Comment 21 for bug 2054343

Test results with Focal (partial; gcc-9 pending)

Environment:
-----------

$ lsb_release -cs
focal

$ uname -m
aarch64

$ sudo dmesg | grep DMI:
[ 0.004570] DMI: Amazon EC2 t4g.nano/, BIOS 1.0 11/1/2018

Setup:
-----

ulimit -c unlimited
echo '/var/crash/core.%e' | sudo tee /proc/sys/kernel/core_pattern
echo 0 | sudo tee /proc/sys/kernel/core_uses_pid

# Test-cases
# https://rtx.meta.security/mitigation/2023/09/12/CVE-2023-4039.html

cat <<EOF >example-dynamic.c
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

int main(int argc, char **argv) {
    if (argc != 2)
        return 1;

    // Variable-length array
    uint8_t input[atoi(argv[1])];

    size_t n = fread(input, 1, 4096, stdin);
    fwrite(input, 1, n, stdout);

    return 0;
}
EOF

cat <<EOF >example-static.c
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>

int main(void) {
    uint8_t input[8];

    size_t n = fread(input, 1, 4096, stdin);
    fwrite(input, 1, n, stdout);

    return 0;
}
EOF

Original packages:
-----------------
- Dynamic: Bus error (*NOT* 'buffer overflow deteced'): FAIL
- Static: Aborted ('buffer overflow detected'): PASS

sudo apt update
sudo apt install --yes gcc-{9,10} gdb

# Test 1 (Dynamic)

for GCC in gcc-{9,10}; do
  echo "Test $GCC (dynamic)"
  PROG="test-$GCC"
  CORE="/var/crash/core.$PROG"
  $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -o $PROG example-dynamic.c

  rm -f $CORE
  echo -n 'DDDDDDDDPPPPPPPPFFFFFFFFAAAAAAAA' | ./$PROG 8
  gdb --batch -ex bt $PROG $CORE | grep -e '^#1'
  echo
done

Test gcc-9 (dynamic)
Bus error (core dumped)
#1 0x4141414141414141 in ?? ()

Test gcc-10 (dynamic)
Bus error (core dumped)
#1 0x4141414141414141 in ?? ()

# Test 2 (Static)

# FIXME 9 and 10

for GCC in gcc-{9,10}; do
  echo "Test $GCC (static)"
  PROG="test-$GCC"
  CORE="/var/crash/core.$PROG"
  $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -Wno-attribute-warning -o $PROG example-static.c

  rm -f $CORE
  echo -n 'DDDDDDDDGGGGGGGG' | ./$PROG
  gdb --batch -ex bt $PROG $CORE | grep '^#1'
  echo
done

Test gcc-9 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x0000000000400454 in abort ()

Test gcc-10 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x0000000000400454 in abort ()

Modified packages:
-----------------
- Dynamic: Aborted ('buffer overflow deteced'): PASS (fixed)
- Static: Aborted ('buffer overflow detected'): PASS (no regression)

sudo add-apt-repository -y ppa:mfo/lp2054343
sudo apt install --yes gcc-{9,10} gdb

### FIXME (gcc-9 not yet patched)

# Test 1 (Dynamic)

for GCC in gcc-{9,10}; do
  echo "Test $GCC (dynamic)"
  PROG="test-$GCC"
  CORE="/var/crash/core.$PROG"
  $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -o $PROG example-dynamic.c

  rm -f $CORE
  echo -n 'DDDDDDDDPPPPPPPPFFFFFFFFAAAAAAAA' | ./$PROG 8
  gdb --batch -ex bt $PROG $CORE | grep -e '^#1'
  echo
done

Test gcc-9 (dynamic)
Bus error (core dumped)
#1 0x4141414141414141 in ?? ()

Test gcc-10 (dynamic)
*** stack smashing detected ***: terminated
Aborted (core dumped)
#1 0x0000000000400454 in abort ()

# Test 2 (Static)

for GCC in gcc-{9,10}; do
  echo "Test $GCC (static)"
  PROG="test-$GCC"
  CORE="/var/crash/core.$PROG"
  $GCC -fstack-protector-all -O3 -static -Wall -Wextra -pedantic -Wno-attribute-warning -o $PROG example-static.c

  rm -f $CORE
  echo -n 'DDDDDDDDGGGGGGGG' | ./$PROG
  gdb --batch -ex bt $PROG $CORE | grep '^#1'
  echo
done

Test gcc-9 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x0000000000400454 in abort ()

Test gcc-10 (static)
*** buffer overflow detected ***: terminated
Aborted (core dumped)
#1 0x0000000000400454 in abort ()