1 /* @generated by `generate-fortify-tests.lua "stdio"` */ 2 3 #define _FORTIFY_SOURCE 2 4 #define TMPFILE_SIZE (1024 * 32) 5 6 #include <sys/param.h> 7 #include <sys/random.h> 8 #include <sys/resource.h> 9 #include <sys/time.h> 10 #include <sys/wait.h> 11 #include <dirent.h> 12 #include <errno.h> 13 #include <fcntl.h> 14 #include <limits.h> 15 #include <poll.h> 16 #include <signal.h> 17 #include <stdio.h> 18 #include <stdlib.h> 19 #include <string.h> 20 #include <strings.h> 21 #include <sysexits.h> 22 #include <unistd.h> 23 #include <wchar.h> 24 #include <atf-c.h> 25 26 static FILE * __unused 27 new_fp(size_t __len) 28 { 29 static char fpbuf[LINE_MAX]; 30 FILE *fp; 31 32 ATF_REQUIRE(__len <= sizeof(fpbuf)); 33 34 memset(fpbuf, 'A', sizeof(fpbuf) - 1); 35 fpbuf[sizeof(fpbuf) - 1] = '\0'; 36 37 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); 38 ATF_REQUIRE(fp != NULL); 39 40 return (fp); 41 } 42 43 /* 44 * Create a new symlink to use for readlink(2) style tests, we'll just use a 45 * random target name to have something interesting to look at. 46 */ 47 static const char * __unused 48 new_symlink(size_t __len) 49 { 50 static const char linkname[] = "link"; 51 char target[MAXNAMLEN]; 52 int error; 53 54 ATF_REQUIRE(__len <= sizeof(target)); 55 56 arc4random_buf(target, sizeof(target)); 57 58 error = unlink(linkname); 59 ATF_REQUIRE(error == 0 || errno == ENOENT); 60 61 error = symlink(target, linkname); 62 ATF_REQUIRE(error == 0); 63 64 return (linkname); 65 } 66 67 /* 68 * Constructs a tmpfile that we can use for testing read(2) and friends. 69 */ 70 static int __unused 71 new_tmpfile(void) 72 { 73 char buf[1024]; 74 ssize_t rv; 75 size_t written; 76 int fd; 77 78 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); 79 ATF_REQUIRE(fd >= 0); 80 81 written = 0; 82 while (written < TMPFILE_SIZE) { 83 rv = write(fd, buf, sizeof(buf)); 84 ATF_REQUIRE(rv > 0); 85 86 written += rv; 87 } 88 89 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); 90 return (fd); 91 } 92 93 static void 94 disable_coredumps(void) 95 { 96 struct rlimit rl = { 0 }; 97 98 if (setrlimit(RLIMIT_CORE, &rl) == -1) 99 _exit(EX_OSERR); 100 } 101 102 /* 103 * Replaces stdin with a file that we can actually read from, for tests where 104 * we want a FILE * or fd that we can get data from. 105 */ 106 static void __unused 107 replace_stdin(void) 108 { 109 int fd; 110 111 fd = new_tmpfile(); 112 113 (void)dup2(fd, STDIN_FILENO); 114 if (fd != STDIN_FILENO) 115 close(fd); 116 } 117 118 ATF_TC_WITHOUT_HEAD(ctermid_before_end); 119 ATF_TC_BODY(ctermid_before_end, tc) 120 { 121 #define BUF &__stack.__buf 122 struct { 123 uint8_t padding_l; 124 unsigned char __buf[L_ctermid + 1]; 125 uint8_t padding_r; 126 } __stack; 127 const size_t __bufsz __unused = sizeof(__stack.__buf); 128 const size_t __len = L_ctermid + 1; 129 const size_t __idx __unused = __len - 1; 130 131 ctermid(__stack.__buf); 132 #undef BUF 133 134 } 135 136 ATF_TC_WITHOUT_HEAD(ctermid_end); 137 ATF_TC_BODY(ctermid_end, tc) 138 { 139 #define BUF &__stack.__buf 140 struct { 141 uint8_t padding_l; 142 unsigned char __buf[L_ctermid]; 143 uint8_t padding_r; 144 } __stack; 145 const size_t __bufsz __unused = sizeof(__stack.__buf); 146 const size_t __len = L_ctermid; 147 const size_t __idx __unused = __len - 1; 148 149 ctermid(__stack.__buf); 150 #undef BUF 151 152 } 153 154 ATF_TC_WITHOUT_HEAD(ctermid_heap_before_end); 155 ATF_TC_BODY(ctermid_heap_before_end, tc) 156 { 157 #define BUF __stack.__buf 158 struct { 159 uint8_t padding_l; 160 unsigned char * __buf; 161 uint8_t padding_r; 162 } __stack; 163 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid + 1); 164 const size_t __len = L_ctermid + 1; 165 const size_t __idx __unused = __len - 1; 166 167 __stack.__buf = malloc(__bufsz); 168 169 ctermid(__stack.__buf); 170 #undef BUF 171 172 } 173 174 ATF_TC_WITHOUT_HEAD(ctermid_heap_end); 175 ATF_TC_BODY(ctermid_heap_end, tc) 176 { 177 #define BUF __stack.__buf 178 struct { 179 uint8_t padding_l; 180 unsigned char * __buf; 181 uint8_t padding_r; 182 } __stack; 183 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid); 184 const size_t __len = L_ctermid; 185 const size_t __idx __unused = __len - 1; 186 187 __stack.__buf = malloc(__bufsz); 188 189 ctermid(__stack.