1f08c3bdfSopenharmony_ci// SPDX-License-Identifier: GPL-2.0-or-later 2f08c3bdfSopenharmony_ci/* 3f08c3bdfSopenharmony_ci * Copyright (c) 2019 Cyril Hrubis <chrubis@suse.cz> 4f08c3bdfSopenharmony_ci */ 5f08c3bdfSopenharmony_ci 6f08c3bdfSopenharmony_ci/* 7f08c3bdfSopenharmony_ci * Test that acces after guarded buffer causes segfault. 8f08c3bdfSopenharmony_ci */ 9f08c3bdfSopenharmony_ci 10f08c3bdfSopenharmony_ci#include <stdlib.h> 11f08c3bdfSopenharmony_ci#include <sys/wait.h> 12f08c3bdfSopenharmony_ci#include "tst_test.h" 13f08c3bdfSopenharmony_ci 14f08c3bdfSopenharmony_ci#define BUF1_LEN 10 15f08c3bdfSopenharmony_ci#define BUF2_LEN 4096 16f08c3bdfSopenharmony_ci#define BUF3_LEN 12004 17f08c3bdfSopenharmony_ci 18f08c3bdfSopenharmony_cistatic char *buf1; 19f08c3bdfSopenharmony_cistatic char *buf2; 20f08c3bdfSopenharmony_cistatic char *buf3; 21f08c3bdfSopenharmony_ci 22f08c3bdfSopenharmony_cistatic void do_test(unsigned int n) 23f08c3bdfSopenharmony_ci{ 24f08c3bdfSopenharmony_ci int pid; 25f08c3bdfSopenharmony_ci int status; 26f08c3bdfSopenharmony_ci 27f08c3bdfSopenharmony_ci if (n == 6) { 28f08c3bdfSopenharmony_ci buf1[-1] = 0; 29f08c3bdfSopenharmony_ci buf3[-1] = 0; 30f08c3bdfSopenharmony_ci tst_res(TPASS, "Buffers dirtied!"); 31f08c3bdfSopenharmony_ci } 32f08c3bdfSopenharmony_ci 33f08c3bdfSopenharmony_ci pid = SAFE_FORK(); 34f08c3bdfSopenharmony_ci if (!pid) { 35f08c3bdfSopenharmony_ci switch (n) { 36f08c3bdfSopenharmony_ci case 0: 37f08c3bdfSopenharmony_ci buf1[BUF1_LEN - 1] = 0; 38f08c3bdfSopenharmony_ci break; 39f08c3bdfSopenharmony_ci case 1: 40f08c3bdfSopenharmony_ci buf2[BUF2_LEN - 1] = 0; 41f08c3bdfSopenharmony_ci break; 42f08c3bdfSopenharmony_ci case 2: 43f08c3bdfSopenharmony_ci buf3[BUF3_LEN - 1] = 0; 44f08c3bdfSopenharmony_ci break; 45f08c3bdfSopenharmony_ci case 3: 46f08c3bdfSopenharmony_ci buf1[BUF1_LEN] = 0; 47f08c3bdfSopenharmony_ci break; 48f08c3bdfSopenharmony_ci case 4: 49f08c3bdfSopenharmony_ci buf2[BUF2_LEN] = 0; 50f08c3bdfSopenharmony_ci break; 51f08c3bdfSopenharmony_ci case 5: 52f08c3bdfSopenharmony_ci buf3[BUF3_LEN] = 0; 53f08c3bdfSopenharmony_ci break; 54f08c3bdfSopenharmony_ci case 6: 55f08c3bdfSopenharmony_ci buf1[-2] = 0; 56f08c3bdfSopenharmony_ci buf3[-2] = 0; 57f08c3bdfSopenharmony_ci break; 58f08c3bdfSopenharmony_ci } 59f08c3bdfSopenharmony_ci 60f08c3bdfSopenharmony_ci exit(0); 61f08c3bdfSopenharmony_ci } 62f08c3bdfSopenharmony_ci 63f08c3bdfSopenharmony_ci SAFE_WAITPID(pid, &status, 0); 64f08c3bdfSopenharmony_ci 65f08c3bdfSopenharmony_ci if (n == 6) 66f08c3bdfSopenharmony_ci return; 67f08c3bdfSopenharmony_ci 68f08c3bdfSopenharmony_ci if (n < 3) { 69f08c3bdfSopenharmony_ci if (WIFEXITED(status) && WEXITSTATUS(status) == 0) { 70f08c3bdfSopenharmony_ci tst_res(TPASS, "exited normally"); 71f08c3bdfSopenharmony_ci return; 72f08c3bdfSopenharmony_ci } 73f08c3bdfSopenharmony_ci } else { 74f08c3bdfSopenharmony_ci if (WIFSIGNALED(status) && WTERMSIG(status) == SIGSEGV) { 75f08c3bdfSopenharmony_ci tst_res(TPASS, "Killed by SIGSEGV"); 76f08c3bdfSopenharmony_ci return; 77f08c3bdfSopenharmony_ci } 78f08c3bdfSopenharmony_ci } 79f08c3bdfSopenharmony_ci 80f08c3bdfSopenharmony_ci tst_res(TFAIL, "Child %s", tst_strstatus(status)); 81f08c3bdfSopenharmony_ci} 82f08c3bdfSopenharmony_ci 83f08c3bdfSopenharmony_cistatic struct tst_test test = { 84f08c3bdfSopenharmony_ci .forks_child = 1, 85f08c3bdfSopenharmony_ci .test = do_test, 86f08c3bdfSopenharmony_ci .tcnt = 7, 87f08c3bdfSopenharmony_ci .bufs = (struct tst_buffers []) { 88f08c3bdfSopenharmony_ci {&buf1, .size = BUF1_LEN}, 89f08c3bdfSopenharmony_ci {&buf2, .size = BUF2_LEN}, 90f08c3bdfSopenharmony_ci {&buf3, .size = BUF3_LEN}, 91f08c3bdfSopenharmony_ci {} 92f08c3bdfSopenharmony_ci } 93f08c3bdfSopenharmony_ci}; 94