1 /* @generated by `generate-fortify-tests.lua "uio"` */ 2 3 #define _FORTIFY_SOURCE 2 4 #define TMPFILE_SIZE (1024 * 32) 5 6 #include <sys/param.h> 7 #include <sys/jail.h> 8 #include <sys/random.h> 9 #include <sys/resource.h> 10 #include <sys/select.h> 11 #include <sys/socket.h> 12 #include <sys/time.h> 13 #include <sys/uio.h> 14 #include <sys/wait.h> 15 #include <dirent.h> 16 #include <errno.h> 17 #include <fcntl.h> 18 #include <limits.h> 19 #include <poll.h> 20 #include <signal.h> 21 #include <stdio.h> 22 #include <stdlib.h> 23 #include <string.h> 24 #include <strings.h> 25 #include <sysexits.h> 26 #include <unistd.h> 27 #include <wchar.h> 28 #include <atf-c.h> 29 30 static FILE * __unused 31 new_fp(size_t __len) 32 { 33 static char fpbuf[LINE_MAX]; 34 FILE *fp; 35 36 ATF_REQUIRE(__len <= sizeof(fpbuf)); 37 38 memset(fpbuf, 'A', sizeof(fpbuf) - 1); 39 fpbuf[sizeof(fpbuf) - 1] = '\0'; 40 41 fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); 42 ATF_REQUIRE(fp != NULL); 43 44 return (fp); 45 } 46 47 /* 48 * Create a new symlink to use for readlink(2) style tests, we'll just use a 49 * random target name to have something interesting to look at. 50 */ 51 static const char * __unused 52 new_symlink(size_t __len) 53 { 54 static const char linkname[] = "link"; 55 char target[MAXNAMLEN]; 56 int error; 57 58 ATF_REQUIRE(__len <= sizeof(target)); 59 60 arc4random_buf(target, sizeof(target)); 61 62 error = unlink(linkname); 63 ATF_REQUIRE(error == 0 || errno == ENOENT); 64 65 error = symlink(target, linkname); 66 ATF_REQUIRE(error == 0); 67 68 return (linkname); 69 } 70 71 /* 72 * For our purposes, first descriptor will be the reader; we'll send both 73 * raw data and a control message over it so that the result can be used for 74 * any of our recv*() tests. 75 */ 76 static void __unused 77 new_socket(int sock[2]) 78 { 79 unsigned char ctrl[CMSG_SPACE(sizeof(int))] = { 0 }; 80 static char sockbuf[256]; 81 ssize_t rv; 82 size_t total = 0; 83 struct msghdr hdr = { 0 }; 84 struct cmsghdr *cmsg; 85 int error, fd; 86 87 error = socketpair(AF_UNIX, SOCK_STREAM, 0, sock); 88 ATF_REQUIRE(error == 0); 89 90 while (total != sizeof(sockbuf)) { 91 rv = send(sock[1], &sockbuf[total], sizeof(sockbuf) - total, 0); 92 93 ATF_REQUIRE_MSG(rv > 0, 94 "expected bytes sent, got %zd with %zu left (size %zu, total %zu)", 95 rv, sizeof(sockbuf) - total, sizeof(sockbuf), total); 96 ATF_REQUIRE_MSG(total + (size_t)rv <= sizeof(sockbuf), 97 "%zd exceeds total %zu", rv, sizeof(sockbuf)); 98 total += rv; 99 } 100 101 hdr.msg_control = ctrl; 102 hdr.msg_controllen = sizeof(ctrl); 103 104 cmsg = CMSG_FIRSTHDR(&hdr); 105 cmsg->cmsg_level = SOL_SOCKET; 106 cmsg->cmsg_type = SCM_RIGHTS; 107 cmsg->cmsg_len = CMSG_LEN(sizeof(fd)); 108 fd = STDIN_FILENO; 109 memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd)); 110 111 error = sendmsg(sock[1], &hdr, 0); 112 ATF_REQUIRE(error != -1); 113 } 114 115 /* 116 * Constructs a tmpfile that we can use for testing read(2) and friends. 