blob: aff587af8b996f79a75bd6ac16b6bfc12fee21a9 [file] [log] [blame]
Dan Albert2fbb1b62014-10-08 11:21:32 -07001/*
2 * Copyright (C) 2014 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17#undef _FORTIFY_SOURCE
18#define _FORTIFY_SOURCE 2
Yabin Cui20f22682015-03-03 20:27:58 -080019#include <fcntl.h>
20#include <netinet/in.h>
21#include <poll.h>
22#include <stdarg.h>
Dan Albert2fbb1b62014-10-08 11:21:32 -070023#include <stdio.h>
Daniel Micayafdd1542015-07-20 21:37:29 -040024#include <stdlib.h>
Yabin Cui20f22682015-03-03 20:27:58 -080025#include <string.h>
26#include <sys/socket.h>
27#include <sys/stat.h>
28#include <time.h>
29#include <unistd.h>
Dan Albert2fbb1b62014-10-08 11:21:32 -070030
31void test_sprintf() {
32 char buf[4];
33
34 // NOLINTNEXTLINE(whitespace/line_length)
Elliott Hughesb4b15c62014-10-08 13:21:29 -070035 // GCC: warning: call to int __builtin___sprintf_chk(char*, int, {{(long )?}}unsigned int, const char*, ...) will always overflow destination buffer
George Burgess IV7cc779f2017-02-09 00:00:31 -080036 // CLANG: error: call to unavailable function 'sprintf': format string will always overflow destination buffer
Yabin Cui20f22682015-03-03 20:27:58 -080037 sprintf(buf, "foobar"); // NOLINT(runtime/printf)
Dan Albert2fbb1b62014-10-08 11:21:32 -070038
39 // NOLINTNEXTLINE(whitespace/line_length)
Elliott Hughesb4b15c62014-10-08 13:21:29 -070040 // GCC: warning: call to int __builtin___sprintf_chk(char*, int, {{(long )?}}unsigned int, const char*, ...) will always overflow destination buffer
Dan Albert2fbb1b62014-10-08 11:21:32 -070041 // clang should emit a warning, but doesn't
Yabin Cui20f22682015-03-03 20:27:58 -080042 sprintf(buf, "%s", "foobar"); // NOLINT(runtime/printf)
Dan Albert2fbb1b62014-10-08 11:21:32 -070043}
44
45void test_snprintf() {
46 char buf[4];
47
48 // NOLINTNEXTLINE(whitespace/line_length)
Elliott Hughesb4b15c62014-10-08 13:21:29 -070049 // GCC: warning: call to int __builtin___snprintf_chk(char*, {{(long )?}}unsigned int, int, {{(long )?}}unsigned int, const char*, ...) will always overflow destination buffer
George Burgess IV7cc779f2017-02-09 00:00:31 -080050 // CLANG: error: call to unavailable function 'snprintf': format string will always overflow destination buffer
Yabin Cui20f22682015-03-03 20:27:58 -080051 snprintf(buf, 5, "foobar"); // NOLINT(runtime/printf)
Dan Albert2fbb1b62014-10-08 11:21:32 -070052
53 // NOLINTNEXTLINE(whitespace/line_length)
Elliott Hughesb4b15c62014-10-08 13:21:29 -070054 // GCC: warning: call to int __builtin___snprintf_chk(char*, {{(long )?}}unsigned int, int, {{(long )?}}unsigned int, const char*, ...) will always overflow destination buffer
Dan Albert2fbb1b62014-10-08 11:21:32 -070055 // clang should emit a warning, but doesn't
Yabin Cui20f22682015-03-03 20:27:58 -080056 snprintf(buf, 5, "%s", "foobar"); // NOLINT(runtime/printf)
Dan Albert2fbb1b62014-10-08 11:21:32 -070057
58 // NOLINTNEXTLINE(whitespace/line_length)
Elliott Hughesb4b15c62014-10-08 13:21:29 -070059 // GCC: warning: call to int __builtin___snprintf_chk(char*, {{(long )?}}unsigned int, int, {{(long )?}}unsigned int, const char*, ...) will always overflow destination buffer
