xref: /freebsd/lib/libc/tests/secure/fortify_unistd_test.c (revision 914752d0f7f874ab4fc8393aee28c22df87324f2)
1 /* @generated by `generate-fortify-tests.lua "unistd"` */
2 
3 #define	_FORTIFY_SOURCE	2
4 #define	TMPFILE_SIZE	(1024 * 32)
5 
6 #include <sys/param.h>
7 #include <sys/random.h>
8 #include <sys/resource.h>
9 #include <sys/select.h>
10 #include <sys/socket.h>
11 #include <sys/time.h>
12 #include <sys/uio.h>
13 #include <sys/wait.h>
14 #include <dirent.h>
15 #include <errno.h>
16 #include <fcntl.h>
17 #include <limits.h>
18 #include <poll.h>
19 #include <signal.h>
20 #include <stdio.h>
21 #include <stdlib.h>
22 #include <string.h>
23 #include <strings.h>
24 #include <sysexits.h>
25 #include <unistd.h>
26 #include <wchar.h>
27 #include <atf-c.h>
28 
29 static FILE * __unused
30 new_fp(size_t __len)
31 {
32 	static char fpbuf[LINE_MAX];
33 	FILE *fp;
34 
35 	ATF_REQUIRE(__len <= sizeof(fpbuf));
36 
37 	memset(fpbuf, 'A', sizeof(fpbuf) - 1);
38 	fpbuf[sizeof(fpbuf) - 1] = '\0';
39 
40 	fp = fmemopen(fpbuf, sizeof(fpbuf), "rb");
41 	ATF_REQUIRE(fp != NULL);
42 
43 	return (fp);
44 }
45 
46 /*
47  * Create a new symlink to use for readlink(2) style tests, we'll just use a
48  * random target name to have something interesting to look at.
49  */
50 static const char * __unused
51 new_symlink(size_t __len)
52 {
53 	static const char linkname[] = "link";
54 	char target[MAXNAMLEN];
55 	int error;
56 
57 	ATF_REQUIRE(__len <= sizeof(target));
58 
59 	arc4random_buf(target, sizeof(target));
60 
61 	error = unlink(linkname);
62 	ATF_REQUIRE(error == 0 || errno == ENOENT);
63 
64 	error = symlink(target, linkname);
65 	ATF_REQUIRE(error == 0);
66 
67 	return (linkname);
68 }
69 
70 /*
71  * For our purposes, first descriptor will be the reader; we'll send both
72  * raw data and a control message over it so that the result can be used for
73  * any of our recv*() tests.
74  */
75 static void __unused
76 new_socket(int sock[2])
77 {
78 	unsigned char ctrl[CMSG_SPACE(sizeof(int))] = { 0 };
79 	static char sockbuf[256];
80 	ssize_t rv;
81 	size_t total = 0;
82 	struct msghdr hdr = { 0 };
83 	struct cmsghdr *cmsg;
84 	int error, fd;
85 
86 	error = socketpair(AF_UNIX, SOCK_STREAM, 0, sock);
87 	ATF_REQUIRE(error == 0);
88 
89 	while (total != sizeof(sockbuf)) {
90 		rv = send(sock[1], &sockbuf[total], sizeof(sockbuf) - total, 0);
91 
92 		ATF_REQUIRE_MSG(rv > 0,
93 		    "expected bytes sent, got %zd with %zu left (size %zu, total %zu)",
94 		    rv, sizeof(sockbuf) - total, sizeof(sockbuf), total);
95 		ATF_REQUIRE_MSG(total + (size_t)rv <= sizeof(sockbuf),
96 		    "%zd exceeds total %zu", rv, sizeof(sockbuf));
97 		total += rv;
98 	}
99 
100 	hdr.msg_control = ctrl;
101 	hdr.msg_controllen = sizeof(ctrl);
102 
103 	cmsg = CMSG_FIRSTHDR(&hdr);
104 	cmsg->cmsg_level = SOL_SOCKET;
105 	cmsg->cmsg_type = SCM_RIGHTS;
106 	cmsg->cmsg_len = CMSG_LEN(sizeof(fd));
107 	fd = STDIN_FILENO;
108 	memcpy(CMSG_DATA(cmsg), &fd, sizeof(fd));
109 
110 	error = sendmsg(sock[1], &hdr, 0);
111 	ATF_REQUIRE(error != -1);
112 }
113 
114 /*
115  * Constructs a tmpfile that we can use for testing read(2) and friends.
116  */
117 static int __unused
118 new_tmpfile(void)
119 {
120 	char buf[1024];
121 	ssize_t rv;
122 	size_t written;
123 	int fd;
124 
125 	fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644);
126 	ATF_REQUIRE(fd >= 0);
127 
128 	written = 0;
129 	while (written < TMPFILE_SIZE) {
130 		rv = write(fd, buf, sizeof(buf));
131 		ATF_REQUIRE(rv > 0);
132 
133 		written += rv;
134 	}
135 
136 	ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET));
137 	return (fd);
138 }
139 
140 static void
141 disable_coredumps(void)
142 {
143 	struct rlimit rl = { 0 };
144 
145 	if (setrlimit(RLIMIT_CORE, &rl) == -1)
146 		_exit(EX_OSERR);
147 }
148 
149 /*
150  * Replaces stdin with a file that we can actually read from, for tests where
151  * we want a FILE * or fd that we can get data from.
152  */
153 static void __unused
154 replace_stdin(void)
155 {
156 	int fd;
157 
158 	fd = new_tmpfile();
159 
160 	(void)dup2(fd, STDIN_FILENO);
161 	if (fd != STDIN_FILENO)
162 		close(fd);
163 }
164 
165 ATF_TC_WITHOUT_HEAD(getcwd_before_end);
166 ATF_TC_BODY(getcwd_before_end, tc)
167 {
168 #define BUF &__stack.__buf
169 	struct {
170 		uint8_t padding_l;
171 		unsigned char __buf[8];
172 		uint8_t padding_r;
173 	} __stack;
174 	const size_t __bufsz __unused = sizeof(__stack.__buf);
175 	const size_t __len = 8 - 1;
176 	const size_t __idx __unused = __len - 1;
177 
178 	getcwd(__stack.__buf, __len);
179 #undef BUF
180 
181 }
182 
183 ATF_TC_WITHOUT_HEAD(getcwd_end);
184 ATF_TC_BODY(getcwd_end, tc)
185 {
186 #define BUF &__stack.__buf
187 	struct {
188 		uint8_t padding_l;
189 		unsigned char __buf[8];
190 		uint8_t padding_r;
191 	} __stack;
192 	const size_t __bufsz __unused = sizeof(__stack.__buf);
193 	const size_t __len = 8;
194 	const size_t __idx __unused = __len - 1;
195 
196 	getcwd(__stack.__buf, __len);
197 #undef BUF
198 
199 }
200 
201 ATF_TC_WITHOUT_HEAD(getcwd_heap_before_end);
202 ATF_TC_BODY(getcwd_heap_before_end, tc)
203 {
204 #define BUF __stack.__buf
205 	struct {
206 		uint8_t padding_l;
207 		unsigned char * __buf;
208 		uint8_t padding_r;
209 	} __stack;
210 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (8);
211 	const size_t __len = 8 - 1;
212 	const size_t __idx __unused = __len - 1;
213 
214 	__stack.__buf = malloc(__bufsz);
215 
216 	getcwd(__stack.__buf, __len);
217 #undef BUF
218 
219 }
220 
221 ATF_TC_WITHOUT_HEAD(getcwd_heap_end);
222 ATF_TC_BODY(getcwd_heap_end, tc)
223 {
224 #define BUF __stack.__buf
225 	struct {
226 		uint8_t padding_l;
227 		unsigned char * __buf;
228 		uint8_t padding_r;
229 	} __stack;
230 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (8);
231 	const size_t __len = 8;
232 	const size_t __idx __unused = __len - 1;
233 
234 	__stack.__buf = malloc(__bufsz);
235 
236 	getcwd(__stack.__buf, __len);
237 #undef BUF
238 
239 }
240 
241 ATF_TC_WITHOUT_HEAD(getcwd_heap_after_end);
242 ATF_TC_BODY(getcwd_heap_after_end, tc)
243 {
244 #define BUF __stack.__buf
245 	struct {
246 		uint8_t padding_l;
247 		unsigned char * __buf;
248 		uint8_t padding_r;
249 	} __stack;
250 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (8);
251 	const size_t __len = 8 + 1;
252 	const size_t __idx __unused = __len - 1;
253 	pid_t __child;
254 	int __status;
255 
256 	__child = fork();
257 	ATF_REQUIRE(__child >= 0);
258 	if (__child > 0)
259 		goto monitor;
260 
261 	/* Child */
262 	disable_coredumps();
263 	__stack.__buf = malloc(__bufsz);
264 
265 	getcwd(__stack.__buf, __len);
266 	_exit(EX_SOFTWARE);	/* Should have aborted. */
267 
