perform size checks on various operations

Signed-off-by: Tavi <tavi@divested.dev>
Co-authored-by: =?UTF-8?q?Christian=20G=C3=B6ttsche?= <cgzones@googlemail.com>

test/.gitignore

@@ -41,4 +41,30 @@ overflow_small_8_byte
 uninitialized_read_large
 uninitialized_read_small
 realloc_init
+memcpy_buffer_overflow
+memcpy_read_overflow
+memcpy_valid_same
+memcpy_valid_mismatched
+memccpy_buffer_overflow
+memccpy_read_overflow
+memccpy_valid_same
+memccpy_valid_mismatched
+memmove_buffer_overflow
+memmove_read_overflow
+memmove_valid_same
+memmove_valid_mismatched
+memset_buffer_overflow
+memset_valid_same
+memset_valid_mismatched
+wmemcpy_buffer_overflow
+wmemcpy_read_overflow
+wmemcpy_valid_same
+wmemcpy_valid_mismatched
+wmemmove_buffer_overflow
+wmemmove_read_overflow
+wmemmove_valid_same
+wmemmove_valid_mismatched
+wmemset_buffer_overflow
+wmemset_valid_same
+wmemset_valid_mismatched
 __pycache__/

test/Makefile

@@ -67,7 +67,33 @@ EXECUTABLES := \
     invalid_malloc_object_size_small \
     invalid_malloc_object_size_small_quarantine \
     impossibly_large_malloc \
-    realloc_init
+    realloc_init \
+    memcpy_buffer_overflow \
+    memcpy_read_overflow \
+    memcpy_valid_same \
+    memcpy_valid_mismatched \
+    memccpy_buffer_overflow \
+    memccpy_read_overflow \
+    memccpy_valid_same \
+    memccpy_valid_mismatched \
+    memmove_buffer_overflow \
+    memmove_read_overflow \
+    memmove_valid_same \
+    memmove_valid_mismatched \
+    memset_buffer_overflow \
+    memset_valid_same \
+    memset_valid_mismatched \
+    wmemcpy_buffer_overflow \
+    wmemcpy_read_overflow \
+    wmemcpy_valid_same \
+    wmemcpy_valid_mismatched \
+    wmemmove_buffer_overflow \
+    wmemmove_read_overflow \
+    wmemmove_valid_same \
+    wmemmove_valid_mismatched \
+    wmemset_buffer_overflow \
+    wmemset_valid_same \
+    wmemset_valid_mismatched
 
 all: $(EXECUTABLES)
 

test/memccpy_buffer_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(16);
+    char *secondbuffer = malloc(32);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 32);
+    memccpy(firstbuffer, secondbuffer, 'b', 32);
+    return 1;
+}

test/memccpy_read_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(32);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memccpy(firstbuffer, secondbuffer, 'b', 32);
+    return 1;
+}

test/memccpy_valid_mismatched.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(32);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memccpy(firstbuffer, secondbuffer, 'b', 16);
+    return 0;
+}

test/memccpy_valid_same.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(16);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memccpy(firstbuffer, secondbuffer, 'b', 16);
+    return 0;
+}

test/memcpy_buffer_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(16);
+    char *secondbuffer = malloc(32);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 32);
+    memcpy(firstbuffer, secondbuffer, 32);
+    return 1;
+}

test/memcpy_read_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(32);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memcpy(firstbuffer, secondbuffer, 32);
+    return 1;
+}

test/memcpy_valid_mismatched.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(32);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memcpy(firstbuffer, secondbuffer, 16);
+    return 0;
+}

test/memcpy_valid_same.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(16);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memcpy(firstbuffer, secondbuffer, 16);
+    return 0;
+}

test/memmove_buffer_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(16);
+    char *secondbuffer = malloc(32);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 32);
+    memmove(firstbuffer, secondbuffer, 32);
+    return 1;
+}

test/memmove_read_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(32);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memmove(firstbuffer, secondbuffer, 32);
+    return 1;
+}

test/memmove_valid_mismatched.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(32);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memmove(firstbuffer, secondbuffer, 16);
+    return 0;
+}

