1 | /* Fortify check for wprintf. |
2 | Copyright (C) 2023-2024 Free Software Foundation, Inc. |
3 | Copyright The GNU Toolchain Authors. |
4 | This file is part of the GNU C Library. |
5 | |
6 | The GNU C Library is free software; you can redistribute it and/or |
7 | modify it under the terms of the GNU Lesser General Public |
8 | License as published by the Free Software Foundation; either |
9 | version 2.1 of the License, or (at your option) any later version. |
10 | |
11 | The GNU C Library is distributed in the hope that it will be useful, |
12 | but WITHOUT ANY WARRANTY; without even the implied warranty of |
13 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
14 | Lesser General Public License for more details. |
15 | |
16 | You should have received a copy of the GNU Lesser General Public |
17 | License along with the GNU C Library; if not, see |
18 | <https://www.gnu.org/licenses/>. */ |
19 | |
20 | #include <setjmp.h> |
21 | #include <stdio.h> |
22 | #include <wchar.h> |
23 | #include <unistd.h> |
24 | |
25 | #include <support/support.h> |
26 | |
27 | static volatile int chk_fail_ok; |
28 | static volatile int ret; |
29 | static jmp_buf chk_fail_buf; |
30 | |
31 | static void |
32 | handler (int sig) |
33 | { |
34 | if (chk_fail_ok) |
35 | { |
36 | chk_fail_ok = 0; |
37 | longjmp (chk_fail_buf, 1); |
38 | } |
39 | else |
40 | _exit (127); |
41 | } |
42 | |
43 | static const wchar_t *wstr3 = L"%ls%n%ls%n" ; |
44 | static const wchar_t *wstr4 = L"Hello, " ; |
45 | static const wchar_t *wstr5 = L"World!\n" ; |
46 | static wchar_t wbuf2[20] = L"%ls" ; |
47 | |
48 | #define WFAIL \ |
49 | do { wprintf (L"Failure on line %d\n", __LINE__); ret = 1; } while (0) |
50 | #define CHK_FAIL_START \ |
51 | chk_fail_ok = 1; \ |
52 | if (! setjmp (chk_fail_buf)) \ |
53 | { |
54 | #define CHK_FAIL_END \ |
55 | chk_fail_ok = 0; \ |
56 | WFAIL; \ |
57 | } |
58 | |
59 | static int |
60 | do_test (void) |
61 | { |
62 | set_fortify_handler (handler); |
63 | |
64 | int n1, n2; |
65 | |
66 | int orientation = fwide (stdout, mode: 1); |
67 | if (orientation <= 0) |
68 | WFAIL; |
69 | |
70 | /* Constant literals passed directly are always ok |
71 | (even with warnings about possible bugs from GCC). */ |
72 | if (wprintf (format: L"%ls%n%ls%n" , wstr4, &n1, wstr5, &n2) != 14 |
73 | || n1 != 7 || n2 != 14) |
74 | WFAIL; |
75 | |
76 | /* In this case the format string is not known at compile time, |
77 | but resides in read-only memory, so is ok. */ |
78 | if (wprintf (format: wstr3, wstr4, &n1, wstr5, &n2) != 14 |
79 | || n1 != 7 || n2 != 14) |
80 | WFAIL; |
81 | |
82 | wcpcpy (dest: &wbuf2[3], src: L"%n%ls%n" ); |
83 | /* When the format string is writable and contains %n, |
84 | with -D_FORTIFY_SOURCE=2 it causes __chk_fail. */ |
85 | CHK_FAIL_START |
86 | if (wprintf (format: wbuf2, wstr4, &n1, wstr5, &n1) != 14) |
87 | WFAIL; |
88 | CHK_FAIL_END |
89 | |
90 | /* But if there is no %n, even writable format string |
91 | should work. */ |
92 | wbuf2[8] = L'\0'; |
93 | if (wprintf (format: &wbuf2[5], wstr5) != 7) |
94 | WFAIL; |
95 | |
96 | /* Check whether missing N$ formats are detected. */ |
97 | CHK_FAIL_START |
98 | wprintf (format: L"%3$d\n" , 1, 2, 3, 4); |
99 | CHK_FAIL_END |
100 | |
101 | return ret; |
102 | } |
103 | |
104 | #include <support/test-driver.c> |
105 | |