268 monitor:
269 	while (waitpid(__child, &__status, 0) != __child) {
270 		ATF_REQUIRE_EQ(EINTR, errno);
271 	}
272 
273 	if (!WIFSIGNALED(__status)) {
274 		switch (WEXITSTATUS(__status)) {
275 		case EX_SOFTWARE:
276 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
277 			break;
278 		case EX_OSERR:
279 			atf_tc_fail("setrlimit(2) failed");
280 			break;
281 		default:
282 			atf_tc_fail("child exited with status %d",
283 			    WEXITSTATUS(__status));
284 		}
285 	} else {
286 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
287 	}
288 #undef BUF
289 
290 }
291 
292 ATF_TC_WITHOUT_HEAD(getgrouplist_before_end);
293 ATF_TC_BODY(getgrouplist_before_end, tc)
294 {
295 #define BUF &__stack.__buf
296 	struct {
297 		uint8_t padding_l;
298 		gid_t __buf[4];
299 		uint8_t padding_r;
300 	} __stack;
301 	const size_t __bufsz __unused = sizeof(__stack.__buf);
302 	const size_t __len = 4 - 1;
303 	const size_t __idx __unused = __len - 1;
304 	int intlen = (int)__len;
305 
306 	getgrouplist("root", 0, __stack.__buf, &intlen);
307 #undef BUF
308 
309 }
310 
311 ATF_TC_WITHOUT_HEAD(getgrouplist_end);
312 ATF_TC_BODY(getgrouplist_end, tc)
313 {
314 #define BUF &__stack.__buf
315 	struct {
316 		uint8_t padding_l;
317 		gid_t __buf[4];
318 		uint8_t padding_r;
319 	} __stack;
320 	const size_t __bufsz __unused = sizeof(__stack.__buf);
321 	const size_t __len = 4;
322 	const size_t __idx __unused = __len - 1;
323 	int intlen = (int)__len;
324 
325 	getgrouplist("root", 0, __stack.__buf, &intlen);
326 #undef BUF
327 
328 }
329 
330 ATF_TC_WITHOUT_HEAD(getgrouplist_heap_before_end);
331 ATF_TC_BODY(getgrouplist_heap_before_end, tc)
332 {
333 #define BUF __stack.__buf
334 	struct {
335 		uint8_t padding_l;
336 		gid_t * __buf;
337 		uint8_t padding_r;
338 	} __stack;
339 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
340 	const size_t __len = 4 - 1;
341 	const size_t __idx __unused = __len - 1;
342 	int intlen = (int)__len;
343 
344 	__stack.__buf = malloc(__bufsz);
345 
346 	getgrouplist("root", 0, __stack.__buf, &intlen);
347 #undef BUF
348 
349 }
350 
351 ATF_TC_WITHOUT_HEAD(getgrouplist_heap_end);
352 ATF_TC_BODY(getgrouplist_heap_end, tc)
353 {
354 #define BUF __stack.__buf
355 	struct {
356 		uint8_t padding_l;
357 		gid_t * __buf;
358 		uint8_t padding_r;
359 	} __stack;
360 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
361 	const size_t __len = 4;
362 	const size_t __idx __unused = __len - 1;
363 	int intlen = (int)__len;
364 
365 	__stack.__buf = malloc(__bufsz);
366 
367 	getgrouplist("root", 0, __stack.__buf, &intlen);
368 #undef BUF
369 
370 }
371 
372 ATF_TC_WITHOUT_HEAD(getgrouplist_heap_after_end);
373 ATF_TC_BODY(getgrouplist_heap_after_end, tc)
374 {
375 #define BUF __stack.__buf
376 	struct {
377 		uint8_t padding_l;
378 		gid_t * __buf;
379 		uint8_t padding_r;
380 	} __stack;
381 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
382 	const size_t __len = 4 + 1;
383 	const size_t __idx __unused = __len - 1;
384 	pid_t __child;
385 	int __status;
386 	int intlen = (int)__len;
387 
388 	__child = fork();
389 	ATF_REQUIRE(__child >= 0);
390 	if (__child > 0)
391 		goto monitor;
392 
393 	/* Child */
394 	disable_coredumps();
395 	__stack.__buf = malloc(__bufsz);
396 
397 	getgrouplist("root", 0, __stack.__buf, &intlen);
398 	_exit(EX_SOFTWARE);	/* Should have aborted. */
399 
400 monitor:
401 	while (waitpid(__child, &__status, 0) != __child) {
402 		ATF_REQUIRE_EQ(EINTR, errno);
403 	}
404 
405 	if (!WIFSIGNALED(__status)) {
406 		switch (WEXITSTATUS(__status)) {
407 		case EX_SOFTWARE:
408 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
409 			break;
410 		case EX_OSERR:
411 			atf_tc_fail("setrlimit(2) failed");
412 			break;
413 		default:
414 			atf_tc_fail("child exited with status %d",
415 			    WEXITSTATUS(__status));
416 		}
417 	} else {
418 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
419 	}
420 #undef BUF
421 
422 }
423 
424 ATF_TC_WITHOUT_HEAD(getgroups_before_end);
425 ATF_TC_BODY(getgroups_before_end, tc)
426 {
427 #define BUF &__stack.__buf
428 	struct {
429 		uint8_t padding_l;
430 		gid_t __buf[4];
431 		uint8_t padding_r;
432 	} __stack;
433 	const size_t __bufsz __unused = sizeof(__stack.__buf);
434 	const size_t __len = 4 - 1;
435 	const size_t __idx __unused = __len - 1;
436 
437 	getgroups(__len, __stack.__buf);
438 #undef BUF
439 
440 }
441 
442 ATF_TC_WITHOUT_HEAD(getgroups_end);
443 ATF_TC_BODY(getgroups_end, tc)
444 {
445 #define BUF &__stack.__buf
446 	struct {
447 		uint8_t padding_l;
448 		gid_t __buf[4];
449 		uint8_t padding_r;
450 	} __stack;
451 	const size_t __bufsz __unused = sizeof(__stack.__buf);
452 	const size_t __len = 4;
453 	const size_t __idx __unused = __len - 1;
454 
455 	getgroups(__len, __stack.__buf);
456 #undef BUF
457 
458 }
459 
460 ATF_TC_WITHOUT_HEAD(getgroups_heap_before_end);
461 ATF_TC_BODY(getgroups_heap_before_end, tc)
462 {
463 #define BUF __stack.__buf
464 	struct {
465 		uint8_t padding_l;
466 		gid_t * __buf;
467 		uint8_t padding_r;
468 	} __stack;
469 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
470 	const size_t __len = 4 - 1;
471 	const size_t __idx __unused = __len - 1;
472 
473 	__stack.__buf = malloc(__bufsz);
474 
475 	getgroups(__len, __stack.__buf);
476 #undef BUF
477 
478 }
479 
480 ATF_TC_WITHOUT_HEAD(getgroups_heap_end);
481 ATF_TC_BODY(getgroups_heap_end, tc)
482 {
483 #define BUF __stack.__buf
484 	struct {
485 		uint8_t padding_l;
486 		gid_t * __buf;
487 		uint8_t padding_r;
488 	} __stack;
489 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
490 	const size_t __len = 4;
491 	const size_t __idx __unused = __len - 1;
492 
493 	__stack.__buf = malloc(__bufsz);
494 
495 	getgroups(__len, __stack.__buf);
496 #undef BUF
497 
498 }
499 
500 ATF_TC_WITHOUT_HEAD(getgroups_heap_after_end);
501 ATF_TC_BODY(getgroups_heap_after_end, tc)
502 {
503 #define BUF __stack.__buf
504 	struct {
505 		uint8_t padding_l;
506 		gid_t * __buf;
507 		uint8_t padding_r;
508 	} __stack;
509 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
510 	const size_t __len = 4 + 1;
511 	const size_t __idx __unused = __len - 1;
512 	pid_t __child;
513 	int __status;
514 
515 	__child = fork();
516 	ATF_REQUIRE(__child >= 0);
517 	if (__child > 0)
518 		goto monitor;
519 
520 	/* Child */
521 	disable_coredumps();
522 	__stack.__buf = malloc(__bufsz);
523 
524 	getgroups(__len, __stack.__buf);
525 	_exit(EX_SOFTWARE);	/* Should have aborted. */
526 
527 monitor:
528 	while (waitpid(__child, &__status, 0) != __child) {
529 		ATF_REQUIRE_EQ(EINTR, errno);
530 	}
531 
532 	if (!WIFSIGNALED(__status)) {
533 		switch (WEXITSTATUS(__status)) {