test/memmove_valid_same.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *firstbuffer = malloc(16);
+    char *secondbuffer = malloc(16);
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    memset(secondbuffer, 'a', 16);
+    memmove(firstbuffer, secondbuffer, 16);
+    return 0;
+}

test/memset_buffer_overflow.c

@@ -0,0 +1,13 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *buffer = malloc(16);
+    if (!buffer) {
+        return 1;
+    }
+    memset(buffer, 'a', 32);
+    return 1;
+}

test/memset_valid_mismatched.c

@@ -0,0 +1,13 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *buffer = malloc(32);
+    if (!buffer) {
+        return 1;
+    }
+    memset(buffer, 'a', 16);
+    return 0;
+}

test/memset_valid_same.c

@@ -0,0 +1,13 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    char *buffer = malloc(16);
+    if (!buffer) {
+        return 1;
+    }
+    memset(buffer, 'a', 16);
+    return 0;
+}

test/test_smc.py

@@ -238,5 +238,160 @@ class TestSimpleMemoryCorruption(unittest.TestCase):
             "realloc_init")
         self.assertEqual(returncode, 0)
 
+    #def test_memcpy_buffer_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "memcpy_buffer_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: memcpy buffer overflow\n")
+
+    #def test_memcpy_read_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "memcpy_read_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: memcpy read overflow\n")
+
+    def test_memcpy_valid_same(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "memcpy_valid_same")
+        self.assertEqual(returncode, 0)
+
+    def test_memcpy_valid_mismatched(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "memcpy_valid_mismatched")
+        self.assertEqual(returncode, 0)
+
+    #def test_memccpy_buffer_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "memccpy_buffer_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: memccpy buffer overflow\n")
+
+    #def test_memccpy_read_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "memccpy_read_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: memccpy read overflow\n")
+
+    def test_memccpy_valid_same(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "memccpy_valid_same")
+        self.assertEqual(returncode, 0)
+
+    def test_memccpy_valid_mismatched(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "memccpy_valid_mismatched")
+        self.assertEqual(returncode, 0)
+
+
+    #def test_memmove_buffer_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "memmove_buffer_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: memmove buffer overflow\n")
+
+    #def test_memmove_read_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "memmove_read_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: memmove read overflow\n")
+
+    def test_memmove_valid_same(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "memmove_valid_same")
+        self.assertEqual(returncode, 0)
+
+    def test_memmove_valid_mismatched(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "memmove_valid_mismatched")
+        self.assertEqual(returncode, 0)
+
+    #def test_memset_buffer_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "memset_buffer_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: memset buffer overflow\n")
+
+    #def test_wmemcpy_buffer_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "wmemcpy_buffer_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: wmemcpy buffer overflow\n")
+
+    #def test_wmemcpy_read_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "wmemcpy_read_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: wmemcpy read overflow\n")
+
+    def test_wmemcpy_valid_same(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "wmemcpy_valid_same")
+        self.assertEqual(returncode, 0)
+
+    def test_wmemcpy_valid_mismatched(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "wmemcpy_valid_mismatched")
+        self.assertEqual(returncode, 0)
+
+    #def test_wmemmove_buffer_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "wmemmove_buffer_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: wmemmove buffer overflow\n")
+
+    #def test_wmemmove_read_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "wmemmove_read_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: wmemmove read overflow\n")
+
+    def test_wmemmove_valid_same(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "wmemmove_valid_same")
+        self.assertEqual(returncode, 0)
+
+    def test_wmemmove_valid_mismatched(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "wmemmove_valid_mismatched")
+        self.assertEqual(returncode, 0)
+
+    #def test_wmemset_buffer_overflow(self):
+    #    _stdout, stderr, returncode = self.run_test(
+    #        "wmemset_buffer_overflow")
+    #    self.assertEqual(returncode, -6)
+    #    self.assertEqual(stderr.decode(
+    #        "utf-8"), "fatal allocator error: wmemset buffer overflow\n")
+
+    def test_wmemset_valid_same(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "wmemset_valid_same")
+        self.assertEqual(returncode, 0)
+
+    def test_wmemset_valid_mismatched(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "wmemset_valid_mismatched")
+        self.assertEqual(returncode, 0)
+
+    def test_memset_valid_same(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "memset_valid_same")
+        self.assertEqual(returncode, 0)
+
+    def test_memset_valid_mismatched(self):
+        _stdout, _stderr, returncode = self.run_test(
+            "memset_valid_mismatched")
+        self.assertEqual(returncode, 0)
+
 if __name__ == '__main__':
     unittest.main()