Dan Albert2fbb1b62014-10-08 11:21:32 -070060 // clang should emit a warning, but doesn't
Yabin Cui20f22682015-03-03 20:27:58 -080061 snprintf(buf, 5, " %s ", "foobar"); // NOLINT(runtime/printf)
Dan Albert2fbb1b62014-10-08 11:21:32 -070062
63 // NOLINTNEXTLINE(whitespace/line_length)
Elliott Hughesb4b15c62014-10-08 13:21:29 -070064 // GCC: warning: call to int __builtin___snprintf_chk(char*, {{(long )?}}unsigned int, int, {{(long )?}}unsigned int, const char*, ...) will always overflow destination buffer
Dan Albert2fbb1b62014-10-08 11:21:32 -070065 // clang should emit a warning, but doesn't
Yabin Cui20f22682015-03-03 20:27:58 -080066 snprintf(buf, 5, "%d", 100000); // NOLINT(runtime/printf)
67}
68
69void test_memcpy() {
70 char buf[4];
71
72 // NOLINTNEXTLINE(whitespace/line_length)
73 // GCC: warning: call to void* __builtin___memcpy_chk(void*, const void*, {{(long )?}}unsigned int, {{(long )?}}unsigned int) will always overflow destination buffer
George Burgess IV7cc779f2017-02-09 00:00:31 -080074 // CLANG: error: call to unavailable function 'memcpy': memcpy called with size bigger than buffer
75 memcpy(buf, "foobar", sizeof("foobar") + 100);
Yabin Cui20f22682015-03-03 20:27:58 -080076}
77
78void test_memmove() {
79 char buf[4];
80
81 // NOLINTNEXTLINE(whitespace/line_length)
82 // GCC: warning: call to void* __builtin___memmove_chk(void*, const void*, {{(long )?}}unsigned int, {{(long )?}}unsigned int) will always overflow destination buffer
George Burgess IV7cc779f2017-02-09 00:00:31 -080083 // CLANG: error: call to unavailable function 'memmove': memmove called with size bigger than buffer
Yabin Cui20f22682015-03-03 20:27:58 -080084 memmove(buf, "foobar", sizeof("foobar"));
85}
86
87void test_memset() {
88 char buf[4];
89
90 // NOLINTNEXTLINE(whitespace/line_length)
91 // GCC: warning: call to void* __builtin___memset_chk(void*, int, {{(long )?}}unsigned int, {{(long )?}}unsigned int) will always overflow destination buffer
George Burgess IV7cc779f2017-02-09 00:00:31 -080092 // CLANG: error: call to unavailable function 'memset': memset called with size bigger than buffer
Yabin Cui20f22682015-03-03 20:27:58 -080093 memset(buf, 0, 6);
94}
95
96void test_strcpy() {
97 char buf[4];
98
99 // NOLINTNEXTLINE(whitespace/line_length)
Yabin Cuif3bd3052015-03-04 21:43:14 -0800100 // GCC: warning: call to {{(char\* __builtin___strcpy_chk\(char\*, const char\*, unsigned int\))|(void\* __builtin___memcpy_chk\(void\*, const void\*, (long )?unsigned int, (long )?unsigned int\))}} will always overflow destination buffer
George Burgess IV7cc779f2017-02-09 00:00:31 -0800101 // CLANG: error: call to unavailable function 'strcpy': strcpy called with string bigger than buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800102 strcpy(buf, "foobar"); // NOLINT(runtime/printf)
103}
104
105void test_stpcpy() {
106 char buf[4];
107
108 // NOLINTNEXTLINE(whitespace/line_length)
109 // GCC: warning: call to char* __builtin___stpcpy_chk(char*, const char*, {{(long )?}}unsigned int) will always overflow destination buffer
