF_REQUIRE_EQ(EINTR, errno);
1194 }
1195
1196 if (!WIFSIGNALED(__status)) {
1197 switch (WEXITSTATUS(__status)) {
1198 case EX_SOFTWARE:
1199 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1200 break;
1201 case EX_OSERR:
1202 atf_tc_fail("setrlimit(2) failed");
1203 break;
1204 default:
1205 atf_tc_fail("child exited with status %d",
1206 WEXITSTATUS(__status));
1207 }
1208 } else {
1209 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1210 }
1211 #undef BUF
1212
1213 }
1214
1215 ATF_TC(tmpnam_before_end);
ATF_TC_HEAD(tmpnam_before_end,tc)1216 ATF_TC_HEAD(tmpnam_before_end, tc)
1217 {
1218 }
ATF_TC_BODY(tmpnam_before_end,tc)1219 ATF_TC_BODY(tmpnam_before_end, tc)
1220 {
1221 #define BUF &__stack.__buf
1222 struct {
1223 uint8_t padding_l;
1224 unsigned char __buf[L_tmpnam + 1];
1225 uint8_t padding_r;
1226 } __stack;
1227 const size_t __bufsz __unused = sizeof(__stack.__buf);
1228 const size_t __len = L_tmpnam + 1;
1229 const size_t __idx __unused = __len - 1;
1230
1231 tmpnam(__stack.__buf);
1232 #undef BUF
1233
1234 }
1235
1236 ATF_TC(tmpnam_end);
ATF_TC_HEAD(tmpnam_end,tc)1237 ATF_TC_HEAD(tmpnam_end, tc)
1238 {
1239 }
ATF_TC_BODY(tmpnam_end,tc)1240 ATF_TC_BODY(tmpnam_end, tc)
1241 {
1242 #define BUF &__stack.__buf
1243 struct {
1244 uint8_t padding_l;
1245 unsigned char __buf[L_tmpnam];
1246 uint8_t padding_r;
1247 } __stack;
1248 const size_t __bufsz __unused = sizeof(__stack.__buf);
1249 const size_t __len = L_tmpnam;
1250 const size_t __idx __unused = __len - 1;
1251
1252 tmpnam(__stack.__buf);
1253 #undef BUF
1254
1255 }
1256
1257 ATF_TC(tmpnam_heap_before_end);
ATF_TC_HEAD(tmpnam_heap_before_end,tc)1258 ATF_TC_HEAD(tmpnam_heap_before_end, tc)
1259 {
1260 }
ATF_TC_BODY(tmpnam_heap_before_end,tc)1261 ATF_TC_BODY(tmpnam_heap_before_end, tc)
1262 {
1263 #define BUF __stack.__buf
1264 struct {
1265 uint8_t padding_l;
1266 unsigned char * __buf;
1267 uint8_t padding_r;
1268 } __stack;
1269 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam + 1);
1270 const size_t __len = L_tmpnam + 1;
1271 const size_t __idx __unused = __len - 1;
1272
1273 __stack.__buf = malloc(__bufsz);
1274
1275 tmpnam(__stack.__buf);
1276 #undef BUF
1277
1278 }
1279
1280 ATF_TC(tmpnam_heap_end);
ATF_TC_HEAD(tmpnam_heap_end,tc)1281 ATF_TC_HEAD(tmpnam_heap_end, tc)
1282 {
1283 }
ATF_TC_BODY(tmpnam_heap_end,tc)1284 ATF_TC_BODY(tmpnam_heap_end, tc)
1285 {
1286 #define BUF __stack.__buf
1287 struct {
1288 uint8_t padding_l;
1289 unsigned char * __buf;
1290 uint8_t padding_r;
1291 } __stack;
1292 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam);
1293 const size_t __len = L_tmpnam;
1294 const size_t __idx __unused = __len - 1;
1295
1296 __stack.__buf = malloc(__bufsz);
1297
1298 tmpnam(__stack.__buf);
1299 #undef BUF
1300
1301 }
1302
1303 ATF_TC(tmpnam_heap_after_end);
ATF_TC_HEAD(tmpnam_heap_after_end,tc)1304 ATF_TC_HEAD(tmpnam_heap_after_end, tc)
1305 {
1306 }
ATF_TC_BODY(tmpnam_heap_after_end,tc)1307 ATF_TC_BODY(tmpnam_heap_after_end, tc)
1308 {
1309 #define BUF __stack.__buf
1310 struct {
1311 uint8_t padding_l;
1312 unsigned char * __buf;
1313 uint8_t padding_r;
1314 } __stack;
1315 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam - 1);
1316 const size_t __len = L_tmpnam - 1;
1317 const size_t __idx __unused = __len - 1;
1318 pid_t __child;
1319 int __status;
1320
1321 __child = fork();