534 		case EX_SOFTWARE:
535 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
536 			break;
537 		case EX_OSERR:
538 			atf_tc_fail("setrlimit(2) failed");
539 			break;
540 		default:
541 			atf_tc_fail("child exited with status %d",
542 			    WEXITSTATUS(__status));
543 		}
544 	} else {
545 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
546 	}
547 #undef BUF
548 
549 }
550 
551 ATF_TC_WITHOUT_HEAD(getloginclass_before_end);
552 ATF_TC_BODY(getloginclass_before_end, tc)
553 {
554 #define BUF &__stack.__buf
555 	struct {
556 		uint8_t padding_l;
557 		unsigned char __buf[42];
558 		uint8_t padding_r;
559 	} __stack;
560 	const size_t __bufsz __unused = sizeof(__stack.__buf);
561 	const size_t __len = 42 - 1;
562 	const size_t __idx __unused = __len - 1;
563 
564 	getloginclass(__stack.__buf, __len);
565 #undef BUF
566 
567 }
568 
569 ATF_TC_WITHOUT_HEAD(getloginclass_end);
570 ATF_TC_BODY(getloginclass_end, tc)
571 {
572 #define BUF &__stack.__buf
573 	struct {
574 		uint8_t padding_l;
575 		unsigned char __buf[42];
576 		uint8_t padding_r;
577 	} __stack;
578 	const size_t __bufsz __unused = sizeof(__stack.__buf);
579 	const size_t __len = 42;
580 	const size_t __idx __unused = __len - 1;
581 
582 	getloginclass(__stack.__buf, __len);
583 #undef BUF
584 
585 }
586 
587 ATF_TC_WITHOUT_HEAD(getloginclass_heap_before_end);
588 ATF_TC_BODY(getloginclass_heap_before_end, tc)
589 {
590 #define BUF __stack.__buf
591 	struct {
592 		uint8_t padding_l;
593 		unsigned char * __buf;
594 		uint8_t padding_r;
595 	} __stack;
596 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
597 	const size_t __len = 42 - 1;
598 	const size_t __idx __unused = __len - 1;
599 
600 	__stack.__buf = malloc(__bufsz);
601 
602 	getloginclass(__stack.__buf, __len);
603 #undef BUF
604 
605 }
606 
607 ATF_TC_WITHOUT_HEAD(getloginclass_heap_end);
608 ATF_TC_BODY(getloginclass_heap_end, tc)
609 {
610 #define BUF __stack.__buf
611 	struct {
612 		uint8_t padding_l;
613 		unsigned char * __buf;
614 		uint8_t padding_r;
615 	} __stack;
616 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
617 	const size_t __len = 42;
618 	const size_t __idx __unused = __len - 1;
619 
620 	__stack.__buf = malloc(__bufsz);
621 
622 	getloginclass(__stack.__buf, __len);
623 #undef BUF
624 
625 }
626 
627 ATF_TC_WITHOUT_HEAD(getloginclass_heap_after_end);
628 ATF_TC_BODY(getloginclass_heap_after_end, tc)
629 {
630 #define BUF __stack.__buf
631 	struct {
632 		uint8_t padding_l;
633 		unsigned char * __buf;
634 		uint8_t padding_r;
635 	} __stack;
636 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
637 	const size_t __len = 42 + 1;
638 	const size_t __idx __unused = __len - 1;
639 	pid_t __child;
640 	int __status;
641 
642 	__child = fork();
643 	ATF_REQUIRE(__child >= 0);
644 	if (__child > 0)
645 		goto monitor;
646 
647 	/* Child */
648 	disable_coredumps();
649 	__stack.__buf = malloc(__bufsz);
650 
651 	getloginclass(__stack.__buf, __len);
652 	_exit(EX_SOFTWARE);	/* Should have aborted. */
653 
654 monitor:
655 	while (waitpid(__child, &__status, 0) != __child) {
656 		ATF_REQUIRE_EQ(EINTR, errno);
657 	}
658 
659 	if (!WIFSIGNALED(__status)) {
660 		switch (WEXITSTATUS(__status)) {
661 		case EX_SOFTWARE:
662 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
663 			break;
664 		case EX_OSERR:
665 			atf_tc_fail("setrlimit(2) failed");
666 			break;
667 		default:
668 			atf_tc_fail("child exited with status %d",
669 			    WEXITSTATUS(__status));
670 		}
671 	} else {
672 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
673 	}
674 #undef BUF
675 
676 }
677 
678 ATF_TC_WITHOUT_HEAD(pread_before_end);
679 ATF_TC_BODY(pread_before_end, tc)
680 {
681 #define BUF &__stack.__buf
682 	struct {
683 		uint8_t padding_l;
684 		unsigned char __buf[41];
685 		uint8_t padding_r;
686 	} __stack;
687 	const size_t __bufsz __unused = sizeof(__stack.__buf);
688 	const size_t __len = 41 - 1;
689 	const size_t __idx __unused = __len - 1;
690 	int fd;
691 
692 	fd = new_tmpfile();	/* Cannot fail */
693 
694 	pread(fd, __stack.__buf, __len, 0);
695 #undef BUF
696 
697 }
698 
699 ATF_TC_WITHOUT_HEAD(pread_end);
700 ATF_TC_BODY(pread_end, tc)
701 {
702 #define BUF &__stack.__buf
703 	struct {
704 		uint8_t padding_l;
705 		unsigned char __buf[41];
706 		uint8_t padding_r;
707 	} __stack;
708 	const size_t __bufsz __unused = sizeof(__stack.__buf);
709 	const size_t __len = 41;
710 	const size_t __idx __unused = __len - 1;
711 	int fd;
712 
713 	fd = new_tmpfile();	/* Cannot fail */
714 
715 	pread(fd, __stack.__buf, __len, 0);
716 #undef BUF
717 
718 }
719 
720 ATF_TC_WITHOUT_HEAD(pread_heap_before_end);
721 ATF_TC_BODY(pread_heap_before_end, tc)
722 {
723 #define BUF __stack.__buf
724 	struct {
725 		uint8_t padding_l;
726 		unsigned char * __buf;
727 		uint8_t padding_r;
728 	} __stack;
729 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (41);
730 	const size_t __len = 41 - 1;
731 	const size_t __idx __unused = __len - 1;
732 	int fd;
733 
734 	__stack.__buf = malloc(__bufsz);
735 	fd = new_tmpfile();	/* Cannot fail */
736 
737 	pread(fd, __stack.__buf, __len, 0);
738 #undef BUF
739 
740 }
741 
742 ATF_TC_WITHOUT_HEAD(pread_heap_end);
743 ATF_TC_BODY(pread_heap_end, tc)
744 {
745 #define BUF __stack.__buf
746 	struct {
747 		uint8_t padding_l;
748 		unsigned char * __buf;
749 		uint8_t padding_r;
750 	} __stack;
751 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (41);
752 	const size_t __len = 41;
753 	const size_t __idx __unused = __len - 1;
754 	int fd;
755 
756 	__stack.__buf = malloc(__bufsz);
757 	fd = new_tmpfile();	/* Cannot fail */
758 
759 	pread(fd, __stack.__buf, __len, 0);
760 #undef BUF
761 
762 }
763 
764 ATF_TC_WITHOUT_HEAD(pread_heap_after_end);
765 ATF_TC_BODY(pread_heap_after_end, tc)
766 {
767 #define BUF __stack.__buf
768 	struct {
769 		uint8_t padding_l;
770 		unsigned char * __buf;
771 		uint8_t padding_r;
772 	} __stack;
773 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (41);
774 	const size_t __len = 41 + 1;
775 	const size_t __idx __unused = __len - 1;
776 	pid_t __child;
777 	int __status;
778 	int fd;
779 
780 	__child = fork();
781 	ATF_REQUIRE(__child >= 0);
782 	if (__child > 0)
783 		goto monitor;
784 
785 	/* Child */
786 	disable_coredumps();
787 	__stack.__buf = malloc(__bufsz);
788 	fd = new_tmpfile();	/* Cannot fail */
789 
790 	pread(fd, __stack.__buf, __len, 0);
791 	_exit(EX_SOFTWARE);	/* Should have aborted. */
792 
793 monitor:
794 	while (waitpid(__child, &__status, 0) != __child) {
795 		ATF_REQUIRE_EQ(EINTR, errno);
796 	}
797 
798 	if (!WIFSIGNALED(__status)) {
799 		switch (WEXITSTATUS(__status)) {
800 		case EX_SOFTWARE:
