.
[glibc/history.git] / debug / tst-chk1.c
blobee080cef49b51db1f05ae7f9cd5696a57a9eb473
1 /* Copyright (C) 2004, 2005 Free Software Foundation, Inc.
2 This file is part of the GNU C Library.
3 Contributed by Jakub Jelinek <jakub@redhat.com>, 2004.
5 The GNU C Library is free software; you can redistribute it and/or
6 modify it under the terms of the GNU Lesser General Public
7 License as published by the Free Software Foundation; either
8 version 2.1 of the License, or (at your option) any later version.
10 The GNU C Library is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
13 Lesser General Public License for more details.
15 You should have received a copy of the GNU Lesser General Public
16 License along with the GNU C Library; if not, write to the Free
17 Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA
18 02111-1307 USA. */
20 #include <assert.h>
21 #include <fcntl.h>
22 #include <locale.h>
23 #include <paths.h>
24 #include <setjmp.h>
25 #include <signal.h>
26 #include <stdio.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <unistd.h>
30 #include <wchar.h>
31 #include <sys/socket.h>
32 #include <sys/un.h>
34 char *temp_filename;
35 static void do_prepare (void);
36 static int do_test (void);
37 #define PREPARE(argc, argv) do_prepare ()
38 #define TEST_FUNCTION do_test ()
39 #include "../test-skeleton.c"
41 static void
42 do_prepare (void)
44 int temp_fd = create_temp_file ("tst-chk1.", &temp_filename);
45 if (temp_fd == -1)
47 printf ("cannot create temporary file: %m\n");
48 exit (1);
51 const char *strs = "abcdefgh\nABCDEFGHI\nabcdefghij\nABCDEFGHIJ";
52 if (write (temp_fd, strs, strlen (strs)) != strlen (strs))
54 puts ("could not write test strings into file");
55 unlink (temp_filename);
56 exit (1);
60 volatile int chk_fail_ok;
61 volatile int ret;
62 jmp_buf chk_fail_buf;
64 static void
65 handler (int sig)
67 if (chk_fail_ok)
69 chk_fail_ok = 0;
70 longjmp (chk_fail_buf, 1);
72 else
73 _exit (127);
76 char buf[10];
77 wchar_t wbuf[10];
78 volatile size_t l0;
79 volatile char *p;
80 volatile wchar_t *wp;
81 const char *str1 = "JIHGFEDCBA";
82 const char *str2 = "F";
83 const char *str3 = "%s%n%s%n";
84 const char *str4 = "Hello, ";
85 const char *str5 = "World!\n";
86 const wchar_t *wstr1 = L"JIHGFEDCBA";
87 const wchar_t *wstr2 = L"F";
88 const wchar_t *wstr3 = L"%s%n%s%n";
89 const wchar_t *wstr4 = L"Hello, ";
90 const wchar_t *wstr5 = L"World!\n";
91 char buf2[10] = "%s";
92 int num1 = 67;
93 int num2 = 987654;
95 #define FAIL() \
96 do { printf ("Failure on line %d\n", __LINE__); ret = 1; } while (0)
97 #define CHK_FAIL_START \
98 chk_fail_ok = 1; \
99 if (! setjmp (chk_fail_buf)) \
101 #define CHK_FAIL_END \
102 chk_fail_ok = 0; \
103 FAIL (); \
105 #if __USE_FORTIFY_LEVEL >= 2
106 #define CHK_FAIL2_START CHK_FAIL_START
107 #define CHK_FAIL2_END CHK_FAIL_END
108 #else
109 #define CHK_FAIL2_START
110 #define CHK_FAIL2_END
111 #endif
113 static int
114 do_test (void)
116 struct sigaction sa;
117 sa.sa_handler = handler;
118 sa.sa_flags = 0;
119 sigemptyset (&sa.sa_mask);
121 sigaction (SIGABRT, &sa, NULL);
123 /* Avoid all the buffer overflow messages on stderr. */
124 int fd = open (_PATH_DEVNULL, O_WRONLY);
125 if (fd == -1)
126 close (STDERR_FILENO);
127 else
129 dup2 (fd, STDERR_FILENO);
130 close (fd);
132 setenv ("LIBC_FATAL_STDERR_", "1", 1);
134 struct A { char buf1[9]; char buf2[1]; } a;
135 struct wA { wchar_t buf1[9]; wchar_t buf2[1]; } wa;
137 printf ("Test checking routines at fortify level %d\n",
138 #ifdef __USE_FORTIFY_LEVEL
139 (int) __USE_FORTIFY_LEVEL
140 #else
142 #endif
145 /* These ops can be done without runtime checking of object size. */
146 memcpy (buf, "abcdefghij", 10);
147 memmove (buf + 1, buf, 9);
148 if (memcmp (buf, "aabcdefghi", 10))
149 FAIL ();
151 if (mempcpy (buf + 5, "abcde", 5) != buf + 10
152 || memcmp (buf, "aabcdabcde", 10))
153 FAIL ();
155 memset (buf + 8, 'j', 2);
