xref: /freebsd/lib/libc/tests/secure/fortify_string_test.c (revision 56b17de1e8360fe131d425de20b5e75ff3ea897c)
1 /* @generated by `generate-fortify-tests.lua "string"` */
2 
3 #define	_FORTIFY_SOURCE	2
4 #define	TMPFILE_SIZE	(1024 * 32)
5 
6 #include <sys/param.h>
7 #include <sys/random.h>
8 #include <sys/resource.h>
9 #include <sys/select.h>
10 #include <sys/socket.h>
11 #include <sys/time.h>
12 #include <sys/uio.h>
13 #include <sys/wait.h>
14 #include <dirent.h>
15 #include <errno.h>
16 #include <fcntl.h>
17 #include <limits.h>
18 #include <poll.h>
19 #include <signal.h>
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <strings.h>
24 #include <sysexits.h>
25 #include <unistd.h>
26 #include <wchar.h>
27 #include <atf-c.h>
28 
29 static FILE * __unused
30 new_fp(size_t __len)
31 {
32 	static char fpbuf[LINE_MAX];
33 	FILE *fp;
34 
35 	ATF_REQUIRE(__len <= sizeof(fpbuf));
36 
37 	memset(fpbuf, 'A', sizeof(fpbuf) - 1);
38 	fpbuf[sizeof(fpbuf) - 1] = '\0';
39 
40 	fp = fmemopen(fpbuf, sizeof(fpbuf), "rb");
41 	ATF_REQUIRE(fp != NULL);
42 
43 	return (fp);
44 }
45 
46 /*
47  * Create a new symlink to use for readlink(2) style tests, we'll just use a
48  * random target name to have something interesting to look at.
49  */
50 static const char * __unused
51 new_symlink(size_t __len)
52 {
53 	static const char linkname[] = "link";
54 	char target[MAXNAMLEN];
55 	int error;
56 
57 	ATF_REQUIRE(__len <= sizeof(target));
58 
59 	arc4random_buf(target, sizeof(target));
60 
61 	error = unlink(linkname);
62 	ATF_REQUIRE(error == 0 || errno == ENOENT);
63 
64 	error = symlink(target, linkname);
65 	ATF_REQUIRE(error == 0);
66 
67 	return (linkname);
68 }
69 
70 /*
71  * For our purposes, first descriptor will be the reader; we'll send both
72  * raw data and a control message over it so that the result can be used for
73  * any of our recv*() tests.
74  */
75 static void __unused
76 new_socket(int sock[2])
77 {
78 	unsigned char ctrl[CMSG_SPACE(sizeof(int))] = { 0 };
79 	static char sockbuf[256];
80 	ssize_t rv;
81 	size_t total = 0;
82 	struct msghdr hdr = { 0 };
83 	struct cmsghdr *cmsg;
84 	int error, fd;
85 
86 	error = socketpair(AF_UNIX, SOCK_STREAM, 0, sock);
87 	ATF_REQUIRE(error == 0);
88 
89 	while (total != sizeof(sockbuf)) {
90 		rv = send(sock[1], &sockbuf[total], sizeof(sockbuf) - total, 0);
91 
92 		ATF_REQUIRE_MSG(rv > 0,
93 		    "expected bytes sent, got %zd with %zu left (size %zu, total %zu)",
94 		    rv, sizeof(sockbuf) - total, sizeof(sockbuf), total);
95 		ATF_REQUIRE_MSG(total + (size_t)rv <= sizeof(sockbuf),
96 		    "%zd exceeds total %zu", rv, sizeof(sockbuf));
97 		total += rv;
98 	}
99 
100 	hdr.msg_control = ctrl;
101 	hdr.msg_controllen = sizeof(ctrl);
102 
103 	cmsg = CMSG_FIRSTHDR(&hdr);
104 	cmsg->cmsg_level = SOL_SOCKET;
105 	cmsg->cmsg_type = SCM_RIGHTS;
106 	cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
107 	fd = STDIN_FILENO;
108 	memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
109 
110 	error = sendmsg(sock[1], &hdr, 0);
111 	ATF_REQUIRE(error != -1);
112 }
113 
114 /*
115  * Constructs a tmpfile that we can use for testing read(2) and friends.
116  */
117 static int __unused
118 new_tmpfile(void)
119 {
120 	char buf[1024];
121 	ssize_t rv;
122 	size_t written;
123 	int fd;
124 
125 	fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644);
126 	ATF_REQUIRE(fd >= 0);
127 
128 	written = 0;
129 	while (written < TMPFILE_SIZE) {
130 		rv = write(fd, buf, sizeof(buf));
131 		ATF_REQUIRE(rv > 0);
132 
133 		written += rv;
134 	}
135 
136 	ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET));
137 	return (fd);
138 }
139 
140 static void
141 disable_coredumps(void)
142 {
143 	struct rlimit rl = { 0 };
144 
145 	if (setrlimit(RLIMIT_CORE, &rl) == -1)
146 		_exit(EX_OSERR);
147 }
148 
149 /*
150  * Replaces stdin with a file that we can actually read from, for tests where
151  * we want a FILE * or fd that we can get data from.
152  */
153 static void __unused
154 replace_stdin(void)
155 {
156 	int fd;
157 
158 	fd = new_tmpfile();
159 
160 	(void)dup2(fd, STDIN_FILENO);
161 	if (fd != STDIN_FILENO)
162 		close(fd);
163 }
164 
165 ATF_TC_WITHOUT_HEAD(memcpy_before_end);
166 ATF_TC_BODY(memcpy_before_end, tc)
167 {
168 #define BUF &__stack.__buf
169 	struct {
170 		uint8_t padding_l;
171 		unsigned char __buf[42];
172 		uint8_t padding_r;
173 	} __stack;
174 	const size_t __bufsz __unused = sizeof(__stack.__buf);
175 	const size_t __len = 42 - 1;
176 	const size_t __idx __unused = __len - 1;
177 	char src[__len + 10];
178 
179 	memcpy(__stack.__buf, src, __len);
180 #undef BUF
181 
182 }
183 
184 ATF_TC_WITHOUT_HEAD(memcpy_end);
185 ATF_TC_BODY(memcpy_end, tc)
186 {
187 #define BUF &__stack.__buf
188 	struct {
189 		uint8_t padding_l;
190 		unsigned char __buf[42];
191 		uint8_t padding_r;
192 	} __stack;
193 	const size_t __bufsz __unused = sizeof(__stack.__buf);
194 	const size_t __len = 42;
195 	const size_t __idx __unused = __len - 1;
196 	char src[__len + 10];
197 
198 	memcpy(__stack.__buf, src, __len);
199 #undef BUF
200 
201 }
202 
203 ATF_TC_WITHOUT_HEAD(memcpy_heap_before_end);
204 ATF_TC_BODY(memcpy_heap_before_end, tc)
205 {
206 #define BUF __stack.__buf
207 	struct {
208 		uint8_t padding_l;
209 		unsigned char * __buf;
210 		uint8_t padding_r;
211 	} __stack;
212 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
213 	const size_t __len = 42 - 1;
214 	const size_t __idx __unused = __len - 1;
215 	char src[__len + 10];
216 
217 	__stack.__buf = malloc(__bufsz);
218 
219 	memcpy(__stack.__buf, src, __len);
220 #undef BUF
221 
222 }
223 
224 ATF_TC_WITHOUT_HEAD(memcpy_heap_end);
225 ATF_TC_BODY(memcpy_heap_end, tc)
226 {
227 #define BUF __stack.__buf
228 	struct {
229 		uint8_t padding_l;
230 		unsigned char * __buf;
231 		uint8_t padding_r;
232 	} __stack;
233 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
234 	const size_t __len = 42;
235 	const size_t __idx __unused = __len - 1;
236 	char src[__len + 10];
237 
238 	__stack.__buf = malloc(__bufsz);
239 
240 	memcpy(__stack.__buf, src, __len);
241 #undef BUF
242 
243 }
244 
245 ATF_TC_WITHOUT_HEAD(memcpy_heap_after_end);
246 ATF_TC_BODY(memcpy_heap_after_end, tc)
247 {
248 #define BUF __stack.__buf
249 	struct {
250 		uint8_t padding_l;
251 		unsigned char * __buf;
252 		uint8_t padding_r;
253 	} __stack;