801 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
802 			break;
803 		case EX_OSERR:
804 			atf_tc_fail("setrlimit(2) failed");
805 			break;
806 		default:
807 			atf_tc_fail("child exited with status %d",
808 			    WEXITSTATUS(__status));
809 		}
810 	} else {
811 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
812 	}
813 #undef BUF
814 
815 }
816 
817 ATF_TC_WITHOUT_HEAD(read_before_end);
818 ATF_TC_BODY(read_before_end, tc)
819 {
820 #define BUF &__stack.__buf
821 	struct {
822 		uint8_t padding_l;
823 		unsigned char __buf[41];
824 		uint8_t padding_r;
825 	} __stack;
826 	const size_t __bufsz __unused = sizeof(__stack.__buf);
827 	const size_t __len = 41 - 1;
828 	const size_t __idx __unused = __len - 1;
829 	int fd;
830 
831 	fd = new_tmpfile();	/* Cannot fail */
832 
833 	read(fd, __stack.__buf, __len);
834 #undef BUF
835 
836 }
837 
838 ATF_TC_WITHOUT_HEAD(read_end);
839 ATF_TC_BODY(read_end, tc)
840 {
841 #define BUF &__stack.__buf
842 	struct {
843 		uint8_t padding_l;
844 		unsigned char __buf[41];
845 		uint8_t padding_r;
846 	} __stack;
847 	const size_t __bufsz __unused = sizeof(__stack.__buf);
848 	const size_t __len = 41;
849 	const size_t __idx __unused = __len - 1;
850 	int fd;
851 
852 	fd = new_tmpfile();	/* Cannot fail */
853 
854 	read(fd, __stack.__buf, __len);
855 #undef BUF
856 
857 }
858 
859 ATF_TC_WITHOUT_HEAD(read_heap_before_end);
860 ATF_TC_BODY(read_heap_before_end, tc)
861 {
862 #define BUF __stack.__buf
863 	struct {
864 		uint8_t padding_l;
865 		unsigned char * __buf;
866 		uint8_t padding_r;
867 	} __stack;
868 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (41);
869 	const size_t __len = 41 - 1;
870 	const size_t __idx __unused = __len - 1;
871 	int fd;
872 
873 	__stack.__buf = malloc(__bufsz);
874 	fd = new_tmpfile();	/* Cannot fail */
875 
876 	read(fd, __stack.__buf, __len);
877 #undef BUF
878 
879 }
880 
881 ATF_TC_WITHOUT_HEAD(read_heap_end);
882 ATF_TC_BODY(read_heap_end, tc)
883 {
884 #define BUF __stack.__buf
885 	struct {
886 		uint8_t padding_l;
887 		unsigned char * __buf;
888 		uint8_t padding_r;
889 	} __stack;
890 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (41);
891 	const size_t __len = 41;
892 	const size_t __idx __unused = __len - 1;
893 	int fd;
894 
895 	__stack.__buf = malloc(__bufsz);
896 	fd = new_tmpfile();	/* Cannot fail */
897 
898 	read(fd, __stack.__buf, __len);
899 #undef BUF
900 
901 }
902 
903 ATF_TC_WITHOUT_HEAD(read_heap_after_end);
904 ATF_TC_BODY(read_heap_after_end, tc)
905 {
906 #define BUF __stack.__buf
907 	struct {
908 		uint8_t padding_l;
909 		unsigned char * __buf;
910 		uint8_t padding_r;
911 	} __stack;
912 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (41);
913 	const size_t __len = 41 + 1;
914 	const size_t __idx __unused = __len - 1;
915 	pid_t __child;
916 	int __status;
917 	int fd;
918 
919 	__child = fork();
920 	ATF_REQUIRE(__child >= 0);
921 	if (__child > 0)
922 		goto monitor;
923 
924 	/* Child */
925 	disable_coredumps();
926 	__stack.__buf = malloc(__bufsz);
927 	fd = new_tmpfile();	/* Cannot fail */
928 
929 	read(fd, __stack.__buf, __len);
930 	_exit(EX_SOFTWARE);	/* Should have aborted. */
931 
932 monitor:
933 	while (waitpid(__child, &__status, 0) != __child) {
934 		ATF_REQUIRE_EQ(EINTR, errno);
935 	}
936 
937 	if (!WIFSIGNALED(__status)) {
938 		switch (WEXITSTATUS(__status)) {
939 		case EX_SOFTWARE:
940 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
941 			break;
942 		case EX_OSERR:
943 			atf_tc_fail("setrlimit(2) failed");
944 			break;
945 		default:
946 			atf_tc_fail("child exited with status %d",
947 			    WEXITSTATUS(__status));
948 		}
949 	} else {
950 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
951 	}
952 #undef BUF
953 
954 }
955 
956 ATF_TC_WITHOUT_HEAD(readlink_before_end);
957 ATF_TC_BODY(readlink_before_end, tc)
958 {
959 #define BUF &__stack.__buf
960 	struct {
961 		uint8_t padding_l;
962 		unsigned char __buf[42];
963 		uint8_t padding_r;
964 	} __stack;
965 	const size_t __bufsz __unused = sizeof(__stack.__buf);
966 	const size_t __len = 42 - 1;
967 	const size_t __idx __unused = __len - 1;
968 	const char *path;
969 
970 	path = new_symlink(__len);		/* Cannot fail */
971 
972 	readlink(path, __stack.__buf, __len);
973 #undef BUF
974 
975 }
976 
977 ATF_TC_WITHOUT_HEAD(readlink_end);
978 ATF_TC_BODY(readlink_end, tc)
979 {
980 #define BUF &__stack.__buf
981 	struct {
982 		uint8_t padding_l;
983 		unsigned char __buf[42];
984 		uint8_t padding_r;
985 	} __stack;
986 	const size_t __bufsz __unused = sizeof(__stack.__buf);
987 	const size_t __len = 42;
988 	const size_t __idx __unused = __len - 1;
989 	const char *path;
990 
991 	path = new_symlink(__len);		/* Cannot fail */
992 
993 	readlink(path, __stack.__buf, __len);
994 #undef BUF
995 
996 }
997 
998 ATF_TC_WITHOUT_HEAD(readlink_heap_before_end);
999 ATF_TC_BODY(readlink_heap_before_end, tc)
1000 {
1001 #define BUF __stack.__buf
1002 	struct {
1003 		uint8_t padding_l;
1004 		unsigned char * __buf;
1005 		uint8_t padding_r;
1006 	} __stack;
1007 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1008 	const size_t __len = 42 - 1;
1009 	const size_t __idx __unused = __len - 1;
1010 	const char *path;
1011 
1012 	__stack.__buf = malloc(__bufsz);
1013 	path = new_symlink(__len);		/* Cannot fail */
1014 
1015 	readlink(path, __stack.__buf, __len);
1016 #undef BUF
1017 
1018 }
1019 
1020 ATF_TC_WITHOUT_HEAD(readlink_heap_end);
1021 ATF_TC_BODY(readlink_heap_end, tc)
1022 {
1023 #define BUF __stack.__buf
1024 	struct {
1025 		uint8_t padding_l;
1026 		unsigned char * __buf;
1027 		uint8_t padding_r;
1028 	} __stack;
1029 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1030 	const size_t __len = 42;
1031 	const size_t __idx __unused = __len - 1;
1032 	const char *path;
1033 
1034 	__stack.__buf = malloc(__bufsz);
1035 	path = new_symlink(__len);		/* Cannot fail */
1036 
1037 	readlink(path, __stack.__buf, __len);
1038 #undef BUF
1039 
1040 }
1041 
1042 ATF_TC_WITHOUT_HEAD(readlink_heap_after_end);
1043 ATF_TC_BODY(readlink_heap_after_end, tc)
1044 {
1045 #define BUF __stack.__buf
1046 	struct {
1047 		uint8_t padding_l;
1048 		unsigned char * __buf;
1049 		uint8_t padding_r;
1050 	} __stack;
1051 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1052 	const size_t __len = 42 + 1;
1053 	const size_t __idx __unused = __len - 1;
1054 	pid_t __child;
1055 	int __status;
1056 	const char *path;
1057 
1058 	__child = fork();
1059 	ATF_REQUIRE(__child >= 0);
1060 	if (__child > 0)
1061 		goto monitor;
1062 
1063 	/* Child */
1064 	disable_coredumps();
1065 	__stack.__buf = malloc(__bufsz);
1066 	path = new_symlink(__len);		/* Cannot fail */