George Burgess IV7cc779f2017-02-09 00:00:31 -0800110 // CLANG: error: call to unavailable function 'stpcpy': stpcpy called with string bigger than buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800111 stpcpy(buf, "foobar");
112}
113
114void test_strncpy() {
115 char buf[4];
116
117 // NOLINTNEXTLINE(whitespace/line_length)
118 // GCC: warning: call to char* __builtin___strncpy_chk(char*, const char*, {{(long )?}}unsigned int, {{(long )?}}unsigned int) will always overflow destination buffer
119 // clang should emit a warning, but doesn't
120 strncpy(buf, "foobar", sizeof("foobar"));
121}
122
123void test_strcat() {
124 char buf[4] = "";
125
126 // NOLINTNEXTLINE(whitespace/line_length)
Yabin Cuif3bd3052015-03-04 21:43:14 -0800127 // GCC: warning: call to {{(char\* __builtin___strcat_chk\(char\*, const char\*, unsigned int\))|(void\* __builtin___memcpy_chk\(void\*, const void\*, (long )?unsigned int, (long )?unsigned int\))}} will always overflow destination buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800128 // clang should emit a warning, but doesn't
129 strcat(buf, "foobar"); // NOLINT(runtime/printf)
130}
131
132void test_strncat() {
133 char buf[4] = "";
134
135 // NOLINTNEXTLINE(whitespace/line_length)
Yabin Cuif3bd3052015-03-04 21:43:14 -0800136 // GCC: warning: call to {{(char\* __builtin___strcat_chk\(char\*, const char\*, unsigned int\))|(void\* __builtin___memcpy_chk\(void\*, const void\*, (long )?unsigned int, (long )?unsigned int\))}} will always overflow destination buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800137 // gcc output warning with __builtin___strcat_chk for __builtin___strncat_chk.
138 // clang should emit a warning, but doesn't
139 strncat(buf, "foobar", sizeof("foobar"));
140}
141
142void test_vsprintf(const char* fmt, ...) {
143 va_list va;
144 char buf[4];
145 va_start(va, fmt);
146
147 // NOLINTNEXTLINE(whitespace/line_length)
Yabin Cuid9647592015-03-05 00:39:09 -0800148 // GCC: warning: call to int __builtin___vsprintf_chk(char*, int, {{(long )?}}unsigned int, const char*, {{(__va_list)|(void\*)|(char\*)|(__va_list_tag\*)}}) will always overflow destination buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800149 // clang should emit a warning, but doesn't
150 vsprintf(buf, "foobar", va);
151 va_end(va);
152}
153
154void test_vsnprintf(const char* fmt, ...) {
155 va_list va;
156 char buf[4];
157 va_start(va, fmt);
158
159 // NOLINTNEXTLINE(whitespace/line_length)
Yabin Cuid9647592015-03-05 00:39:09 -0800160 // GCC: warning: call to int __builtin___vsnprintf_chk(char*, {{(long )?}}unsigned int, int, {{(long )?}}unsigned int, const char*, {{(__va_list)|(void\*)|(char\*)|(__va_list_tag\*)}}) will always overflow destination buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800161 // clang should emit a warning, but doesn't
162 vsnprintf(buf, 5, "foobar", va); // NOLINT(runtime/printf)
163
164 va_end(va);
165}
166
167void test_fgets() {
168 char buf[4];
169
170 // NOLINTNEXTLINE(whitespace/line_length)
171 // GCC: error: call to '__fgets_too_small_error' declared with attribute error: fgets called with size less than zero
George Burgess IV23dbf822017-07-31 21:23:34 -0700172 // CLANG: error: in call to 'fgets', size should not be negative