117 */ 118 static int __unused 119 new_tmpfile(void) 120 { 121 char buf[1024]; 122 ssize_t rv; 123 size_t written; 124 int fd; 125 126 fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); 127 ATF_REQUIRE(fd >= 0); 128 129 written = 0; 130 while (written < TMPFILE_SIZE) { 131 rv = write(fd, buf, sizeof(buf)); 132 ATF_REQUIRE(rv > 0); 133 134 written += rv; 135 } 136 137 ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); 138 return (fd); 139 } 140 141 static void 142 disable_coredumps(void) 143 { 144 struct rlimit rl = { 0 }; 145 146 if (setrlimit(RLIMIT_CORE, &rl) == -1) 147 _exit(EX_OSERR); 148 } 149 150 /* 151 * Replaces stdin with a file that we can actually read from, for tests where 152 * we want a FILE * or fd that we can get data from. 153 */ 154 static void __unused 155 replace_stdin(void) 156 { 157 int fd; 158 159 fd = new_tmpfile(); 160 161 (void)dup2(fd, STDIN_FILENO); 162 if (fd != STDIN_FILENO) 163 close(fd); 164 } 165 166 ATF_TC(readv_before_end); 167 ATF_TC_HEAD(readv_before_end, tc) 168 { 169 } 170 ATF_TC_BODY(readv_before_end, tc) 171 { 172 #define BUF &__stack.__buf 173 struct { 174 uint8_t padding_l; 175 struct iovec __buf[2]; 176 uint8_t padding_r; 177 } __stack; 178 const size_t __bufsz __unused = sizeof(__stack.__buf); 179 const size_t __len = 2 - 1; 180 const size_t __idx __unused = __len - 1; 181 182 readv(STDIN_FILENO, __stack.__buf, __len); 183 #undef BUF 184 185 } 186 187 ATF_TC(readv_end); 188 ATF_TC_HEAD(readv_end, tc) 189 { 190 } 191 ATF_TC_BODY(readv_end, tc) 192 { 193 #define BUF &__stack.__buf 194 struct { 195 uint8_t padding_l; 196 struct iovec __buf[2]; 197 uint8_t padding_r; 198 } __stack; 199 const size_t __bufsz __unused = sizeof(__stack.__buf); 200 const size_t __len = 2; 201 const size_t __idx __unused = __len - 1; 202 203 readv(STDIN_FILENO, __stack.__buf, __len); 204 #undef BUF 205 206 } 207 208 ATF_TC(readv_after_end); 209 ATF_TC_HEAD(readv_after_end, tc) 210 { 211 } 212 ATF_TC_BODY(readv_after_end, tc) 213 { 214 #define BUF &__stack.__buf 215 struct { 216 uint8_t padding_l; 217 struct iovec __buf[2]; 218 uint8_t padding_r; 219 } __stack; 220 const size_t __bufsz __unused = sizeof(__stack.__buf); 221 const size_t __len = 2 + 1; 222 const size_t __idx __unused = __len - 1; 223 pid_t __child; 224 int __status; 225 226 __child = fork(); 227 ATF_REQUIRE(__child >= 0); 228 if (__child > 0) 229 goto monitor; 230 231 /* Child */ 232 disable_coredumps(); 233 readv(STDIN_FILENO, __stack.__buf, __len); 234 _exit(EX_SOFTWARE); /* Should have aborted. */ 235 236 monitor: 237 while (waitpid(__child, &__status, 0) != __child) { 238 ATF_REQUIRE_EQ(EINTR, errno); 239 } 240 241 if (!WIFSIGNALED(__status)) { 242 switch (WEXITSTATUS(__status)) { 243 case EX_SOFTWARE: 244 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 245 break; 246 case EX_OSERR: 247 atf_tc_fail("setrlimit(2) failed"); 248 break; 249 default: 250 atf_tc_fail("child exited with status %d", 251 WEXITSTATUS(__status)); 252 } 253 } else { 254 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 255 } 256 #undef BUF 257 258 } 259 260 ATF_TC(readv_heap_before_end); 261 ATF_TC_HEAD(readv_heap_before_end, tc) 262 { 263 } 264 ATF_TC_BODY(readv_heap_before_end, tc) 265 { 266 #define BUF __stack.