fortify: Add compile-time FORTIFY_SOURCE tests

iv/linux

While the run-time testing of FORTIFY_SOURCE is already present in
LKDTM, there is no testing of the expected compile-time detections. In
preparation for correctly supporting FORTIFY_SOURCE under Clang, adding
additional FORTIFY_SOURCE defenses, and making sure FORTIFY_SOURCE
doesn't silently regress with GCC, introduce a build-time test suite that
checks each expected compile-time failure condition.

As this is relatively backwards from standard build rules in the
sense that a successful test is actually a compile _failure_, create
a wrapper script to check for the correct errors, and wire it up as
a dummy dependency to lib/string.o, collecting the results into a log
file artifact.

Signed-off-by: Kees Cook <keescook@chromium.org>

This commit is contained in:

Kees Cook

2021-04-20 23:22:52 -07:00

parent 3009f891bb

commit be58f71037

22 changed files with 226 additions and 0 deletions

									
										5

lib/test_fortify/write_overflow-strlcpy-src.c
									
										Normal file
									
												View File
												
				@ -0,0 +1,5 @@

				// SPDX-License-Identifier: GPL-2.0-only

				#define TEST	\

					strlcpy(small, large_src, sizeof(small) + 1)

				#include "test_fortify.h"

fortify: Add compile-time FORTIFY_SOURCE tests

5 lib/test_fortify/write_overflow-strlcpy-src.c Normal file Unescape Escape View File

5

lib/test_fortify/write_overflow-strlcpy-src.c Normal file

View File