156 if (memcmp (buf, "aabcdabcjj", 10))
157 FAIL ();
159 strcpy (buf + 4, "EDCBA");
160 if (memcmp (buf, "aabcEDCBA", 10))
161 FAIL ();
163 if (stpcpy (buf + 8, "F") != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
164 FAIL ();
166 strncpy (buf + 6, "X", 4);
167 if (memcmp (buf, "aabcEDX\0\0", 10))
168 FAIL ();
170 if (sprintf (buf + 7, "%s", "67") != 2 || memcmp (buf, "aabcEDX67", 10))
171 FAIL ();
173 if (snprintf (buf + 7, 3, "%s", "987654") != 6
174 || memcmp (buf, "aabcEDX98", 10))
175 FAIL ();
177 /* These ops need runtime checking, but shouldn't __chk_fail. */
178 memcpy (buf, "abcdefghij", l0 + 10);
179 memmove (buf + 1, buf, l0 + 9);
180 if (memcmp (buf, "aabcdefghi", 10))
181 FAIL ();
183 if (mempcpy (buf + 5, "abcde", l0 + 5) != buf + 10
184 || memcmp (buf, "aabcdabcde", 10))
185 FAIL ();
187 memset (buf + 8, 'j', l0 + 2);
188 if (memcmp (buf, "aabcdabcjj", 10))
189 FAIL ();
191 strcpy (buf + 4, str1 + 5);
192 if (memcmp (buf, "aabcEDCBA", 10))
193 FAIL ();
195 if (stpcpy (buf + 8, str2) != buf + 9 || memcmp (buf, "aabcEDCBF", 10))
196 FAIL ();
198 strncpy (buf + 6, "X", l0 + 4);
199 if (memcmp (buf, "aabcEDX\0\0", 10))
200 FAIL ();
202 if (stpncpy (buf + 5, "cd", l0 + 5) != buf + 7
203 || memcmp (buf, "aabcEcd\0\0", 10))
204 FAIL ();
206 if (sprintf (buf + 7, "%d", num1) != 2 || memcmp (buf, "aabcEcd67", 10))
207 FAIL ();
209 if (snprintf (buf + 7, 3, "%d", num2) != 6 || memcmp (buf, "aabcEcd98", 10))
210 FAIL ();
212 buf[l0 + 8] = '\0';
213 strcat (buf, "A");
214 if (memcmp (buf, "aabcEcd9A", 10))
215 FAIL ();
217 buf[l0 + 7] = '\0';
218 strncat (buf, "ZYXWV", l0 + 2);
219 if (memcmp (buf, "aabcEcdZY", 10))
220 FAIL ();
222 memcpy (a.buf1, "abcdefghij", l0 + 10);
223 memmove (a.buf1 + 1, a.buf1, l0 + 9);
224 if (memcmp (a.buf1, "aabcdefghi", 10))
225 FAIL ();
227 if (mempcpy (a.buf1 + 5, "abcde", l0 + 5) != a.buf1 + 10
228 || memcmp (a.buf1, "aabcdabcde", 10))
229 FAIL ();
231 memset (a.buf1 + 8, 'j', l0 + 2);
232 if (memcmp (a.buf1, "aabcdabcjj", 10))
233 FAIL ();
235 #if __USE_FORTIFY_LEVEL < 2
236 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
237 and sufficient GCC support, as the string operations overflow
238 from a.buf1 into a.buf2. */
239 strcpy (a.buf1 + 4, str1 + 5);
240 if (memcmp (a.buf1, "aabcEDCBA", 10))
241 FAIL ();
243 if (stpcpy (a.buf1 + 8, str2) != a.buf1 + 9
244 || memcmp (a.buf1, "aabcEDCBF", 10))
245 FAIL ();
247 strncpy (a.buf1 + 6, "X", l0 + 4);
248 if (memcmp (a.buf1, "aabcEDX\0\0", 10))
249 FAIL ();
251 if (sprintf (a.buf1 + 7, "%d", num1) != 2
252 || memcmp (a.buf1, "aabcEDX67", 10))
253 FAIL ();
255 if (snprintf (a.buf1 + 7, 3, "%d", num2) != 6
256 || memcmp (a.buf1, "aabcEDX98", 10))
257 FAIL ();
259 a.buf1[l0 + 8] = '\0';
260 strcat (a.buf1, "A");
261 if (memcmp (a.buf1, "aabcEDX9A", 10))
262 FAIL ();
264 a.buf1[l0 + 7] = '\0';
265 strncat (a.buf1, "ZYXWV", l0 + 2);
266 if (memcmp (a.buf1, "aabcEDXZY", 10))
267 FAIL ();
269 #endif
271 #if __USE_FORTIFY_LEVEL >= 1
272 /* Now check if all buffer overflows are caught at runtime. */
274 CHK_FAIL_START
275 memcpy (buf + 1, "abcdefghij", l0 + 10);
276 CHK_FAIL_END
278 CHK_FAIL_START
279 memmove (buf + 2, buf + 1, l0 + 9);
280 CHK_FAIL_END
282 CHK_FAIL_START
283 p = mempcpy (buf + 6, "abcde", l0 + 5);
284 CHK_FAIL_END
286 CHK_FAIL_START
287 memset (buf + 9, 'j', l0 + 2);
288 CHK_FAIL_END
290 CHK_FAIL_START
291 strcpy (buf + 5, str1 + 5);
292 CHK_FAIL_END
294 CHK_FAIL_START
295 p = stpcpy (buf + 9, str2);
296 CHK_FAIL_END
298 CHK_FAIL_START
299 strncpy (buf + 7, "X", l0 + 4);
300 CHK_FAIL_END
302 CHK_FAIL_START
303 stpncpy (buf + 6, "cd", l0 + 5);
304 CHK_FAIL_END
306 CHK_FAIL_START
307 sprintf (buf + 8, "%d", num1);
308 CHK_FAIL_END
310 CHK_FAIL_START
311 snprintf (buf + 8, l0 + 3, "%d", num2);
312 CHK_FAIL_END
314 memcpy (buf, str1 + 2, l0 + 9);
315 CHK_FAIL_START
316 strcat (buf, "AB");
317 CHK_FAIL_END
319 memcpy (buf, str1 + 3, l0 + 8);