__buf 267 struct { 268 uint8_t padding_l; 269 struct iovec * __buf; 270 uint8_t padding_r; 271 } __stack; 272 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2); 273 const size_t __len = 2 - 1; 274 const size_t __idx __unused = __len - 1; 275 276 __stack.__buf = malloc(__bufsz); 277 278 readv(STDIN_FILENO, __stack.__buf, __len); 279 #undef BUF 280 281 } 282 283 ATF_TC(readv_heap_end); 284 ATF_TC_HEAD(readv_heap_end, tc) 285 { 286 } 287 ATF_TC_BODY(readv_heap_end, tc) 288 { 289 #define BUF __stack.__buf 290 struct { 291 uint8_t padding_l; 292 struct iovec * __buf; 293 uint8_t padding_r; 294 } __stack; 295 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2); 296 const size_t __len = 2; 297 const size_t __idx __unused = __len - 1; 298 299 __stack.__buf = malloc(__bufsz); 300 301 readv(STDIN_FILENO, __stack.__buf, __len); 302 #undef BUF 303 304 } 305 306 ATF_TC(readv_heap_after_end); 307 ATF_TC_HEAD(readv_heap_after_end, tc) 308 { 309 } 310 ATF_TC_BODY(readv_heap_after_end, tc) 311 { 312 #define BUF __stack.__buf 313 struct { 314 uint8_t padding_l; 315 struct iovec * __buf; 316 uint8_t padding_r; 317 } __stack; 318 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2); 319 const size_t __len = 2 + 1; 320 const size_t __idx __unused = __len - 1; 321 pid_t __child; 322 int __status; 323 324 __child = fork(); 325 ATF_REQUIRE(__child >= 0); 326 if (__child > 0) 327 goto monitor; 328 329 /* Child */ 330 disable_coredumps(); 331 __stack.__buf = malloc(__bufsz); 332 333 readv(STDIN_FILENO, __stack.__buf, __len); 334 _exit(EX_SOFTWARE); /* Should have aborted. */ 335 336 monitor: 337 while (waitpid(__child, &__status, 0) != __child) { 338 ATF_REQUIRE_EQ(EINTR, errno); 339 } 340 341 if (!WIFSIGNALED(__status)) { 342 switch (WEXITSTATUS(__status)) { 343 case EX_SOFTWARE: 344 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 345 break; 346 case EX_OSERR: 347 atf_tc_fail("setrlimit(2) failed"); 348 break; 349 default: 350 atf_tc_fail("child exited with status %d", 351 WEXITSTATUS(__status)); 352 } 353 } else { 354 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 355 } 356 #undef BUF 357 358 } 359 360 ATF_TC(readv_iov_before_end); 361 ATF_TC_HEAD(readv_iov_before_end, tc) 362 { 363 } 364 ATF_TC_BODY(readv_iov_before_end, tc) 365 { 366 #define BUF &__stack.__buf 367 struct { 368 uint8_t padding_l; 369 unsigned char __buf[42]; 370 uint8_t padding_r; 371 } __stack; 372 const size_t __bufsz __unused = sizeof(__stack.__buf); 373 const size_t __len = 42 - 1; 374 const size_t __idx __unused = __len - 1; 375 struct iovec iov[1]; 376 377 iov[0].iov_base = __stack.__buf; 378 iov[0].iov_len = __len; 379 380 replace_stdin(); 381 382 readv(STDIN_FILENO, iov, nitems(iov)); 383 #undef BUF 384 385 } 386 387 ATF_TC(readv_iov_end); 388 ATF_TC_HEAD(readv_iov_end, tc) 389 { 390 } 391 ATF_TC_BODY(readv_iov_end, tc) 392 { 393 #define BUF &__stack.__buf 394 struct { 395 uint8_t padding_l; 396 unsigned char __buf[42]; 397 uint8_t padding_r; 398 } __stack; 399 const size_t __bufsz __unused = sizeof(__stack.