1322 ATF_REQUIRE(__child >= 0);
1323 if (__child > 0)
1324 goto monitor;
1325
1326 /* Child */
1327 disable_coredumps();
1328 __stack.__buf = malloc(__bufsz);
1329
1330 tmpnam(__stack.__buf);
1331 _exit(EX_SOFTWARE); /* Should have aborted. */
1332
1333 monitor:
1334 while (waitpid(__child, &__status, 0) != __child) {
1335 ATF_REQUIRE_EQ(EINTR, errno);
1336 }
1337
1338 if (!WIFSIGNALED(__status)) {
1339 switch (WEXITSTATUS(__status)) {
1340 case EX_SOFTWARE:
1341 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1342 break;
1343 case EX_OSERR:
1344 atf_tc_fail("setrlimit(2) failed");
1345 break;
1346 default:
1347 atf_tc_fail("child exited with status %d",
1348 WEXITSTATUS(__status));
1349 }
1350 } else {
1351 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1352 }
1353 #undef BUF
1354
1355 }
1356
1357 ATF_TC(fgets_before_end);
ATF_TC_HEAD(fgets_before_end,tc)1358 ATF_TC_HEAD(fgets_before_end, tc)
1359 {
1360 }
ATF_TC_BODY(fgets_before_end,tc)1361 ATF_TC_BODY(fgets_before_end, tc)
1362 {
1363 #define BUF &__stack.__buf
1364 struct {
1365 uint8_t padding_l;
1366 unsigned char __buf[42];
1367 uint8_t padding_r;
1368 } __stack;
1369 const size_t __bufsz __unused = sizeof(__stack.__buf);
1370 const size_t __len = 42 - 1;
1371 const size_t __idx __unused = __len - 1;
1372 FILE *fp;
1373
1374 fp = new_fp(__len);
1375
1376 fgets(__stack.__buf, __len, fp);
1377 #undef BUF
1378
1379 }
1380
1381 ATF_TC(fgets_end);
ATF_TC_HEAD(fgets_end,tc)1382 ATF_TC_HEAD(fgets_end, tc)
1383 {
1384 }
ATF_TC_BODY(fgets_end,tc)1385 ATF_TC_BODY(fgets_end, tc)
1386 {
1387 #define BUF &__stack.__buf
1388 struct {
1389 uint8_t padding_l;
1390 unsigned char __buf[42];
1391 uint8_t padding_r;
1392 } __stack;
1393 const size_t __bufsz __unused = sizeof(__stack.__buf);
1394 const size_t __len = 42;
1395 const size_t __idx __unused = __len - 1;
1396 FILE *fp;
1397
1398 fp = new_fp(__len);
1399
1400 fgets(__stack.__buf, __len, fp);
1401 #undef BUF
1402
1403 }
1404
1405 ATF_TC(fgets_heap_before_end);
ATF_TC_HEAD(fgets_heap_before_end,tc)1406 ATF_TC_HEAD(fgets_heap_before_end, tc)
1407 {
1408 }
ATF_TC_BODY(fgets_heap_before_end,tc)1409 ATF_TC_BODY(fgets_heap_before_end, tc)
1410 {
1411 #define BUF __stack.__buf
1412 struct {
1413 uint8_t padding_l;
1414 unsigned char * __buf;
1415 uint8_t padding_r;
1416 } __stack;
1417 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1418 const size_t __len = 42 - 1;
1419 const size_t __idx __unused = __len - 1;
1420 FILE *fp;
1421
1422 __stack.__buf = malloc(__bufsz);
1423 fp = new_fp(__len);
1424
1425 fgets(__stack.__buf, __len, fp);
1426 #undef BUF
1427
1428 }
1429
1430 ATF_TC(fgets_heap_end);
ATF_TC_HEAD(fgets_heap_end,tc)1431 ATF_TC_HEAD(fgets_heap_end, tc)
1432 {
1433 }
ATF_TC_BODY(fgets_heap_end,tc)1434 ATF_TC_BODY(fgets_heap_end, tc)
1435 {
1436 #define BUF __stack.__buf
1437 struct {
1438 uint8_t padding_l;
1439 unsigned char * __buf;
1440 uint8_t padding_r;
1441 } __stack;
1442 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1443 const size_t __len = 42;
1444 const size_t __idx __unused = __len - 1;
1445 FILE *fp;
1446
1447 __stack.__buf = malloc(__bufsz);
1448 fp = new_fp(__len);
1449
1450 fgets(__stack.__buf, __len, fp);
1451 #undef BUF
1452
1453 }
1454
1455 ATF_TC(fgets_heap_after_end);
ATF_TC_HEAD(fgets_heap_after_end,tc)1456 ATF_TC_HEAD(fgets_heap_after_end, tc)
1457 {
1458 }
