MinSFI: Passing arguments to the entry function

tests/minsfi/test_invoke_args.c

+/*
+ * Copyright (c) 2014 The Native Client Authors. All rights reserved.
+ * Use of this source code is governed by a BSD-style license that can be
+ * found in the LICENSE file.
+ */
+#include <string.h>
+
+#include "native_client/src/include/minsfi.h"
+#include "native_client/src/include/nacl_assert.h"
+
+/*
+ * This tests whether arguments are correctly passed to the sandbox. We do
+ * this by passing it a series of strings containing integer numbers. The
+ * sandbox is expected to parse the arguments and return their sum.
+ */
+void test_valid_args(void) {
+  char *argv_99[] = { "99" };
+  char *argv_1_22_333[] = { "1", "22", "333" };
+
+  /* Prepare the sandbox. */
+  MinsfiInitializeSandbox();
+
+  /* Empty arguments. The sandbox should always receive at least one argument
+   * (the name of the binary) but we test this anyway. */
+  ASSERT_EQ(0, MinsfiInvokeSandbox(0, NULL));
+
+  /* Single argument. */
+  ASSERT_EQ(99, MinsfiInvokeSandbox(1, argv_99));
+
+  /* Multiple arguments. */
+  ASSERT_EQ(356, MinsfiInvokeSandbox(3, argv_1_22_333));
+
+  /* Clean up. */
+  MinsfiDestroySandbox();
+}
+
+/* Helper function which creates a NULL-terminated string that occupies

[jvoung (off chromium), 2014/09/10 17:04:29]

/*
 * xyz
 */

[dbrazdil, 2014/09/10 18:49:48]

Done. (and below...)

+ * the given number of bytes. */
+static inline char *get_str(int bytes) {
+  char *str = (char*) malloc(bytes);
+  memset(str, 49, bytes - 1);
+  str[bytes - 1] = 0;
+  return str;
+}
+
+void test_invalid_args(void) {
+  int page_size = getpagesize();
+  char *argv_long_arg[] = { get_str(32 * page_size) };

[jvoung (off chromium), 2014/09/10 17:04:30]

Maybe minsfi_priv.h should have a function or something to return the size of
the initial thread's stack (well, the only stack right now). Then that can
change in sync with the tests.

[dbrazdil, 2014/09/10 18:49:47]

Queries the active sandbox. Now tests invoke CopyArguments directly and check
the output which is much more reliable. They still run InvokeSandbox to verify
that it will fail.

+  char *argv_longer_arg[] = { get_str(15 * page_size),
+                              get_str(10 * page_size),
+                              get_str(8 * page_size) };
+
+  /* Prepare the sandbox. */
+  MinsfiInitializeSandbox();
+
+  /* argc < 0 doesn't make sense */
+  ASSERT_EQ(EXIT_FAILURE, MinsfiInvokeSandbox(-5, NULL));
+
+  /* The last argument will attempt to write beyong the limits of the stack. */
+  ASSERT_EQ(EXIT_FAILURE, MinsfiInvokeSandbox(3, argv_longer_arg));
+
+  /* After copying the actual argument the algorithm will also try to write
+   * the header of the info data structure, but the stack is too small. */
+  ASSERT_EQ(EXIT_FAILURE, MinsfiInvokeSandbox(1, argv_long_arg));
+

[jvoung (off chromium), 2014/09/10 17:04:30]

How about a test where it does barely fit and exits cleanly.

[dbrazdil, 2014/09/10 18:49:48]

Done.

+  /* Clean up. */
+  MinsfiDestroySandbox();
+  free(argv_long_arg[0]);
+  free(argv_longer_arg[0]);
+  free(argv_longer_arg[1]);
+  free(argv_longer_arg[2]);
+}
+
+int main(void) {
+  test_valid_args();
+  test_invalid_args();
+  return 0;
+}