1067 
1068 	readlink(path, __stack.__buf, __len);
1069 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1070 
1071 monitor:
1072 	while (waitpid(__child, &__status, 0) != __child) {
1073 		ATF_REQUIRE_EQ(EINTR, errno);
1074 	}
1075 
1076 	if (!WIFSIGNALED(__status)) {
1077 		switch (WEXITSTATUS(__status)) {
1078 		case EX_SOFTWARE:
1079 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1080 			break;
1081 		case EX_OSERR:
1082 			atf_tc_fail("setrlimit(2) failed");
1083 			break;
1084 		default:
1085 			atf_tc_fail("child exited with status %d",
1086 			    WEXITSTATUS(__status));
1087 		}
1088 	} else {
1089 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1090 	}
1091 #undef BUF
1092 
1093 }
1094 
1095 ATF_TC_WITHOUT_HEAD(readlinkat_before_end);
1096 ATF_TC_BODY(readlinkat_before_end, tc)
1097 {
1098 #define BUF &__stack.__buf
1099 	struct {
1100 		uint8_t padding_l;
1101 		unsigned char __buf[42];
1102 		uint8_t padding_r;
1103 	} __stack;
1104 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1105 	const size_t __len = 42 - 1;
1106 	const size_t __idx __unused = __len - 1;
1107 	const char *path;
1108 
1109 	path = new_symlink(__len);		/* Cannot fail */
1110 
1111 	readlinkat(AT_FDCWD, path, __stack.__buf, __len);
1112 #undef BUF
1113 
1114 }
1115 
1116 ATF_TC_WITHOUT_HEAD(readlinkat_end);
1117 ATF_TC_BODY(readlinkat_end, tc)
1118 {
1119 #define BUF &__stack.__buf
1120 	struct {
1121 		uint8_t padding_l;
1122 		unsigned char __buf[42];
1123 		uint8_t padding_r;
1124 	} __stack;
1125 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1126 	const size_t __len = 42;
1127 	const size_t __idx __unused = __len - 1;
1128 	const char *path;
1129 
1130 	path = new_symlink(__len);		/* Cannot fail */
1131 
1132 	readlinkat(AT_FDCWD, path, __stack.__buf, __len);
1133 #undef BUF
1134 
1135 }
1136 
1137 ATF_TC_WITHOUT_HEAD(readlinkat_heap_before_end);
1138 ATF_TC_BODY(readlinkat_heap_before_end, tc)
1139 {
1140 #define BUF __stack.__buf
1141 	struct {
1142 		uint8_t padding_l;
1143 		unsigned char * __buf;
1144 		uint8_t padding_r;
1145 	} __stack;
1146 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1147 	const size_t __len = 42 - 1;
1148 	const size_t __idx __unused = __len - 1;
1149 	const char *path;
1150 
1151 	__stack.__buf = malloc(__bufsz);
1152 	path = new_symlink(__len);		/* Cannot fail */
1153 
1154 	readlinkat(AT_FDCWD, path, __stack.__buf, __len);
1155 #undef BUF
1156 
1157 }
1158 
1159 ATF_TC_WITHOUT_HEAD(readlinkat_heap_end);
1160 ATF_TC_BODY(readlinkat_heap_end, tc)
1161 {
1162 #define BUF __stack.__buf
1163 	struct {
1164 		uint8_t padding_l;
1165 		unsigned char * __buf;
1166 		uint8_t padding_r;
1167 	} __stack;
1168 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1169 	const size_t __len = 42;
1170 	const size_t __idx __unused = __len - 1;
1171 	const char *path;
1172 
1173 	__stack.__buf = malloc(__bufsz);
1174 	path = new_symlink(__len);		/* Cannot fail */
1175 
1176 	readlinkat(AT_FDCWD, path, __stack.__buf, __len);
1177 #undef BUF
1178 
1179 }
1180 
1181 ATF_TC_WITHOUT_HEAD(readlinkat_heap_after_end);
1182 ATF_TC_BODY(readlinkat_heap_after_end, tc)
1183 {
1184 #define BUF __stack.__buf
1185 	struct {
1186 		uint8_t padding_l;
1187 		unsigned char * __buf;
1188 		uint8_t padding_r;
1189 	} __stack;
1190 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1191 	const size_t __len = 42 + 1;
1192 	const size_t __idx __unused = __len - 1;
1193 	pid_t __child;
1194 	int __status;
1195 	const char *path;
1196 
1197 	__child = fork();
1198 	ATF_REQUIRE(__child >= 0);
1199 	if (__child > 0)
1200 		goto monitor;
1201 
1202 	/* Child */
1203 	disable_coredumps();
1204 	__stack.__buf = malloc(__bufsz);
1205 	path = new_symlink(__len);		/* Cannot fail */
1206 
1207 	readlinkat(AT_FDCWD, path, __stack.__buf, __len);
1208 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1209 
1210 monitor:
1211 	while (waitpid(__child, &__status, 0) != __child) {
1212 		ATF_REQUIRE_EQ(EINTR, errno);
1213 	}
1214 
1215 	if (!WIFSIGNALED(__status)) {
1216 		switch (WEXITSTATUS(__status)) {
1217 		case EX_SOFTWARE:
1218 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1219 			break;
1220 		case EX_OSERR:
1221 			atf_tc_fail("setrlimit(2) failed");
1222 			break;
1223 		default:
1224 			atf_tc_fail("child exited with status %d",
1225 			    WEXITSTATUS(__status));
1226 		}
1227 	} else {
1228 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1229 	}
1230 #undef BUF
1231 
1232 }
1233 
1234 ATF_TC_WITHOUT_HEAD(getdomainname_before_end);
1235 ATF_TC_BODY(getdomainname_before_end, tc)
1236 {
1237 #define BUF &__stack.__buf
1238 	struct {
1239 		uint8_t padding_l;
1240 		unsigned char __buf[4];
1241 		uint8_t padding_r;
1242 	} __stack;
1243 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1244 	const size_t __len = 4 - 1;
1245 	const size_t __idx __unused = __len - 1;
1246 	char sysdomain[256];
1247 
1248 	(void)getdomainname(sysdomain, __len);
1249 	if (strlen(sysdomain) <= __len)
1250 		atf_tc_skip("domain name too short for testing");
1251 
1252 	getdomainname(__stack.__buf, __len);
1253 #undef BUF
1254 
1255 }
1256 
1257 ATF_TC_WITHOUT_HEAD(getdomainname_end);
1258 ATF_TC_BODY(getdomainname_end, tc)
1259 {
1260 #define BUF &__stack.__buf
1261 	struct {
1262 		uint8_t padding_l;
1263 		unsigned char __buf[4];
1264 		uint8_t padding_r;
1265 	} __stack;
1266 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1267 	const size_t __len = 4;
1268 	const size_t __idx __unused = __len - 1;
1269 	char sysdomain[256];
1270 
1271 	(void)getdomainname(sysdomain, __len);
1272 	if (strlen(sysdomain) <= __len)
1273 		atf_tc_skip("domain name too short for testing");
1274 
1275 	getdomainname(__stack.__buf, __len);
1276 #undef BUF
1277 
1278 }
1279 
1280 ATF_TC_WITHOUT_HEAD(getdomainname_heap_before_end);
1281 ATF_TC_BODY(getdomainname_heap_before_end, tc)
1282 {
1283 #define BUF __stack.__buf
1284 	struct {
1285 		uint8_t padding_l;
1286 		unsigned char * __buf;
1287 		uint8_t padding_r;
1288 	} __stack;
1289 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
1290 	const size_t __len = 4 - 1;
1291 	const size_t __idx __unused = __len - 1;
1292 	char sysdomain[256];
1293 
1294 	(void)getdomainname(sysdomain, __len);
1295 	if (strlen(sysdomain) <= __len)
1296 		atf_tc_skip("domain name too short for testing");
1297 
1298 	__stack.__buf = malloc(__bufsz);
1299 
1300 	getdomainname(__stack.__buf, __len);
1301 #undef BUF
1302 
1303 }
1304 
1305 ATF_TC_WITHOUT_HEAD(getdomainname_heap_end);
1306 ATF_TC_BODY(getdomainname_heap_end, tc)
1307 {
1308 #define BUF __stack.__buf
1309 	struct {
1310 		uint8_t padding_l;
1311 		unsigned char * __buf;