__buf); 400 const size_t __len = 42; 401 const size_t __idx __unused = __len - 1; 402 struct iovec iov[1]; 403 404 iov[0].iov_base = __stack.__buf; 405 iov[0].iov_len = __len; 406 407 replace_stdin(); 408 409 readv(STDIN_FILENO, iov, nitems(iov)); 410 #undef BUF 411 412 } 413 414 ATF_TC(readv_iov_heap_before_end); 415 ATF_TC_HEAD(readv_iov_heap_before_end, tc) 416 { 417 } 418 ATF_TC_BODY(readv_iov_heap_before_end, tc) 419 { 420 #define BUF __stack.__buf 421 struct { 422 uint8_t padding_l; 423 unsigned char * __buf; 424 uint8_t padding_r; 425 } __stack; 426 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 427 const size_t __len = 42 - 1; 428 const size_t __idx __unused = __len - 1; 429 struct iovec iov[1]; 430 431 __stack.__buf = malloc(__bufsz); 432 iov[0].iov_base = __stack.__buf; 433 iov[0].iov_len = __len; 434 435 replace_stdin(); 436 437 readv(STDIN_FILENO, iov, nitems(iov)); 438 #undef BUF 439 440 } 441 442 ATF_TC(readv_iov_heap_end); 443 ATF_TC_HEAD(readv_iov_heap_end, tc) 444 { 445 } 446 ATF_TC_BODY(readv_iov_heap_end, tc) 447 { 448 #define BUF __stack.__buf 449 struct { 450 uint8_t padding_l; 451 unsigned char * __buf; 452 uint8_t padding_r; 453 } __stack; 454 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 455 const size_t __len = 42; 456 const size_t __idx __unused = __len - 1; 457 struct iovec iov[1]; 458 459 __stack.__buf = malloc(__bufsz); 460 iov[0].iov_base = __stack.__buf; 461 iov[0].iov_len = __len; 462 463 replace_stdin(); 464 465 readv(STDIN_FILENO, iov, nitems(iov)); 466 #undef BUF 467 468 } 469 470 ATF_TC(readv_iov_heap_after_end); 471 ATF_TC_HEAD(readv_iov_heap_after_end, tc) 472 { 473 } 474 ATF_TC_BODY(readv_iov_heap_after_end, tc) 475 { 476 #define BUF __stack.__buf 477 struct { 478 uint8_t padding_l; 479 unsigned char * __buf; 480 uint8_t padding_r; 481 } __stack; 482 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 483 const size_t __len = 42 + 1; 484 const size_t __idx __unused = __len - 1; 485 pid_t __child; 486 int __status; 487 struct iovec iov[1]; 488 489 __child = fork(); 490 ATF_REQUIRE(__child >= 0); 491 if (__child > 0) 492 goto monitor; 493 494 /* Child */ 495 disable_coredumps(); 496 __stack.__buf = malloc(__bufsz); 497 iov[0].iov_base = __stack.__buf; 498 iov[0].iov_len = __len; 499 500 replace_stdin(); 501 502 readv(STDIN_FILENO, iov, nitems(iov)); 503 _exit(EX_SOFTWARE); /* Should have aborted. */ 504 505 monitor: 506 while (waitpid(__child, &__status, 0) != __child) { 507 ATF_REQUIRE_EQ(EINTR, errno); 508 } 509 510 if (!WIFSIGNALED(__status)) { 511 switch (WEXITSTATUS(__status)) { 512 case EX_SOFTWARE: 513 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 514 break; 515 case EX_OSERR: 516 atf_tc_fail("setrlimit(2) failed"); 517 break; 518 default: 519 atf_tc_fail("child exited with status %d", 520 WEXITSTATUS(__status)); 521 } 522 } else { 523 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 524 } 525 #undef BUF 526 527 } 528 529 ATF_TC(preadv_before_end); 530 ATF_TC_HEAD(preadv_before_end, tc) 531 { 532 } 533 ATF_TC_BODY(preadv_before_end, tc) 534 { 535 #define BUF &__stack.