254 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
255 	const size_t __len = 42 + 1;
256 	const size_t __idx __unused = __len - 1;
257 	pid_t __child;
258 	int __status;
259 	char src[__len + 10];
260 
261 	__child = fork();
262 	ATF_REQUIRE(__child >= 0);
263 	if (__child > 0)
264 		goto monitor;
265 
266 	/* Child */
267 	disable_coredumps();
268 	__stack.__buf = malloc(__bufsz);
269 
270 	memcpy(__stack.__buf, src, __len);
271 	_exit(EX_SOFTWARE);	/* Should have aborted. */
272 
273 monitor:
274 	while (waitpid(__child, &__status, 0) != __child) {
275 		ATF_REQUIRE_EQ(EINTR, errno);
276 	}
277 
278 	if (!WIFSIGNALED(__status)) {
279 		switch (WEXITSTATUS(__status)) {
280 		case EX_SOFTWARE:
281 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
282 			break;
283 		case EX_OSERR:
284 			atf_tc_fail("setrlimit(2) failed");
285 			break;
286 		default:
287 			atf_tc_fail("child exited with status %d",
288 			    WEXITSTATUS(__status));
289 		}
290 	} else {
291 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
292 	}
293 #undef BUF
294 
295 }
296 
297 ATF_TC_WITHOUT_HEAD(mempcpy_before_end);
298 ATF_TC_BODY(mempcpy_before_end, tc)
299 {
300 #define BUF &__stack.__buf
301 	struct {
302 		uint8_t padding_l;
303 		unsigned char __buf[42];
304 		uint8_t padding_r;
305 	} __stack;
306 	const size_t __bufsz __unused = sizeof(__stack.__buf);
307 	const size_t __len = 42 - 1;
308 	const size_t __idx __unused = __len - 1;
309 	char src[__len + 10];
310 
311 	mempcpy(__stack.__buf, src, __len);
312 #undef BUF
313 
314 }
315 
316 ATF_TC_WITHOUT_HEAD(mempcpy_end);
317 ATF_TC_BODY(mempcpy_end, tc)
318 {
319 #define BUF &__stack.__buf
320 	struct {
321 		uint8_t padding_l;
322 		unsigned char __buf[42];
323 		uint8_t padding_r;
324 	} __stack;
325 	const size_t __bufsz __unused = sizeof(__stack.__buf);
326 	const size_t __len = 42;
327 	const size_t __idx __unused = __len - 1;
328 	char src[__len + 10];
329 
330 	mempcpy(__stack.__buf, src, __len);
331 #undef BUF
332 
333 }
334 
335 ATF_TC_WITHOUT_HEAD(mempcpy_heap_before_end);
336 ATF_TC_BODY(mempcpy_heap_before_end, tc)
337 {
338 #define BUF __stack.__buf
339 	struct {
340 		uint8_t padding_l;
341 		unsigned char * __buf;
342 		uint8_t padding_r;
343 	} __stack;
344 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
345 	const size_t __len = 42 - 1;
346 	const size_t __idx __unused = __len - 1;
347 	char src[__len + 10];
348 
349 	__stack.__buf = malloc(__bufsz);
350 
351 	mempcpy(__stack.__buf, src, __len);
352 #undef BUF
353 
354 }
355 
356 ATF_TC_WITHOUT_HEAD(mempcpy_heap_end);
357 ATF_TC_BODY(mempcpy_heap_end, tc)
358 {
359 #define BUF __stack.__buf
360 	struct {
361 		uint8_t padding_l;
362 		unsigned char * __buf;
363 		uint8_t padding_r;
364 	} __stack;
365 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
366 	const size_t __len = 42;
367 	const size_t __idx __unused = __len - 1;
368 	char src[__len + 10];
369 
370 	__stack.__buf = malloc(__bufsz);
371 
372 	mempcpy(__stack.__buf, src, __len);
373 #undef BUF
374 
375 }
376 
377 ATF_TC_WITHOUT_HEAD(mempcpy_heap_after_end);
378 ATF_TC_BODY(mempcpy_heap_after_end, tc)
379 {
380 #define BUF __stack.__buf
381 	struct {
382 		uint8_t padding_l;
383 		unsigned char * __buf;
384 		uint8_t padding_r;
385 	} __stack;
386 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
387 	const size_t __len = 42 + 1;
388 	const size_t __idx __unused = __len - 1;
389 	pid_t __child;
390 	int __status;
391 	char src[__len + 10];
392 
393 	__child = fork();
394 	ATF_REQUIRE(__child >= 0);
395 	if (__child > 0)
396 		goto monitor;
397 
398 	/* Child */
399 	disable_coredumps();
400 	__stack.__buf = malloc(__bufsz);
401 
402 	mempcpy(__stack.__buf, src, __len);
403 	_exit(EX_SOFTWARE);	/* Should have aborted. */
404 
405 monitor:
406 	while (waitpid(__child, &__status, 0) != __child) {
407 		ATF_REQUIRE_EQ(EINTR, errno);
408 	}
409 
410 	if (!WIFSIGNALED(__status)) {
411 		switch (WEXITSTATUS(__status)) {
412 		case EX_SOFTWARE:
413 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
414 			break;
415 		case EX_OSERR:
416 			atf_tc_fail("setrlimit(2) failed");
417 			break;
418 		default:
419 			atf_tc_fail("child exited with status %d",
420 			    WEXITSTATUS(__status));
421 		}
422 	} else {
423 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
424 	}
425 #undef BUF
426 
427 }
428 
429 ATF_TC_WITHOUT_HEAD(memmove_before_end);
430 ATF_TC_BODY(memmove_before_end, tc)
431 {
432 #define BUF &__stack.__buf
433 	struct {
434 		uint8_t padding_l;
435 		unsigned char __buf[42];
436 		uint8_t padding_r;
437 	} __stack;
438 	const size_t __bufsz __unused = sizeof(__stack.__buf);
439 	const size_t __len = 42 - 1;
440 	const size_t __idx __unused = __len - 1;
441 	char src[__len + 10];
442 
443 	memmove(__stack.__buf, src, __len);
444 #undef BUF
445 
446 }
447 
448 ATF_TC_WITHOUT_HEAD(memmove_end);
449 ATF_TC_BODY(memmove_end, tc)
450 {
451 #define BUF &__stack.__buf
452 	struct {
453 		uint8_t padding_l;
454 		unsigned char __buf[42];
455 		uint8_t padding_r;
456 	} __stack;
457 	const size_t __bufsz __unused = sizeof(__stack.__buf);
458 	const size_t __len = 42;
459 	const size_t __idx __unused = __len - 1;
460 	char src[__len + 10];
461 
462 	memmove(__stack.__buf, src, __len);
463 #undef BUF
464 
465 }
466 
467 ATF_TC_WITHOUT_HEAD(memmove_heap_before_end);
468 ATF_TC_BODY(memmove_heap_before_end, tc)
469 {
470 #define BUF __stack.__buf
471 	struct {
472 		uint8_t padding_l;
473 		unsigned char * __buf;
474 		uint8_t padding_r;
475 	} __stack;
476 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
477 	const size_t __len = 42 - 1;
478 	const size_t __idx __unused = __len - 1;
479 	char src[__len + 10];
480 
481 	__stack.__buf = malloc(__bufsz);
482 
483 	memmove(__stack.__buf, src, __len);
484 #undef BUF
485 
486 }
487 
488 ATF_TC_WITHOUT_HEAD(memmove_heap_end);
489 ATF_TC_BODY(memmove_heap_end, tc)
490 {
491 #define BUF __stack.__buf
492 	struct {
493 		uint8_t padding_l;
494 		unsigned char * __buf;
495 		uint8_t padding_r;
496 	} __stack;
497 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
498 	const size_t __len = 42;
499 	const size_t __idx __unused = __len - 1;
500 	char src[__len + 10];
501 
502 	__stack.__buf = malloc(__bufsz);
503 
504 	memmove(__stack.__buf, src, __len);
505 #undef BUF
506 
507 }
508 
