How do you create a unit test case in c for a buffer overflow that does not cause a memory error such as a segfault?
I.e. Given a simple buffer overflow, such as
int function () {
int exampleArray[10];
exampleArray[10] = 5;
return 0;
}
How do you create a unit test for this code? There is clearly an error, we are writing past the end of an array. However, you can run a function like this without any evidence of the error.
Note: I need to be able to create test cases for when the index to the array is supplied at run time by the user as well as the above simplified case.
In a managed language like Java the code will throw an exception (ArrayIndexOutOfBoundsException) which can be caught. So creating a test case is straightforward (a try-catch block for the exception).
How would such a test be created in c? Can any of the unit testing frameworks for C handle such a situation?
Background Information: I'm trying to do automatic test case generation. I know where the errors are and would like to be able to create a unit test to fail on these bugs.
However I wouldn't have the faintest idea how to create a test case that fails for a buffer overflow bug that doesn't crash the application.
A buffer overflow occurs when data written to a buffer also corrupts data values in memory addresses adjacent to the destination buffer due to insufficient bounds checking. This can occur when copying data from one buffer to another without first checking that the data fits within the destination buffer.
C and C++ are two languages that are highly susceptible to buffer overflow attacks, as they don't have built-in safeguards against overwriting or accessing data in their memory.
That is why the safest basic method in C is to avoid the following five unsafe functions that can lead to a buffer overflow vulnerability: printf , sprintf , strcat , strcpy , and gets . Unfortunately, the base C language provides only one safe alternative: fgets (to be used instead of gets ).
Buffer overflow occurs when data is input or written beyond the allocated bounds of an buffer, array, or other object causing a program crash or a vulnerability that hackers might exploit. C++ is particularly vulnerable to buffer overflow.
One way to check is to allocate extra bytes before and after the buffer if you are using heap. But it will be difficult to keep track of every variable. After the function ends you can check if the data in those buffers was modified. You have to create a seperate library to hold these values for you.
Alternatively check this link. Hope it will give you more information on testing for buffer overflow.
EDIT : Some more information :
Its difficult or rather not your job to test for APIs which dont take any input. However if the API takes input which will be manipulated during the course of the execution then you can pass values which can cause overrun.
void foo()
{
char buffer [5];
strcpy(buffer, "StackOverflow");
// Clearly overflow. Has to be found out in Code reviews or static analysis
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With