Movatterモバイル変換

[0]ホーム
URL:

Google Git
Sign in
chromium /chromium /src /refs/heads/main /. /base /security_unittest.cc
blob: c879b5be6dfda589529936ea5678ca054b4860bb [file] [log] [blame]
Avi Drissmane4622aa2022-09-08 20:36:06[diff] [blame]1// Copyright 2013 The Chromium Authors
jln@chromium.orgb5bf9a132013-01-15 20:16:33[diff] [blame]2// Use of this source code is governed by a BSD-style license that can be
3// found in the LICENSE file.
4
Tom Sepez8726d30e2025-01-29 02:11:08[diff] [blame]5#ifdef UNSAFE_BUFFERS_BUILD
6// TODO(crbug.com/390223051): Remove C-library calls to fix the errors.
7#pragma allow_unsafe_libc_calls
8#endif
9
jln@chromium.org1b556f82013-01-31 02:23:43[diff] [blame]10#include<fcntl.h>
avi9b6f42932015-12-26 22:15:14[diff] [blame]11#include<stddef.h>
jln@chromium.orgb5bf9a132013-01-15 20:16:33[diff] [blame]12#include<stdio.h>
13#include<stdlib.h>
14#include<string.h>
jln@chromium.org1b556f82013-01-31 02:23:43[diff] [blame]15#include<sys/stat.h>
16#include<sys/types.h>
jln@chromium.orgb5bf9a132013-01-15 20:16:33[diff] [blame]17
18#include<algorithm>
19#include<limits>
dcheng093de9b2016-04-04 21:25:51[diff] [blame]20#include<memory>
jln@chromium.orgb5bf9a132013-01-15 20:16:33[diff] [blame]21
brettw@chromium.orge3177dd52014-08-13 20:22:14[diff] [blame]22#include"base/files/file_util.h"
dchengdb5935f2016-03-26 00:16:27[diff] [blame]23#include"base/memory/free_deleter.h"
Peter Collingbourne5a35305d2019-02-06 02:51:43[diff] [blame]24#include"base/sanitizer_buildflags.h"
jln@chromium.org547683f2013-02-04 23:39:48[diff] [blame]25#include"build/build_config.h"
Arthur Sonzognifd39d612024-06-26 08:16:23[diff] [blame]26#include"partition_alloc/buildflags.h"
jln@chromium.orgb5bf9a132013-01-15 20:16:33[diff] [blame]27#include"testing/gtest/include/gtest/gtest.h"
28
Xiaohan Wang38e4ebb2022-01-19 06:57:43[diff] [blame]29#if BUILDFLAG(IS_POSIX)
jln@chromium.org547683f2013-02-04 23:39:48[diff] [blame]30#include<sys/mman.h>
31#include<unistd.h>
32#endif
33
jln@chromium.orgb5bf9a132013-01-15 20:16:33[diff] [blame]34using std::nothrow;
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]35using std::numeric_limits;
jln@chromium.orgb5bf9a132013-01-15 20:16:33[diff] [blame]36
37namespace{
38
jln@chromium.orgfe394f32013-02-06 03:23:49[diff] [blame]39// This function acts as a compiler optimization barrier. We use it to
40// prevent the compiler from making an expression a compile-time constant.
41// We also use it so that the compiler doesn't discard certain return values
42// as something we don't need (see the comment with calloc below).
43template<typenameType>
Peter Kasting0acb7f5ef2022-05-05 23:57:27[diff] [blame]44NOINLINETypeHideValueFromCompiler(Type value){
jln@chromium.org1cdfdb72013-04-04 12:02:35[diff] [blame]45#if defined(__GNUC__)
46// In a GCC compatible compiler (GCC or Clang), make this compiler barrier
Peter Kasting0acb7f5ef2022-05-05 23:57:27[diff] [blame]47// more robust.
Peter Kasting134ef9af2024-12-28 02:30:09[diff] [blame]48 __asm__volatile("":"+r"(value));
jln@chromium.org1cdfdb72013-04-04 12:02:35[diff] [blame]49#endif// __GNUC__
jln@chromium.orgfe394f32013-02-06 03:23:49[diff] [blame]50return value;
51}
52
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]53// There are platforms where these tests are known to fail. We would like to
54// be able to easily check the status on the bots, but marking tests as
55// FAILS_ is too clunky.
56voidOverflowTestsSoftExpectTrue(bool overflow_detected){
57if(!overflow_detected){
Xiaohan Wang38e4ebb2022-01-19 06:57:43[diff] [blame]58#if BUILDFLAG(IS_LINUX) || BUILDFLAG(IS_CHROMEOS) || BUILDFLAG(IS_ANDROID) || \
59 BUILDFLAG(IS_APPLE)
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]60// Sadly, on Linux, Android, and OSX we don't have a good story yet. Don't
61// fail the test, but report.