320 CHK_FAIL_START
321 strncat (buf, "ZYXWV", l0 + 3);
322 CHK_FAIL_END
324 CHK_FAIL_START
325 memcpy (a.buf1 + 1, "abcdefghij", l0 + 10);
326 CHK_FAIL_END
328 CHK_FAIL_START
329 memmove (a.buf1 + 2, a.buf1 + 1, l0 + 9);
330 CHK_FAIL_END
332 CHK_FAIL_START
333 p = mempcpy (a.buf1 + 6, "abcde", l0 + 5);
334 CHK_FAIL_END
336 CHK_FAIL_START
337 memset (a.buf1 + 9, 'j', l0 + 2);
338 CHK_FAIL_END
340 #if __USE_FORTIFY_LEVEL >= 2
341 # define O 0
342 #else
343 # define O 1
344 #endif
346 CHK_FAIL_START
347 strcpy (a.buf1 + (O + 4), str1 + 5);
348 CHK_FAIL_END
350 CHK_FAIL_START
351 p = stpcpy (a.buf1 + (O + 8), str2);
352 CHK_FAIL_END
354 CHK_FAIL_START
355 strncpy (a.buf1 + (O + 6), "X", l0 + 4);
356 CHK_FAIL_END
358 CHK_FAIL_START
359 sprintf (a.buf1 + (O + 7), "%d", num1);
360 CHK_FAIL_END
362 CHK_FAIL_START
363 snprintf (a.buf1 + (O + 7), l0 + 3, "%d", num2);
364 CHK_FAIL_END
366 memcpy (a.buf1, str1 + (3 - O), l0 + 8 + O);
367 CHK_FAIL_START
368 strcat (a.buf1, "AB");
369 CHK_FAIL_END
371 memcpy (a.buf1, str1 + (4 - O), l0 + 7 + O);
372 CHK_FAIL_START
373 strncat (a.buf1, "ZYXWV", l0 + 3);
374 CHK_FAIL_END
375 #endif
378 /* These ops can be done without runtime checking of object size. */
379 wmemcpy (wbuf, L"abcdefghij", 10);
380 wmemmove (wbuf + 1, wbuf, 9);
381 if (wmemcmp (wbuf, L"aabcdefghi", 10))
382 FAIL ();
384 if (wmempcpy (wbuf + 5, L"abcde", 5) != wbuf + 10
385 || wmemcmp (wbuf, L"aabcdabcde", 10))
386 FAIL ();
388 wmemset (wbuf + 8, L'j', 2);
389 if (wmemcmp (wbuf, L"aabcdabcjj", 10))
390 FAIL ();
392 wcscpy (wbuf + 4, L"EDCBA");
393 if (wmemcmp (wbuf, L"aabcEDCBA", 10))
394 FAIL ();
396 if (wcpcpy (wbuf + 8, L"F") != wbuf + 9 || wmemcmp (wbuf, L"aabcEDCBF", 10))
397 FAIL ();
399 wcsncpy (wbuf + 6, L"X", 4);
400 if (wmemcmp (wbuf, L"aabcEDX\0\0", 10))
401 FAIL ();
403 if (swprintf (wbuf + 7, 3, L"%ls", L"987654") >= 0
404 || wmemcmp (wbuf, L"aabcEDX98", 10))
405 FAIL ();
407 if (swprintf (wbuf + 7, 3, L"64") != 2
408 || wmemcmp (wbuf, L"aabcEDX64", 10))
409 FAIL ();
411 /* These ops need runtime checking, but shouldn't __chk_fail. */
412 wmemcpy (wbuf, L"abcdefghij", l0 + 10);
413 wmemmove (wbuf + 1, wbuf, l0 + 9);
414 if (wmemcmp (wbuf, L"aabcdefghi", 10))
415 FAIL ();
417 if (wmempcpy (wbuf + 5, L"abcde", l0 + 5) != wbuf + 10
418 || wmemcmp (wbuf, L"aabcdabcde", 10))
419 FAIL ();
421 wmemset (wbuf + 8, L'j', l0 + 2);
422 if (wmemcmp (wbuf, L"aabcdabcjj", 10))
423 FAIL ();
425 wcscpy (wbuf + 4, wstr1 + 5);
426 if (wmemcmp (wbuf, L"aabcEDCBA", 10))
427 FAIL ();
429 if (wcpcpy (wbuf + 8, wstr2) != wbuf + 9 || wmemcmp (wbuf, L"aabcEDCBF", 10))
430 FAIL ();
432 wcsncpy (wbuf + 6, L"X", l0 + 4);
433 if (wmemcmp (wbuf, L"aabcEDX\0\0", 10))
434 FAIL ();
436 if (wcpncpy (wbuf + 5, L"cd", l0 + 5) != wbuf + 7
437 || wmemcmp (wbuf, L"aabcEcd\0\0", 10))
438 FAIL ();
440 if (swprintf (wbuf + 7, 3, L"%d", num2) >= 0
441 || wmemcmp (wbuf, L"aabcEcd98", 10))
442 FAIL ();
444 wbuf[l0 + 8] = L'\0';
445 wcscat (wbuf, L"A");
446 if (wmemcmp (wbuf, L"aabcEcd9A", 10))
447 FAIL ();
449 wbuf[l0 + 7] = L'\0';
450 wcsncat (wbuf, L"ZYXWV", l0 + 2);
451 if (wmemcmp (wbuf, L"aabcEcdZY", 10))
452 FAIL ();
454 wmemcpy (wa.buf1, L"abcdefghij", l0 + 10);
455 wmemmove (wa.buf1 + 1, wa.buf1, l0 + 9);
456 if (wmemcmp (wa.buf1, L"aabcdefghi", 10))
457 FAIL ();
459 if (wmempcpy (wa.buf1 + 5, L"abcde", l0 + 5) != wa.buf1 + 10
460 || wmemcmp (wa.buf1, L"aabcdabcde", 10))
461 FAIL ();
463 wmemset (wa.buf1 + 8, L'j', l0 + 2);
464 if (wmemcmp (wa.buf1, L"aabcdabcjj", 10))
465 FAIL ();
467 #if __USE_FORTIFY_LEVEL < 2
468 /* The following tests are supposed to crash with -D_FORTIFY_SOURCE=2
469 and sufficient GCC support, as the string operations overflow
470 from a.buf1 into a.buf2. */
471 wcscpy (wa.buf1 + 4, wstr1 + 5);
472 if (wmemcmp (wa.buf1, L"aabcEDCBA", 10))
473 FAIL ();
475 if (wcpcpy (wa.buf1 + 8, wstr2) != wa.buf1 + 9
476 || wmemcmp (wa.buf1, L"aabcEDCBF", 10))
