QA Regression Testing

Merge ~alexmurray/qa-regression-testing:update-test-gcc-security-for-lp-2007544 into qa-regression-testing:master

  1. Git
  2. lp:~alexmurray/qa-regression-testing
  3. update-test-gcc-security-for-lp-2007544
  4. Merge into master
Proposed by Alex Murray
Status: Merged
Merged at revision: 96ab14c5c8dd1454292b6ee289464c167a7b430e
Proposed branch: ~alexmurray/qa-regression-testing:update-test-gcc-security-for-lp-2007544
Merge into: qa-regression-testing:master
Diff against target: 95 lines (+25/-8)
1 file modified
scripts/test-gcc-security.py (+25/-8)
Reviewer Review Type Date Requested Status
Ubuntu Security Team Pending
Steve Beattie Pending
Review via email: mp+437462@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Pavel Kopylov (pkopylov) wrote :

Great, it has worked fine for me on these systems: Ubuntu 16.04, Ubuntu 18.04, and Ubuntu 20.04.

Revision history for this message
Steve Beattie (sbeattie) wrote :

Apologies, I've not reviewed this in any depth, but one nit:

On Fri, Feb 17, 2023 at 12:56:17AM -0000, Alex Murray wrote:
> + # Backtrace expected? glibc removed this functionality
> + # (https://github.com/bminor/glibc/commit/a289ea09ea843ced6e5277c2f2e63c357bc7f9a3)

Not sure what that github repo is, but the official glibc git repo link
for this commit would be:

  https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a289ea09ea843ced6e5277c2f2e63c357bc7f9a3

> + # but even before this it was broken since 2017 due to a bug in
> + # https://github.com/bminor/glibc/commit/ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0

and similarly

  https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0

--
Steve Beattie
<email address hidden>

Revision history for this message
Alex Murray (alexmurray) wrote :

Thanks sbeattie - I have fixed those links up in https://git.launchpad.net/~alexmurray/qa-regression-testing/commit/?id=a3598bc48def5d2dc882be07bbb6c94b89a6686b