__buf); 190 #undef BUF 191 192 } 193 194 ATF_TC_WITHOUT_HEAD(ctermid_heap_after_end); 195 ATF_TC_BODY(ctermid_heap_after_end, tc) 196 { 197 #define BUF __stack.__buf 198 struct { 199 uint8_t padding_l; 200 unsigned char * __buf; 201 uint8_t padding_r; 202 } __stack; 203 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid - 1); 204 const size_t __len = L_ctermid - 1; 205 const size_t __idx __unused = __len - 1; 206 pid_t __child; 207 int __status; 208 209 __child = fork(); 210 ATF_REQUIRE(__child >= 0); 211 if (__child > 0) 212 goto monitor; 213 214 /* Child */ 215 disable_coredumps(); 216 __stack.__buf = malloc(__bufsz); 217 218 ctermid(__stack.__buf); 219 _exit(EX_SOFTWARE); /* Should have aborted. */ 220 221 monitor: 222 while (waitpid(__child, &__status, 0) != __child) { 223 ATF_REQUIRE_EQ(EINTR, errno); 224 } 225 226 if (!WIFSIGNALED(__status)) { 227 switch (WEXITSTATUS(__status)) { 228 case EX_SOFTWARE: 229 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 230 break; 231 case EX_OSERR: 232 atf_tc_fail("setrlimit(2) failed"); 233 break; 234 default: 235 atf_tc_fail("child exited with status %d", 236 WEXITSTATUS(__status)); 237 } 238 } else { 239 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 240 } 241 #undef BUF 242 243 } 244 245 ATF_TC_WITHOUT_HEAD(ctermid_r_before_end); 246 ATF_TC_BODY(ctermid_r_before_end, tc) 247 { 248 #define BUF &__stack.__buf 249 struct { 250 uint8_t padding_l; 251 unsigned char __buf[L_ctermid + 1]; 252 uint8_t padding_r; 253 } __stack; 254 const size_t __bufsz __unused = sizeof(__stack.__buf); 255 const size_t __len = L_ctermid + 1; 256 const size_t __idx __unused = __len - 1; 257 258 ctermid_r(__stack.__buf); 259 #undef BUF 260 261 } 262 263 ATF_TC_WITHOUT_HEAD(ctermid_r_end); 264 ATF_TC_BODY(ctermid_r_end, tc) 265 { 266 #define BUF &__stack.__buf 267 struct { 268 uint8_t padding_l; 269 unsigned char __buf[L_ctermid]; 270 uint8_t padding_r; 271 } __stack; 272 const size_t __bufsz __unused = sizeof(__stack.__buf); 273 const size_t __len = L_ctermid; 274 const size_t __idx __unused = __len - 1; 275 276 ctermid_r(__stack.__buf); 277 #undef BUF 278 279 } 280 281 ATF_TC_WITHOUT_HEAD(ctermid_r_heap_before_end); 282 ATF_TC_BODY(ctermid_r_heap_before_end, tc) 283 { 284 #define BUF __stack.__buf 285 struct { 286 uint8_t padding_l; 287 unsigned char * __buf; 288 uint8_t padding_r; 289 } __stack; 290 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid + 1); 291 const size_t __len = L_ctermid + 1; 292 const size_t __idx __unused = __len - 1; 293 294 __stack.__buf = malloc(__bufsz); 295 296 ctermid_r(__stack.__buf); 297 #undef BUF 298 299 } 300 301 ATF_TC_WITHOUT_HEAD(ctermid_r_heap_end); 302 ATF_TC_BODY(ctermid_r_heap_end, tc) 303 { 304 #define BUF __stack.__buf 305 struct { 306 uint8_t padding_l; 307 unsigned char * __buf; 308 uint8_t padding_r; 309 } __stack; 310 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid); 311 const size_t __len = L_ctermid; 312 const size_t __idx __unused = __len - 1; 313 314 __stack.__buf = malloc(__bufsz); 315 316 ctermid_r(__stack.__buf); 317 #undef BUF 318 319 } 320 321 ATF_TC_WITHOUT_HEAD(ctermid_r_heap_after_end); 322 ATF_TC_BODY(ctermid_r_heap_after_end, tc) 323 { 324 #define BUF __stack.__buf 325 struct { 326 uint8_t padding_l; 327 unsigned char * __buf; 328 uint8_t padding_r; 329 } __stack; 330 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_ctermid - 1); 331 const size_t __len = L_ctermid - 1; 332 const size_t __idx __unused = __len - 1; 333 pid_t __child; 334 int __status; 335 336 __child = fork(); 337 ATF_REQUIRE(__child >= 0); 338 if (__child > 0) 339 goto monitor; 340 341 /* Child */ 342 disable_coredumps(); 343 __stack.__buf = malloc(__bufsz); 344 345 ctermid_r(__stack.__buf); 346 _exit(EX_SOFTWARE); /* Should have aborted. */ 347 348 monitor: 349 while (waitpid(__child, &__status, 0) != __child) { 350 ATF_REQUIRE_EQ(EINTR, errno); 351 } 352 353 if (!WIFSIGNALED(__status)) { 354 switch (WEXITSTATUS(__status)) { 355 case EX_SOFTWARE: 356 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 357 break; 358 case EX_OSERR: 359 atf_tc_fail("setrlimit(2) failed"); 360 break; 361 default: 362 atf_tc_fail("child exited with status %d", 363 WEXITSTATUS(__status)); 364 } 365 } else { 366 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 367 } 368 #undef BUF 369 370 } 371 372 ATF_TC_WITHOUT_HEAD(fread_before_end); 373 ATF_TC_BODY(fread_before_end, tc) 374 { 375 #define BUF &__stack.