477 FAIL ();
479 wcsncpy (wa.buf1 + 6, L"X", l0 + 4);
480 if (wmemcmp (wa.buf1, L"aabcEDX\0\0", 10))
481 FAIL ();
483 if (swprintf (wa.buf1 + 7, 3, L"%d", num2) >= 0
484 || wmemcmp (wa.buf1, L"aabcEDX98", 10))
485 FAIL ();
487 wa.buf1[l0 + 8] = L'\0';
488 wcscat (wa.buf1, L"A");
489 if (wmemcmp (wa.buf1, L"aabcEDX9A", 10))
490 FAIL ();
492 wa.buf1[l0 + 7] = L'\0';
493 wcsncat (wa.buf1, L"ZYXWV", l0 + 2);
494 if (wmemcmp (wa.buf1, L"aabcEDXZY", 10))
495 FAIL ();
497 #endif
499 #if __USE_FORTIFY_LEVEL >= 1
500 /* Now check if all buffer overflows are caught at runtime. */
502 CHK_FAIL_START
503 wmemcpy (wbuf + 1, L"abcdefghij", l0 + 10);
504 CHK_FAIL_END
506 CHK_FAIL_START
507 wmemmove (wbuf + 2, wbuf + 1, l0 + 9);
508 CHK_FAIL_END
510 CHK_FAIL_START
511 wp = wmempcpy (wbuf + 6, L"abcde", l0 + 5);
512 CHK_FAIL_END
514 CHK_FAIL_START
515 wmemset (wbuf + 9, L'j', l0 + 2);
516 CHK_FAIL_END
518 CHK_FAIL_START
519 wcscpy (wbuf + 5, wstr1 + 5);
520 CHK_FAIL_END
522 CHK_FAIL_START
523 wp = wcpcpy (wbuf + 9, wstr2);
524 CHK_FAIL_END
526 CHK_FAIL_START
527 wcsncpy (wbuf + 7, L"X", l0 + 4);
528 CHK_FAIL_END
530 CHK_FAIL_START
531 wcpncpy (wbuf + 6, L"cd", l0 + 5);
532 CHK_FAIL_END
534 wmemcpy (wbuf, wstr1 + 2, l0 + 9);
535 CHK_FAIL_START
536 wcscat (wbuf, L"AB");
537 CHK_FAIL_END
539 wmemcpy (wbuf, wstr1 + 3, l0 + 8);
540 CHK_FAIL_START
541 wcsncat (wbuf, L"ZYXWV", l0 + 3);
542 CHK_FAIL_END
544 CHK_FAIL_START
545 wmemcpy (wa.buf1 + 1, L"abcdefghij", l0 + 10);
546 CHK_FAIL_END
548 CHK_FAIL_START
549 wmemmove (wa.buf1 + 2, wa.buf1 + 1, l0 + 9);
550 CHK_FAIL_END
552 CHK_FAIL_START
553 wp = wmempcpy (wa.buf1 + 6, L"abcde", l0 + 5);
554 CHK_FAIL_END
556 CHK_FAIL_START
557 wmemset (wa.buf1 + 9, L'j', l0 + 2);
558 CHK_FAIL_END
560 #if __USE_FORTIFY_LEVEL >= 2
561 # define O 0
562 #else
563 # define O 1
564 #endif
566 CHK_FAIL_START
567 wcscpy (wa.buf1 + (O + 4), wstr1 + 5);
568 CHK_FAIL_END
570 CHK_FAIL_START
571 wp = wcpcpy (wa.buf1 + (O + 8), wstr2);
572 CHK_FAIL_END
574 CHK_FAIL_START
575 wcsncpy (wa.buf1 + (O + 6), L"X", l0 + 4);
576 CHK_FAIL_END
578 wmemcpy (wa.buf1, wstr1 + (3 - O), l0 + 8 + O);
579 CHK_FAIL_START
580 wcscat (wa.buf1, L"AB");
581 CHK_FAIL_END
583 wmemcpy (wa.buf1, wstr1 + (4 - O), l0 + 7 + O);
584 CHK_FAIL_START
585 wcsncat (wa.buf1, L"ZYXWV", l0 + 3);
586 CHK_FAIL_END
587 #endif
590 /* Now checks for %n protection. */
592 /* Constant literals passed directly are always ok
593 (even with warnings about possible bugs from GCC). */
594 int n1, n2;
595 if (sprintf (buf, "%s%n%s%n", str2, &n1, str2, &n2) != 2
596 || n1 != 1 || n2 != 2)
597 FAIL ();
599 /* In this case the format string is not known at compile time,
600 but resides in read-only memory, so is ok. */
601 if (snprintf (buf, 4, str3, str2, &n1, str2, &n2) != 2
602 || n1 != 1 || n2 != 2)
603 FAIL ();
605 strcpy (buf2 + 2, "%n%s%n");
606 /* When the format string is writable and contains %n,
607 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
608 CHK_FAIL2_START
609 if (sprintf (buf, buf2, str2, &n1, str2, &n1) != 2)
610 FAIL ();
611 CHK_FAIL2_END
613 CHK_FAIL2_START
614 if (snprintf (buf, 3, buf2, str2, &n1, str2, &n1) != 2)
615 FAIL ();
616 CHK_FAIL2_END
618 /* But if there is no %n, even writable format string
619 should work. */
620 buf2[6] = '\0';
621 if (sprintf (buf, buf2 + 4, str2) != 1)
622 FAIL ();
624 /* Constant literals passed directly are always ok
625 (even with warnings about possible bugs from GCC). */
626 if (printf ("%s%n%s%n", str4, &n1, str5, &n2) != 14
627 || n1 != 7 || n2 != 14)
628 FAIL ();
630 /* In this case the format string is not known at compile time,
631 but resides in read-only memory, so is ok. */
632 if (printf (str3, str4, &n1, str5, &n2) != 14
633 || n1 != 7 || n2 != 14)
634 FAIL ();
636 strcpy (buf2 + 2, "%n%s%n");
637 /* When the format string is writable and contains %n,
638 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