ATF_TC_BODY(fgets_heap_after_end,tc)1459 ATF_TC_BODY(fgets_heap_after_end, tc)
1460 {
1461 #define BUF __stack.__buf
1462 struct {
1463 uint8_t padding_l;
1464 unsigned char * __buf;
1465 uint8_t padding_r;
1466 } __stack;
1467 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1468 const size_t __len = 42 + 1;
1469 const size_t __idx __unused = __len - 1;
1470 pid_t __child;
1471 int __status;
1472 FILE *fp;
1473
1474 __child = fork();
1475 ATF_REQUIRE(__child >= 0);
1476 if (__child > 0)
1477 goto monitor;
1478
1479 /* Child */
1480 disable_coredumps();
1481 __stack.__buf = malloc(__bufsz);
1482 fp = new_fp(__len);
1483
1484 fgets(__stack.__buf, __len, fp);
1485 _exit(EX_SOFTWARE); /* Should have aborted. */
1486
1487 monitor:
1488 while (waitpid(__child, &__status, 0) != __child) {
1489 ATF_REQUIRE_EQ(EINTR, errno);
1490 }
1491
1492 if (!WIFSIGNALED(__status)) {
1493 switch (WEXITSTATUS(__status)) {
1494 case EX_SOFTWARE:
1495 atf_tc_fail("FORTIFY_SOURCE failed to abort");
1496 break;
1497 case EX_OSERR:
1498 atf_tc_fail("setrlimit(2) failed");
1499 break;
1500 default:
1501 atf_tc_fail("child exited with status %d",
1502 WEXITSTATUS(__status));
1503 }
1504 } else {
1505 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1506 }
1507 #undef BUF
1508
1509 }
1510
ATF_TP_ADD_TCS(tp)1511 ATF_TP_ADD_TCS(tp)
1512 {
1513 ATF_TP_ADD_TC(tp, ctermid_before_end);
1514 ATF_TP_ADD_TC(tp, ctermid_end);
1515 ATF_TP_ADD_TC(tp, ctermid_heap_before_end);
1516 ATF_TP_ADD_TC(tp, ctermid_heap_end);
1517 ATF_TP_ADD_TC(tp, ctermid_heap_after_end);
1518 ATF_TP_ADD_TC(tp, ctermid_r_before_end);
1519 ATF_TP_ADD_TC(tp, ctermid_r_end);
1520 ATF_TP_ADD_TC(tp, ctermid_r_heap_before_end);
1521 ATF_TP_ADD_TC(tp, ctermid_r_heap_end);
1522 ATF_TP_ADD_TC(tp, ctermid_r_heap_after_end);
1523 ATF_TP_ADD_TC(tp, fread_before_end);
1524 ATF_TP_ADD_TC(tp, fread_end);
1525 ATF_TP_ADD_TC(tp, fread_heap_before_end);
1526 ATF_TP_ADD_TC(tp, fread_heap_end);
1527 ATF_TP_ADD_TC(tp, fread_heap_after_end);
1528 ATF_TP_ADD_TC(tp, fread_unlocked_before_end);
1529 ATF_TP_ADD_TC(tp, fread_unlocked_end);
1530 ATF_TP_ADD_TC(tp, fread_unlocked_heap_before_end);
1531 ATF_TP_ADD_TC(tp, fread_unlocked_heap_end);
1532 ATF_TP_ADD_TC(tp, fread_unlocked_heap_after_end);
1533 ATF_TP_ADD_TC(tp, gets_s_before_end);
1534 ATF_TP_ADD_TC(tp, gets_s_end);
1535 ATF_TP_ADD_TC(tp, gets_s_heap_before_end);
1536 ATF_TP_ADD_TC(tp, gets_s_heap_end);
1537 ATF_TP_ADD_TC(tp, gets_s_heap_after_end);
1538 ATF_TP_ADD_TC(tp, sprintf_before_end);
1539 ATF_TP_ADD_TC(tp, sprintf_end);
1540 ATF_TP_ADD_TC(tp, sprintf_heap_before_end);
1541 ATF_TP_ADD_TC(tp, sprintf_heap_end);
1542 ATF_TP_ADD_TC(tp, sprintf_heap_after_end);
1543 ATF_TP_ADD_TC(tp, snprintf_before_end);
1544 ATF_TP_ADD_TC(tp, snprintf_end);
1545 ATF_TP_ADD_TC(tp, snprintf_heap_before_end);
1546 ATF_TP_ADD_TC(tp, snprintf_heap_end);
1547 ATF_TP_ADD_TC(tp, snprintf_heap_after_end);
1548 ATF_TP_ADD_TC(tp, tmpnam_before_end);
1549 ATF_TP_ADD_TC(tp, tmpnam_end);
1550 ATF_TP_ADD_TC(tp, tmpnam_heap_before_end);
1551 ATF_TP_ADD_TC(tp, tmpnam_heap_end);
1552 ATF_TP_ADD_TC(tp, tmpnam_heap_after_end);
1553 ATF_TP_ADD_TC(tp, fgets_before_end);
1554 ATF_TP_ADD_TC(tp, fgets_end);
1555 ATF_TP_ADD_TC(tp, fgets_heap_before_end);
1556 ATF_TP_ADD_TC(tp, fgets_heap_end);
1557 ATF_TP_ADD_TC(tp, fgets_heap_after_end);
1558 return (atf_no_error());
1559 }
1560