Yabin Cui20f22682015-03-03 20:27:58 -0800173 fgets(buf, -1, stdin);
174
175 // NOLINTNEXTLINE(whitespace/line_length)
176 // GCC: error: call to '__fgets_too_big_error' declared with attribute error: fgets called with size bigger than buffer
George Burgess IV23dbf822017-07-31 21:23:34 -0700177 // CLANG: error: in call to 'fgets', size is larger than the destination buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800178 fgets(buf, 6, stdin);
179}
180
181void test_recvfrom() {
182 char buf[4];
183 sockaddr_in addr;
184
185 // NOLINTNEXTLINE(whitespace/line_length)
George Burgess IV54f5d832017-07-31 21:21:10 -0700186 // GCC: error: call to '__recvfrom_error' declared with attribute error: 'recvfrom' called with size bigger than buffer
187 // CLANG: error: 'recvfrom' called with size bigger than buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800188 recvfrom(0, buf, 6, 0, reinterpret_cast<sockaddr*>(&addr), NULL);
189}
190
George Burgess IV54f5d832017-07-31 21:21:10 -0700191void test_recv() {
192 char buf[4] = {0};
193
194 // NOLINTNEXTLINE(whitespace/line_length)
195 // GCC: error: call to '__recvfrom_error' declared with attribute error: 'recvfrom' called with size bigger than buffer
196 // CLANG: error: 'recv' called with size bigger than buffer
197 recv(0, buf, 6, 0);
198}
199
Yabin Cui20f22682015-03-03 20:27:58 -0800200void test_umask() {
201 // NOLINTNEXTLINE(whitespace/line_length)
George Burgess IV52dde5f2017-07-31 21:16:05 -0700202 // GCC: error: call to '__umask_invalid_mode' declared with attribute error: 'umask' called with invalid mode
203 // CLANG: error: 'umask' called with invalid mode
Yabin Cui20f22682015-03-03 20:27:58 -0800204 umask(01777);
205}
206
207void test_read() {
208 char buf[4];
209 // NOLINTNEXTLINE(whitespace/line_length)
210 // GCC: error: call to '__read_dest_size_error' declared with attribute error: read called with size bigger than destination
George Burgess IV16c17392017-07-31 21:30:47 -0700211 // CLANG: error: in call to 'read', 'count' bytes overflows the given object
Yabin Cui20f22682015-03-03 20:27:58 -0800212 read(0, buf, 6);
213}
214
215void test_open() {
216 // NOLINTNEXTLINE(whitespace/line_length)
217 // GCC: error: call to '__creat_missing_mode' declared with attribute error: called with O_CREAT, but missing mode
George Burgess IV0df4c372017-07-31 21:39:33 -0700218 // CLANG: error: 'open' called with O_CREAT, but missing mode
Yabin Cui20f22682015-03-03 20:27:58 -0800219 open("/dev/null", O_CREAT);
220
221 // NOLINTNEXTLINE(whitespace/line_length)
222 // GCC: error: call to '__creat_too_many_args' declared with attribute error: too many arguments
George Burgess IV7cc779f2017-02-09 00:00:31 -0800223 // CLANG: error: call to unavailable function 'open': too many arguments
Yabin Cui20f22682015-03-03 20:27:58 -0800224 open("/dev/null", O_CREAT, 0, 0);
George Burgess IV4e37d532017-08-03 17:11:35 -0700225
226 // CLANG: warning: 'open' has superfluous mode bits; missing O_CREAT?
227 open("/dev/null", O_RDONLY, 0644);
228
229 // CLANG: warning: 'open' has superfluous mode bits; missing O_CREAT?