1312 		uint8_t padding_r;
1313 	} __stack;
1314 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
1315 	const size_t __len = 4;
1316 	const size_t __idx __unused = __len - 1;
1317 	char sysdomain[256];
1318 
1319 	(void)getdomainname(sysdomain, __len);
1320 	if (strlen(sysdomain) <= __len)
1321 		atf_tc_skip("domain name too short for testing");
1322 
1323 	__stack.__buf = malloc(__bufsz);
1324 
1325 	getdomainname(__stack.__buf, __len);
1326 #undef BUF
1327 
1328 }
1329 
1330 ATF_TC_WITHOUT_HEAD(getdomainname_heap_after_end);
1331 ATF_TC_BODY(getdomainname_heap_after_end, tc)
1332 {
1333 #define BUF __stack.__buf
1334 	struct {
1335 		uint8_t padding_l;
1336 		unsigned char * __buf;
1337 		uint8_t padding_r;
1338 	} __stack;
1339 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
1340 	const size_t __len = 4 + 1;
1341 	const size_t __idx __unused = __len - 1;
1342 	pid_t __child;
1343 	int __status;
1344 	char sysdomain[256];
1345 
1346 	(void)getdomainname(sysdomain, __len);
1347 	if (strlen(sysdomain) <= __len)
1348 		atf_tc_skip("domain name too short for testing");
1349 
1350 	__child = fork();
1351 	ATF_REQUIRE(__child >= 0);
1352 	if (__child > 0)
1353 		goto monitor;
1354 
1355 	/* Child */
1356 	disable_coredumps();
1357 	__stack.__buf = malloc(__bufsz);
1358 
1359 	getdomainname(__stack.__buf, __len);
1360 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1361 
1362 monitor:
1363 	while (waitpid(__child, &__status, 0) != __child) {
1364 		ATF_REQUIRE_EQ(EINTR, errno);
1365 	}
1366 
1367 	if (!WIFSIGNALED(__status)) {
1368 		switch (WEXITSTATUS(__status)) {
1369 		case EX_SOFTWARE:
1370 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1371 			break;
1372 		case EX_OSERR:
1373 			atf_tc_fail("setrlimit(2) failed");
1374 			break;
1375 		default:
1376 			atf_tc_fail("child exited with status %d",
1377 			    WEXITSTATUS(__status));
1378 		}
1379 	} else {
1380 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1381 	}
1382 #undef BUF
1383 
1384 }
1385 
1386 ATF_TC_WITHOUT_HEAD(getentropy_before_end);
1387 ATF_TC_BODY(getentropy_before_end, tc)
1388 {
1389 #define BUF &__stack.__buf
1390 	struct {
1391 		uint8_t padding_l;
1392 		unsigned char __buf[42];
1393 		uint8_t padding_r;
1394 	} __stack;
1395 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1396 	const size_t __len = 42 - 1;
1397 	const size_t __idx __unused = __len - 1;
1398 
1399 	getentropy(__stack.__buf, __len);
1400 #undef BUF
1401 
1402 }
1403 
1404 ATF_TC_WITHOUT_HEAD(getentropy_end);
1405 ATF_TC_BODY(getentropy_end, tc)
1406 {
1407 #define BUF &__stack.__buf
1408 	struct {
1409 		uint8_t padding_l;
1410 		unsigned char __buf[42];
1411 		uint8_t padding_r;
1412 	} __stack;
1413 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1414 	const size_t __len = 42;
1415 	const size_t __idx __unused = __len - 1;
1416 
1417 	getentropy(__stack.__buf, __len);
1418 #undef BUF
1419 
1420 }
1421 
1422 ATF_TC_WITHOUT_HEAD(getentropy_heap_before_end);
1423 ATF_TC_BODY(getentropy_heap_before_end, tc)
1424 {
1425 #define BUF __stack.__buf
1426 	struct {
1427 		uint8_t padding_l;
1428 		unsigned char * __buf;
1429 		uint8_t padding_r;
1430 	} __stack;
1431 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1432 	const size_t __len = 42 - 1;
1433 	const size_t __idx __unused = __len - 1;
1434 
1435 	__stack.__buf = malloc(__bufsz);
1436 
1437 	getentropy(__stack.__buf, __len);
1438 #undef BUF
1439 
1440 }
1441 
1442 ATF_TC_WITHOUT_HEAD(getentropy_heap_end);
1443 ATF_TC_BODY(getentropy_heap_end, tc)
1444 {
1445 #define BUF __stack.__buf
1446 	struct {
1447 		uint8_t padding_l;
1448 		unsigned char * __buf;
1449 		uint8_t padding_r;
1450 	} __stack;
1451 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1452 	const size_t __len = 42;
1453 	const size_t __idx __unused = __len - 1;
1454 
1455 	__stack.__buf = malloc(__bufsz);
1456 
1457 	getentropy(__stack.__buf, __len);
1458 #undef BUF
1459 
1460 }
1461 
1462 ATF_TC_WITHOUT_HEAD(getentropy_heap_after_end);
1463 ATF_TC_BODY(getentropy_heap_after_end, tc)
1464 {
1465 #define BUF __stack.__buf
1466 	struct {
1467 		uint8_t padding_l;
1468 		unsigned char * __buf;
1469 		uint8_t padding_r;
1470 	} __stack;
1471 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1472 	const size_t __len = 42 + 1;
1473 	const size_t __idx __unused = __len - 1;
1474 	pid_t __child;
1475 	int __status;
1476 
1477 	__child = fork();
1478 	ATF_REQUIRE(__child >= 0);
1479 	if (__child > 0)
1480 		goto monitor;
1481 
1482 	/* Child */
1483 	disable_coredumps();
1484 	__stack.__buf = malloc(__bufsz);
1485 
1486 	getentropy(__stack.__buf, __len);
1487 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1488 
1489 monitor:
1490 	while (waitpid(__child, &__status, 0) != __child) {
1491 		ATF_REQUIRE_EQ(EINTR, errno);
1492 	}
1493 
1494 	if (!WIFSIGNALED(__status)) {
1495 		switch (WEXITSTATUS(__status)) {
1496 		case EX_SOFTWARE:
1497 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1498 			break;
1499 		case EX_OSERR:
1500 			atf_tc_fail("setrlimit(2) failed");
1501 			break;
1502 		default:
1503 			atf_tc_fail("child exited with status %d",
1504 			    WEXITSTATUS(__status));
1505 		}
1506 	} else {
1507 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1508 	}
1509 #undef BUF
1510 
1511 }
1512 
1513 ATF_TC_WITHOUT_HEAD(gethostname_before_end);
1514 ATF_TC_BODY(gethostname_before_end, tc)
1515 {
1516 #define BUF &__stack.__buf
1517 	struct {
1518 		uint8_t padding_l;
1519 		unsigned char __buf[4];
1520 		uint8_t padding_r;
1521 	} __stack;
1522 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1523 	const size_t __len = 4 - 1;
1524 	const size_t __idx __unused = __len - 1;
1525 	char syshost[256];
1526 	int error;
1527 
1528 	error = gethostname(syshost, __len);
1529 	if (error != 0 || strlen(syshost) <= __len)
1530 		atf_tc_skip("hostname too short for testing");
1531 
1532 	gethostname(__stack.__buf, __len);
1533 #undef BUF
1534 
1535 }
1536 
1537 ATF_TC_WITHOUT_HEAD(gethostname_end);
1538 ATF_TC_BODY(gethostname_end, tc)
1539 {
1540 #define BUF &__stack.__buf
1541 	struct {
1542 		uint8_t padding_l;
1543 		unsigned char __buf[4];
1544 		uint8_t padding_r;
1545 	} __stack;
1546 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1547 	const size_t __len = 4;
1548 	const size_t __idx __unused = __len - 1;
1549 	char syshost[256];
1550 	int error;
1551 
1552 	error = gethostname(syshost, __len);
1553 	if (error != 0 || strlen(syshost) <= __len)
1554 		atf_tc_skip("hostname too short for testing");
1555 
1556 	gethostname(__stack.__buf, __len);
1557 #undef BUF
1558 
1559 }
1560 
1561 ATF_TC_WITHOUT_HEAD(gethostname_heap_before_end);