__buf 376 struct { 377 uint8_t padding_l; 378 unsigned char __buf[42]; 379 uint8_t padding_r; 380 } __stack; 381 const size_t __bufsz __unused = sizeof(__stack.__buf); 382 const size_t __len = 42 - 1; 383 const size_t __idx __unused = __len - 1; 384 385 replace_stdin(); 386 387 fread(__stack.__buf, __len, 1, stdin); 388 #undef BUF 389 390 } 391 392 ATF_TC_WITHOUT_HEAD(fread_end); 393 ATF_TC_BODY(fread_end, tc) 394 { 395 #define BUF &__stack.__buf 396 struct { 397 uint8_t padding_l; 398 unsigned char __buf[42]; 399 uint8_t padding_r; 400 } __stack; 401 const size_t __bufsz __unused = sizeof(__stack.__buf); 402 const size_t __len = 42; 403 const size_t __idx __unused = __len - 1; 404 405 replace_stdin(); 406 407 fread(__stack.__buf, __len, 1, stdin); 408 #undef BUF 409 410 } 411 412 ATF_TC_WITHOUT_HEAD(fread_heap_before_end); 413 ATF_TC_BODY(fread_heap_before_end, tc) 414 { 415 #define BUF __stack.__buf 416 struct { 417 uint8_t padding_l; 418 unsigned char * __buf; 419 uint8_t padding_r; 420 } __stack; 421 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 422 const size_t __len = 42 - 1; 423 const size_t __idx __unused = __len - 1; 424 425 __stack.__buf = malloc(__bufsz); 426 replace_stdin(); 427 428 fread(__stack.__buf, __len, 1, stdin); 429 #undef BUF 430 431 } 432 433 ATF_TC_WITHOUT_HEAD(fread_heap_end); 434 ATF_TC_BODY(fread_heap_end, tc) 435 { 436 #define BUF __stack.__buf 437 struct { 438 uint8_t padding_l; 439 unsigned char * __buf; 440 uint8_t padding_r; 441 } __stack; 442 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 443 const size_t __len = 42; 444 const size_t __idx __unused = __len - 1; 445 446 __stack.__buf = malloc(__bufsz); 447 replace_stdin(); 448 449 fread(__stack.__buf, __len, 1, stdin); 450 #undef BUF 451 452 } 453 454 ATF_TC_WITHOUT_HEAD(fread_heap_after_end); 455 ATF_TC_BODY(fread_heap_after_end, tc) 456 { 457 #define BUF __stack.__buf 458 struct { 459 uint8_t padding_l; 460 unsigned char * __buf; 461 uint8_t padding_r; 462 } __stack; 463 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 464 const size_t __len = 42 + 1; 465 const size_t __idx __unused = __len - 1; 466 pid_t __child; 467 int __status; 468 469 __child = fork(); 470 ATF_REQUIRE(__child >= 0); 471 if (__child > 0) 472 goto monitor; 473 474 /* Child */ 475 disable_coredumps(); 476 __stack.__buf = malloc(__bufsz); 477 replace_stdin(); 478 479 fread(__stack.__buf, __len, 1, stdin); 480 _exit(EX_SOFTWARE); /* Should have aborted. */ 481 482 monitor: 483 while (waitpid(__child, &__status, 0) != __child) { 484 ATF_REQUIRE_EQ(EINTR, errno); 485 } 486 487 if (!WIFSIGNALED(__status)) { 488 switch (WEXITSTATUS(__status)) { 489 case EX_SOFTWARE: 490 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 491 break; 492 case EX_OSERR: 493 atf_tc_fail("setrlimit(2) failed"); 494 break; 495 default: 496 atf_tc_fail("child exited with status %d", 497 WEXITSTATUS(__status)); 498 } 499 } else { 500 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 501 } 502 #undef BUF 503 504 } 505 506 ATF_TC_WITHOUT_HEAD(fread_unlocked_before_end); 507 ATF_TC_BODY(fread_unlocked_before_end, tc) 508 { 509 #define BUF &__stack.__buf 510 struct { 511 uint8_t padding_l; 512 unsigned char __buf[42]; 513 uint8_t padding_r; 514 } __stack; 515 const size_t __bufsz __unused = sizeof(__stack.__buf); 516 const size_t __len = 42 - 1; 517 const size_t __idx __unused = __len - 1; 518 519 replace_stdin(); 520 521 fread_unlocked(__stack.__buf, __len, 1, stdin); 522 #undef BUF 523 524 } 525 526 ATF_TC_WITHOUT_HEAD(fread_unlocked_end); 527 ATF_TC_BODY(fread_unlocked_end, tc) 528 { 529 #define BUF &__stack.__buf 530 struct { 531 uint8_t padding_l; 532 unsigned char __buf[42]; 533 uint8_t padding_r; 534 } __stack; 535 const size_t __bufsz __unused = sizeof(__stack.__buf); 536 const size_t __len = 42; 537 const size_t __idx __unused = __len - 1; 538 539 replace_stdin(); 540 541 fread_unlocked(__stack.__buf, __len, 1, stdin); 542 #undef BUF 543 544 } 545 546 ATF_TC_WITHOUT_HEAD(fread_unlocked_heap_before_end); 547 ATF_TC_BODY(fread_unlocked_heap_before_end, tc) 548 { 549 #define BUF __stack.