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/scripts/test-gcc-security.py b/scripts/test-gcc-security.py
2index 53bfdec..64a8647 100755
3--- a/scripts/test-gcc-security.py
4+++ b/scripts/test-gcc-security.py
5@@ -30,6 +30,7 @@ import os
6 import subprocess
7 import unittest
8 import testlib
9+import re
10
11
12 class GccSecurityTest00(testlib.TestlibCase):
13@@ -94,6 +95,10 @@ class GccSecurityTest00(testlib.TestlibCase):
14 cmd = ['./%s' % (target), mode, 'A' * 40]
15 rc, output = self.shell_cmd(cmd)
16 self.assertEqual(rc, 0)
17+ else:
18+ cmd = []
19+ output = ''
20+ rc = -1
21
22 # stop when we hit either SIGABRT or SIGSEGV, whichever
23 # comes first to detect the overflow needed to trigger
24@@ -124,11 +129,16 @@ class GccSecurityTest00(testlib.TestlibCase):
25 if not mapping[target]:
26 rc_expected = -11
27 self.assertEqual(rc, rc_expected, 'rc(%d) != %d: %s\n' % (rc, rc_expected, " ".join(cmd)) + output)
28- wanted = '*** %s ***: ./%s terminated\n' % (abort_string, target)
29- self.assertEqual(wanted in output, mapping[target], "'%s' %s in output of '%s':\n%s" % (wanted, ['NOT', 'is'][mapping[target]], " ".join(cmd), output))
30+ wanted = '\\*\\*\\* %s \\*\\*\\*: .*terminated\n' % (abort_string)
31+ self.assertEqual(re.search(wanted, output) is not None, mapping[target], "'%s' %s in output of '%s':\n%s" % (wanted, ['NOT', 'is'][mapping[target]], " ".join(cmd), output))
32
33- # Backtrace expected?
34+ # Backtrace expected? glibc removed this functionality
35+ # (https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=a289ea09ea843ced6e5277c2f2e63c357bc7f9a3)
36+ # but even before this it was broken since 2017 due to a bug in
37+ # https://sourceware.org/git/?p=glibc.git;a=commitdiff;h=ed421fca42fd9b4cab7c66e77894b8dd7ca57ed0
38 backtrace_expected = mapping[target]
39+ if self.lsb_release['Release'] >= 18.04:
40+ backtrace_expected = False
41 if self.dpkg_arch == 'armel' or \
42 (self.lsb_release['Release'] > 12.04 and stack_protector):
43 backtrace_expected = False
44@@ -269,7 +279,7 @@ class GccSecurityTest00(testlib.TestlibCase):
45 output = self.make_target(target, expected=compile_rc)
46 for func in expected_funcs + unexpected_funcs:
47 wanted = warning % (func)
48- self.assertEqual(wanted in output, func in expected_funcs and mapping[target], "'%s' (%d, %s) in output of %s:\n" % (wanted, mapping[target], ", ".join(expected_funcs), target) + output)
49+ self.assertEqual(re.search(wanted, output) is not None, func in expected_funcs and mapping[target], "'%s' (%d, %s) in output of %s:\n" % (wanted, mapping[target], ", ".join(expected_funcs), target) + output)
50
51 if not compiles:
52 continue
53@@ -300,7 +310,7 @@ class GccSecurityTest00(testlib.TestlibCase):
54 self.announce("-fwrite")
55 unexpected_funcs += ['fwrite']
56
57- self._test_warnings('warn-unchecked', "warning: ignoring return value of '%s', declared with attribute warn_unused_result", expected_funcs, unexpected_funcs)
58+ self._test_warnings('warn-unchecked', "warning: ignoring return value of '%s',? declared with attribute '?warn_unused_result'?", expected_funcs, unexpected_funcs)
59
60 # Intrepid and later
61 # Technically, this is a glibc run-time test...
62@@ -404,7 +414,12 @@ class GccSecurityTest00(testlib.TestlibCase):
63 compiles = True
64 rc = -11
65
66- self._test_warnings('missing-mode', "warning: call to %s will always overflow destination buffer", expected_funcs, unexpected_funcs, compiles=compiles, rc_wanted=rc)
67+ warning = "warning: call to %s will always overflow destination buffer"
68+ if self.lsb_release['Release'] >= 18.04:
69+ # on newer gcc the warnings are more detailed so don't check for
70+ # exact text but instead just that they were generated
71+ warning = "warning: '%s'"
72+ self._test_warnings('missing-mode', warning, expected_funcs, unexpected_funcs, compiles=compiles, rc_wanted=rc)
73
74 def test_30_stack_protector_all(self):
75 '''gcc -fstack-protector-all works when requested (LP: #691722)'''
76@@ -442,7 +457,9 @@ class GccSecurityTest00(testlib.TestlibCase):
77 self.make_target(target)
78 rc, output = self.shell_cmd(['readelf', '-h', target])
79 self.assertEqual(rc, 0, output)
80- self.assertTrue(mapping[target] == ('DYN (Shared object file)' in output), output)
81+ self.assertTrue(mapping[target] ==
82+ (re.search('Type:\\s+DYN\\s+\\((Shared object file|Position-Independent Executable file)\\)', output) is not None),
83+ output)
84
85 # yakkety and later
86 def test_60_bind_now(self):
87@@ -467,7 +484,7 @@ class GccSecurityTest00(testlib.TestlibCase):
88 self.make_target(target)
89 rc, output = self.shell_cmd(['readelf', '-d', target])
90 self.assertEqual(rc, 0, output)
91- self.assertTrue(mapping[target] == ('(BIND_NOW)' in output), target + ": " + output)
92+ self.assertTrue(mapping[target] == ('BIND_NOW' in output), target + ": " + output)
93
94
95 # Secondary class that enables all the "by default" tests so features can

Subscribers

People subscribed via source and target branches