Peter Kasting134ef9af2024-12-28 02:30:09[diff] [blame]62 printf("Platform has overflow: %s\n",!overflow_detected?"yes.":"no.");
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]63#else
64// Otherwise, fail the test. (Note: EXPECT are ok in subfunctions, ASSERT
65// aren't).
66 EXPECT_TRUE(overflow_detected);
67#endif
68}
69}
70
Xiaohan Wang38e4ebb2022-01-19 06:57:43[diff] [blame]71#if BUILDFLAG(IS_APPLE) || defined(ADDRESS_SANITIZER) || \
Sergey Ulanovef5b7632021-09-30 14:59:08[diff] [blame]72 defined(THREAD_SANITIZER)|| defined(MEMORY_SANITIZER)|| \
Arthur Sonzogni62e877a2024-04-30 16:09:43[diff] [blame]73 BUILDFLAG(IS_HWASAN)|| PA_BUILDFLAG(USE_PARTITION_ALLOC_AS_MALLOC)
John Abd-El-Malek17727ff2014-10-02 22:55:15[diff] [blame]74#define MAYBE_NewOverflow DISABLED_NewOverflow
75#else
76#define MAYBE_NewOverflowNewOverflow
77#endif
Yuki Shiinocdbedb52020-08-25 09:23:03[diff] [blame]78// Test that array[TooBig][X] and array[X][TooBig] allocations fail and not
79// succeed with the wrong size allocation in case of size_t overflow. This
80// test is disabled on environments that operator new (nothrow) crashes in
81// case of size_t overflow.
82//
83// - iOS doesn't honor nothrow.
84// - XSan aborts when operator new returns nullptr.
85// - PartitionAlloc crashes by design when size_t overflows.
86//
Alison Gale81f4f2c72024-04-22 19:33:31[diff] [blame]87// TODO(crbug.com/40611888): Fix the test on Mac.
John Abd-El-Malek17727ff2014-10-02 22:55:15[diff] [blame]88TEST(SecurityTest, MAYBE_NewOverflow){
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]89constsize_t kArraySize=4096;
90// We want something "dynamic" here, so that the compiler doesn't
91// immediately reject crazy arrays.
Avi Drissmandea32052022-01-13 21:31:18[diff] [blame]92[[maybe_unused]]constsize_t kDynamicArraySize=
93HideValueFromCompiler(kArraySize);
thakis4d7b56b42017-02-14 16:21:35[diff] [blame]94constsize_t kMaxSizeT= std::numeric_limits<size_t>::max();
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]95constsize_t kArraySize2= kMaxSizeT/ kArraySize+10;
96constsize_t kDynamicArraySize2=HideValueFromCompiler(kArraySize2);
97{
dcheng093de9b2016-04-04 21:25:51[diff] [blame]98 std::unique_ptr<char[][kArraySize]> array_pointer(
99new(nothrow)char[kDynamicArraySize2][kArraySize]);
thakis4d7b56b42017-02-14 16:21:35[diff] [blame]100// Prevent clang from optimizing away the whole test.
101char*volatile p=reinterpret_cast<char*>(array_pointer.get());
102OverflowTestsSoftExpectTrue(!p);
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]103}
Xiaohan Wang38e4ebb2022-01-19 06:57:43[diff] [blame]104#if BUILDFLAG(IS_WIN) && defined(ARCH_CPU_64_BITS)
Avi Drissmandea32052022-01-13 21:31:18[diff] [blame]105// On Windows, the compiler prevents static array sizes of more than
106// 0x7fffffff (error C2148).
Peter Kastingbe940e92014-11-20 23:14:08[diff] [blame]107#else
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]108{
dcheng093de9b2016-04-04 21:25:51[diff] [blame]109 std::unique_ptr<char[][kArraySize2]> array_pointer(
110new(nothrow)char[kDynamicArraySize][kArraySize2]);
thakis4d7b56b42017-02-14 16:21:35[diff] [blame]111// Prevent clang from optimizing away the whole test.
112char*volatile p=reinterpret_cast<char*>(array_pointer.get());
113OverflowTestsSoftExpectTrue(!p);
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]114}
Xiaohan Wang38e4ebb2022-01-19 06:57:43[diff] [blame]115#endif// BUILDFLAG(IS_WIN) && defined(ARCH_CPU_64_BITS)
jln@chromium.org9c4729b2013-01-26 04:41:15[diff] [blame]116}
117
jln@chromium.orgb5bf9a132013-01-15 20:16:33[diff] [blame]118}// namespace
[8]ページ先頭
©2009-2025 Movatter.jp