__buf 550 struct { 551 uint8_t padding_l; 552 unsigned char * __buf; 553 uint8_t padding_r; 554 } __stack; 555 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 556 const size_t __len = 42 - 1; 557 const size_t __idx __unused = __len - 1; 558 559 __stack.__buf = malloc(__bufsz); 560 replace_stdin(); 561 562 fread_unlocked(__stack.__buf, __len, 1, stdin); 563 #undef BUF 564 565 } 566 567 ATF_TC_WITHOUT_HEAD(fread_unlocked_heap_end); 568 ATF_TC_BODY(fread_unlocked_heap_end, tc) 569 { 570 #define BUF __stack.__buf 571 struct { 572 uint8_t padding_l; 573 unsigned char * __buf; 574 uint8_t padding_r; 575 } __stack; 576 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 577 const size_t __len = 42; 578 const size_t __idx __unused = __len - 1; 579 580 __stack.__buf = malloc(__bufsz); 581 replace_stdin(); 582 583 fread_unlocked(__stack.__buf, __len, 1, stdin); 584 #undef BUF 585 586 } 587 588 ATF_TC_WITHOUT_HEAD(fread_unlocked_heap_after_end); 589 ATF_TC_BODY(fread_unlocked_heap_after_end, tc) 590 { 591 #define BUF __stack.__buf 592 struct { 593 uint8_t padding_l; 594 unsigned char * __buf; 595 uint8_t padding_r; 596 } __stack; 597 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 598 const size_t __len = 42 + 1; 599 const size_t __idx __unused = __len - 1; 600 pid_t __child; 601 int __status; 602 603 __child = fork(); 604 ATF_REQUIRE(__child >= 0); 605 if (__child > 0) 606 goto monitor; 607 608 /* Child */ 609 disable_coredumps(); 610 __stack.__buf = malloc(__bufsz); 611 replace_stdin(); 612 613 fread_unlocked(__stack.__buf, __len, 1, stdin); 614 _exit(EX_SOFTWARE); /* Should have aborted. */ 615 616 monitor: 617 while (waitpid(__child, &__status, 0) != __child) { 618 ATF_REQUIRE_EQ(EINTR, errno); 619 } 620 621 if (!WIFSIGNALED(__status)) { 622 switch (WEXITSTATUS(__status)) { 623 case EX_SOFTWARE: 624 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 625 break; 626 case EX_OSERR: 627 atf_tc_fail("setrlimit(2) failed"); 628 break; 629 default: 630 atf_tc_fail("child exited with status %d", 631 WEXITSTATUS(__status)); 632 } 633 } else { 634 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 635 } 636 #undef BUF 637 638 } 639 640 ATF_TC_WITHOUT_HEAD(gets_s_before_end); 641 ATF_TC_BODY(gets_s_before_end, tc) 642 { 643 #define BUF &__stack.__buf 644 struct { 645 uint8_t padding_l; 646 unsigned char __buf[42]; 647 uint8_t padding_r; 648 } __stack; 649 const size_t __bufsz __unused = sizeof(__stack.__buf); 650 const size_t __len = 42 - 1; 651 const size_t __idx __unused = __len - 1; 652 653 replace_stdin(); 654 655 gets_s(__stack.__buf, __len); 656 #undef BUF 657 658 } 659 660 ATF_TC_WITHOUT_HEAD(gets_s_end); 661 ATF_TC_BODY(gets_s_end, tc) 662 { 663 #define BUF &__stack.__buf 664 struct { 665 uint8_t padding_l; 666 unsigned char __buf[42]; 667 uint8_t padding_r; 668 } __stack; 669 const size_t __bufsz __unused = sizeof(__stack.__buf); 670 const size_t __len = 42; 671 const size_t __idx __unused = __len - 1; 672 673 replace_stdin(); 674 675 gets_s(__stack.__buf, __len); 676 #undef BUF 677 678 } 679 680 ATF_TC_WITHOUT_HEAD(gets_s_heap_before_end); 681 ATF_TC_BODY(gets_s_heap_before_end, tc) 682 { 683 #define BUF __stack.__buf 684 struct { 685 uint8_t padding_l; 686 unsigned char * __buf; 687 uint8_t padding_r; 688 } __stack; 689 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 690 const size_t __len = 42 - 1; 691 const size_t __idx __unused = __len - 1; 692 693 __stack.__buf = malloc(__bufsz); 694 replace_stdin(); 695 696 gets_s(__stack.__buf, __len); 697 #undef BUF 698 699 } 700 701 ATF_TC_WITHOUT_HEAD(gets_s_heap_end); 702 ATF_TC_BODY(gets_s_heap_end, tc) 703 { 704 #define BUF __stack.__buf 705 struct { 706 uint8_t padding_l; 707 unsigned char * __buf; 708 uint8_t padding_r; 709 } __stack; 710 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 711 const size_t __len = 42; 712 const size_t __idx __unused = __len - 1; 713 714 __stack.__buf = malloc(__bufsz); 715 replace_stdin(); 716 717 gets_s(__stack.__buf, __len); 718 #undef BUF 719 720 } 721 722 ATF_TC_WITHOUT_HEAD(gets_s_heap_after_end); 723 ATF_TC_BODY(gets_s_heap_after_end, tc) 724 { 725 #define BUF __stack.