509 ATF_TC_WITHOUT_HEAD(memmove_heap_after_end);
510 ATF_TC_BODY(memmove_heap_after_end, tc)
511 {
512 #define BUF __stack.__buf
513 	struct {
514 		uint8_t padding_l;
515 		unsigned char * __buf;
516 		uint8_t padding_r;
517 	} __stack;
518 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
519 	const size_t __len = 42 + 1;
520 	const size_t __idx __unused = __len - 1;
521 	pid_t __child;
522 	int __status;
523 	char src[__len + 10];
524 
525 	__child = fork();
526 	ATF_REQUIRE(__child >= 0);
527 	if (__child > 0)
528 		goto monitor;
529 
530 	/* Child */
531 	disable_coredumps();
532 	__stack.__buf = malloc(__bufsz);
533 
534 	memmove(__stack.__buf, src, __len);
535 	_exit(EX_SOFTWARE);	/* Should have aborted. */
536 
537 monitor:
538 	while (waitpid(__child, &__status, 0) != __child) {
539 		ATF_REQUIRE_EQ(EINTR, errno);
540 	}
541 
542 	if (!WIFSIGNALED(__status)) {
543 		switch (WEXITSTATUS(__status)) {
544 		case EX_SOFTWARE:
545 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
546 			break;
547 		case EX_OSERR:
548 			atf_tc_fail("setrlimit(2) failed");
549 			break;
550 		default:
551 			atf_tc_fail("child exited with status %d",
552 			    WEXITSTATUS(__status));
553 		}
554 	} else {
555 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
556 	}
557 #undef BUF
558 
559 }
560 
561 ATF_TC_WITHOUT_HEAD(memset_before_end);
562 ATF_TC_BODY(memset_before_end, tc)
563 {
564 #define BUF &__stack.__buf
565 	struct {
566 		uint8_t padding_l;
567 		unsigned char __buf[42];
568 		uint8_t padding_r;
569 	} __stack;
570 	const size_t __bufsz __unused = sizeof(__stack.__buf);
571 	const size_t __len = 42 - 1;
572 	const size_t __idx __unused = __len - 1;
573 
574 	memset(__stack.__buf, 0, __len);
575 #undef BUF
576 
577 }
578 
579 ATF_TC_WITHOUT_HEAD(memset_end);
580 ATF_TC_BODY(memset_end, tc)
581 {
582 #define BUF &__stack.__buf
583 	struct {
584 		uint8_t padding_l;
585 		unsigned char __buf[42];
586 		uint8_t padding_r;
587 	} __stack;
588 	const size_t __bufsz __unused = sizeof(__stack.__buf);
589 	const size_t __len = 42;
590 	const size_t __idx __unused = __len - 1;
591 
592 	memset(__stack.__buf, 0, __len);
593 #undef BUF
594 
595 }
596 
597 ATF_TC_WITHOUT_HEAD(memset_heap_before_end);
598 ATF_TC_BODY(memset_heap_before_end, tc)
599 {
600 #define BUF __stack.__buf
601 	struct {
602 		uint8_t padding_l;
603 		unsigned char * __buf;
604 		uint8_t padding_r;
605 	} __stack;
606 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
607 	const size_t __len = 42 - 1;
608 	const size_t __idx __unused = __len - 1;
609 
610 	__stack.__buf = malloc(__bufsz);
611 
612 	memset(__stack.__buf, 0, __len);
613 #undef BUF
614 
615 }
616 
617 ATF_TC_WITHOUT_HEAD(memset_heap_end);
618 ATF_TC_BODY(memset_heap_end, tc)
619 {
620 #define BUF __stack.__buf
621 	struct {
622 		uint8_t padding_l;
623 		unsigned char * __buf;
624 		uint8_t padding_r;
625 	} __stack;
626 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
627 	const size_t __len = 42;
628 	const size_t __idx __unused = __len - 1;
629 
630 	__stack.__buf = malloc(__bufsz);
631 
632 	memset(__stack.__buf, 0, __len);
633 #undef BUF
634 
635 }
636 
637 ATF_TC_WITHOUT_HEAD(memset_heap_after_end);
638 ATF_TC_BODY(memset_heap_after_end, tc)
639 {
640 #define BUF __stack.__buf
641 	struct {
642 		uint8_t padding_l;
643 		unsigned char * __buf;
644 		uint8_t padding_r;
645 	} __stack;
646 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
647 	const size_t __len = 42 + 1;
648 	const size_t __idx __unused = __len - 1;
649 	pid_t __child;
650 	int __status;
651 
652 	__child = fork();
653 	ATF_REQUIRE(__child >= 0);
654 	if (__child > 0)
655 		goto monitor;
656 
657 	/* Child */
658 	disable_coredumps();
659 	__stack.__buf = malloc(__bufsz);
660 
661 	memset(__stack.__buf, 0, __len);
662 	_exit(EX_SOFTWARE);	/* Should have aborted. */
663 
664 monitor:
665 	while (waitpid(__child, &__status, 0) != __child) {
666 		ATF_REQUIRE_EQ(EINTR, errno);
667 	}
668 
669 	if (!WIFSIGNALED(__status)) {
670 		switch (WEXITSTATUS(__status)) {
671 		case EX_SOFTWARE:
672 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
673 			break;
674 		case EX_OSERR:
675 			atf_tc_fail("setrlimit(2) failed");
676 			break;
677 		default:
678 			atf_tc_fail("child exited with status %d",
679 			    WEXITSTATUS(__status));
680 		}
681 	} else {
682 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
683 	}
684 #undef BUF
685 
686 }
687 
688 ATF_TC_WITHOUT_HEAD(stpcpy_before_end);
689 ATF_TC_BODY(stpcpy_before_end, tc)
690 {
691 #define BUF &__stack.__buf
692 	struct {
693 		uint8_t padding_l;
694 		unsigned char __buf[42];
695 		uint8_t padding_r;
696 	} __stack;
697 	const size_t __bufsz __unused = sizeof(__stack.__buf);
698 	const size_t __len = 42 - 1;
699 	const size_t __idx __unused = __len - 1;
700 	char src[__len];
701 
702 	memset(__stack.__buf, 0, __len);
703 	memset(src, 'A', __len - 1);
704 	src[__len - 1] = '\0';
705 
706 	stpcpy(__stack.__buf, src);
707 #undef BUF
708 
709 }
710 
711 ATF_TC_WITHOUT_HEAD(stpcpy_end);
712 ATF_TC_BODY(stpcpy_end, tc)
713 {
714 #define BUF &__stack.__buf
715 	struct {
716 		uint8_t padding_l;
717 		unsigned char __buf[42];
718 		uint8_t padding_r;
719 	} __stack;
720 	const size_t __bufsz __unused = sizeof(__stack.__buf);
721 	const size_t __len = 42;
722 	const size_t __idx __unused = __len - 1;
723 	char src[__len];
724 
725 	memset(__stack.__buf, 0, __len);
726 	memset(src, 'A', __len - 1);
727 	src[__len - 1] = '\0';
728 
729 	stpcpy(__stack.__buf, src);
730 #undef BUF
731 
732 }
733 
734 ATF_TC_WITHOUT_HEAD(stpcpy_heap_before_end);
735 ATF_TC_BODY(stpcpy_heap_before_end, tc)
736 {
737 #define BUF __stack.__buf
738 	struct {
739 		uint8_t padding_l;
740 		unsigned char * __buf;
741 		uint8_t padding_r;
742 	} __stack;
743 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
744 	const size_t __len = 42 - 1;
745 	const size_t __idx __unused = __len - 1;
746 	char src[__len];
747 
748 	__stack.__buf = malloc(__bufsz);
749 	memset(__stack.__buf, 0, __len);
750 	memset(src, 'A', __len - 1);
751 	src[__len - 1] = '\0';
752 
753 	stpcpy(__stack.__buf, src);
754 #undef BUF
755 
756 }
757 
758 ATF_TC_WITHOUT_HEAD(stpcpy_heap_end);
759 ATF_TC_BODY(stpcpy_heap_end, tc)
760 {
761 #define BUF __stack.__buf
762 	struct {
763 		uint8_t padding_l;
764 		unsigned char * __buf;