__buf 536 struct { 537 uint8_t padding_l; 538 struct iovec __buf[2]; 539 uint8_t padding_r; 540 } __stack; 541 const size_t __bufsz __unused = sizeof(__stack.__buf); 542 const size_t __len = 2 - 1; 543 const size_t __idx __unused = __len - 1; 544 545 preadv(STDIN_FILENO, __stack.__buf, __len, 0); 546 #undef BUF 547 548 } 549 550 ATF_TC(preadv_end); 551 ATF_TC_HEAD(preadv_end, tc) 552 { 553 } 554 ATF_TC_BODY(preadv_end, tc) 555 { 556 #define BUF &__stack.__buf 557 struct { 558 uint8_t padding_l; 559 struct iovec __buf[2]; 560 uint8_t padding_r; 561 } __stack; 562 const size_t __bufsz __unused = sizeof(__stack.__buf); 563 const size_t __len = 2; 564 const size_t __idx __unused = __len - 1; 565 566 preadv(STDIN_FILENO, __stack.__buf, __len, 0); 567 #undef BUF 568 569 } 570 571 ATF_TC(preadv_after_end); 572 ATF_TC_HEAD(preadv_after_end, tc) 573 { 574 } 575 ATF_TC_BODY(preadv_after_end, tc) 576 { 577 #define BUF &__stack.__buf 578 struct { 579 uint8_t padding_l; 580 struct iovec __buf[2]; 581 uint8_t padding_r; 582 } __stack; 583 const size_t __bufsz __unused = sizeof(__stack.__buf); 584 const size_t __len = 2 + 1; 585 const size_t __idx __unused = __len - 1; 586 pid_t __child; 587 int __status; 588 589 __child = fork(); 590 ATF_REQUIRE(__child >= 0); 591 if (__child > 0) 592 goto monitor; 593 594 /* Child */ 595 disable_coredumps(); 596 preadv(STDIN_FILENO, __stack.__buf, __len, 0); 597 _exit(EX_SOFTWARE); /* Should have aborted. */ 598 599 monitor: 600 while (waitpid(__child, &__status, 0) != __child) { 601 ATF_REQUIRE_EQ(EINTR, errno); 602 } 603 604 if (!WIFSIGNALED(__status)) { 605 switch (WEXITSTATUS(__status)) { 606 case EX_SOFTWARE: 607 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 608 break; 609 case EX_OSERR: 610 atf_tc_fail("setrlimit(2) failed"); 611 break; 612 default: 613 atf_tc_fail("child exited with status %d", 614 WEXITSTATUS(__status)); 615 } 616 } else { 617 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 618 } 619 #undef BUF 620 621 } 622 623 ATF_TC(preadv_heap_before_end); 624 ATF_TC_HEAD(preadv_heap_before_end, tc) 625 { 626 } 627 ATF_TC_BODY(preadv_heap_before_end, tc) 628 { 629 #define BUF __stack.__buf 630 struct { 631 uint8_t padding_l; 632 struct iovec * __buf; 633 uint8_t padding_r; 634 } __stack; 635 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2); 636 const size_t __len = 2 - 1; 637 const size_t __idx __unused = __len - 1; 638 639 __stack.__buf = malloc(__bufsz); 640 641 preadv(STDIN_FILENO, __stack.__buf, __len, 0); 642 #undef BUF 643 644 } 645 646 ATF_TC(preadv_heap_end); 647 ATF_TC_HEAD(preadv_heap_end, tc) 648 { 649 } 650 ATF_TC_BODY(preadv_heap_end, tc) 651 { 652 #define BUF __stack.__buf 653 struct { 654 uint8_t padding_l; 655 struct iovec * __buf; 656 uint8_t padding_r; 657 } __stack; 658 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2); 659 const size_t __len = 2; 660 const size_t __idx __unused = __len - 1; 661 662 __stack.__buf = malloc(__bufsz); 663 664 preadv(STDIN_FILENO, __stack.