__buf 726 struct { 727 uint8_t padding_l; 728 unsigned char * __buf; 729 uint8_t padding_r; 730 } __stack; 731 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 732 const size_t __len = 42 + 1; 733 const size_t __idx __unused = __len - 1; 734 pid_t __child; 735 int __status; 736 737 __child = fork(); 738 ATF_REQUIRE(__child >= 0); 739 if (__child > 0) 740 goto monitor; 741 742 /* Child */ 743 disable_coredumps(); 744 __stack.__buf = malloc(__bufsz); 745 replace_stdin(); 746 747 gets_s(__stack.__buf, __len); 748 _exit(EX_SOFTWARE); /* Should have aborted. */ 749 750 monitor: 751 while (waitpid(__child, &__status, 0) != __child) { 752 ATF_REQUIRE_EQ(EINTR, errno); 753 } 754 755 if (!WIFSIGNALED(__status)) { 756 switch (WEXITSTATUS(__status)) { 757 case EX_SOFTWARE: 758 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 759 break; 760 case EX_OSERR: 761 atf_tc_fail("setrlimit(2) failed"); 762 break; 763 default: 764 atf_tc_fail("child exited with status %d", 765 WEXITSTATUS(__status)); 766 } 767 } else { 768 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 769 } 770 #undef BUF 771 772 } 773 774 ATF_TC_WITHOUT_HEAD(sprintf_before_end); 775 ATF_TC_BODY(sprintf_before_end, tc) 776 { 777 #define BUF &__stack.__buf 778 struct { 779 uint8_t padding_l; 780 unsigned char __buf[42]; 781 uint8_t padding_r; 782 } __stack; 783 const size_t __bufsz __unused = sizeof(__stack.__buf); 784 const size_t __len = 42 - 1; 785 const size_t __idx __unused = __len - 1; 786 char srcvar[__len + 10]; 787 788 memset(srcvar, 'A', sizeof(srcvar) - 1); 789 srcvar[sizeof(srcvar) - 1] = '\0'; 790 791 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 792 #undef BUF 793 794 } 795 796 ATF_TC_WITHOUT_HEAD(sprintf_end); 797 ATF_TC_BODY(sprintf_end, tc) 798 { 799 #define BUF &__stack.__buf 800 struct { 801 uint8_t padding_l; 802 unsigned char __buf[42]; 803 uint8_t padding_r; 804 } __stack; 805 const size_t __bufsz __unused = sizeof(__stack.__buf); 806 const size_t __len = 42; 807 const size_t __idx __unused = __len - 1; 808 char srcvar[__len + 10]; 809 810 memset(srcvar, 'A', sizeof(srcvar) - 1); 811 srcvar[sizeof(srcvar) - 1] = '\0'; 812 813 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 814 #undef BUF 815 816 } 817 818 ATF_TC_WITHOUT_HEAD(sprintf_heap_before_end); 819 ATF_TC_BODY(sprintf_heap_before_end, tc) 820 { 821 #define BUF __stack.__buf 822 struct { 823 uint8_t padding_l; 824 unsigned char * __buf; 825 uint8_t padding_r; 826 } __stack; 827 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 828 const size_t __len = 42 - 1; 829 const size_t __idx __unused = __len - 1; 830 char srcvar[__len + 10]; 831 832 __stack.__buf = malloc(__bufsz); 833 memset(srcvar, 'A', sizeof(srcvar) - 1); 834 srcvar[sizeof(srcvar) - 1] = '\0'; 835 836 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 837 #undef BUF 838 839 } 840 841 ATF_TC_WITHOUT_HEAD(sprintf_heap_end); 842 ATF_TC_BODY(sprintf_heap_end, tc) 843 { 844 #define BUF __stack.__buf 845 struct { 846 uint8_t padding_l; 847 unsigned char * __buf; 848 uint8_t padding_r; 849 } __stack; 850 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 851 const size_t __len = 42; 852 const size_t __idx __unused = __len - 1; 853 char srcvar[__len + 10]; 854 855 __stack.__buf = malloc(__bufsz); 856 memset(srcvar, 'A', sizeof(srcvar) - 1); 857 srcvar[sizeof(srcvar) - 1] = '\0'; 858 859 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 860 #undef BUF 861 862 } 863 864 ATF_TC_WITHOUT_HEAD(sprintf_heap_after_end); 865 ATF_TC_BODY(sprintf_heap_after_end, tc) 866 { 867 #define BUF __stack.__buf 868 struct { 869 uint8_t padding_l; 870 unsigned char * __buf; 871 uint8_t padding_r; 872 } __stack; 873 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 874 const size_t __len = 42 + 1; 875 const size_t __idx __unused = __len - 1; 876 pid_t __child; 877 int __status; 878 char srcvar[__len + 10]; 879 880 __child = fork(); 881 ATF_REQUIRE(__child >= 0); 882 if (__child > 0) 883 goto monitor; 884 885 /* Child */ 886 disable_coredumps(); 887 __stack.__buf = malloc(__bufsz); 888 memset(srcvar, 'A', sizeof(srcvar) - 1); 889 srcvar[sizeof(srcvar) - 1] = '\0'; 890 891 sprintf(__stack.__buf, "%.