639 CHK_FAIL2_START
640 if (printf (buf2, str4, &n1, str5, &n1) != 14)
641 FAIL ();
642 CHK_FAIL2_END
644 /* But if there is no %n, even writable format string
645 should work. */
646 buf2[6] = '\0';
647 if (printf (buf2 + 4, str5) != 7)
648 FAIL ();
650 FILE *fp = stdout;
652 /* Constant literals passed directly are always ok
653 (even with warnings about possible bugs from GCC). */
654 if (fprintf (fp, "%s%n%s%n", str4, &n1, str5, &n2) != 14
655 || n1 != 7 || n2 != 14)
656 FAIL ();
658 /* In this case the format string is not known at compile time,
659 but resides in read-only memory, so is ok. */
660 if (fprintf (fp, str3, str4, &n1, str5, &n2) != 14
661 || n1 != 7 || n2 != 14)
662 FAIL ();
664 strcpy (buf2 + 2, "%n%s%n");
665 /* When the format string is writable and contains %n,
666 with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */
667 CHK_FAIL2_START
668 if (fprintf (fp, buf2, str4, &n1, str5, &n1) != 14)
669 FAIL ();
670 CHK_FAIL2_END
672 /* But if there is no %n, even writable format string
673 should work. */
674 buf2[6] = '\0';
675 if (fprintf (fp, buf2 + 4, str5) != 7)
676 FAIL ();
678 if (freopen (temp_filename, "r", stdin) == NULL)
680 puts ("could not open temporary file");
681 exit (1);
684 if (gets (buf) != buf || memcmp (buf, "abcdefgh", 9))
685 FAIL ();
686 if (gets (buf) != buf || memcmp (buf, "ABCDEFGHI", 10))
687 FAIL ();
689 #if __USE_FORTIFY_LEVEL >= 1
690 CHK_FAIL_START
691 if (gets (buf) != buf)
692 FAIL ();
693 CHK_FAIL_END
694 #endif
696 rewind (stdin);
698 if (fgets (buf, sizeof (buf), stdin) != buf
699 || memcmp (buf, "abcdefgh\n", 10))
700 FAIL ();
701 if (fgets (buf, sizeof (buf), stdin) != buf || memcmp (buf, "ABCDEFGHI", 10))
702 FAIL ();
704 rewind (stdin);
706 if (fgets (buf, l0 + sizeof (buf), stdin) != buf
707 || memcmp (buf, "abcdefgh\n", 10))
708 FAIL ();
710 #if __USE_FORTIFY_LEVEL >= 1
711 CHK_FAIL_START
712 if (fgets (buf, sizeof (buf) + 1, stdin) != buf)
713 FAIL ();
714 CHK_FAIL_END
716 CHK_FAIL_START
717 if (fgets (buf, l0 + sizeof (buf) + 1, stdin) != buf)
718 FAIL ();
719 CHK_FAIL_END
720 #endif
722 rewind (stdin);
724 if (fgets_unlocked (buf, sizeof (buf), stdin) != buf
725 || memcmp (buf, "abcdefgh\n", 10))
726 FAIL ();
727 if (fgets_unlocked (buf, sizeof (buf), stdin) != buf
728 || memcmp (buf, "ABCDEFGHI", 10))
729 FAIL ();
731 rewind (stdin);
733 if (fgets_unlocked (buf, l0 + sizeof (buf), stdin) != buf
734 || memcmp (buf, "abcdefgh\n", 10))
735 FAIL ();
737 #if __USE_FORTIFY_LEVEL >= 1
738 CHK_FAIL_START
739 if (fgets_unlocked (buf, sizeof (buf) + 1, stdin) != buf)
740 FAIL ();
741 CHK_FAIL_END
743 CHK_FAIL_START
744 if (fgets_unlocked (buf, l0 + sizeof (buf) + 1, stdin) != buf)
745 FAIL ();
746 CHK_FAIL_END
747 #endif
749 lseek (fileno (stdin), 0, SEEK_SET);
751 if (read (fileno (stdin), buf, sizeof (buf) - 1) != sizeof (buf) - 1
752 || memcmp (buf, "abcdefgh\n", 9))
753 FAIL ();
754 if (read (fileno (stdin), buf, sizeof (buf) - 1) != sizeof (buf) - 1
755 || memcmp (buf, "ABCDEFGHI", 9))
756 FAIL ();
758 lseek (fileno (stdin), 0, SEEK_SET);
760 if (read (fileno (stdin), buf, l0 + sizeof (buf) - 1) != sizeof (buf) - 1
761 || memcmp (buf, "abcdefgh\n", 9))
762 FAIL ();
764 #if __USE_FORTIFY_LEVEL >= 1
765 CHK_FAIL_START
766 if (read (fileno (stdin), buf, sizeof (buf) + 1) != sizeof (buf) + 1)
767 FAIL ();
768 CHK_FAIL_END
769 #endif
771 if (pread (fileno (stdin), buf, sizeof (buf) - 1, sizeof (buf) - 2)
772 != sizeof (buf) - 1
773 || memcmp (buf, "\nABCDEFGH", 9))
774 FAIL ();
775 if (pread (fileno (stdin), buf, sizeof (buf) - 1, 0) != sizeof (buf) - 1
776 || memcmp (buf, "abcdefgh\n", 9))
777 FAIL ();
778 if (pread (fileno (stdin), buf, l0 + sizeof (buf) - 1, sizeof (buf) - 3)
779 != sizeof (buf) - 1
780 || memcmp (buf, "h\nABCDEFG", 9))
781 FAIL ();
783 #if __USE_FORTIFY_LEVEL >= 1
784 CHK_FAIL_START
785 if (pread (fileno (stdin), buf, sizeof (buf) + 1, 2 * sizeof (buf))
786 != sizeof (buf) + 1)