230 open("/dev/null", O_DIRECTORY, 0644);
Yabin Cui20f22682015-03-03 20:27:58 -0800231}
232
233void test_poll() {
234 pollfd fds[1];
235 // NOLINTNEXTLINE(whitespace/line_length)
236 // GCC: error: call to '__poll_too_small_error' declared with attribute error: poll: pollfd array smaller than fd count
George Burgess IV52dde5f2017-07-31 21:16:05 -0700237 // CLANG: error: in call to 'poll', fd_count is larger than the given buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800238 poll(fds, 2, 0);
239}
240
241void test_ppoll() {
242 pollfd fds[1];
243 timespec timeout;
244 // NOLINTNEXTLINE(whitespace/line_length)
245 // GCC: error: call to '__ppoll_too_small_error' declared with attribute error: ppoll: pollfd array smaller than fd count
George Burgess IV52dde5f2017-07-31 21:16:05 -0700246 // CLANG: error: in call to 'ppoll', fd_count is larger than the given buffer
Yabin Cui20f22682015-03-03 20:27:58 -0800247 ppoll(fds, 2, &timeout, NULL);
Dan Albert2fbb1b62014-10-08 11:21:32 -0700248}
Daniel Micayfed26592015-07-18 13:55:51 -0400249
250void test_fread_overflow() {
251 char buf[4];
252 // NOLINTNEXTLINE(whitespace/line_length)
253 // GCC: error: call to '__fread_overflow' declared with attribute error: fread called with overflowing size * count
George Burgess IV23dbf822017-07-31 21:23:34 -0700254 // CLANG: error: in call to 'fread', size * count overflows
Daniel Micayfed26592015-07-18 13:55:51 -0400255 fread(buf, 2, (size_t)-1, stdin);
256}
257
258void test_fread_too_big() {
259 char buf[4];
260 // NOLINTNEXTLINE(whitespace/line_length)
261 // GCC: error: call to '__fread_too_big_error' declared with attribute error: fread called with size * count bigger than buffer
George Burgess IV23dbf822017-07-31 21:23:34 -0700262 // NOLINTNEXTLINE(whitespace/line_length)
263 // CLANG: error: in call to 'fread', size * count is too large for the given buffer
Daniel Micayfed26592015-07-18 13:55:51 -0400264 fread(buf, 1, 5, stdin);
265}
266
267void test_fwrite_overflow() {
Daniel Micayafdd1542015-07-20 21:37:29 -0400268 char buf[4] = {0};
Daniel Micayfed26592015-07-18 13:55:51 -0400269 // NOLINTNEXTLINE(whitespace/line_length)
270 // GCC: error: call to '__fwrite_overflow' declared with attribute error: fwrite called with overflowing size * count
George Burgess IV23dbf822017-07-31 21:23:34 -0700271 // CLANG: error: in call to 'fwrite', size * count overflows
Daniel Micayfed26592015-07-18 13:55:51 -0400272 fwrite(buf, 2, (size_t)-1, stdout);
273}
274
275void test_fwrite_too_big() {
276 char buf[4] = {0};
277 // NOLINTNEXTLINE(whitespace/line_length)
278 // GCC: error: call to '__fwrite_too_big_error' declared with attribute error: fwrite called with size * count bigger than buffer
George Burgess IV23dbf822017-07-31 21:23:34 -0700279 // NOLINTNEXTLINE(whitespace/line_length)
280 // CLANG: error: in call to 'fwrite', size * count is too large for the given buffer
Daniel Micayfed26592015-07-18 13:55:51 -0400281 fwrite(buf, 1, 5, stdout);
282}
Daniel Micay9101b002015-05-20 15:31:26 -0400283
284void test_getcwd() {
285 char buf[4];
286 // NOLINTNEXTLINE(whitespace/line_length)
287 // GCC: error: call to '__getcwd_dest_size_error' declared with attribute error: getcwd called with size bigger than destination
George Burgess IV16c17392017-07-31 21:30:47 -0700288 // CLANG: error: in call to 'getcwd', 'size' bytes overflows the given object
Daniel Micay9101b002015-05-20 15:31:26 -0400289 getcwd(buf, 5);
290}
Daniel Micayafdd1542015-07-20 21:37:29 -0400291
292void test_pwrite64_size() {
293 char buf[4] = {0};
294 // NOLINTNEXTLINE(whitespace/line_length)
295 // GCC: error: call to '__pwrite64_dest_size_error' declared with attribute error: pwrite64 called with size bigger than destination
George Burgess IV16c17392017-07-31 21:30:47 -0700296 // CLANG: error: in call to 'pwrite64', 'count' bytes overflows the given object
Daniel Micayafdd1542015-07-20 21:37:29 -0400297 pwrite64(STDOUT_FILENO, buf, 5, 0);
298}
299
George Burgess IV7cc779f2017-02-09 00:00:31 -0800300void test_pwrite64_too_big_malloc() {
Daniel Micayafdd1542015-07-20 21:37:29 -0400301 void *buf = calloc(atoi("5"), 1);
302 // NOLINTNEXTLINE(whitespace/line_length)
303 // GCC: error: call to '__pwrite64_count_toobig_error' declared with attribute error: pwrite64 called with count > SSIZE_MAX
George Burgess IV7cc779f2017-02-09 00:00:31 -0800304 // clang should emit a warning, but probably never will.