*s", (int)__len - 1, srcvar); 892 _exit(EX_SOFTWARE); /* Should have aborted. */ 893 894 monitor: 895 while (waitpid(__child, &__status, 0) != __child) { 896 ATF_REQUIRE_EQ(EINTR, errno); 897 } 898 899 if (!WIFSIGNALED(__status)) { 900 switch (WEXITSTATUS(__status)) { 901 case EX_SOFTWARE: 902 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 903 break; 904 case EX_OSERR: 905 atf_tc_fail("setrlimit(2) failed"); 906 break; 907 default: 908 atf_tc_fail("child exited with status %d", 909 WEXITSTATUS(__status)); 910 } 911 } else { 912 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 913 } 914 #undef BUF 915 916 } 917 918 ATF_TC_WITHOUT_HEAD(snprintf_before_end); 919 ATF_TC_BODY(snprintf_before_end, tc) 920 { 921 #define BUF &__stack.__buf 922 struct { 923 uint8_t padding_l; 924 unsigned char __buf[42]; 925 uint8_t padding_r; 926 } __stack; 927 const size_t __bufsz __unused = sizeof(__stack.__buf); 928 const size_t __len = 42 - 1; 929 const size_t __idx __unused = __len - 1; 930 char srcvar[__len + 10]; 931 932 memset(srcvar, 'A', sizeof(srcvar) - 1); 933 srcvar[sizeof(srcvar) - 1] = '\0'; 934 935 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 936 #undef BUF 937 938 } 939 940 ATF_TC_WITHOUT_HEAD(snprintf_end); 941 ATF_TC_BODY(snprintf_end, tc) 942 { 943 #define BUF &__stack.__buf 944 struct { 945 uint8_t padding_l; 946 unsigned char __buf[42]; 947 uint8_t padding_r; 948 } __stack; 949 const size_t __bufsz __unused = sizeof(__stack.__buf); 950 const size_t __len = 42; 951 const size_t __idx __unused = __len - 1; 952 char srcvar[__len + 10]; 953 954 memset(srcvar, 'A', sizeof(srcvar) - 1); 955 srcvar[sizeof(srcvar) - 1] = '\0'; 956 957 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 958 #undef BUF 959 960 } 961 962 ATF_TC_WITHOUT_HEAD(snprintf_heap_before_end); 963 ATF_TC_BODY(snprintf_heap_before_end, tc) 964 { 965 #define BUF __stack.__buf 966 struct { 967 uint8_t padding_l; 968 unsigned char * __buf; 969 uint8_t padding_r; 970 } __stack; 971 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 972 const size_t __len = 42 - 1; 973 const size_t __idx __unused = __len - 1; 974 char srcvar[__len + 10]; 975 976 __stack.__buf = malloc(__bufsz); 977 memset(srcvar, 'A', sizeof(srcvar) - 1); 978 srcvar[sizeof(srcvar) - 1] = '\0'; 979 980 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 981 #undef BUF 982 983 } 984 985 ATF_TC_WITHOUT_HEAD(snprintf_heap_end); 986 ATF_TC_BODY(snprintf_heap_end, tc) 987 { 988 #define BUF __stack.__buf 989 struct { 990 uint8_t padding_l; 991 unsigned char * __buf; 992 uint8_t padding_r; 993 } __stack; 994 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 995 const size_t __len = 42; 996 const size_t __idx __unused = __len - 1; 997 char srcvar[__len + 10]; 998 999 __stack.__buf = malloc(__bufsz); 1000 memset(srcvar, 'A', sizeof(srcvar) - 1); 1001 srcvar[sizeof(srcvar) - 1] = '\0'; 1002 1003 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 1004 #undef BUF 1005 1006 } 1007 1008 ATF_TC_WITHOUT_HEAD(snprintf_heap_after_end); 1009 ATF_TC_BODY(snprintf_heap_after_end, tc) 1010 { 1011 #define BUF __stack.__buf 1012 struct { 1013 uint8_t padding_l; 1014 unsigned char * __buf; 1015 uint8_t padding_r; 1016 } __stack; 1017 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1018 const size_t __len = 42 + 1; 1019 const size_t __idx __unused = __len - 1; 1020 pid_t __child; 1021 int __status; 1022 char srcvar[__len + 10]; 1023 1024 __child = fork(); 1025 ATF_REQUIRE(__child >= 0); 1026 if (__child > 0) 1027 goto monitor; 1028 1029 /* Child */ 1030 disable_coredumps(); 1031 __stack.__buf = malloc(__bufsz); 1032 memset(srcvar, 'A', sizeof(srcvar) - 1); 1033 srcvar[sizeof(srcvar) - 1] = '\0'; 1034 1035 snprintf(__stack.__buf, __len, "%.*s", (int)__len - 1, srcvar); 1036 _exit(EX_SOFTWARE); /* Should have aborted. */ 1037 1038 monitor: 1039 while (waitpid(__child, &__status, 0) != __child) { 1040 ATF_REQUIRE_EQ(EINTR, errno); 1041 } 1042 1043 if (!WIFSIGNALED(__status)) { 1044 switch (WEXITSTATUS(__status)) { 1045 case EX_SOFTWARE: 1046 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1047 break; 1048 case EX_OSERR: 1049 atf_tc_fail("setrlimit(2) failed"); 1050 break; 1051 default: 1052 atf_tc_fail("child exited with status %d", 1053 WEXITSTATUS(__status)); 1054 } 1055 } else { 1056 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1057 } 1058 #undef BUF 1059 1060 } 1061 1062 ATF_TC_WITHOUT_HEAD(tmpnam_before_end); 1063 ATF_TC_BODY(tmpnam_before_end, tc) 1064 { 1065 #define BUF &__stack.