| /* Test for vfprintf nargs allocation overflow (BZ #13656). |
| Copyright (C) 2012-2014 Free Software Foundation, Inc. |
| This file is part of the GNU C Library. |
| Contributed by Kees Cook <keescook@chromium.org>, 2012. |
| |
| The GNU C Library is free software; you can redistribute it and/or |
| modify it under the terms of the GNU Lesser General Public |
| License as published by the Free Software Foundation; either |
| version 2.1 of the License, or (at your option) any later version. |
| |
| The GNU C Library is distributed in the hope that it will be useful, |
| but WITHOUT ANY WARRANTY; without even the implied warranty of |
| MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| Lesser General Public License for more details. |
| |
| You should have received a copy of the GNU Lesser General Public |
| License along with the GNU C Library; if not, see |
| <http://www.gnu.org/licenses/>. */ |
| |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <stdint.h> |
| #include <unistd.h> |
| #include <inttypes.h> |
| #include <string.h> |
| #include <signal.h> |
| |
| static int |
| format_failed (const char *fmt, const char *expected) |
| { |
| char output[80]; |
| |
| printf ("%s : ", fmt); |
| |
| memset (output, 0, sizeof output); |
| /* Having sprintf itself detect a failure is good. */ |
| if (sprintf (output, fmt, 1, 2, 3, "test") > 0 |
| && strcmp (output, expected) != 0) |
| { |
| printf ("FAIL (output '%s' != expected '%s')\n", output, expected); |
| return 1; |
| } |
| puts ("ok"); |
| return 0; |
| } |
| |
| static int |
| do_test (void) |
| { |
| int rc = 0; |
| char buf[64]; |
| |
| /* Regular positionals work. */ |
| if (format_failed ("%1$d", "1") != 0) |
| rc = 1; |
| |
| /* Regular width positionals work. */ |
| if (format_failed ("%1$*2$d", " 1") != 0) |
| rc = 1; |
| |
| /* Positional arguments are constructed via read_int, so nargs can only |
| overflow on 32-bit systems. On 64-bit systems, it will attempt to |
| allocate a giant amount of memory and possibly crash, which is the |
| expected situation. Since the 64-bit behavior is arch-specific, only |
| test this on 32-bit systems. */ |
| if (sizeof (long int) == 4) |
| { |
| sprintf (buf, "%%1$d %%%" PRIdPTR "$d", UINT32_MAX / sizeof (int)); |
| if (format_failed (buf, "1 %$d") != 0) |
| rc = 1; |
| } |
| |
| return rc; |
| } |
| |
| #define TEST_FUNCTION do_test () |
| #include "../test-skeleton.c" |