From a34791cc02949d22d2b4a5f7e0ddc63d617dd6d0 Mon Sep 17 00:00:00 2001
From: Leah Neukirchen <leah@vuxu.org>
Date: Thu, 19 Dec 2019 12:51:29 +0100
Subject: add -S for stack smashing

---
 README |  6 ++++--
 fail.1 |  9 +++++++--
 fail.c | 15 +++++++++++++--
 3 files changed, 24 insertions(+), 6 deletions(-)

diff --git a/README b/README
index bf5a812..7c766ec 100644
--- a/README
+++ b/README
@@ -4,7 +4,7 @@ NAME
      fail – crash in various possible ways
 
 SYNOPSIS
-     fail [-123DORabcdikrst]
+     fail [-123DORSabcdikrst]
 
 DESCRIPTION
      fail crashes in various possible ways to help you debug how other
@@ -32,6 +32,8 @@ DESCRIPTION
      -R      Trigger an infinite recursion that uses alloca(3) heavily (to
              test GCC's -fstack-clash-protection).
 
+     -S      Smash the stack using strcpy(3), to test GCC's -fstack-protector.
+
      -a      Call abort(3).
 
      -b      Trigger SIGBUS by accessing mmap(2) memory beyond the end of a
@@ -69,4 +71,4 @@ LICENSE
 
      http://creativecommons.org/publicdomain/zero/1.0/
 
-Void Linux                     January 11, 2019                     Void Linux
+Void Linux                     December 19, 2019                    Void Linux
diff --git a/fail.1 b/fail.1
index 8026683..fb7b3ec 100644
--- a/fail.1
+++ b/fail.1
@@ -1,4 +1,4 @@
-.Dd January 11, 2019
+.Dd December 19, 2019
 .Dt FAIL 1
 .Os
 .Sh NAME
@@ -6,7 +6,7 @@
 .Nd crash in various possible ways
 .Sh SYNOPSIS
 .Nm
-.Op Fl 123DORabcdikrst
+.Op Fl 123DORSabcdikrst
 .Sh DESCRIPTION
 .Nm
 crashes in various possible ways to
@@ -50,6 +50,11 @@ heavily
 to test GCC's
 .Fl fstack-clash-protection
 .Pc .
+.It Fl S
+Smash the stack using
+.Xr strcpy 3 ,
+to test GCC's
+.Fl fstack-protector .
 .It Fl a
 Call
 .Xr abort 3 .
diff --git a/fail.c b/fail.c
index 855189c..a054e6e 100644
--- a/fail.c
+++ b/fail.c
@@ -14,6 +14,7 @@
 #include <signal.h>
 #include <stdio.h>
 #include <stdlib.h>
+#include <string.h>
 #include <unistd.h>
 
 void
@@ -89,6 +90,15 @@ recurse_alloca(char *n)
 		m[0] = n[0] = 42;
 }
 
+void
+stack_smash()
+{
+	char buffer[2];
+	strcpy(buffer, "stack smash stack smash stack smash stack smash");
+	printf("%s", buffer);
+	/* if we exit here, gcc may optimize the smashing detection away */
+}
+
 void
 abortme()
 {
@@ -160,7 +170,7 @@ main(int argc, char *argv[])
 {
 	int c;
 
-	while ((c = getopt(argc, argv, "123DORabcdikrst")) != -1) {
+	while ((c = getopt(argc, argv, "123DORSabcdikrst")) != -1) {
 		switch (c) {
 		case '1': exit(-1); break;
 		case '2': exit(2); break;
@@ -176,10 +186,11 @@ main(int argc, char *argv[])
 		case 'k': killme(); break;
 		case 'r': recurse(0); break;
 		case 's': segfault(); break;
+		case 'S': stack_smash(); break;
 		case 't': trap(); break;
 		}
 	}
 
-	write(2, "Usage: fail [-123ORabcdikrst]\n", 30);
+	write(2, "Usage: fail [-123ORSabcdikrst]\n", 31);
 	exit(1);
 }
-- 
cgit 1.4.1