__buf, __len, 0); 665 #undef BUF 666 667 } 668 669 ATF_TC(preadv_heap_after_end); 670 ATF_TC_HEAD(preadv_heap_after_end, tc) 671 { 672 } 673 ATF_TC_BODY(preadv_heap_after_end, tc) 674 { 675 #define BUF __stack.__buf 676 struct { 677 uint8_t padding_l; 678 struct iovec * __buf; 679 uint8_t padding_r; 680 } __stack; 681 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (2); 682 const size_t __len = 2 + 1; 683 const size_t __idx __unused = __len - 1; 684 pid_t __child; 685 int __status; 686 687 __child = fork(); 688 ATF_REQUIRE(__child >= 0); 689 if (__child > 0) 690 goto monitor; 691 692 /* Child */ 693 disable_coredumps(); 694 __stack.__buf = malloc(__bufsz); 695 696 preadv(STDIN_FILENO, __stack.__buf, __len, 0); 697 _exit(EX_SOFTWARE); /* Should have aborted. */ 698 699 monitor: 700 while (waitpid(__child, &__status, 0) != __child) { 701 ATF_REQUIRE_EQ(EINTR, errno); 702 } 703 704 if (!WIFSIGNALED(__status)) { 705 switch (WEXITSTATUS(__status)) { 706 case EX_SOFTWARE: 707 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 708 break; 709 case EX_OSERR: 710 atf_tc_fail("setrlimit(2) failed"); 711 break; 712 default: 713 atf_tc_fail("child exited with status %d", 714 WEXITSTATUS(__status)); 715 } 716 } else { 717 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 718 } 719 #undef BUF 720 721 } 722 723 ATF_TC(preadv_iov_before_end); 724 ATF_TC_HEAD(preadv_iov_before_end, tc) 725 { 726 } 727 ATF_TC_BODY(preadv_iov_before_end, tc) 728 { 729 #define BUF &__stack.__buf 730 struct { 731 uint8_t padding_l; 732 unsigned char __buf[42]; 733 uint8_t padding_r; 734 } __stack; 735 const size_t __bufsz __unused = sizeof(__stack.__buf); 736 const size_t __len = 42 - 1; 737 const size_t __idx __unused = __len - 1; 738 struct iovec iov[1]; 739 740 iov[0].iov_base = __stack.__buf; 741 iov[0].iov_len = __len; 742 743 replace_stdin(); 744 745 preadv(STDIN_FILENO, iov, nitems(iov), 0); 746 #undef BUF 747 748 } 749 750 ATF_TC(preadv_iov_end); 751 ATF_TC_HEAD(preadv_iov_end, tc) 752 { 753 } 754 ATF_TC_BODY(preadv_iov_end, tc) 755 { 756 #define BUF &__stack.__buf 757 struct { 758 uint8_t padding_l; 759 unsigned char __buf[42]; 760 uint8_t padding_r; 761 } __stack; 762 const size_t __bufsz __unused = sizeof(__stack.__buf); 763 const size_t __len = 42; 764 const size_t __idx __unused = __len - 1; 765 struct iovec iov[1]; 766 767 iov[0].iov_base = __stack.__buf; 768 iov[0].iov_len = __len; 769 770 replace_stdin(); 771 772 preadv(STDIN_FILENO, iov, nitems(iov), 0); 773 #undef BUF 774 775 } 776 777 ATF_TC(preadv_iov_heap_before_end); 778 ATF_TC_HEAD(preadv_iov_heap_before_end, tc) 779 { 780 } 781 ATF_TC_BODY(preadv_iov_heap_before_end, tc) 782 { 783 #define BUF __stack.__buf 784 struct { 785 uint8_t padding_l; 786 unsigned char * __buf; 787 uint8_t padding_r; 788 } __stack; 789 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 790 const size_t __len = 42 - 1; 791 const size_t __idx __unused = __len - 1; 792 struct iovec iov[1]; 793 794 __stack.__buf = malloc(__bufsz); 795 iov[0].iov_base = __stack.