Viewing file:  pr38902.c (3.87 KB) -rw-r--r--
Select action/file-type:
 (+) |  (+) |  (+) | Code (+) | Session (+) |  (+) | SDB (+) |  (+) |  (+) |  (+) |  (+) |  (+) |
/* PR target/38902 */
/* { dg-do run } */
/* { dg-options "-O2 -fstack-protector" } */
/* { dg-require-effective-target fstack_protector } */
#ifdef DEBUG
#include <stdio.h>
#define debug(format, args...) printf (format , ## args)
#else
extern int sprintf (char *, const char *, ...);
#define debug(format, args...)
#endif
extern void abort (void);
/*
Copyright (C) 2009 Canonical, Ltd.
Author: Kees Cook <kees@ubuntu.com>
License: GPLv3
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38616
https://bugs.launchpad.net/ubuntu/+source/gcc-4.3/+bug/316019
http://gcc.gnu.org/bugzilla/show_bug.cgi?id=38902
gcc -O2 -fstack-protector truncate.c -o truncate
Broken:
Only the first operation fails, so create a new function for each test.
Source must be local (literal or stack)
__builtin_memmove
__builtin_memcpy
__builtin_strcpy (optimized to __builtin_memcpy?)
sprintf (direct) (optmized to __builtin_strcpy?)
sprintf (via %s) (optmized to __builtin_strcpy?)
OK:
__builtin_strcat
sprintf (complex format)
*/
char *heap = "1234567890abcdefghijklmnopqrstuvwxyz";
int failed = 0;
#define CHECK(count, a...) \
void test##count (void) \
{ \
char *local = "1234567890abcdefghijklmnopqrstuvwxyz"; \
char buffer[1024]=""; \
a; \
if (__builtin_strcmp(buffer, heap) == 0) { \
debug("Okay(%d):\n\t%s\n", count, # a); \
} \
else { \
debug("Failed(%d):\n\t%s\n", count, # a); \
failed++; \
} \
}
CHECK( 0, __builtin_memcpy (buffer, "1234567890abcdefghijklmnopqrstuvwxyz", __builtin_strlen("1234567890abcdefghijklmnopqrstuvwxyz")+1); );
CHECK( 1, __builtin_memcpy (buffer, local, __builtin_strlen(local)+1); );
CHECK( 2, __builtin_memcpy (buffer, heap, __builtin_strlen(heap)+1); );
CHECK( 3, __builtin_memmove (buffer, "1234567890abcdefghijklmnopqrstuvwxyz", __builtin_strlen("1234567890abcdefghijklmnopqrstuvwxyz")+1); );
CHECK( 4, __builtin_memmove (buffer, local, __builtin_strlen(local)+1); );
CHECK( 5, __builtin_memmove (buffer, heap, __builtin_strlen(heap)+1); );
CHECK( 6, __builtin_strcpy (buffer, "1234567890abcdefghijklmnopqrstuvwxyz"); );
CHECK( 7, __builtin_strcpy (buffer, local); );
CHECK( 8, __builtin_strcpy (buffer, heap); );
CHECK( 9, sprintf (buffer, "1234567890abcdefghijklmnopqrstuvwxyz"); );
CHECK(10, sprintf (buffer, local); );
CHECK(11, sprintf (buffer, heap); );
CHECK(12, sprintf (buffer, "%s", "1234567890abcdefghijklmnopqrstuvwxyz"); );
CHECK(13, sprintf (buffer, "%s", local); );
CHECK(14, sprintf (buffer, "%s", heap); );
CHECK(15, __builtin_strcat (buffer, "1234567890abcdefghijklmnopqrstuvwxyz"); );
CHECK(16, __builtin_strcat (buffer, local); );
CHECK(17, __builtin_strcat (buffer, heap); );
void mongoose(void)
{
char buffer[1024]="";
sprintf (buffer, "%s", "1234567890abcdefghijklmnopqrstuvwxyz");;
if (__builtin_strcmp(buffer, heap) == 0) {
debug("Okay(%d):\n\t%s\n", -1, "sprintf (buffer, \"%s\", \"1234567890abcdefghijklmnopqrstuvwxyz\");");
}
else {
debug("Failed(%d):\n\t%s\n", -1, "sprintf (buffer, \"%s\", \"1234567890abcdefghijklmnopqrstuvwxyz\");");
failed++;
}
}
int main (int argc, char *argv[])
{
test0();
test1();
test2();
test3();
test4();
test5();
test6();
test7();
test8();
test9();
test10();
test11();
// wtf, why are these different?!
test12();
mongoose();
test13();
test14();
test15();
test16();
test17();
if (failed)
abort ();
return 0;
}
|