765 		uint8_t padding_r;
766 	} __stack;
767 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
768 	const size_t __len = 42;
769 	const size_t __idx __unused = __len - 1;
770 	char src[__len];
771 
772 	__stack.__buf = malloc(__bufsz);
773 	memset(__stack.__buf, 0, __len);
774 	memset(src, 'A', __len - 1);
775 	src[__len - 1] = '\0';
776 
777 	stpcpy(__stack.__buf, src);
778 #undef BUF
779 
780 }
781 
782 ATF_TC_WITHOUT_HEAD(stpcpy_heap_after_end);
783 ATF_TC_BODY(stpcpy_heap_after_end, tc)
784 {
785 #define BUF __stack.__buf
786 	struct {
787 		uint8_t padding_l;
788 		unsigned char * __buf;
789 		uint8_t padding_r;
790 	} __stack;
791 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
792 	const size_t __len = 42 + 1;
793 	const size_t __idx __unused = __len - 1;
794 	pid_t __child;
795 	int __status;
796 	char src[__len];
797 
798 	__child = fork();
799 	ATF_REQUIRE(__child >= 0);
800 	if (__child > 0)
801 		goto monitor;
802 
803 	/* Child */
804 	disable_coredumps();
805 	__stack.__buf = malloc(__bufsz);
806 	memset(__stack.__buf, 0, __len);
807 	memset(src, 'A', __len - 1);
808 	src[__len - 1] = '\0';
809 
810 	stpcpy(__stack.__buf, src);
811 	_exit(EX_SOFTWARE);	/* Should have aborted. */
812 
813 monitor:
814 	while (waitpid(__child, &__status, 0) != __child) {
815 		ATF_REQUIRE_EQ(EINTR, errno);
816 	}
817 
818 	if (!WIFSIGNALED(__status)) {
819 		switch (WEXITSTATUS(__status)) {
820 		case EX_SOFTWARE:
821 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
822 			break;
823 		case EX_OSERR:
824 			atf_tc_fail("setrlimit(2) failed");
825 			break;
826 		default:
827 			atf_tc_fail("child exited with status %d",
828 			    WEXITSTATUS(__status));
829 		}
830 	} else {
831 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
832 	}
833 #undef BUF
834 
835 }
836 
837 ATF_TC_WITHOUT_HEAD(stpncpy_before_end);
838 ATF_TC_BODY(stpncpy_before_end, tc)
839 {
840 #define BUF &__stack.__buf
841 	struct {
842 		uint8_t padding_l;
843 		unsigned char __buf[42];
844 		uint8_t padding_r;
845 	} __stack;
846 	const size_t __bufsz __unused = sizeof(__stack.__buf);
847 	const size_t __len = 42 - 1;
848 	const size_t __idx __unused = __len - 1;
849 	char src[__len];
850 
851 	memset(__stack.__buf, 0, __len);
852 	memset(src, 'A', __len - 1);
853 	src[__len - 1] = '\0';
854 
855 	stpncpy(__stack.__buf, src, __len);
856 #undef BUF
857 
858 }
859 
860 ATF_TC_WITHOUT_HEAD(stpncpy_end);
861 ATF_TC_BODY(stpncpy_end, tc)
862 {
863 #define BUF &__stack.__buf
864 	struct {
865 		uint8_t padding_l;
866 		unsigned char __buf[42];
867 		uint8_t padding_r;
868 	} __stack;
869 	const size_t __bufsz __unused = sizeof(__stack.__buf);
870 	const size_t __len = 42;
871 	const size_t __idx __unused = __len - 1;
872 	char src[__len];
873 
874 	memset(__stack.__buf, 0, __len);
875 	memset(src, 'A', __len - 1);
876 	src[__len - 1] = '\0';
877 
878 	stpncpy(__stack.__buf, src, __len);
879 #undef BUF
880 
881 }
882 
883 ATF_TC_WITHOUT_HEAD(stpncpy_heap_before_end);
884 ATF_TC_BODY(stpncpy_heap_before_end, tc)
885 {
886 #define BUF __stack.__buf
887 	struct {
888 		uint8_t padding_l;
889 		unsigned char * __buf;
890 		uint8_t padding_r;
891 	} __stack;
892 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
893 	const size_t __len = 42 - 1;
894 	const size_t __idx __unused = __len - 1;
895 	char src[__len];
896 
897 	__stack.__buf = malloc(__bufsz);
898 	memset(__stack.__buf, 0, __len);
899 	memset(src, 'A', __len - 1);
900 	src[__len - 1] = '\0';
901 
902 	stpncpy(__stack.__buf, src, __len);
903 #undef BUF
904 
905 }
906 
907 ATF_TC_WITHOUT_HEAD(stpncpy_heap_end);
908 ATF_TC_BODY(stpncpy_heap_end, tc)
909 {
910 #define BUF __stack.__buf
911 	struct {
912 		uint8_t padding_l;
913 		unsigned char * __buf;
914 		uint8_t padding_r;
915 	} __stack;
916 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
917 	const size_t __len = 42;
918 	const size_t __idx __unused = __len - 1;
919 	char src[__len];
920 
921 	__stack.__buf = malloc(__bufsz);
922 	memset(__stack.__buf, 0, __len);
923 	memset(src, 'A', __len - 1);
924 	src[__len - 1] = '\0';
925 
926 	stpncpy(__stack.__buf, src, __len);
927 #undef BUF
928 
929 }
930 
931 ATF_TC_WITHOUT_HEAD(stpncpy_heap_after_end);
932 ATF_TC_BODY(stpncpy_heap_after_end, tc)
933 {
934 #define BUF __stack.__buf
935 	struct {
936 		uint8_t padding_l;
937 		unsigned char * __buf;
938 		uint8_t padding_r;
939 	} __stack;
940 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
941 	const size_t __len = 42 + 1;
942 	const size_t __idx __unused = __len - 1;
943 	pid_t __child;
944 	int __status;
945 	char src[__len];
946 
947 	__child = fork();
948 	ATF_REQUIRE(__child >= 0);
949 	if (__child > 0)
950 		goto monitor;
951 
952 	/* Child */
953 	disable_coredumps();
954 	__stack.__buf = malloc(__bufsz);
955 	memset(__stack.__buf, 0, __len);
956 	memset(src, 'A', __len - 1);
957 	src[__len - 1] = '\0';
958 
959 	stpncpy(__stack.__buf, src, __len);
960 	_exit(EX_SOFTWARE);	/* Should have aborted. */
961 
962 monitor:
963 	while (waitpid(__child, &__status, 0) != __child) {
964 		ATF_REQUIRE_EQ(EINTR, errno);
965 	}
966 
967 	if (!WIFSIGNALED(__status)) {
968 		switch (WEXITSTATUS(__status)) {
969 		case EX_SOFTWARE:
970 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
971 			break;
972 		case EX_OSERR:
973 			atf_tc_fail("setrlimit(2) failed");
974 			break;
975 		default:
976 			atf_tc_fail("child exited with status %d",
977 			    WEXITSTATUS(__status));
978 		}
979 	} else {
980 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
981 	}
982 #undef BUF
983 
984 }
985 
986 ATF_TC_WITHOUT_HEAD(strcat_before_end);
987 ATF_TC_BODY(strcat_before_end, tc)
988 {
989 #define BUF &__stack.__buf
990 	struct {
991 		uint8_t padding_l;
992 		unsigned char __buf[42];
993 		uint8_t padding_r;
994 	} __stack;
995 	const size_t __bufsz __unused = sizeof(__stack.__buf);
996 	const size_t __len = 42 - 1;
997 	const size_t __idx __unused = __len - 1;
998 	char src[__len];
999 
1000 	memset(__stack.__buf, 0, __len);
1001 	memset(src, 'A', __len - 1);
1002 	src[__len - 1] = '\0';
1003 
1004 	strcat(__stack.__buf, src);
1005 #undef BUF
1006 
1007 }
1008 
1009 ATF_TC_WITHOUT_HEAD(strcat_end);
1010 ATF_TC_BODY(strcat_end, tc)
1011 {
1012 #define BUF &__stack.__buf
1013 	struct {
1014 		uint8_t padding_l;
1015 		unsigned char __buf[42];
