5 files changed, 55 insertions, 1 deletions
diff --git a/include/string.h b/include/string.h
index f738901..9bf17a0 100644
--- a/include/string.h
+++ b/include/string.h
@@ -104,8 +104,13 @@ __access(write_only, 1)
 __access(read_only, 2, 3)
 _FORTIFY_FN(stpncpy) char *stpncpy(char *__d, const char *__s, size_t __n)
 {
-        size_t __b = __bos(__d, 0);
+        /* trap if pointers are overlapping but not if dst == src.
+         * gcc seems to like to generate code that relies on dst == src */
+        if ((__d < __s && __d + __n > __s) ||
+            (__s < __d && __s + __n > __d))
+                __builtin_trap();
+        size_t __b = __bos(__d, 0);
        if (__n > __b && strlen(__s) + 1 > __b)
                __builtin_trap();
        return __orig_stpncpy(__d, __s, __n);
diff --git a/tests/Makefile b/tests/Makefile
index 6722add..11718cc 100644
--- a/tests/Makefile
+++ b/tests/Makefile
@@ -22,6 +22,9 @@ TARGETS=test_memcpy_static_write     \
        test_strncpy_overwrite_over  \
        test_strncpy_overwrite_under \
        test_strncpy_static_write    \
+        test_stpncpy_overwrite_over  \
+        test_stpncpy_overwrite_under \
+        test_stpncpy_static_write    \
        test_getcwd                  \
 .SILENT:
diff --git a/tests/test_stpncpy_overwrite_over.c b/tests/test_stpncpy_overwrite_over.c
new file mode 100644
index 0000000..e66d8d3
--- /dev/null
+++ b/tests/test_stpncpy_overwrite_over.c
@@ -0,0 +1,15 @@
+#include "common.h"
+#include <string.h>
+int main(int argc, char** argv) {
+  char buffer[9] = {'A', 'A', 'A', 'A', 'B', 'B', 'B', 'B', '\0'};
+  puts(buffer);
+  CHK_FAIL_START
+  stpncpy(buffer+1, buffer, 5);
+  CHK_FAIL_END
+  puts(buffer);
+  return ret;
+}
diff --git a/tests/test_stpncpy_overwrite_under.c b/tests/test_stpncpy_overwrite_under.c
new file mode 100644
index 0000000..5625ff8
--- /dev/null
+++ b/tests/test_stpncpy_overwrite_under.c
@@ -0,0 +1,15 @@
+#include "common.h"
+#include <string.h>
+int main(int argc, char** argv) {
+  char buffer[9] = {'A', 'A', 'A', 'A', 'B', 'B', 'B', 'B', '\0'};
+  puts(buffer);
+  CHK_FAIL_START
+  stpncpy(buffer-1, buffer, 5);
+  CHK_FAIL_END
+  puts(buffer);
+  return ret;
+}
diff --git a/tests/test_stpncpy_static_write.c b/tests/test_stpncpy_static_write.c
new file mode 100644
index 0000000..4bf9092
--- /dev/null
+++ b/tests/test_stpncpy_static_write.c
@@ -0,0 +1,16 @@
+#include "common.h"
+#include <string.h>
+int main(int argc, char** argv) {
+  char buffer[8] = {0};
+  stpncpy(buffer, "1234567", 5);
+  puts(buffer);
+  CHK_FAIL_START
+  stpncpy(buffer, "1234567890", 10);
+  CHK_FAIL_END
+  puts(buffer);
+  return ret;
+}

diff --git a/include/string.h b/include/string.h index f738901..9bf17a0 100644 --- a/include/string.h +++ b/include/string.h
@@ -104,8 +104,13 @@ __access(write_only, 1)
104	__access(read_only, 2, 3)	104	__access(read_only, 2, 3)
105	_FORTIFY_FN(stpncpy) char stpncpy(char __d, const char *__s, size_t __n)	105	_FORTIFY_FN(stpncpy) char stpncpy(char __d, const char *__s, size_t __n)
106	{	106	{
107	size_t __b = __bos(__d, 0);	107	/* trap if pointers are overlapping but not if dst == src.
		108	* gcc seems to like to generate code that relies on dst == src */
		109	if ((__d < __s && __d + __n > __s) \|\|
		110	(__s < __d && __s + __n > __d))
		111	__builtin_trap();
108		112
		113	size_t __b = __bos(__d, 0);
109	if (__n > __b && strlen(__s) + 1 > __b)	114	if (__n > __b && strlen(__s) + 1 > __b)
110	__builtin_trap();	115	__builtin_trap();
111	return __orig_stpncpy(__d, __s, __n);	116	return __orig_stpncpy(__d, __s, __n);


diff --git a/tests/Makefile b/tests/Makefile index 6722add..11718cc 100644 --- a/tests/Makefile +++ b/tests/Makefile
@@ -22,6 +22,9 @@ TARGETS=test_memcpy_static_write \
22	test_strncpy_overwrite_over \	22	test_strncpy_overwrite_over \
23	test_strncpy_overwrite_under \	23	test_strncpy_overwrite_under \
24	test_strncpy_static_write \	24	test_strncpy_static_write \
		25	test_stpncpy_overwrite_over \
		26	test_stpncpy_overwrite_under \
		27	test_stpncpy_static_write \
25	test_getcwd \	28	test_getcwd \
26		29
27	.SILENT:	30	.SILENT:


diff --git a/tests/test_stpncpy_overwrite_over.c b/tests/test_stpncpy_overwrite_over.c new file mode 100644 index 0000000..e66d8d3 --- /dev/null +++ b/tests/test_stpncpy_overwrite_over.c
@@ -0,0 +1,15 @@
		1	#include "common.h"
		2
		3	#include <string.h>
		4
		5	int main(int argc, char** argv) {
		6	char buffer[9] = {'A', 'A', 'A', 'A', 'B', 'B', 'B', 'B', '\0'};
		7	puts(buffer);
		8
		9	CHK_FAIL_START
		10	stpncpy(buffer+1, buffer, 5);
		11	CHK_FAIL_END
		12
		13	puts(buffer);
		14	return ret;
		15	}


diff --git a/tests/test_stpncpy_overwrite_under.c b/tests/test_stpncpy_overwrite_under.c new file mode 100644 index 0000000..5625ff8 --- /dev/null +++ b/tests/test_stpncpy_overwrite_under.c
@@ -0,0 +1,15 @@
		1	#include "common.h"
		2
		3	#include <string.h>
		4
		5	int main(int argc, char** argv) {
		6	char buffer[9] = {'A', 'A', 'A', 'A', 'B', 'B', 'B', 'B', '\0'};
		7	puts(buffer);
		8
		9	CHK_FAIL_START
		10	stpncpy(buffer-1, buffer, 5);
		11	CHK_FAIL_END
		12
		13	puts(buffer);
		14	return ret;
		15	}


diff --git a/tests/test_stpncpy_static_write.c b/tests/test_stpncpy_static_write.c new file mode 100644 index 0000000..4bf9092 --- /dev/null +++ b/tests/test_stpncpy_static_write.c
@@ -0,0 +1,16 @@
		1	#include "common.h"
		2
		3	#include <string.h>
		4
		5	int main(int argc, char** argv) {
		6	char buffer[8] = {0};
		7	stpncpy(buffer, "1234567", 5);
		8	puts(buffer);
		9
		10	CHK_FAIL_START
		11	stpncpy(buffer, "1234567890", 10);
		12	CHK_FAIL_END
		13
		14	puts(buffer);
		15	return ret;
		16	}