787 FAIL ();
788 CHK_FAIL_END
789 #endif
791 if (pread64 (fileno (stdin), buf, sizeof (buf) - 1, sizeof (buf) - 2)
792 != sizeof (buf) - 1
793 || memcmp (buf, "\nABCDEFGH", 9))
794 FAIL ();
795 if (pread64 (fileno (stdin), buf, sizeof (buf) - 1, 0) != sizeof (buf) - 1
796 || memcmp (buf, "abcdefgh\n", 9))
797 FAIL ();
798 if (pread64 (fileno (stdin), buf, l0 + sizeof (buf) - 1, sizeof (buf) - 3)
799 != sizeof (buf) - 1
800 || memcmp (buf, "h\nABCDEFG", 9))
801 FAIL ();
803 #if __USE_FORTIFY_LEVEL >= 1
804 CHK_FAIL_START
805 if (pread64 (fileno (stdin), buf, sizeof (buf) + 1, 2 * sizeof (buf))
806 != sizeof (buf) + 1)
807 FAIL ();
808 CHK_FAIL_END
809 #endif
811 if (freopen (temp_filename, "r", stdin) == NULL)
813 puts ("could not open temporary file");
814 exit (1);
817 if (fseek (stdin, 9 + 10 + 11, SEEK_SET))
819 puts ("could not seek in test file");
820 exit (1);
823 #if __USE_FORTIFY_LEVEL >= 1
824 CHK_FAIL_START
825 if (gets (buf) != buf)
826 FAIL ();
827 CHK_FAIL_END
828 #endif
830 /* Check whether missing N$ formats are detected. */
831 CHK_FAIL2_START
832 printf ("%3$d\n", 1, 2, 3, 4);
833 CHK_FAIL2_END
835 CHK_FAIL2_START
836 fprintf (stdout, "%3$d\n", 1, 2, 3, 4);
837 CHK_FAIL2_END
839 CHK_FAIL2_START
840 sprintf (buf, "%3$d\n", 1, 2, 3, 4);
841 CHK_FAIL2_END
843 CHK_FAIL2_START
844 snprintf (buf, sizeof (buf), "%3$d\n", 1, 2, 3, 4);
845 CHK_FAIL2_END
847 int sp[2];
848 if (socketpair (PF_UNIX, SOCK_STREAM, 0, sp))
849 FAIL ();
850 else
852 const char *sendstr = "abcdefgh\nABCDEFGH\n0123456789\n";
853 if (send (sp[0], sendstr, strlen (sendstr), 0) != strlen (sendstr))
854 FAIL ();
856 char recvbuf[12];
857 if (recv (sp[1], recvbuf, sizeof recvbuf, MSG_PEEK)
858 != sizeof recvbuf
859 || memcmp (recvbuf, sendstr, sizeof recvbuf) != 0)
860 FAIL ();
862 if (recv (sp[1], recvbuf + 6, l0 + sizeof recvbuf - 7, MSG_PEEK)
863 != sizeof recvbuf - 7
864 || memcmp (recvbuf + 6, sendstr, sizeof recvbuf - 7) != 0)
865 FAIL ();
867 #if __USE_FORTIFY_LEVEL >= 1
868 CHK_FAIL_START
869 if (recv (sp[1], recvbuf + 1, sizeof recvbuf, MSG_PEEK)
870 != sizeof recvbuf)
871 FAIL ();
872 CHK_FAIL_END
874 CHK_FAIL_START
875 if (recv (sp[1], recvbuf + 4, l0 + sizeof recvbuf - 3, MSG_PEEK)
876 != sizeof recvbuf - 3)
877 FAIL ();
878 CHK_FAIL_END
879 #endif
881 socklen_t sl;
882 struct sockaddr_un sa_un;
884 sl = sizeof (sa_un);
885 if (recvfrom (sp[1], recvbuf, sizeof recvbuf, MSG_PEEK, &sa_un, &sl)
886 != sizeof recvbuf
887 || memcmp (recvbuf, sendstr, sizeof recvbuf) != 0)
888 FAIL ();
890 sl = sizeof (sa_un);
891 if (recvfrom (sp[1], recvbuf + 6, l0 + sizeof recvbuf - 7, MSG_PEEK,
892 &sa_un, &sl) != sizeof recvbuf - 7
893 || memcmp (recvbuf + 6, sendstr, sizeof recvbuf - 7) != 0)
894 FAIL ();
896 #if __USE_FORTIFY_LEVEL >= 1
897 CHK_FAIL_START
898 sl = sizeof (sa_un);
899 if (recvfrom (sp[1], recvbuf + 1, sizeof recvbuf, MSG_PEEK, &sa_un, &sl)
900 != sizeof recvbuf)
901 FAIL ();
902 CHK_FAIL_END
904 CHK_FAIL_START
905 sl = sizeof (sa_un);
906 if (recvfrom (sp[1], recvbuf + 4, l0 + sizeof recvbuf - 3, MSG_PEEK,
907 &sa_un, &sl) != sizeof recvbuf - 3)
908 FAIL ();
909 CHK_FAIL_END
910 #endif
912 close (sp[0]);
913 close (sp[1]);
916 char fname[] = "/tmp/tst-chk1-dir-XXXXXX\0foo";
917 char *enddir = strchr (fname, '\0');
918 if (mkdtemp (fname) == NULL)
920 printf ("mkdtemp failed: %m\n");
921 return 1;
923 *enddir = '/';
924 if (symlink ("bar", fname) != 0)
925 FAIL ();
927 char readlinkbuf[4];
928 if (readlink (fname, readlinkbuf, 4) != 3
929 || memcmp (readlinkbuf, "bar", 3) != 0)
930 FAIL ();
931 if (readlink (fname, readlinkbuf + 1, l0 + 3) != 3
932 || memcmp (readlinkbuf, "bbar", 4) != 0)
933 FAIL ();
935 #if __USE_FORTIFY_LEVEL >= 1
936 CHK_FAIL_START
937 if (readlink (fname, readlinkbuf + 2, l0 + 3) != 3)
938 FAIL ();
939 CHK_FAIL_END
941 CHK_FAIL_START
942 if (readlink (fname, readlinkbuf + 3, 4) != 3)
943 FAIL ();
944 CHK_FAIL_END
945 #endif