__buf 1066 struct { 1067 uint8_t padding_l; 1068 unsigned char __buf[L_tmpnam + 1]; 1069 uint8_t padding_r; 1070 } __stack; 1071 const size_t __bufsz __unused = sizeof(__stack.__buf); 1072 const size_t __len = L_tmpnam + 1; 1073 const size_t __idx __unused = __len - 1; 1074 1075 tmpnam(__stack.__buf); 1076 #undef BUF 1077 1078 } 1079 1080 ATF_TC_WITHOUT_HEAD(tmpnam_end); 1081 ATF_TC_BODY(tmpnam_end, tc) 1082 { 1083 #define BUF &__stack.__buf 1084 struct { 1085 uint8_t padding_l; 1086 unsigned char __buf[L_tmpnam]; 1087 uint8_t padding_r; 1088 } __stack; 1089 const size_t __bufsz __unused = sizeof(__stack.__buf); 1090 const size_t __len = L_tmpnam; 1091 const size_t __idx __unused = __len - 1; 1092 1093 tmpnam(__stack.__buf); 1094 #undef BUF 1095 1096 } 1097 1098 ATF_TC_WITHOUT_HEAD(tmpnam_heap_before_end); 1099 ATF_TC_BODY(tmpnam_heap_before_end, tc) 1100 { 1101 #define BUF __stack.__buf 1102 struct { 1103 uint8_t padding_l; 1104 unsigned char * __buf; 1105 uint8_t padding_r; 1106 } __stack; 1107 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam + 1); 1108 const size_t __len = L_tmpnam + 1; 1109 const size_t __idx __unused = __len - 1; 1110 1111 __stack.__buf = malloc(__bufsz); 1112 1113 tmpnam(__stack.__buf); 1114 #undef BUF 1115 1116 } 1117 1118 ATF_TC_WITHOUT_HEAD(tmpnam_heap_end); 1119 ATF_TC_BODY(tmpnam_heap_end, tc) 1120 { 1121 #define BUF __stack.__buf 1122 struct { 1123 uint8_t padding_l; 1124 unsigned char * __buf; 1125 uint8_t padding_r; 1126 } __stack; 1127 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam); 1128 const size_t __len = L_tmpnam; 1129 const size_t __idx __unused = __len - 1; 1130 1131 __stack.__buf = malloc(__bufsz); 1132 1133 tmpnam(__stack.__buf); 1134 #undef BUF 1135 1136 } 1137 1138 ATF_TC_WITHOUT_HEAD(tmpnam_heap_after_end); 1139 ATF_TC_BODY(tmpnam_heap_after_end, tc) 1140 { 1141 #define BUF __stack.__buf 1142 struct { 1143 uint8_t padding_l; 1144 unsigned char * __buf; 1145 uint8_t padding_r; 1146 } __stack; 1147 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (L_tmpnam - 1); 1148 const size_t __len = L_tmpnam - 1; 1149 const size_t __idx __unused = __len - 1; 1150 pid_t __child; 1151 int __status; 1152 1153 __child = fork(); 1154 ATF_REQUIRE(__child >= 0); 1155 if (__child > 0) 1156 goto monitor; 1157 1158 /* Child */ 1159 disable_coredumps(); 1160 __stack.__buf = malloc(__bufsz); 1161 1162 tmpnam(__stack.__buf); 1163 _exit(EX_SOFTWARE); /* Should have aborted. */ 1164 1165 monitor: 1166 while (waitpid(__child, &__status, 0) != __child) { 1167 ATF_REQUIRE_EQ(EINTR, errno); 1168 } 1169 1170 if (!WIFSIGNALED(__status)) { 1171 switch (WEXITSTATUS(__status)) { 1172 case EX_SOFTWARE: 1173 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1174 break; 1175 case EX_OSERR: 1176 atf_tc_fail("setrlimit(2) failed"); 1177 break; 1178 default: 1179 atf_tc_fail("child exited with status %d", 1180 WEXITSTATUS(__status)); 1181 } 1182 } else { 1183 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1184 } 1185 #undef BUF 1186 1187 } 1188 1189 ATF_TC_WITHOUT_HEAD(fgets_before_end); 1190 ATF_TC_BODY(fgets_before_end, tc) 1191 { 1192 #define BUF &__stack.__buf 1193 struct { 1194 uint8_t padding_l; 1195 unsigned char __buf[42]; 1196 uint8_t padding_r; 1197 } __stack; 1198 const size_t __bufsz __unused = sizeof(__stack.__buf); 1199 const size_t __len = 42 - 1; 1200 const size_t __idx __unused = __len - 1; 1201 FILE *fp; 1202 1203 fp = new_fp(__len); 1204 1205 fgets(__stack.__buf, __len, fp); 1206 #undef BUF 1207 1208 } 1209 1210 ATF_TC_WITHOUT_HEAD(fgets_end); 1211 ATF_TC_BODY(fgets_end, tc) 1212 { 1213 #define BUF &__stack.__buf 1214 struct { 1215 uint8_t padding_l; 1216 unsigned char __buf[42]; 1217 uint8_t padding_r; 1218 } __stack; 1219 const size_t __bufsz __unused = sizeof(__stack.__buf); 1220 const size_t __len = 42; 1221 const size_t __idx __unused = __len - 1; 1222 FILE *fp; 1223 1224 fp = new_fp(__len); 1225 1226 fgets(__stack.__buf, __len, fp); 1227 #undef BUF 1228 1229 } 1230 1231 ATF_TC_WITHOUT_HEAD(fgets_heap_before_end); 1232 ATF_TC_BODY(fgets_heap_before_end, tc) 1233 { 1234 #define BUF __stack.