1016 		uint8_t padding_r;
1017 	} __stack;
1018 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1019 	const size_t __len = 42;
1020 	const size_t __idx __unused = __len - 1;
1021 	char src[__len];
1022 
1023 	memset(__stack.__buf, 0, __len);
1024 	memset(src, 'A', __len - 1);
1025 	src[__len - 1] = '\0';
1026 
1027 	strcat(__stack.__buf, src);
1028 #undef BUF
1029 
1030 }
1031 
1032 ATF_TC_WITHOUT_HEAD(strcat_heap_before_end);
1033 ATF_TC_BODY(strcat_heap_before_end, tc)
1034 {
1035 #define BUF __stack.__buf
1036 	struct {
1037 		uint8_t padding_l;
1038 		unsigned char * __buf;
1039 		uint8_t padding_r;
1040 	} __stack;
1041 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1042 	const size_t __len = 42 - 1;
1043 	const size_t __idx __unused = __len - 1;
1044 	char src[__len];
1045 
1046 	__stack.__buf = malloc(__bufsz);
1047 	memset(__stack.__buf, 0, __len);
1048 	memset(src, 'A', __len - 1);
1049 	src[__len - 1] = '\0';
1050 
1051 	strcat(__stack.__buf, src);
1052 #undef BUF
1053 
1054 }
1055 
1056 ATF_TC_WITHOUT_HEAD(strcat_heap_end);
1057 ATF_TC_BODY(strcat_heap_end, tc)
1058 {
1059 #define BUF __stack.__buf
1060 	struct {
1061 		uint8_t padding_l;
1062 		unsigned char * __buf;
1063 		uint8_t padding_r;
1064 	} __stack;
1065 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1066 	const size_t __len = 42;
1067 	const size_t __idx __unused = __len - 1;
1068 	char src[__len];
1069 
1070 	__stack.__buf = malloc(__bufsz);
1071 	memset(__stack.__buf, 0, __len);
1072 	memset(src, 'A', __len - 1);
1073 	src[__len - 1] = '\0';
1074 
1075 	strcat(__stack.__buf, src);
1076 #undef BUF
1077 
1078 }
1079 
1080 ATF_TC_WITHOUT_HEAD(strcat_heap_after_end);
1081 ATF_TC_BODY(strcat_heap_after_end, tc)
1082 {
1083 #define BUF __stack.__buf
1084 	struct {
1085 		uint8_t padding_l;
1086 		unsigned char * __buf;
1087 		uint8_t padding_r;
1088 	} __stack;
1089 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1090 	const size_t __len = 42 + 1;
1091 	const size_t __idx __unused = __len - 1;
1092 	pid_t __child;
1093 	int __status;
1094 	char src[__len];
1095 
1096 	__child = fork();
1097 	ATF_REQUIRE(__child >= 0);
1098 	if (__child > 0)
1099 		goto monitor;
1100 
1101 	/* Child */
1102 	disable_coredumps();
1103 	__stack.__buf = malloc(__bufsz);
1104 	memset(__stack.__buf, 0, __len);
1105 	memset(src, 'A', __len - 1);
1106 	src[__len - 1] = '\0';
1107 
1108 	strcat(__stack.__buf, src);
1109 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1110 
1111 monitor:
1112 	while (waitpid(__child, &__status, 0) != __child) {
1113 		ATF_REQUIRE_EQ(EINTR, errno);
1114 	}
1115 
1116 	if (!WIFSIGNALED(__status)) {
1117 		switch (WEXITSTATUS(__status)) {
1118 		case EX_SOFTWARE:
1119 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1120 			break;
1121 		case EX_OSERR:
1122 			atf_tc_fail("setrlimit(2) failed");
1123 			break;
1124 		default:
1125 			atf_tc_fail("child exited with status %d",
1126 			    WEXITSTATUS(__status));
1127 		}
1128 	} else {
1129 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1130 	}
1131 #undef BUF
1132 
1133 }
1134 
1135 ATF_TC_WITHOUT_HEAD(strlcat_before_end);
1136 ATF_TC_BODY(strlcat_before_end, tc)
1137 {
1138 #define BUF &__stack.__buf
1139 	struct {
1140 		uint8_t padding_l;
1141 		unsigned char __buf[42];
1142 		uint8_t padding_r;
1143 	} __stack;
1144 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1145 	const size_t __len = 42 - 1;
1146 	const size_t __idx __unused = __len - 1;
1147 	char src[__len];
1148 
1149 	memset(__stack.__buf, 0, __len);
1150 	memset(src, 'A', __len - 1);
1151 	src[__len - 1] = '\0';
1152 
1153 	strlcat(__stack.__buf, src, __len);
1154 #undef BUF
1155 
1156 }
1157 
1158 ATF_TC_WITHOUT_HEAD(strlcat_end);
1159 ATF_TC_BODY(strlcat_end, tc)
1160 {
1161 #define BUF &__stack.__buf
1162 	struct {
1163 		uint8_t padding_l;
1164 		unsigned char __buf[42];
1165 		uint8_t padding_r;
1166 	} __stack;
1167 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1168 	const size_t __len = 42;
1169 	const size_t __idx __unused = __len - 1;
1170 	char src[__len];
1171 
1172 	memset(__stack.__buf, 0, __len);
1173 	memset(src, 'A', __len - 1);
1174 	src[__len - 1] = '\0';
1175 
1176 	strlcat(__stack.__buf, src, __len);
1177 #undef BUF
1178 
1179 }
1180 
1181 ATF_TC_WITHOUT_HEAD(strlcat_heap_before_end);
1182 ATF_TC_BODY(strlcat_heap_before_end, tc)
1183 {
1184 #define BUF __stack.__buf
1185 	struct {
1186 		uint8_t padding_l;
1187 		unsigned char * __buf;
1188 		uint8_t padding_r;
1189 	} __stack;
1190 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1191 	const size_t __len = 42 - 1;
1192 	const size_t __idx __unused = __len - 1;
1193 	char src[__len];
1194 
1195 	__stack.__buf = malloc(__bufsz);
1196 	memset(__stack.__buf, 0, __len);
1197 	memset(src, 'A', __len - 1);
1198 	src[__len - 1] = '\0';
1199 
1200 	strlcat(__stack.__buf, src, __len);
1201 #undef BUF
1202 
1203 }
1204 
1205 ATF_TC_WITHOUT_HEAD(strlcat_heap_end);
1206 ATF_TC_BODY(strlcat_heap_end, tc)
1207 {
1208 #define BUF __stack.__buf
1209 	struct {
1210 		uint8_t padding_l;
1211 		unsigned char * __buf;
1212 		uint8_t padding_r;
1213 	} __stack;
1214 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1215 	const size_t __len = 42;
1216 	const size_t __idx __unused = __len - 1;
1217 	char src[__len];
1218 
1219 	__stack.__buf = malloc(__bufsz);
1220 	memset(__stack.__buf, 0, __len);
1221 	memset(src, 'A', __len - 1);
1222 	src[__len - 1] = '\0';
1223 
1224 	strlcat(__stack.__buf, src, __len);
1225 #undef BUF
1226 
1227 }
1228 
1229 ATF_TC_WITHOUT_HEAD(strlcat_heap_after_end);
1230 ATF_TC_BODY(strlcat_heap_after_end, tc)
1231 {
1232 #define BUF __stack.__buf
1233 	struct {
1234 		uint8_t padding_l;
1235 		unsigned char * __buf;
1236 		uint8_t padding_r;
1237 	} __stack;
1238 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1239 	const size_t __len = 42 + 1;
1240 	const size_t __idx __unused = __len - 1;
1241 	pid_t __child;
1242 	int __status;
1243 	char src[__len];
1244 
1245 	__child = fork();
1246 	ATF_REQUIRE(__child >= 0);
1247 	if (__child > 0)
1248 		goto monitor;
1249 
1250 	/* Child */
1251 	disable_coredumps();
1252 	__stack.__buf = malloc(__bufsz);
1253 	memset(__stack.__buf, 0, __len);
1254 	memset(src, 'A', __len - 1);
1255 	src[__len - 1] = '\0';
1256 
1257 	strlcat(__stack.__buf, src, __len);