__buf; 796 iov[0].iov_len = __len; 797 798 replace_stdin(); 799 800 preadv(STDIN_FILENO, iov, nitems(iov), 0); 801 #undef BUF 802 803 } 804 805 ATF_TC(preadv_iov_heap_end); 806 ATF_TC_HEAD(preadv_iov_heap_end, tc) 807 { 808 } 809 ATF_TC_BODY(preadv_iov_heap_end, tc) 810 { 811 #define BUF __stack.__buf 812 struct { 813 uint8_t padding_l; 814 unsigned char * __buf; 815 uint8_t padding_r; 816 } __stack; 817 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 818 const size_t __len = 42; 819 const size_t __idx __unused = __len - 1; 820 struct iovec iov[1]; 821 822 __stack.__buf = malloc(__bufsz); 823 iov[0].iov_base = __stack.__buf; 824 iov[0].iov_len = __len; 825 826 replace_stdin(); 827 828 preadv(STDIN_FILENO, iov, nitems(iov), 0); 829 #undef BUF 830 831 } 832 833 ATF_TC(preadv_iov_heap_after_end); 834 ATF_TC_HEAD(preadv_iov_heap_after_end, tc) 835 { 836 } 837 ATF_TC_BODY(preadv_iov_heap_after_end, tc) 838 { 839 #define BUF __stack.__buf 840 struct { 841 uint8_t padding_l; 842 unsigned char * __buf; 843 uint8_t padding_r; 844 } __stack; 845 const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); 846 const size_t __len = 42 + 1; 847 const size_t __idx __unused = __len - 1; 848 pid_t __child; 849 int __status; 850 struct iovec iov[1]; 851 852 __child = fork(); 853 ATF_REQUIRE(__child >= 0); 854 if (__child > 0) 855 goto monitor; 856 857 /* Child */ 858 disable_coredumps(); 859 __stack.__buf = malloc(__bufsz); 860 iov[0].iov_base = __stack.__buf; 861 iov[0].iov_len = __len; 862 863 replace_stdin(); 864 865 preadv(STDIN_FILENO, iov, nitems(iov), 0); 866 _exit(EX_SOFTWARE); /* Should have aborted. */ 867 868 monitor: 869 while (waitpid(__child, &__status, 0) != __child) { 870 ATF_REQUIRE_EQ(EINTR, errno); 871 } 872 873 if (!WIFSIGNALED(__status)) { 874 switch (WEXITSTATUS(__status)) { 875 case EX_SOFTWARE: 876 atf_tc_fail("FORTIFY_SOURCE failed to abort"); 877 break; 878 case EX_OSERR: 879 atf_tc_fail("setrlimit(2) failed"); 880 break; 881 default: 882 atf_tc_fail("child exited with status %d", 883 WEXITSTATUS(__status)); 884 } 885 } else { 886 ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); 887 } 888 #undef BUF 889 890 } 891 892 ATF_TP_ADD_TCS(tp) 893 { 894 ATF_TP_ADD_TC(tp, readv_before_end); 895 ATF_TP_ADD_TC(tp, readv_end); 896 ATF_TP_ADD_TC(tp, readv_after_end); 897 ATF_TP_ADD_TC(tp, readv_heap_before_end); 898 ATF_TP_ADD_TC(tp, readv_heap_end); 899 ATF_TP_ADD_TC(tp, readv_heap_after_end); 900 ATF_TP_ADD_TC(tp, readv_iov_before_end); 901 ATF_TP_ADD_TC(tp, readv_iov_end); 902 ATF_TP_ADD_TC(tp, readv_iov_heap_before_end); 903 ATF_TP_ADD_TC(tp, readv_iov_heap_end); 904 ATF_TP_ADD_TC(tp, readv_iov_heap_after_end); 905 ATF_TP_ADD_TC(tp, preadv_before_end); 906 ATF_TP_ADD_TC(tp, preadv_end); 907 ATF_TP_ADD_TC(tp, preadv_after_end); 908 ATF_TP_ADD_TC(tp, preadv_heap_before_end); 909 ATF_TP_ADD_TC(tp, preadv_heap_end); 910 ATF_TP_ADD_TC(tp, preadv_heap_after_end); 911 ATF_TP_ADD_TC(tp, preadv_iov_before_end); 912 ATF_TP_ADD_TC(tp, preadv_iov_end); 913 ATF_TP_ADD_TC(tp, preadv_iov_heap_before_end); 914 ATF_TP_ADD_TC(tp, preadv_iov_heap_end); 915 ATF_TP_ADD_TC(tp, preadv_iov_heap_after_end); 916 return (atf_no_error()); 917 } 918