947 char *cwd1 = getcwd (NULL, 0);
948 if (cwd1 == NULL)
949 FAIL ();
951 char *cwd2 = getcwd (NULL, 250);
952 if (cwd2 == NULL)
953 FAIL ();
955 if (cwd1 && cwd2)
957 if (strcmp (cwd1, cwd2) != 0)
958 FAIL ();
960 *enddir = '\0';
961 if (chdir (fname))
962 FAIL ();
964 char *cwd3 = getcwd (NULL, 0);
965 if (cwd3 == NULL)
966 FAIL ();
967 if (strcmp (fname, cwd3) != 0)
968 printf ("getcwd after chdir is '%s' != '%s',"
969 "get{c,}wd tests skipped\n", cwd3, fname);
970 else
972 char getcwdbuf[sizeof fname - 3];
974 char *cwd4 = getcwd (getcwdbuf, sizeof getcwdbuf);
975 if (cwd4 != getcwdbuf
976 || strcmp (getcwdbuf, fname) != 0)
977 FAIL ();
979 cwd4 = getcwd (getcwdbuf + 1, l0 + sizeof getcwdbuf - 1);
980 if (cwd4 != getcwdbuf + 1
981 || getcwdbuf[0] != fname[0]
982 || strcmp (getcwdbuf + 1, fname) != 0)
983 FAIL ();
985 #if __USE_FORTIFY_LEVEL >= 1
986 CHK_FAIL_START
987 if (getcwd (getcwdbuf + 2, l0 + sizeof getcwdbuf)
988 != getcwdbuf + 2)
989 FAIL ();
990 CHK_FAIL_END
992 CHK_FAIL_START
993 if (getcwd (getcwdbuf + 2, sizeof getcwdbuf)
994 != getcwdbuf + 2)
995 FAIL ();
996 CHK_FAIL_END
997 #endif
999 if (getwd (getcwdbuf) != getcwdbuf
1000 || strcmp (getcwdbuf, fname) != 0)
1001 FAIL ();
1003 if (getwd (getcwdbuf + 1) != getcwdbuf + 1
1004 || strcmp (getcwdbuf + 1, fname) != 0)
1005 FAIL ();
1007 #if __USE_FORTIFY_LEVEL >= 1
1008 CHK_FAIL_START
1009 if (getwd (getcwdbuf + 2) != getcwdbuf + 2)
1010 FAIL ();
1011 CHK_FAIL_END
1012 #endif
1015 if (chdir (cwd1) != 0)
1016 FAIL ();
1017 free (cwd3);
1020 free (cwd1);
1021 free (cwd2);
1022 *enddir = '/';
1023 if (unlink (fname) != 0)
1024 FAIL ();
1026 *enddir = '\0';
1027 if (rmdir (fname) != 0)
1028 FAIL ();
1031 #if PATH_MAX > 0
1032 char largebuf[PATH_MAX];
1033 char *realres = realpath (".", largebuf);
1034 if (realres != largebuf)
1035 FAIL ();
1037 # if __USE_FORTIFY_LEVEL >= 1
1038 CHK_FAIL_START
1039 char realbuf[1];
1040 realres = realpath (".", realbuf);
1041 if (realres != realbuf)
1042 FAIL ();
1043 CHK_FAIL_END
1044 # endif
1045 #endif
1047 if (setlocale (LC_ALL, "de_DE.UTF-8") != NULL)
1049 assert (MB_CUR_MAX <= 10);
1051 /* First a simple test. */
1052 char enough[10];
1053 if (wctomb (enough, L'A') != 1)
1054 FAIL ();
1056 #if __USE_FORTIFY_LEVEL >= 1
1057 /* We know the wchar_t encoding is ISO 10646. So pick a
1058 character which has a multibyte representation which does not
1059 fit. */
1060 CHK_FAIL_START
1061 char smallbuf[2];
1062 if (wctomb (smallbuf, L'\x100') != 2)
1063 FAIL ();
1064 CHK_FAIL_END
1065 #endif
1067 mbstate_t s;
1068 memset (&s, '\0', sizeof (s));
1069 if (wcrtomb (enough, L'D', &s) != 1 || enough[0] != 'D')
1070 FAIL ();
1072 #if __USE_FORTIFY_LEVEL >= 1
1073 /* We know the wchar_t encoding is ISO 10646. So pick a
1074 character which has a multibyte representation which does not
1075 fit. */
1076 CHK_FAIL_START
1077 char smallbuf[2];
1078 if (wcrtomb (smallbuf, L'\x100', &s) != 2)
1079 FAIL ();
1080 CHK_FAIL_END
1081 #endif
1083 wchar_t wenough[10];
1084 memset (&s, '\0', sizeof (s));
1085 const char *cp = "A";
1086 if (mbsrtowcs (wenough, &cp, 10, &s) != 1
1087 || wcscmp (wenough, L"A") != 0)
1088 FAIL ();
1090 cp = "BC";
1091 if (mbsrtowcs (wenough, &cp, l0 + 10, &s) != 2
1092 || wcscmp (wenough, L"BC") != 0)
1093 FAIL ();
1095 #if __USE_FORTIFY_LEVEL >= 1
1096 CHK_FAIL_START
1097 wchar_t wsmallbuf[2];
1098 cp = "ABC";
1099 mbsrtowcs (wsmallbuf, &cp, 10, &s);
1100 CHK_FAIL_END
1101 #endif
1103 cp = "A";
1104 if (mbstowcs (wenough, cp, 10) != 1
1105 || wcscmp (wenough, L"A") != 0)
1106 FAIL ();
1108 cp = "DEF";
1109 if (mbstowcs (wenough, cp, l0 + 10) != 3
1110 || wcscmp (wenough, L"DEF") != 0)
1111 FAIL ();
1113 #if __USE_FORTIFY_LEVEL >= 1
1114 CHK_FAIL_START
1115 wchar_t wsmallbuf[2];
1116 cp = "ABC";
1117 mbstowcs (wsmallbuf, cp, 10);
1118 CHK_FAIL_END
1119 #endif
1121 memset (&s, '\0', sizeof (s));
1122 cp = "ABC";
1123 wcscpy (wenough, L"DEF");