1258 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1259 
1260 monitor:
1261 	while (waitpid(__child, &__status, 0) != __child) {
1262 		ATF_REQUIRE_EQ(EINTR, errno);
1263 	}
1264 
1265 	if (!WIFSIGNALED(__status)) {
1266 		switch (WEXITSTATUS(__status)) {
1267 		case EX_SOFTWARE:
1268 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1269 			break;
1270 		case EX_OSERR:
1271 			atf_tc_fail("setrlimit(2) failed");
1272 			break;
1273 		default:
1274 			atf_tc_fail("child exited with status %d",
1275 			    WEXITSTATUS(__status));
1276 		}
1277 	} else {
1278 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1279 	}
1280 #undef BUF
1281 
1282 }
1283 
1284 ATF_TC_WITHOUT_HEAD(strncat_before_end);
1285 ATF_TC_BODY(strncat_before_end, tc)
1286 {
1287 #define BUF &__stack.__buf
1288 	struct {
1289 		uint8_t padding_l;
1290 		unsigned char __buf[42];
1291 		uint8_t padding_r;
1292 	} __stack;
1293 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1294 	const size_t __len = 42 - 1;
1295 	const size_t __idx __unused = __len - 1;
1296 	char src[__len];
1297 
1298 	memset(__stack.__buf, 0, __len);
1299 	memset(src, 'A', __len - 1);
1300 	src[__len - 1] = '\0';
1301 
1302 	strncat(__stack.__buf, src, __len);
1303 #undef BUF
1304 
1305 }
1306 
1307 ATF_TC_WITHOUT_HEAD(strncat_end);
1308 ATF_TC_BODY(strncat_end, tc)
1309 {
1310 #define BUF &__stack.__buf
1311 	struct {
1312 		uint8_t padding_l;
1313 		unsigned char __buf[42];
1314 		uint8_t padding_r;
1315 	} __stack;
1316 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1317 	const size_t __len = 42;
1318 	const size_t __idx __unused = __len - 1;
1319 	char src[__len];
1320 
1321 	memset(__stack.__buf, 0, __len);
1322 	memset(src, 'A', __len - 1);
1323 	src[__len - 1] = '\0';
1324 
1325 	strncat(__stack.__buf, src, __len);
1326 #undef BUF
1327 
1328 }
1329 
1330 ATF_TC_WITHOUT_HEAD(strncat_heap_before_end);
1331 ATF_TC_BODY(strncat_heap_before_end, tc)
1332 {
1333 #define BUF __stack.__buf
1334 	struct {
1335 		uint8_t padding_l;
1336 		unsigned char * __buf;
1337 		uint8_t padding_r;
1338 	} __stack;
1339 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1340 	const size_t __len = 42 - 1;
1341 	const size_t __idx __unused = __len - 1;
1342 	char src[__len];
1343 
1344 	__stack.__buf = malloc(__bufsz);
1345 	memset(__stack.__buf, 0, __len);
1346 	memset(src, 'A', __len - 1);
1347 	src[__len - 1] = '\0';
1348 
1349 	strncat(__stack.__buf, src, __len);
1350 #undef BUF
1351 
1352 }
1353 
1354 ATF_TC_WITHOUT_HEAD(strncat_heap_end);
1355 ATF_TC_BODY(strncat_heap_end, tc)
1356 {
1357 #define BUF __stack.__buf
1358 	struct {
1359 		uint8_t padding_l;
1360 		unsigned char * __buf;
1361 		uint8_t padding_r;
1362 	} __stack;
1363 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1364 	const size_t __len = 42;
1365 	const size_t __idx __unused = __len - 1;
1366 	char src[__len];
1367 
1368 	__stack.__buf = malloc(__bufsz);
1369 	memset(__stack.__buf, 0, __len);
1370 	memset(src, 'A', __len - 1);
1371 	src[__len - 1] = '\0';
1372 
1373 	strncat(__stack.__buf, src, __len);
1374 #undef BUF
1375 
1376 }
1377 
1378 ATF_TC_WITHOUT_HEAD(strncat_heap_after_end);
1379 ATF_TC_BODY(strncat_heap_after_end, tc)
1380 {
1381 #define BUF __stack.__buf
1382 	struct {
1383 		uint8_t padding_l;
1384 		unsigned char * __buf;
1385 		uint8_t padding_r;
1386 	} __stack;
1387 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1388 	const size_t __len = 42 + 1;
1389 	const size_t __idx __unused = __len - 1;
1390 	pid_t __child;
1391 	int __status;
1392 	char src[__len];
1393 
1394 	__child = fork();
1395 	ATF_REQUIRE(__child >= 0);
1396 	if (__child > 0)
1397 		goto monitor;
1398 
1399 	/* Child */
1400 	disable_coredumps();
1401 	__stack.__buf = malloc(__bufsz);
1402 	memset(__stack.__buf, 0, __len);
1403 	memset(src, 'A', __len - 1);
1404 	src[__len - 1] = '\0';
1405 
1406 	strncat(__stack.__buf, src, __len);
1407 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1408 
1409 monitor:
1410 	while (waitpid(__child, &__status, 0) != __child) {
1411 		ATF_REQUIRE_EQ(EINTR, errno);
1412 	}
1413 
1414 	if (!WIFSIGNALED(__status)) {
1415 		switch (WEXITSTATUS(__status)) {
1416 		case EX_SOFTWARE:
1417 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1418 			break;
1419 		case EX_OSERR:
1420 			atf_tc_fail("setrlimit(2) failed");
1421 			break;
1422 		default:
1423 			atf_tc_fail("child exited with status %d",
1424 			    WEXITSTATUS(__status));
1425 		}
1426 	} else {
1427 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1428 	}
1429 #undef BUF
1430 
1431 }
1432 
1433 ATF_TC_WITHOUT_HEAD(strcpy_before_end);
1434 ATF_TC_BODY(strcpy_before_end, tc)
1435 {
1436 #define BUF &__stack.__buf
1437 	struct {
1438 		uint8_t padding_l;
1439 		unsigned char __buf[42];
1440 		uint8_t padding_r;
1441 	} __stack;
1442 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1443 	const size_t __len = 42 - 1;
1444 	const size_t __idx __unused = __len - 1;
1445 	char src[__len];
1446 
1447 	memset(__stack.__buf, 0, __len);
1448 	memset(src, 'A', __len - 1);
1449 	src[__len - 1] = '\0';
1450 
1451 	strcpy(__stack.__buf, src);
1452 #undef BUF
1453 
1454 }
1455 
1456 ATF_TC_WITHOUT_HEAD(strcpy_end);
1457 ATF_TC_BODY(strcpy_end, tc)
1458 {
1459 #define BUF &__stack.__buf
1460 	struct {
1461 		uint8_t padding_l;
1462 		unsigned char __buf[42];
1463 		uint8_t padding_r;
1464 	} __stack;
1465 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1466 	const size_t __len = 42;
1467 	const size_t __idx __unused = __len - 1;
1468 	char src[__len];
1469 
1470 	memset(__stack.__buf, 0, __len);
1471 	memset(src, 'A', __len - 1);
1472 	src[__len - 1] = '\0';
1473 
1474 	strcpy(__stack.__buf, src);
1475 #undef BUF
1476 
1477 }
1478 
1479 ATF_TC_WITHOUT_HEAD(strcpy_heap_before_end);
1480 ATF_TC_BODY(strcpy_heap_before_end, tc)
1481 {
1482 #define BUF __stack.__buf
1483 	struct {
1484 		uint8_t padding_l;
1485 		unsigned char * __buf;
1486 		uint8_t padding_r;
1487 	} __stack;
1488 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1489 	const size_t __len = 42 - 1;
1490 	const size_t __idx __unused = __len - 1;
1491 	char src[__len];
1492 
1493 	__stack.__buf = malloc(__bufsz);
1494 	memset(__stack.__buf, 0, __len);
1495 	memset(src, 'A', __len - 1);
1496 	src[__len - 1] = '\0';
1497 
1498 	strcpy(__stack.__buf, src);