305 pwrite64(STDOUT_FILENO, buf, SIZE_MAX, 0);
306}
307
308void test_pwrite64_too_big() {
309 char buf[4] = {0};
310 // NOLINTNEXTLINE(whitespace/line_length)
311 // GCC: error: call to '__pwrite64_count_toobig_error' declared with attribute error: pwrite64 called with count > SSIZE_MAX
George Burgess IV16c17392017-07-31 21:30:47 -0700312 // CLANG: error: in call to 'pwrite64', 'count' must be <= SSIZE_MAX
Daniel Micayafdd1542015-07-20 21:37:29 -0400313 pwrite64(STDOUT_FILENO, buf, SIZE_MAX, 0);
314}
315
316void test_write_size() {
317 char buf[4] = {0};
318 // NOLINTNEXTLINE(whitespace/line_length)
319 // GCC: error: call to '__write_dest_size_error' declared with attribute error: write called with size bigger than destination
George Burgess IV16c17392017-07-31 21:30:47 -0700320 // CLANG: error: in call to 'write', 'count' bytes overflows the given object
Daniel Micayafdd1542015-07-20 21:37:29 -0400321 write(STDOUT_FILENO, buf, 5);
322}
George Burgess IV7cc779f2017-02-09 00:00:31 -0800323
324void test_memset_args_flipped() {
325 char from[4] = {0};
326 // NOLINTNEXTLINE(whitespace/line_length)
327 // CLANG: 'memset' is deprecated: will set 0 bytes; maybe the arguments got flipped? (Add __bionic_zero_size_is_okay as a fourth argument to silence this.)
328 memset(from, sizeof(from), 0);
329}
Daniel Micay95b59c52017-02-13 17:27:59 -0800330
331void test_sendto() {
332 char buf[4] = {0};
333 sockaddr_in addr;
334
335 // NOLINTNEXTLINE(whitespace/line_length)
George Burgess IV54f5d832017-07-31 21:21:10 -0700336 // GCC: error: call to '__sendto_error' declared with attribute error: 'sendto' called with size bigger than buffer
337 // CLANG: error: 'sendto' called with size bigger than buffer
Daniel Micay95b59c52017-02-13 17:27:59 -0800338 sendto(0, buf, 6, 0, reinterpret_cast<sockaddr*>(&addr), sizeof(sockaddr_in));
339}
340
341void test_send() {
342 char buf[4] = {0};
343
344 // NOLINTNEXTLINE(whitespace/line_length)
George Burgess IV54f5d832017-07-31 21:21:10 -0700345 // GCC: error: call to '__sendto_error' declared with attribute error: 'sendto' called with size bigger than buffer
346 // CLANG: error: 'send' called with size bigger than buffer
Daniel Micay95b59c52017-02-13 17:27:59 -0800347 send(0, buf, 6, 0);
348}
George Burgess IV54f5d832017-07-31 21:21:10 -0700349
350void test_realpath() {
351 char buf[4] = {0};
352 // NOLINTNEXTLINE(whitespace/line_length)
353 // GCC: error: call to '__realpath_size_error' declared with attribute error: 'realpath' output parameter must be NULL or a pointer to a buffer with >= PATH_MAX bytes
354 // NOLINTNEXTLINE(whitespace/line_length)
355 // CLANG: error: 'realpath' output parameter must be NULL or a pointer to a buffer with >= PATH_MAX bytes
356 realpath(".", buf);
357
358 // This is fine.
359 realpath(".", NULL);
360
361 // FIXME: But we should warn on this.
362 realpath(NULL, buf);
363}