test/wmemcpy_buffer_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *firstbuffer = malloc(16 * sizeof(wchar_t));
+    wchar_t *secondbuffer = malloc(32 * sizeof(wchar_t));
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    wmemset(secondbuffer, L'\U0001F642', 32);
+    wmemcpy(firstbuffer, secondbuffer, 32);
+    return 1;
+}

test/wmemcpy_read_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *firstbuffer = malloc(32 * sizeof(wchar_t));
+    wchar_t *secondbuffer = malloc(16 * sizeof(wchar_t));
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    wmemset(secondbuffer, L'\U0001F642', 16);
+    wmemcpy(firstbuffer, secondbuffer, 32);
+    return 1;
+}

test/wmemcpy_valid_mismatched.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *firstbuffer = malloc(32 * sizeof(wchar_t));
+    wchar_t *secondbuffer = malloc(16 * sizeof(wchar_t));
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    wmemset(secondbuffer, L'\U0001F642', 16);
+    wmemcpy(firstbuffer, secondbuffer, 16);
+    return 0;
+}

test/wmemcpy_valid_same.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *firstbuffer = malloc(16 * sizeof(wchar_t));
+    wchar_t *secondbuffer = malloc(16 * sizeof(wchar_t));
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    wmemset(secondbuffer, L'\U0001F642', 16);
+    wmemcpy(firstbuffer, secondbuffer, 16);
+    return 0;
+}

test/wmemmove_buffer_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *firstbuffer = malloc(16 * sizeof(wchar_t));
+    wchar_t *secondbuffer = malloc(32 * sizeof(wchar_t));
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    wmemset(secondbuffer, L'\U0001F642', 32);
+    wmemmove(firstbuffer, secondbuffer, 32);
+    return 1;
+}

test/wmemmove_read_overflow.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *firstbuffer = malloc(32 * sizeof(wchar_t));
+    wchar_t *secondbuffer = malloc(16 * sizeof(wchar_t));
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    wmemset(secondbuffer, L'\U0001F642', 16);
+    wmemmove(firstbuffer, secondbuffer, 32);
+    return 1;
+}

test/wmemmove_valid_mismatched.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *firstbuffer = malloc(32 * sizeof(wchar_t));
+    wchar_t *secondbuffer = malloc(16 * sizeof(wchar_t));
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    wmemset(secondbuffer, L'\U0001F642', 16);
+    wmemmove(firstbuffer, secondbuffer, 16);
+    return 0;
+}

test/wmemmove_valid_same.c

@@ -0,0 +1,15 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *firstbuffer = malloc(16 * sizeof(wchar_t));
+    wchar_t *secondbuffer = malloc(16 * sizeof(wchar_t));
+    if (!firstbuffer && !secondbuffer) {
+        return 1;
+    }
+    wmemset(secondbuffer, L'\U0001F642', 16);
+    wmemmove(firstbuffer, secondbuffer, 16);
+    return 0;
+}

test/wmemset_buffer_overflow.c

@@ -0,0 +1,13 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *buffer = malloc(16 * sizeof(wchar_t));
+    if (!buffer) {
+        return 1;
+    }
+    wmemset(buffer, L'\U0001F642', 32);
+    return 1;
+}

test/wmemset_valid_mismatched.c

@@ -0,0 +1,13 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *buffer = malloc(32 * sizeof(wchar_t));
+    if (!buffer) {
+        return 1;
+    }
+    wmemset(buffer, L'\U0001F642', 16);
+    return 0;
+}

test/wmemset_valid_same.c

@@ -0,0 +1,13 @@
+#include <stdlib.h>
+#include <wchar.h>
+
+#include "test_util.h"
+
+OPTNONE int main(void) {
+    wchar_t *buffer = malloc(16 * sizeof(wchar_t));
+    if (!buffer) {
+        return 1;
+    }
+    wmemset(buffer, L'\U0001F642', 16);
+    return 0;
+}