1499 #undef BUF
1500 
1501 }
1502 
1503 ATF_TC_WITHOUT_HEAD(strcpy_heap_end);
1504 ATF_TC_BODY(strcpy_heap_end, tc)
1505 {
1506 #define BUF __stack.__buf
1507 	struct {
1508 		uint8_t padding_l;
1509 		unsigned char * __buf;
1510 		uint8_t padding_r;
1511 	} __stack;
1512 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1513 	const size_t __len = 42;
1514 	const size_t __idx __unused = __len - 1;
1515 	char src[__len];
1516 
1517 	__stack.__buf = malloc(__bufsz);
1518 	memset(__stack.__buf, 0, __len);
1519 	memset(src, 'A', __len - 1);
1520 	src[__len - 1] = '\0';
1521 
1522 	strcpy(__stack.__buf, src);
1523 #undef BUF
1524 
1525 }
1526 
1527 ATF_TC_WITHOUT_HEAD(strcpy_heap_after_end);
1528 ATF_TC_BODY(strcpy_heap_after_end, tc)
1529 {
1530 #define BUF __stack.__buf
1531 	struct {
1532 		uint8_t padding_l;
1533 		unsigned char * __buf;
1534 		uint8_t padding_r;
1535 	} __stack;
1536 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1537 	const size_t __len = 42 + 1;
1538 	const size_t __idx __unused = __len - 1;
1539 	pid_t __child;
1540 	int __status;
1541 	char src[__len];
1542 
1543 	__child = fork();
1544 	ATF_REQUIRE(__child >= 0);
1545 	if (__child > 0)
1546 		goto monitor;
1547 
1548 	/* Child */
1549 	disable_coredumps();
1550 	__stack.__buf = malloc(__bufsz);
1551 	memset(__stack.__buf, 0, __len);
1552 	memset(src, 'A', __len - 1);
1553 	src[__len - 1] = '\0';
1554 
1555 	strcpy(__stack.__buf, src);
1556 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1557 
1558 monitor:
1559 	while (waitpid(__child, &__status, 0) != __child) {
1560 		ATF_REQUIRE_EQ(EINTR, errno);
1561 	}
1562 
1563 	if (!WIFSIGNALED(__status)) {
1564 		switch (WEXITSTATUS(__status)) {
1565 		case EX_SOFTWARE:
1566 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1567 			break;
1568 		case EX_OSERR:
1569 			atf_tc_fail("setrlimit(2) failed");
1570 			break;
1571 		default:
1572 			atf_tc_fail("child exited with status %d",
1573 			    WEXITSTATUS(__status));
1574 		}
1575 	} else {
1576 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1577 	}
1578 #undef BUF
1579 
1580 }
1581 
1582 ATF_TC_WITHOUT_HEAD(strlcpy_before_end);
1583 ATF_TC_BODY(strlcpy_before_end, tc)
1584 {
1585 #define BUF &__stack.__buf
1586 	struct {
1587 		uint8_t padding_l;
1588 		unsigned char __buf[42];
1589 		uint8_t padding_r;
1590 	} __stack;
1591 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1592 	const size_t __len = 42 - 1;
1593 	const size_t __idx __unused = __len - 1;
1594 	char src[__len];
1595 
1596 	memset(__stack.__buf, 0, __len);
1597 	memset(src, 'A', __len - 1);
1598 	src[__len - 1] = '\0';
1599 
1600 	strlcpy(__stack.__buf, src, __len);
1601 #undef BUF
1602 
1603 }
1604 
1605 ATF_TC_WITHOUT_HEAD(strlcpy_end);
1606 ATF_TC_BODY(strlcpy_end, tc)
1607 {
1608 #define BUF &__stack.__buf
1609 	struct {
1610 		uint8_t padding_l;
1611 		unsigned char __buf[42];
1612 		uint8_t padding_r;
1613 	} __stack;
1614 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1615 	const size_t __len = 42;
1616 	const size_t __idx __unused = __len - 1;
1617 	char src[__len];
1618 
1619 	memset(__stack.__buf, 0, __len);
1620 	memset(src, 'A', __len - 1);
1621 	src[__len - 1] = '\0';
1622 
1623 	strlcpy(__stack.__buf, src, __len);
1624 #undef BUF
1625 
1626 }
1627 
1628 ATF_TC_WITHOUT_HEAD(strlcpy_heap_before_end);
1629 ATF_TC_BODY(strlcpy_heap_before_end, tc)
1630 {
1631 #define BUF __stack.__buf
1632 	struct {
1633 		uint8_t padding_l;
1634 		unsigned char * __buf;
1635 		uint8_t padding_r;
1636 	} __stack;
1637 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1638 	const size_t __len = 42 - 1;
1639 	const size_t __idx __unused = __len - 1;
1640 	char src[__len];
1641 
1642 	__stack.__buf = malloc(__bufsz);
1643 	memset(__stack.__buf, 0, __len);
1644 	memset(src, 'A', __len - 1);
1645 	src[__len - 1] = '\0';
1646 
1647 	strlcpy(__stack.__buf, src, __len);
1648 #undef BUF
1649 
1650 }
1651 
1652 ATF_TC_WITHOUT_HEAD(strlcpy_heap_end);
1653 ATF_TC_BODY(strlcpy_heap_end, tc)
1654 {
1655 #define BUF __stack.__buf
1656 	struct {
1657 		uint8_t padding_l;
1658 		unsigned char * __buf;
1659 		uint8_t padding_r;
1660 	} __stack;
1661 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1662 	const size_t __len = 42;
1663 	const size_t __idx __unused = __len - 1;
1664 	char src[__len];
1665 
1666 	__stack.__buf = malloc(__bufsz);
1667 	memset(__stack.__buf, 0, __len);
1668 	memset(src, 'A', __len - 1);
1669 	src[__len - 1] = '\0';
1670 
1671 	strlcpy(__stack.__buf, src, __len);
1672 #undef BUF
1673 
1674 }
1675 
1676 ATF_TC_WITHOUT_HEAD(strlcpy_heap_after_end);
1677 ATF_TC_BODY(strlcpy_heap_after_end, tc)
1678 {
1679 #define BUF __stack.__buf
1680 	struct {
1681 		uint8_t padding_l;
1682 		unsigned char * __buf;
1683 		uint8_t padding_r;
1684 	} __stack;
1685 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1686 	const size_t __len = 42 + 1;
1687 	const size_t __idx __unused = __len - 1;
1688 	pid_t __child;
1689 	int __status;
1690 	char src[__len];
1691 
1692 	__child = fork();
1693 	ATF_REQUIRE(__child >= 0);
1694 	if (__child > 0)
1695 		goto monitor;
1696 
1697 	/* Child */
1698 	disable_coredumps();
1699 	__stack.__buf = malloc(__bufsz);
1700 	memset(__stack.__buf, 0, __len);
1701 	memset(src, 'A', __len - 1);
1702 	src[__len - 1] = '\0';
1703 
1704 	strlcpy(__stack.__buf, src, __len);
1705 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1706 
1707 monitor:
1708 	while (waitpid(__child, &__status, 0) != __child) {
1709 		ATF_REQUIRE_EQ(EINTR, errno);
1710 	}
1711 
1712 	if (!WIFSIGNALED(__status)) {
1713 		switch (WEXITSTATUS(__status)) {
1714 		case EX_SOFTWARE:
1715 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1716 			break;
1717 		case EX_OSERR:
1718 			atf_tc_fail("setrlimit(2) failed");
1719 			break;
1720 		default:
1721 			atf_tc_fail("child exited with status %d",
1722 			    WEXITSTATUS(__status));
1723 		}
1724 	} else {
1725 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1726 	}
1727 #undef BUF
1728 
1729 }
1730 
1731 ATF_TC_WITHOUT_HEAD(strncpy_before_end);
1732 ATF_TC_BODY(strncpy_before_end, tc)
1733 {
1734 #define BUF &__stack.__buf
1735 	struct {
1736 		uint8_t padding_l;
1737 		unsigned char __buf[42];
1738 		uint8_t padding_r;
1739 	} __stack;
1740 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1741 	const size_t __len = 42 - 1;