1124 if (mbsnrtowcs (wenough, &cp, 1, 10, &s) != 1
1125 || wcscmp (wenough, L"AEF") != 0)
1126 FAIL ();
1128 cp = "IJ";
1129 if (mbsnrtowcs (wenough, &cp, 1, l0 + 10, &s) != 1
1130 || wcscmp (wenough, L"IEF") != 0)
1131 FAIL ();
1133 #if __USE_FORTIFY_LEVEL >= 1
1134 CHK_FAIL_START
1135 wchar_t wsmallbuf[2];
1136 cp = "ABC";
1137 mbsnrtowcs (wsmallbuf, &cp, 3, 10, &s);
1138 CHK_FAIL_END
1139 #endif
1141 memset (&s, '\0', sizeof (s));
1142 const wchar_t *wcp = L"A";
1143 if (wcsrtombs (enough, &wcp, 10, &s) != 1
1144 || strcmp (enough, "A") != 0)
1145 FAIL ();
1147 wcp = L"BC";
1148 if (wcsrtombs (enough, &wcp, l0 + 10, &s) != 2
1149 || strcmp (enough, "BC") != 0)
1150 FAIL ();
1152 #if __USE_FORTIFY_LEVEL >= 1
1153 CHK_FAIL_START
1154 char smallbuf[2];
1155 wcp = L"ABC";
1156 wcsrtombs (smallbuf, &wcp, 10, &s);
1157 CHK_FAIL_END
1158 #endif
1160 memset (enough, 'Z', sizeof (enough));
1161 wcp = L"EF";
1162 if (wcstombs (enough, wcp, 10) != 2
1163 || strcmp (enough, "EF") != 0)
1164 FAIL ();
1166 wcp = L"G";
1167 if (wcstombs (enough, wcp, l0 + 10) != 1
1168 || strcmp (enough, "G") != 0)
1169 FAIL ();
1171 #if __USE_FORTIFY_LEVEL >= 1
1172 CHK_FAIL_START
1173 char smallbuf[2];
1174 wcp = L"ABC";
1175 wcstombs (smallbuf, wcp, 10);
1176 CHK_FAIL_END
1177 #endif
1179 memset (&s, '\0', sizeof (s));
1180 wcp = L"AB";
1181 if (wcsnrtombs (enough, &wcp, 1, 10, &s) != 1
1182 || strcmp (enough, "A") != 0)
1183 FAIL ();
1185 wcp = L"BCD";
1186 if (wcsnrtombs (enough, &wcp, 1, l0 + 10, &s) != 1
1187 || strcmp (enough, "B") != 0)
1188 FAIL ();
1190 #if __USE_FORTIFY_LEVEL >= 1
1191 CHK_FAIL_START
1192 char smallbuf[2];
1193 wcp = L"ABC";
1194 wcsnrtombs (smallbuf, &wcp, 3, 10, &s);
1195 CHK_FAIL_END
1196 #endif
1198 else
1200 puts ("cannot set locale");
1201 ret = 1;
1204 fd = posix_openpt (O_RDWR);
1205 if (fd != -1)
1207 char enough[1000];
1208 if (ptsname_r (fd, enough, sizeof (enough)) != 0)
1209 FAIL ();
1211 #if __USE_FORTIFY_LEVEL >= 1
1212 CHK_FAIL_START
1213 char smallbuf[2];
1214 if (ptsname_r (fd, smallbuf, sizeof (smallbuf) + 1) == 0)
1215 FAIL ();
1216 CHK_FAIL_END
1217 #endif
1218 close (fd);
1221 #if PATH_MAX > 0
1222 confstr (_CS_GNU_LIBC_VERSION, largebuf, sizeof (largebuf));
1223 # if __USE_FORTIFY_LEVEL >= 1
1224 CHK_FAIL_START
1225 char smallbuf[1];
1226 confstr (_CS_GNU_LIBC_VERSION, smallbuf, sizeof (largebuf));
1227 CHK_FAIL_END
1228 # endif
1229 #endif
1231 gid_t grpslarge[5];
1232 int ngr = getgroups (5, grpslarge);
1233 asm volatile ("" : : "r" (ngr));
1234 #if __USE_FORTIFY_LEVEL >= 1
1235 CHK_FAIL_START
1236 char smallbuf[1];
1237 ngr = getgroups (5, (gid_t *) smallbuf);
1238 asm volatile ("" : : "r" (ngr));
1239 CHK_FAIL_END
1240 #endif
1242 fd = open (_PATH_TTY, O_RDONLY);
1243 if (fd != -1)
1245 char enough[1000];
1246 if (ttyname_r (fd, enough, sizeof (enough)) != 0)
1247 FAIL ();
1249 #if __USE_FORTIFY_LEVEL >= 1
1250 CHK_FAIL_START
1251 char smallbuf[2];
1252 if (ttyname_r (fd, smallbuf, sizeof (smallbuf) + 1) == 0)
1253 FAIL ();
1254 CHK_FAIL_END
1255 #endif
1256 close (fd);
1259 char hostnamelarge[1000];
1260 gethostname (hostnamelarge, sizeof (hostnamelarge));
1261 #if __USE_FORTIFY_LEVEL >= 1
1262 CHK_FAIL_START
1263 char smallbuf[1];
1264 gethostname (smallbuf, sizeof (hostnamelarge));
1265 CHK_FAIL_END
1266 #endif
1268 char loginlarge[1000];
1269 getlogin_r (loginlarge, sizeof (hostnamelarge));
1270 #if __USE_FORTIFY_LEVEL >= 1
1271 CHK_FAIL_START
1272 char smallbuf[1];
1273 getlogin_r (smallbuf, sizeof (loginlarge));
1274 CHK_FAIL_END
1275 #endif
1277 char domainnamelarge[1000];
1278 int res = getdomainname (domainnamelarge, sizeof (domainnamelarge));
1279 asm volatile ("" : : "r" (res));
1280 #if __USE_FORTIFY_LEVEL >= 1
1281 CHK_FAIL_START
1282 char smallbuf[1];
1283 res = getdomainname (smallbuf, sizeof (domainnamelarge));
1284 asm volatile ("" : : "r" (res));
1285 CHK_FAIL_END
1286 #endif
1288 return ret;