__buf 1235 struct { 1236 uint8_t padding_l; 1237 unsigned char * __buf; 1238 uint8_t padding_r; 1239 } __stack; 1240 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1241 const size_t __len = 42 - 1; 1242 const size_t __idx __unused = __len - 1; 1243 FILE *fp; 1244 1245 __stack.__buf = malloc(__bufsz); 1246 fp = new_fp(__len); 1247 1248 fgets(__stack.__buf, __len, fp); 1249 #undef BUF 1250 1251 } 1252 1253 ATF_TC_WITHOUT_HEAD(fgets_heap_end); 1254 ATF_TC_BODY(fgets_heap_end, tc) 1255 { 1256 #define BUF __stack.__buf 1257 struct { 1258 uint8_t padding_l; 1259 unsigned char * __buf; 1260 uint8_t padding_r; 1261 } __stack; 1262 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1263 const size_t __len = 42; 1264 const size_t __idx __unused = __len - 1; 1265 FILE *fp; 1266 1267 __stack.__buf = malloc(__bufsz); 1268 fp = new_fp(__len); 1269 1270 fgets(__stack.__buf, __len, fp); 1271 #undef BUF 1272 1273 } 1274 1275 ATF_TC_WITHOUT_HEAD(fgets_heap_after_end); 1276 ATF_TC_BODY(fgets_heap_after_end, tc) 1277 { 1278 #define BUF __stack.__buf 1279 struct { 1280 uint8_t padding_l; 1281 unsigned char * __buf; 1282 uint8_t padding_r; 1283 } __stack; 1284 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 1285 const size_t __len = 42 + 1; 1286 const size_t __idx __unused = __len - 1; 1287 pid_t __child; 1288 int __status; 1289 FILE *fp; 1290 1291 __child = fork(); 1292 ATF_REQUIRE(__child >= 0); 1293 if (__child > 0) 1294 goto monitor; 1295 1296 /* Child */ 1297 disable_coredumps(); 1298 __stack.__buf = malloc(__bufsz); 1299 fp = new_fp(__len); 1300 1301 fgets(__stack.__buf, __len, fp); 1302 _exit(EX_SOFTWARE); /* Should have aborted. */ 1303 1304 monitor: 1305 while (waitpid(__child, &__status, 0) != __child) { 1306 ATF_REQUIRE_EQ(EINTR, errno); 1307 } 1308 1309 if (!WIFSIGNALED(__status)) { 1310 switch (WEXITSTATUS(__status)) { 1311 case EX_SOFTWARE: 1312 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 1313 break; 1314 case EX_OSERR: 1315 atf_tc_fail("setrlimit(2) failed"); 1316 break; 1317 default: 1318 atf_tc_fail("child exited with status %d", 1319 WEXITSTATUS(__status)); 1320 } 1321 } else { 1322 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 1323 } 1324 #undef BUF 1325 1326 } 1327 1328 ATF_TP_ADD_TCS(tp) 1329 { 1330 ATF_TP_ADD_TC(tp, ctermid_before_end); 1331 ATF_TP_ADD_TC(tp, ctermid_end); 1332 ATF_TP_ADD_TC(tp, ctermid_heap_before_end); 1333 ATF_TP_ADD_TC(tp, ctermid_heap_end); 1334 ATF_TP_ADD_TC(tp, ctermid_heap_after_end); 1335 ATF_TP_ADD_TC(tp, ctermid_r_before_end); 1336 ATF_TP_ADD_TC(tp, ctermid_r_end); 1337 ATF_TP_ADD_TC(tp, ctermid_r_heap_before_end); 1338 ATF_TP_ADD_TC(tp, ctermid_r_heap_end); 1339 ATF_TP_ADD_TC(tp, ctermid_r_heap_after_end); 1340 ATF_TP_ADD_TC(tp, fread_before_end); 1341 ATF_TP_ADD_TC(tp, fread_end); 1342 ATF_TP_ADD_TC(tp, fread_heap_before_end); 1343 ATF_TP_ADD_TC(tp, fread_heap_end); 1344 ATF_TP_ADD_TC(tp, fread_heap_after_end); 1345 ATF_TP_ADD_TC(tp, fread_unlocked_before_end); 1346 ATF_TP_ADD_TC(tp, fread_unlocked_end); 1347 ATF_TP_ADD_TC(tp, fread_unlocked_heap_before_end); 1348 ATF_TP_ADD_TC(tp, fread_unlocked_heap_end); 1349 ATF_TP_ADD_TC(tp, fread_unlocked_heap_after_end); 1350 ATF_TP_ADD_TC(tp, gets_s_before_end); 1351 ATF_TP_ADD_TC(tp, gets_s_end); 1352 ATF_TP_ADD_TC(tp, gets_s_heap_before_end); 1353 ATF_TP_ADD_TC(tp, gets_s_heap_end); 1354 ATF_TP_ADD_TC(tp, gets_s_heap_after_end); 1355 ATF_TP_ADD_TC(tp, sprintf_before_end); 1356 ATF_TP_ADD_TC(tp, sprintf_end); 1357 ATF_TP_ADD_TC(tp, sprintf_heap_before_end); 1358 ATF_TP_ADD_TC(tp, sprintf_heap_end); 1359 ATF_TP_ADD_TC(tp, sprintf_heap_after_end); 1360 ATF_TP_ADD_TC(tp, snprintf_before_end); 1361 ATF_TP_ADD_TC(tp, snprintf_end); 1362 ATF_TP_ADD_TC(tp, snprintf_heap_before_end); 1363 ATF_TP_ADD_TC(tp, snprintf_heap_end); 1364 ATF_TP_ADD_TC(tp, snprintf_heap_after_end); 1365 ATF_TP_ADD_TC(tp, tmpnam_before_end); 1366 ATF_TP_ADD_TC(tp, tmpnam_end); 1367 ATF_TP_ADD_TC(tp, tmpnam_heap_before_end); 1368 ATF_TP_ADD_TC(tp, tmpnam_heap_end); 1369 ATF_TP_ADD_TC(tp, tmpnam_heap_after_end); 1370 ATF_TP_ADD_TC(tp, fgets_before_end); 1371 ATF_TP_ADD_TC(tp, fgets_end); 1372 ATF_TP_ADD_TC(tp, fgets_heap_before_end); 1373 ATF_TP_ADD_TC(tp, fgets_heap_end); 1374 ATF_TP_ADD_TC(tp, fgets_heap_after_end); 1375 return (atf_no_error()); 1376 } 1377