1742 	const size_t __idx __unused = __len - 1;
1743 	char src[__len];
1744 
1745 	memset(__stack.__buf, 0, __len);
1746 	memset(src, 'A', __len - 1);
1747 	src[__len - 1] = '\0';
1748 
1749 	strncpy(__stack.__buf, src, __len);
1750 #undef BUF
1751 
1752 }
1753 
1754 ATF_TC_WITHOUT_HEAD(strncpy_end);
1755 ATF_TC_BODY(strncpy_end, tc)
1756 {
1757 #define BUF &__stack.__buf
1758 	struct {
1759 		uint8_t padding_l;
1760 		unsigned char __buf[42];
1761 		uint8_t padding_r;
1762 	} __stack;
1763 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1764 	const size_t __len = 42;
1765 	const size_t __idx __unused = __len - 1;
1766 	char src[__len];
1767 
1768 	memset(__stack.__buf, 0, __len);
1769 	memset(src, 'A', __len - 1);
1770 	src[__len - 1] = '\0';
1771 
1772 	strncpy(__stack.__buf, src, __len);
1773 #undef BUF
1774 
1775 }
1776 
1777 ATF_TC_WITHOUT_HEAD(strncpy_heap_before_end);
1778 ATF_TC_BODY(strncpy_heap_before_end, tc)
1779 {
1780 #define BUF __stack.__buf
1781 	struct {
1782 		uint8_t padding_l;
1783 		unsigned char * __buf;
1784 		uint8_t padding_r;
1785 	} __stack;
1786 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1787 	const size_t __len = 42 - 1;
1788 	const size_t __idx __unused = __len - 1;
1789 	char src[__len];
1790 
1791 	__stack.__buf = malloc(__bufsz);
1792 	memset(__stack.__buf, 0, __len);
1793 	memset(src, 'A', __len - 1);
1794 	src[__len - 1] = '\0';
1795 
1796 	strncpy(__stack.__buf, src, __len);
1797 #undef BUF
1798 
1799 }
1800 
1801 ATF_TC_WITHOUT_HEAD(strncpy_heap_end);
1802 ATF_TC_BODY(strncpy_heap_end, tc)
1803 {
1804 #define BUF __stack.__buf
1805 	struct {
1806 		uint8_t padding_l;
1807 		unsigned char * __buf;
1808 		uint8_t padding_r;
1809 	} __stack;
1810 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1811 	const size_t __len = 42;
1812 	const size_t __idx __unused = __len - 1;
1813 	char src[__len];
1814 
1815 	__stack.__buf = malloc(__bufsz);
1816 	memset(__stack.__buf, 0, __len);
1817 	memset(src, 'A', __len - 1);
1818 	src[__len - 1] = '\0';
1819 
1820 	strncpy(__stack.__buf, src, __len);
1821 #undef BUF
1822 
1823 }
1824 
1825 ATF_TC_WITHOUT_HEAD(strncpy_heap_after_end);
1826 ATF_TC_BODY(strncpy_heap_after_end, tc)
1827 {
1828 #define BUF __stack.__buf
1829 	struct {
1830 		uint8_t padding_l;
1831 		unsigned char * __buf;
1832 		uint8_t padding_r;
1833 	} __stack;
1834 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1835 	const size_t __len = 42 + 1;
1836 	const size_t __idx __unused = __len - 1;
1837 	pid_t __child;
1838 	int __status;
1839 	char src[__len];
1840 
1841 	__child = fork();
1842 	ATF_REQUIRE(__child >= 0);
1843 	if (__child > 0)
1844 		goto monitor;
1845 
1846 	/* Child */
1847 	disable_coredumps();
1848 	__stack.__buf = malloc(__bufsz);
1849 	memset(__stack.__buf, 0, __len);
1850 	memset(src, 'A', __len - 1);
1851 	src[__len - 1] = '\0';
1852 
1853 	strncpy(__stack.__buf, src, __len);
1854 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1855 
1856 monitor:
1857 	while (waitpid(__child, &__status, 0) != __child) {
1858 		ATF_REQUIRE_EQ(EINTR, errno);
1859 	}
1860 
1861 	if (!WIFSIGNALED(__status)) {
1862 		switch (WEXITSTATUS(__status)) {
1863 		case EX_SOFTWARE:
1864 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1865 			break;
1866 		case EX_OSERR:
1867 			atf_tc_fail("setrlimit(2) failed");
1868 			break;
1869 		default:
1870 			atf_tc_fail("child exited with status %d",
1871 			    WEXITSTATUS(__status));
1872 		}
1873 	} else {
1874 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1875 	}
1876 #undef BUF
1877 
1878 }
1879 
1880 ATF_TP_ADD_TCS(tp)
1881 {
1882 	ATF_TP_ADD_TC(tp, memcpy_before_end);
1883 	ATF_TP_ADD_TC(tp, memcpy_end);
1884 	ATF_TP_ADD_TC(tp, memcpy_heap_before_end);
1885 	ATF_TP_ADD_TC(tp, memcpy_heap_end);
1886 	ATF_TP_ADD_TC(tp, memcpy_heap_after_end);
1887 	ATF_TP_ADD_TC(tp, mempcpy_before_end);
1888 	ATF_TP_ADD_TC(tp, mempcpy_end);
1889 	ATF_TP_ADD_TC(tp, mempcpy_heap_before_end);
1890 	ATF_TP_ADD_TC(tp, mempcpy_heap_end);
1891 	ATF_TP_ADD_TC(tp, mempcpy_heap_after_end);
1892 	ATF_TP_ADD_TC(tp, memmove_before_end);
1893 	ATF_TP_ADD_TC(tp, memmove_end);
1894 	ATF_TP_ADD_TC(tp, memmove_heap_before_end);
1895 	ATF_TP_ADD_TC(tp, memmove_heap_end);
1896 	ATF_TP_ADD_TC(tp, memmove_heap_after_end);
1897 	ATF_TP_ADD_TC(tp, memset_before_end);
1898 	ATF_TP_ADD_TC(tp, memset_end);
1899 	ATF_TP_ADD_TC(tp, memset_heap_before_end);
1900 	ATF_TP_ADD_TC(tp, memset_heap_end);
1901 	ATF_TP_ADD_TC(tp, memset_heap_after_end);
1902 	ATF_TP_ADD_TC(tp, stpcpy_before_end);
1903 	ATF_TP_ADD_TC(tp, stpcpy_end);
1904 	ATF_TP_ADD_TC(tp, stpcpy_heap_before_end);
1905 	ATF_TP_ADD_TC(tp, stpcpy_heap_end);
1906 	ATF_TP_ADD_TC(tp, stpcpy_heap_after_end);
1907 	ATF_TP_ADD_TC(tp, stpncpy_before_end);
1908 	ATF_TP_ADD_TC(tp, stpncpy_end);
1909 	ATF_TP_ADD_TC(tp, stpncpy_heap_before_end);
1910 	ATF_TP_ADD_TC(tp, stpncpy_heap_end);
1911 	ATF_TP_ADD_TC(tp, stpncpy_heap_after_end);
1912 	ATF_TP_ADD_TC(tp, strcat_before_end);
1913 	ATF_TP_ADD_TC(tp, strcat_end);
1914 	ATF_TP_ADD_TC(tp, strcat_heap_before_end);
1915 	ATF_TP_ADD_TC(tp, strcat_heap_end);
1916 	ATF_TP_ADD_TC(tp, strcat_heap_after_end);
1917 	ATF_TP_ADD_TC(tp, strlcat_before_end);
1918 	ATF_TP_ADD_TC(tp, strlcat_end);
1919 	ATF_TP_ADD_TC(tp, strlcat_heap_before_end);
1920 	ATF_TP_ADD_TC(tp, strlcat_heap_end);
1921 	ATF_TP_ADD_TC(tp, strlcat_heap_after_end);
1922 	ATF_TP_ADD_TC(tp, strncat_before_end);
1923 	ATF_TP_ADD_TC(tp, strncat_end);
1924 	ATF_TP_ADD_TC(tp, strncat_heap_before_end);
1925 	ATF_TP_ADD_TC(tp, strncat_heap_end);
1926 	ATF_TP_ADD_TC(tp, strncat_heap_after_end);
1927 	ATF_TP_ADD_TC(tp, strcpy_before_end);
1928 	ATF_TP_ADD_TC(tp, strcpy_end);
1929 	ATF_TP_ADD_TC(tp, strcpy_heap_before_end);
1930 	ATF_TP_ADD_TC(tp, strcpy_heap_end);
1931 	ATF_TP_ADD_TC(tp, strcpy_heap_after_end);
1932 	ATF_TP_ADD_TC(tp, strlcpy_before_end);
1933 	ATF_TP_ADD_TC(tp, strlcpy_end);
1934 	ATF_TP_ADD_TC(tp, strlcpy_heap_before_end);
1935 	ATF_TP_ADD_TC(tp, strlcpy_heap_end);
1936 	ATF_TP_ADD_TC(tp, strlcpy_heap_after_end);
1937 	ATF_TP_ADD_TC(tp, strncpy_before_end);
1938 	ATF_TP_ADD_TC(tp, strncpy_end);
1939 	ATF_TP_ADD_TC(tp, strncpy_heap_before_end);
1940 	ATF_TP_ADD_TC(tp, strncpy_heap_end);
1941 	ATF_TP_ADD_TC(tp, strncpy_heap_after_end);
1942 	return (atf_no_error());
1943 }
1944