1562 ATF_TC_BODY(gethostname_heap_before_end, tc)
1563 {
1564 #define BUF __stack.__buf
1565 	struct {
1566 		uint8_t padding_l;
1567 		unsigned char * __buf;
1568 		uint8_t padding_r;
1569 	} __stack;
1570 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
1571 	const size_t __len = 4 - 1;
1572 	const size_t __idx __unused = __len - 1;
1573 	char syshost[256];
1574 	int error;
1575 
1576 	error = gethostname(syshost, __len);
1577 	if (error != 0 || strlen(syshost) <= __len)
1578 		atf_tc_skip("hostname too short for testing");
1579 
1580 	__stack.__buf = malloc(__bufsz);
1581 
1582 	gethostname(__stack.__buf, __len);
1583 #undef BUF
1584 
1585 }
1586 
1587 ATF_TC_WITHOUT_HEAD(gethostname_heap_end);
1588 ATF_TC_BODY(gethostname_heap_end, tc)
1589 {
1590 #define BUF __stack.__buf
1591 	struct {
1592 		uint8_t padding_l;
1593 		unsigned char * __buf;
1594 		uint8_t padding_r;
1595 	} __stack;
1596 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
1597 	const size_t __len = 4;
1598 	const size_t __idx __unused = __len - 1;
1599 	char syshost[256];
1600 	int error;
1601 
1602 	error = gethostname(syshost, __len);
1603 	if (error != 0 || strlen(syshost) <= __len)
1604 		atf_tc_skip("hostname too short for testing");
1605 
1606 	__stack.__buf = malloc(__bufsz);
1607 
1608 	gethostname(__stack.__buf, __len);
1609 #undef BUF
1610 
1611 }
1612 
1613 ATF_TC_WITHOUT_HEAD(gethostname_heap_after_end);
1614 ATF_TC_BODY(gethostname_heap_after_end, tc)
1615 {
1616 #define BUF __stack.__buf
1617 	struct {
1618 		uint8_t padding_l;
1619 		unsigned char * __buf;
1620 		uint8_t padding_r;
1621 	} __stack;
1622 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (4);
1623 	const size_t __len = 4 + 1;
1624 	const size_t __idx __unused = __len - 1;
1625 	pid_t __child;
1626 	int __status;
1627 	char syshost[256];
1628 	int error;
1629 
1630 	error = gethostname(syshost, __len);
1631 	if (error != 0 || strlen(syshost) <= __len)
1632 		atf_tc_skip("hostname too short for testing");
1633 
1634 	__child = fork();
1635 	ATF_REQUIRE(__child >= 0);
1636 	if (__child > 0)
1637 		goto monitor;
1638 
1639 	/* Child */
1640 	disable_coredumps();
1641 	__stack.__buf = malloc(__bufsz);
1642 
1643 	gethostname(__stack.__buf, __len);
1644 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1645 
1646 monitor:
1647 	while (waitpid(__child, &__status, 0) != __child) {
1648 		ATF_REQUIRE_EQ(EINTR, errno);
1649 	}
1650 
1651 	if (!WIFSIGNALED(__status)) {
1652 		switch (WEXITSTATUS(__status)) {
1653 		case EX_SOFTWARE:
1654 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1655 			break;
1656 		case EX_OSERR:
1657 			atf_tc_fail("setrlimit(2) failed");
1658 			break;
1659 		default:
1660 			atf_tc_fail("child exited with status %d",
1661 			    WEXITSTATUS(__status));
1662 		}
1663 	} else {
1664 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1665 	}
1666 #undef BUF
1667 
1668 }
1669 
1670 ATF_TC_WITHOUT_HEAD(getlogin_r_before_end);
1671 ATF_TC_BODY(getlogin_r_before_end, tc)
1672 {
1673 #define BUF &__stack.__buf
1674 	struct {
1675 		uint8_t padding_l;
1676 		unsigned char __buf[MAXLOGNAME + 1];
1677 		uint8_t padding_r;
1678 	} __stack;
1679 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1680 	const size_t __len = MAXLOGNAME + 1 - 1;
1681 	const size_t __idx __unused = __len - 1;
1682 
1683 	getlogin_r(__stack.__buf, __len);
1684 #undef BUF
1685 
1686 }
1687 
1688 ATF_TC_WITHOUT_HEAD(getlogin_r_end);
1689 ATF_TC_BODY(getlogin_r_end, tc)
1690 {
1691 #define BUF &__stack.__buf
1692 	struct {
1693 		uint8_t padding_l;
1694 		unsigned char __buf[MAXLOGNAME + 1];
1695 		uint8_t padding_r;
1696 	} __stack;
1697 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1698 	const size_t __len = MAXLOGNAME + 1;
1699 	const size_t __idx __unused = __len - 1;
1700 
1701 	getlogin_r(__stack.__buf, __len);
1702 #undef BUF
1703 
1704 }
1705 
1706 ATF_TC_WITHOUT_HEAD(getlogin_r_heap_before_end);
1707 ATF_TC_BODY(getlogin_r_heap_before_end, tc)
1708 {
1709 #define BUF __stack.__buf
1710 	struct {
1711 		uint8_t padding_l;
1712 		unsigned char * __buf;
1713 		uint8_t padding_r;
1714 	} __stack;
1715 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (MAXLOGNAME + 1);
1716 	const size_t __len = MAXLOGNAME + 1 - 1;
1717 	const size_t __idx __unused = __len - 1;
1718 
1719 	__stack.__buf = malloc(__bufsz);
1720 
1721 	getlogin_r(__stack.__buf, __len);
1722 #undef BUF
1723 
1724 }
1725 
1726 ATF_TC_WITHOUT_HEAD(getlogin_r_heap_end);
1727 ATF_TC_BODY(getlogin_r_heap_end, tc)
1728 {
1729 #define BUF __stack.__buf
1730 	struct {
1731 		uint8_t padding_l;
1732 		unsigned char * __buf;
1733 		uint8_t padding_r;
1734 	} __stack;
1735 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (MAXLOGNAME + 1);
1736 	const size_t __len = MAXLOGNAME + 1;
1737 	const size_t __idx __unused = __len - 1;
1738 
1739 	__stack.__buf = malloc(__bufsz);
1740 
1741 	getlogin_r(__stack.__buf, __len);
1742 #undef BUF
1743 
1744 }
1745 
1746 ATF_TC_WITHOUT_HEAD(getlogin_r_heap_after_end);
1747 ATF_TC_BODY(getlogin_r_heap_after_end, tc)
1748 {
1749 #define BUF __stack.__buf
1750 	struct {
1751 		uint8_t padding_l;
1752 		unsigned char * __buf;
1753 		uint8_t padding_r;
1754 	} __stack;
1755 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (MAXLOGNAME + 1);
1756 	const size_t __len = MAXLOGNAME + 1 + 1;
1757 	const size_t __idx __unused = __len - 1;
1758 	pid_t __child;
1759 	int __status;
1760 
1761 	__child = fork();
1762 	ATF_REQUIRE(__child >= 0);
1763 	if (__child > 0)
1764 		goto monitor;
1765 
1766 	/* Child */
1767 	disable_coredumps();
1768 	__stack.__buf = malloc(__bufsz);
1769 
1770 	getlogin_r(__stack.__buf, __len);
1771 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1772 
1773 monitor:
1774 	while (waitpid(__child, &__status, 0) != __child) {
1775 		ATF_REQUIRE_EQ(EINTR, errno);
1776 	}
1777 
1778 	if (!WIFSIGNALED(__status)) {
1779 		switch (WEXITSTATUS(__status)) {
1780 		case EX_SOFTWARE:
1781 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1782 			break;
1783 		case EX_OSERR:
1784 			atf_tc_fail("setrlimit(2) failed");
1785 			break;
1786 		default:
1787 			atf_tc_fail("child exited with status %d",
1788 			    WEXITSTATUS(__status));
1789 		}
1790 	} else {
1791 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1792 	}
1793 #undef BUF
1794 
1795 }
1796 
1797 ATF_TC_WITHOUT_HEAD(ttyname_r_before_end);
1798 ATF_TC_BODY(ttyname_r_before_end, tc)
1799 {
1800 #define BUF &__stack.__buf
1801 	struct {
1802 		uint8_t padding_l;
1803 		unsigned char __buf[42];
1804 		uint8_t padding_r;
1805 	} __stack;
1806 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1807 	const size_t __len = 42 - 1;
