xref: /netbsd-src/tests/usr.bin/c++/t_fuzzer_oom.sh (revision 4bb9965c4810ecd9c59e6a3c0d9bfaeb7ab7b45c) 
1# Copyright (c) 2018 The NetBSD Foundation, Inc.
2# All rights reserved.
3#
4# This code is derived from software contributed to The NetBSD Foundation
5# by Yang Zheng.
6#
7# Redistribution and use in source and binary forms, with or without
8# modification, are permitted provided that the following conditions
9# are met:
10# 1. Redistributions of source code must retain the above copyright
11#    notice, this list of conditions and the following disclaimer.
12# 2. Redistributions in binary form must reproduce the above copyright
13#    notice, this list of conditions and the following disclaimer in the
14#    documentation and/or other materials provided with the distribution.
15#
16# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
17# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
18# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
19# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
20# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
21# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
22# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
23# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
24# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
25# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
26# POSSIBILITY OF SUCH DAMAGE.
27#
28
29test_target()
30{
31	SUPPORT='n'
32	if uname -m | grep -q "amd64" && command -v c++ >/dev/null 2>&1 && \
33		   ! echo __clang__ | c++ -E - | grep -q __clang__; then
34		# only clang with major version newer than 7 is supported
35		CLANG_MAJOR=`echo __clang_major__ | c++ -E - | grep -o '^[[:digit:]]'`
36		if [ "$CLANG_MAJOR" -ge "7" ]; then
37			SUPPORT='y'
38		fi
39	fi
40}
41
42atf_test_case oom
43oom_head() {
44	atf_set "descr" "Test thread sanitizer for out-of-memory condition"
45	atf_set "require.progs" "c++ paxctl"
46}
47
48atf_test_case oom_profile
49oom_profile_head() {
50	atf_set "descr" "Test thread sanitizer for out-of-memory with profiling option"
51	atf_set "require.progs" "c++ paxctl"
52}
53atf_test_case oom_pic
54oom_pic_head() {
55	atf_set "descr" "Test thread sanitizer for out-of-memory with position independent code (PIC) flag"
56	atf_set "require.progs" "c++ paxctl"
57}
58atf_test_case oom_pie
59oom_pie_head() {
60	atf_set "descr" "Test thread sanitizer for out-of-memory with position independent execution (PIE) flag"
61	atf_set "require.progs" "c++ paxctl"
62}
63
64oom_body(){
65	cat > test.cc << EOF
66#include <stddef.h>
67#include <stdint.h>
68#include <stdlib.h>
69
70extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
71  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
72  return 0;
73}
74EOF
75
76	c++ -fsanitize=fuzzer -o test test.cc
77	paxctl +a test
78	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
79}
80
81oom_profile_body(){
82	cat > test.cc << EOF
83#include <stddef.h>
84#include <stdint.h>
85#include <stdlib.h>
86
87extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
88  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
89  return 0;
90}
91EOF
92
93	c++ -fsanitize=fuzzer -static -o test -pg test.cc
94	paxctl +a test
95	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
96}
97
98oom_pic_body(){
99	cat > test.cc << EOF
100#include <stddef.h>
101#include <stdint.h>
102int help(const uint8_t *data, size_t size);
103extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
104    return help(data, size);
105}
106EOF
107
108	cat > pic.cc << EOF
109#include <stddef.h>
110#include <stdint.h>
111#include <stdlib.h>
112
113int help(const uint8_t *data, size_t size) {
114  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
115  return 0;
116}
117EOF
118
119	c++ -fsanitize=fuzzer -fPIC -shared -o libtest.so pic.cc
120	c++ -o test test.cc -fsanitize=fuzzer -L. -ltest
121	paxctl +a test
122
123	export LD_LIBRARY_PATH=.
124	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
125}
126oom_pie_body(){
127
128	#check whether -pie flag is supported on this architecture
129	if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
130		atf_set_skip "c++ -pie not supported on this architecture"
131	fi
132	cat > test.cc << EOF
133#include <stddef.h>
134#include <stdint.h>
135#include <stdlib.h>
136
137extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) {
138  if (size > 0 && data[0] == 'b') while (1) malloc(16*1024*1024);
139  return 0;
140}
141EOF
142
143	c++ -fsanitize=fuzzer -o test -fpie -pie test.cc
144	paxctl +a test
145	atf_check -s ignore -o ignore -e match:"ERROR: libFuzzer: out-of-memory" ./test -rss_limit_mb=30
146}
147
148
149atf_test_case target_not_supported
150target_not_supported_head()
151{
152	atf_set "descr" "Test forced skip"
153}
154
155target_not_supported_body()
156{
157	atf_skip "Target is not supported"
158}
159
160atf_init_test_cases()
161{
162	test_target
163	test $SUPPORT = 'n' && {
164		atf_add_test_case target_not_supported
165		return 0
166	}
167	atf_add_test_case oom
168	atf_add_test_case oom_profile
169	atf_add_test_case oom_pie
170	atf_add_test_case oom_pic
171}
172