xref: /netbsd-src/tests/usr.bin/cc/t_asan_heap_overflow.sh (revision deb6f0161a9109e7de9b519dc8dfb9478668dcdd) 
1#	$NetBSD: t_asan_heap_overflow.sh,v 1.2 2018/07/16 07:25:58 kamil Exp $
2#
3# Copyright (c) 2018 The NetBSD Foundation, Inc.
4# All rights reserved.
5#
6# This code is derived from software contributed to The NetBSD Foundation
7# by Siddharth Muralee.
8#
9# Redistribution and use in source and binary forms, with or without
10# modification, are permitted provided that the following conditions
11# are met:
12# 1. Redistributions of source code must retain the above copyright
13#    notice, this list of conditions and the following disclaimer.
14# 2. Redistributions in binary form must reproduce the above copyright
15#    notice, this list of conditions and the following disclaimer in the
16#    documentation and/or other materials provided with the distribution.
17#
18# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
19# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
20# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
21# PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
22# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
23# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
24# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
25# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
26# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
27# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
28# POSSIBILITY OF SUCH DAMAGE.
29#
30
31SUPPORT='n'
32test_target() {
33	if uname -m | grep -q "amd64"; then
34		SUPPORT='y'
35	fi
36
37	if uname -m | grep -q "i386"; then
38		SUPPORT='y'
39	fi
40}
41
42atf_test_case heap_overflow
43heap_overflow_head() {
44	atf_set "descr" "compile and run \"Heap Overflow example\""
45	atf_set "require.progs" "cc paxctl"
46}
47
48atf_test_case heap_overflow_profile
49heap_overflow_profile_head() {
50	atf_set "descr" "compile and run \"Heap Overflow example\" with profiling option"
51	atf_set "require.progs" "cc paxctl"
52}
53
54atf_test_case heap_overflow_pic
55heap_overflow_pic_head() {
56	atf_set "descr" "compile and run PIC \"Heap Overflow example\""
57	atf_set "require.progs" "cc paxctl"
58}
59
60atf_test_case heap_overflow_pie
61heap_overflow_pie_head() {
62	atf_set "descr" "compile and run position independent (PIE) \"Heap Overflow example\""
63	atf_set "require.progs" "cc paxctl"
64}
65
66atf_test_case heap_overflow32
67heap_overflow32_head() {
68	atf_set "descr" "compile and run \"Heap Overflow example\" for/in netbsd32 emulation"
69	atf_set "require.progs" "cc paxctl file diff cat"
70}
71
72atf_test_case target_not_supported
73target_not_supported_head()
74{
75	atf_set "descr" "Test forced skip"
76}
77
78heap_overflow_body() {
79	cat > test.c << EOF
80#include <stdio.h>
81#include <stdlib.h>
82#include <string.h>
83int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
84int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
85EOF
86	cc -fsanitize=address -o test test.c
87	paxctl -a test
88	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
89}
90
91heap_overflow_profile_body() {
92	cat > test.c << EOF
93#include <stdio.h>
94#include <stdlib.h>
95#include <string.h>
96int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
97int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
98EOF
99	cc -fsanitize=address -o test -pg test.c
100	paxctl +a test
101	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
102}
103
104heap_overflow_pic_body() {
105	cat > test.c << EOF
106#include <stdio.h>
107#include <stdlib.h>
108#include <string.h>
109int foo(int);
110int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
111EOF
112	cat > pic.c << EOF
113#include <stdio.h>
114#include <stdlib.h>
115#include <string.h>
116int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
117EOF
118
119	cc -fPIC -fsanitize=address -shared -o libtest.so pic.c
120	cc -o test test.c -fsanitize=address -L. -ltest
121	paxctl +a test
122
123	export LD_LIBRARY_PATH=.
124	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
125}
126
127heap_overflow_pie_body() {
128	# check whether this arch supports -pice
129	if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then
130		atf_set_skip "cc -pie not supported on this architecture"
131	fi
132	cat > test.c << EOF
133#include <stdio.h>
134#include <stdlib.h>
135#include <string.h>
136int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
137int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
138EOF
139	cc -fsanitize=address -fpie -pie -o test test.c
140	paxctl +a test
141	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
142}
143
144heap_overflow32_body() {
145	# check whether this arch is 64bit
146	if ! cc -dM -E - < /dev/null | fgrep -q _LP64; then
147		atf_skip "this is not a 64 bit architecture"
148	fi
149	if ! cc -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then
150		atf_skip "cc -m32 not supported on this architecture"
151	else
152		if fgrep -q _LP64 ./def32; then
153		atf_fail "cc -m32 does not generate netbsd32 binaries"
154	fi
155fi
156
157	cat > test.c << EOF
158#include <stdio.h>
159#include <stdlib.h>
160#include <string.h>
161int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
162int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
163EOF
164	cc -fsanitize=address -o ho32 -m32 test.c
165	cc -fsanitize=address -o ho64 test.c
166	file -b ./ho32 > ./ftype32
167	file -b ./ho64 > ./ftype64
168	if diff ./ftype32 ./ftype64 >/dev/null; then
169		atf_fail "generated binaries do not differ"
170	fi
171	echo "32bit binaries on this platform are:"
172	cat ./ftype32
173	echo "While native (64bit) binaries are:"
174	cat ./ftype64
175	paxctl +a ho32
176	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./ho32
177
178# and another test with profile 32bit binaries
179	cat > test.c << EOF
180#include <stdio.h>
181#include <stdlib.h>
182#include <string.h>
183int foo(int index) { int *x = (int *)malloc(20); int res = x[index * 4]; free(x); return res;}
184int main(int argc, char **argv) {foo(argc + 19); printf("CHECK\n"); exit(0);}
185EOF
186	cc -o test -m32 -fsanitize=address -pg test.c
187	paxctl +a test
188	atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"heap-buffer-overflow" ./test
189}
190
191target_not_supported_body()
192{
193	atf_skip "Target is not supported"
194}
195
196atf_init_test_cases()
197{
198	test_target
199	test $SUPPORT = 'n' && {
200		 atf_add_test_case target_not_supported
201		 return 0
202	}
203
204	atf_add_test_case heap_overflow
205#	atf_add_test_case heap_overflow_profile
206	atf_add_test_case heap_overflow_pic
207	atf_add_test_case heap_overflow_pie
208#	atf_add_test_case heap_overflow32
209	# static option not supported
210	# -static and -fsanitize=address can't be used together for compilation
211	# (gcc version  5.4.0 and clang 7.1) tested on April 2nd 2018.
212}
213