1808 	const size_t __idx __unused = __len - 1;
1809 	int fd;
1810 
1811 	fd = STDIN_FILENO;
1812 	if (!isatty(fd))
1813 		atf_tc_skip("stdin is not an fd");
1814 
1815 	ttyname_r(fd, __stack.__buf, __len);
1816 #undef BUF
1817 
1818 }
1819 
1820 ATF_TC_WITHOUT_HEAD(ttyname_r_end);
1821 ATF_TC_BODY(ttyname_r_end, tc)
1822 {
1823 #define BUF &__stack.__buf
1824 	struct {
1825 		uint8_t padding_l;
1826 		unsigned char __buf[42];
1827 		uint8_t padding_r;
1828 	} __stack;
1829 	const size_t __bufsz __unused = sizeof(__stack.__buf);
1830 	const size_t __len = 42;
1831 	const size_t __idx __unused = __len - 1;
1832 	int fd;
1833 
1834 	fd = STDIN_FILENO;
1835 	if (!isatty(fd))
1836 		atf_tc_skip("stdin is not an fd");
1837 
1838 	ttyname_r(fd, __stack.__buf, __len);
1839 #undef BUF
1840 
1841 }
1842 
1843 ATF_TC_WITHOUT_HEAD(ttyname_r_heap_before_end);
1844 ATF_TC_BODY(ttyname_r_heap_before_end, tc)
1845 {
1846 #define BUF __stack.__buf
1847 	struct {
1848 		uint8_t padding_l;
1849 		unsigned char * __buf;
1850 		uint8_t padding_r;
1851 	} __stack;
1852 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1853 	const size_t __len = 42 - 1;
1854 	const size_t __idx __unused = __len - 1;
1855 	int fd;
1856 
1857 	fd = STDIN_FILENO;
1858 	if (!isatty(fd))
1859 		atf_tc_skip("stdin is not an fd");
1860 
1861 	__stack.__buf = malloc(__bufsz);
1862 
1863 	ttyname_r(fd, __stack.__buf, __len);
1864 #undef BUF
1865 
1866 }
1867 
1868 ATF_TC_WITHOUT_HEAD(ttyname_r_heap_end);
1869 ATF_TC_BODY(ttyname_r_heap_end, tc)
1870 {
1871 #define BUF __stack.__buf
1872 	struct {
1873 		uint8_t padding_l;
1874 		unsigned char * __buf;
1875 		uint8_t padding_r;
1876 	} __stack;
1877 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1878 	const size_t __len = 42;
1879 	const size_t __idx __unused = __len - 1;
1880 	int fd;
1881 
1882 	fd = STDIN_FILENO;
1883 	if (!isatty(fd))
1884 		atf_tc_skip("stdin is not an fd");
1885 
1886 	__stack.__buf = malloc(__bufsz);
1887 
1888 	ttyname_r(fd, __stack.__buf, __len);
1889 #undef BUF
1890 
1891 }
1892 
1893 ATF_TC_WITHOUT_HEAD(ttyname_r_heap_after_end);
1894 ATF_TC_BODY(ttyname_r_heap_after_end, tc)
1895 {
1896 #define BUF __stack.__buf
1897 	struct {
1898 		uint8_t padding_l;
1899 		unsigned char * __buf;
1900 		uint8_t padding_r;
1901 	} __stack;
1902 	const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42);
1903 	const size_t __len = 42 + 1;
1904 	const size_t __idx __unused = __len - 1;
1905 	pid_t __child;
1906 	int __status;
1907 	int fd;
1908 
1909 	fd = STDIN_FILENO;
1910 	if (!isatty(fd))
1911 		atf_tc_skip("stdin is not an fd");
1912 
1913 	__child = fork();
1914 	ATF_REQUIRE(__child >= 0);
1915 	if (__child > 0)
1916 		goto monitor;
1917 
1918 	/* Child */
1919 	disable_coredumps();
1920 	__stack.__buf = malloc(__bufsz);
1921 
1922 	ttyname_r(fd, __stack.__buf, __len);
1923 	_exit(EX_SOFTWARE);	/* Should have aborted. */
1924 
1925 monitor:
1926 	while (waitpid(__child, &__status, 0) != __child) {
1927 		ATF_REQUIRE_EQ(EINTR, errno);
1928 	}
1929 
1930 	if (!WIFSIGNALED(__status)) {
1931 		switch (WEXITSTATUS(__status)) {
1932 		case EX_SOFTWARE:
1933 			atf_tc_fail("FORTIFY_SOURCE failed to abort");
1934 			break;
1935 		case EX_OSERR:
1936 			atf_tc_fail("setrlimit(2) failed");
1937 			break;
1938 		default:
1939 			atf_tc_fail("child exited with status %d",
1940 			    WEXITSTATUS(__status));
1941 		}
1942 	} else {
1943 		ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status));
1944 	}
1945 #undef BUF
1946 
1947 }
1948 
1949 ATF_TP_ADD_TCS(tp)
1950 {
1951 	ATF_TP_ADD_TC(tp, getcwd_before_end);
1952 	ATF_TP_ADD_TC(tp, getcwd_end);
1953 	ATF_TP_ADD_TC(tp, getcwd_heap_before_end);
1954 	ATF_TP_ADD_TC(tp, getcwd_heap_end);
1955 	ATF_TP_ADD_TC(tp, getcwd_heap_after_end);
1956 	ATF_TP_ADD_TC(tp, getgrouplist_before_end);
1957 	ATF_TP_ADD_TC(tp, getgrouplist_end);
1958 	ATF_TP_ADD_TC(tp, getgrouplist_heap_before_end);
1959 	ATF_TP_ADD_TC(tp, getgrouplist_heap_end);
1960 	ATF_TP_ADD_TC(tp, getgrouplist_heap_after_end);
1961 	ATF_TP_ADD_TC(tp, getgroups_before_end);
1962 	ATF_TP_ADD_TC(tp, getgroups_end);
1963 	ATF_TP_ADD_TC(tp, getgroups_heap_before_end);
1964 	ATF_TP_ADD_TC(tp, getgroups_heap_end);
1965 	ATF_TP_ADD_TC(tp, getgroups_heap_after_end);
1966 	ATF_TP_ADD_TC(tp, getloginclass_before_end);
1967 	ATF_TP_ADD_TC(tp, getloginclass_end);
1968 	ATF_TP_ADD_TC(tp, getloginclass_heap_before_end);
1969 	ATF_TP_ADD_TC(tp, getloginclass_heap_end);
1970 	ATF_TP_ADD_TC(tp, getloginclass_heap_after_end);
1971 	ATF_TP_ADD_TC(tp, pread_before_end);
1972 	ATF_TP_ADD_TC(tp, pread_end);
1973 	ATF_TP_ADD_TC(tp, pread_heap_before_end);
1974 	ATF_TP_ADD_TC(tp, pread_heap_end);
1975 	ATF_TP_ADD_TC(tp, pread_heap_after_end);
1976 	ATF_TP_ADD_TC(tp, read_before_end);
1977 	ATF_TP_ADD_TC(tp, read_end);
1978 	ATF_TP_ADD_TC(tp, read_heap_before_end);
1979 	ATF_TP_ADD_TC(tp, read_heap_end);
1980 	ATF_TP_ADD_TC(tp, read_heap_after_end);
1981 	ATF_TP_ADD_TC(tp, readlink_before_end);
1982 	ATF_TP_ADD_TC(tp, readlink_end);
1983 	ATF_TP_ADD_TC(tp, readlink_heap_before_end);
1984 	ATF_TP_ADD_TC(tp, readlink_heap_end);
1985 	ATF_TP_ADD_TC(tp, readlink_heap_after_end);
1986 	ATF_TP_ADD_TC(tp, readlinkat_before_end);
1987 	ATF_TP_ADD_TC(tp, readlinkat_end);
1988 	ATF_TP_ADD_TC(tp, readlinkat_heap_before_end);
1989 	ATF_TP_ADD_TC(tp, readlinkat_heap_end);
1990 	ATF_TP_ADD_TC(tp, readlinkat_heap_after_end);
1991 	ATF_TP_ADD_TC(tp, getdomainname_before_end);
1992 	ATF_TP_ADD_TC(tp, getdomainname_end);
1993 	ATF_TP_ADD_TC(tp, getdomainname_heap_before_end);
1994 	ATF_TP_ADD_TC(tp, getdomainname_heap_end);
1995 	ATF_TP_ADD_TC(tp, getdomainname_heap_after_end);
1996 	ATF_TP_ADD_TC(tp, getentropy_before_end);
1997 	ATF_TP_ADD_TC(tp, getentropy_end);
1998 	ATF_TP_ADD_TC(tp, getentropy_heap_before_end);
1999 	ATF_TP_ADD_TC(tp, getentropy_heap_end);
2000 	ATF_TP_ADD_TC(tp, getentropy_heap_after_end);
2001 	ATF_TP_ADD_TC(tp, gethostname_before_end);
2002 	ATF_TP_ADD_TC(tp, gethostname_end);
2003 	ATF_TP_ADD_TC(tp, gethostname_heap_before_end);
2004 	ATF_TP_ADD_TC(tp, gethostname_heap_end);
2005 	ATF_TP_ADD_TC(tp, gethostname_heap_after_end);
2006 	ATF_TP_ADD_TC(tp, getlogin_r_before_end);
2007 	ATF_TP_ADD_TC(tp, getlogin_r_end);
2008 	ATF_TP_ADD_TC(tp, getlogin_r_heap_before_end);
2009 	ATF_TP_ADD_TC(tp, getlogin_r_heap_end);
2010 	ATF_TP_ADD_TC(tp, getlogin_r_heap_after_end);
2011 	ATF_TP_ADD_TC(tp, ttyname_r_before_end);
2012 	ATF_TP_ADD_TC(tp, ttyname_r_end);
2013 	ATF_TP_ADD_TC(tp, ttyname_r_heap_before_end);
2014 	ATF_TP_ADD_TC(tp, ttyname_r_heap_end);
2015 	ATF_TP_ADD_TC(tp, ttyname_r_heap_after_end);
2016 	return (atf_no_error());
2017 }
2018