From nobody Sat Jul 13 05:23:03 2024 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4WLcLH4640z5PvZ9; Sat, 13 Jul 2024 05:23:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4WLcLH2h8Yz4nrQ; Sat, 13 Jul 2024 05:23:03 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720848183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=f61Z4ZEMLAZd5TC0hKeb1I+iw/bLieLzJkpxj0WReJ0=; b=f59KrzremUjLUC7OVRfk4rF+pXpFZfy+EiGsUnf9uIrSJNEKesNJfB4ztjwix5iHKlnddr OBUn5h8XRgFRFflzJdvsNMlOaxIiHgqH3C6i1uvYNEilcXWDzhF1bkCPjQFUgcRXh2eLpD rdIy3jQeQFVo0JrrhK4uIB0V8+byIaa66A5hKG/fJL/QI/A/QpN268FrEH6ANxwQ16u+QP Ap0LZM0H6+P3WH+rGzPcx147tgHbZGUnNsYv8gHu2VLI0Y+i70bDeEaAxPBGD3vNmhz0Jo zn8OsTRAIdWdU+i+pL4NBEYbxcUQ2100OU7FkynaC+vuoZqCJRhfhM6xO56gvA== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1720848183; a=rsa-sha256; cv=none; b=dzd+xMzZx2PsY3mspxnF0UQtGX/v/jt/bAO3q0UkHoFMJjHiF4PgTPV+Svnt4G6Sq1+OZm zwd8UvSZc4hlOxEEIa3wz4wpmQoRQx9XQ/SQ3UWZYaIYZAb4eeJWnQLeccZHOgs6hx5dB+ JIPt24j2FejYDNmsTM0ycWKQwwx/fkhHY9r4/ifUOAFmZFCDIW1mkLDltdPgmkKBrp8FJC loyYECqCAMe5Xx7lgifMlT/XxEEkkCllAkdLYsnehIccWCoC7krHYZrMUXdpYA4bjtxl2Z R9Kqldeps504HIE63m4XZtQkju3ROWeWhLSyJPdo2zBwWYDvpoR/NzlE4q6xRg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1720848183; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=f61Z4ZEMLAZd5TC0hKeb1I+iw/bLieLzJkpxj0WReJ0=; b=Uz3NdKs6K0q6h3etzRIoFSmFKBp5w5yYqQanyAUkt6by5vjuIchO3HKKtyNYdWS6Jx3axV r+XADyiCsNsUoWbCFUFDC05kbiaZghFtFLZCljEABhOeQCOdD8cW1W2TuDBC9cMvJmPiTE bPDE2jFo5sRKBQ1Mmcj1wfHcH7qYvj/6X4dyInzZrRRJRBJa6+dvQBWQ6bUWYUN9pVQKXH WA9ruR+HeRZ2TR5VRKrTXWN4ewY0co8UMGQsDTg/2c6HXrKwYQOFRf5D/5jG6cqnruC47C ru7P0gjGX2Il1noU+Z5Bd3GD1SxmrSiWKIQqjVUp1YktJvQeT1O2EndbqOTNsw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4WLcLH2HRNzDn3; Sat, 13 Jul 2024 05:23:03 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 46D5N3vN032623; Sat, 13 Jul 2024 05:23:03 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 46D5N3bh032620; Sat, 13 Jul 2024 05:23:03 GMT (envelope-from git) Date: Sat, 13 Jul 2024 05:23:03 GMT Message-Id: <202407130523.46D5N3bh032620@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kyle Evans Subject: git: d0b7445904f5 - main - include: ssp: fortify List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kevans X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: d0b7445904f592bf379d64932fb6f1fdc29c4aa7 Auto-Submitted: auto-generated The branch main has been updated by kevans: URL: https://cgit.FreeBSD.org/src/commit/?id=d0b7445904f592bf379d64932fb6f1fdc29c4aa7 commit d0b7445904f592bf379d64932fb6f1fdc29c4aa7 Author: Kyle Evans AuthorDate: 2024-07-13 05:16:11 +0000 Commit: Kyle Evans CommitDate: 2024-07-13 05:16:24 +0000 include: ssp: fortify The immediately obvious and attractive targets from are arc4random_buf(3) and realpath(3) -- scraping the header didn't reveal much else of interest. Reviewed by: markj Sponsored by: Klara, Inc. Sponsored by: Stormshield Differential Revision: https://reviews.freebsd.org/D45681 --- include/ssp/Makefile | 2 +- include/ssp/stdlib.h | 53 ++++ include/stdlib.h | 4 + lib/libc/gen/arc4random.c | 3 +- lib/libc/stdlib/realpath.c | 3 +- lib/libc/tests/secure/Makefile | 1 + lib/libc/tests/secure/fortify_stdlib_test.c | 383 +++++++++++++++++++++++ lib/libc/tests/secure/generate-fortify-tests.lua | 20 ++ 8 files changed, 466 insertions(+), 3 deletions(-) diff --git a/include/ssp/Makefile b/include/ssp/Makefile index a97139e75c7b..2bbbc2eab705 100644 --- a/include/ssp/Makefile +++ b/include/ssp/Makefile @@ -1,4 +1,4 @@ -INCS= poll.h ssp.h stdio.h string.h strings.h unistd.h +INCS= poll.h ssp.h stdio.h stdlib.h string.h strings.h unistd.h INCSDIR= ${INCLUDEDIR}/ssp .include diff --git a/include/ssp/stdlib.h b/include/ssp/stdlib.h new file mode 100644 index 000000000000..f595ecbcbc0a --- /dev/null +++ b/include/ssp/stdlib.h @@ -0,0 +1,53 @@ +/*- + * SPDX-License-Identifier: BSD-2-Clause + * + * Copyright (c) 2024, Klara, Inc. + * + * Redistribution and use in source and binary forms, with or without + * modification, are permitted provided that the following conditions + * are met: + * 1. Redistributions of source code must retain the above copyright + * notice, this list of conditions and the following disclaimer. + * 2. Redistributions in binary form must reproduce the above copyright + * notice, this list of conditions and the following disclaimer in the + * documentation and/or other materials provided with the distribution. + * + * THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS + * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED + * TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR + * PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS + * BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR + * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF + * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS + * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN + * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) + * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE + * POSSIBILITY OF SUCH DAMAGE. + */ +#ifndef _SSP_STDLIB_H_ +#define _SSP_STDLIB_H_ + +#include + +#if __SSP_FORTIFY_LEVEL > 0 + +#include + +__BEGIN_DECLS + +__ssp_redirect(void, arc4random_buf, (void *__buf, size_t __len), + (__buf, __len)); + +__ssp_redirect_raw_impl(char *, realpath, realpath, + (const char *__restrict path, char *__restrict buf)) +{ + if (__ssp_bos(buf) < PATH_MAX) + __chk_fail(); + + return (__ssp_real(realpath)(path, buf)); +} + +__END_DECLS + +#endif /* __SSP_FORTIFY_LEVEL > 0 */ +#endif /* _SSP_STDLIB_H_ */ diff --git a/include/stdlib.h b/include/stdlib.h index db339688cb78..162031ab393d 100644 --- a/include/stdlib.h +++ b/include/stdlib.h @@ -69,6 +69,10 @@ typedef struct { */ #define RAND_MAX 0x7fffffff +#if !defined(_STANDALONE) && defined(_FORTIFY_SOURCE) && _FORTIFY_SOURCE > 0 +#include +#endif + __BEGIN_DECLS #ifdef _XLOCALE_H_ #include diff --git a/lib/libc/gen/arc4random.c b/lib/libc/gen/arc4random.c index fdb1688cfe9c..cc65e0131970 100644 --- a/lib/libc/gen/arc4random.c +++ b/lib/libc/gen/arc4random.c @@ -35,6 +35,7 @@ #include #include #include +#include #include #include @@ -243,7 +244,7 @@ arc4random(void) } void -arc4random_buf(void *buf, size_t n) +__ssp_real(arc4random_buf)(void *buf, size_t n) { _ARC4_LOCK(); _rs_random_buf(buf, n); diff --git a/lib/libc/stdlib/realpath.c b/lib/libc/stdlib/realpath.c index 992d14302fe0..554d70b43a29 100644 --- a/lib/libc/stdlib/realpath.c +++ b/lib/libc/stdlib/realpath.c @@ -37,6 +37,7 @@ #include #include #include +#include #include "un-namespace.h" #include "libc_private.h" @@ -203,7 +204,7 @@ realpath1(const char *path, char *resolved) } char * -realpath(const char * __restrict path, char * __restrict resolved) +__ssp_real(realpath)(const char * __restrict path, char * __restrict resolved) { char *m, *res; diff --git a/lib/libc/tests/secure/Makefile b/lib/libc/tests/secure/Makefile index 2e98b5f2ed35..63fe4cb96f02 100644 --- a/lib/libc/tests/secure/Makefile +++ b/lib/libc/tests/secure/Makefile @@ -3,6 +3,7 @@ TESTSDIR:= ${TESTSBASE}/${RELDIR:C/libc\/tests/libc/} FORTIFY_TCATS+= poll +FORTIFY_TCATS+= stdlib FORTIFY_TCATS+= stdio FORTIFY_TCATS+= string FORTIFY_TCATS+= strings diff --git a/lib/libc/tests/secure/fortify_stdlib_test.c b/lib/libc/tests/secure/fortify_stdlib_test.c new file mode 100644 index 000000000000..e00983a58aa4 --- /dev/null +++ b/lib/libc/tests/secure/fortify_stdlib_test.c @@ -0,0 +1,383 @@ +/* @generated by `generate-fortify-tests.lua "stdlib"` */ + +#define _FORTIFY_SOURCE 2 +#define TMPFILE_SIZE (1024 * 32) + +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include +#include + +static FILE * __unused +new_fp(size_t __len) +{ + static char fpbuf[LINE_MAX]; + FILE *fp; + + ATF_REQUIRE(__len <= sizeof(fpbuf)); + + memset(fpbuf, 'A', sizeof(fpbuf) - 1); + fpbuf[sizeof(fpbuf) - 1] = '\0'; + + fp = fmemopen(fpbuf, sizeof(fpbuf), "rb"); + ATF_REQUIRE(fp != NULL); + + return (fp); +} + +/* + * Create a new symlink to use for readlink(2) style tests, we'll just use a + * random target name to have something interesting to look at. + */ +static const char * __unused +new_symlink(size_t __len) +{ + static const char linkname[] = "link"; + char target[MAXNAMLEN]; + int error; + + ATF_REQUIRE(__len <= sizeof(target)); + + arc4random_buf(target, sizeof(target)); + + error = unlink(linkname); + ATF_REQUIRE(error == 0 || errno == ENOENT); + + error = symlink(target, linkname); + ATF_REQUIRE(error == 0); + + return (linkname); +} + +/* + * Constructs a tmpfile that we can use for testing read(2) and friends. + */ +static int __unused +new_tmpfile(void) +{ + char buf[1024]; + ssize_t rv; + size_t written; + int fd; + + fd = open("tmpfile", O_RDWR | O_CREAT | O_TRUNC, 0644); + ATF_REQUIRE(fd >= 0); + + written = 0; + while (written < TMPFILE_SIZE) { + rv = write(fd, buf, sizeof(buf)); + ATF_REQUIRE(rv > 0); + + written += rv; + } + + ATF_REQUIRE_EQ(0, lseek(fd, 0, SEEK_SET)); + return (fd); +} + +static void +disable_coredumps(void) +{ + struct rlimit rl = { 0 }; + + if (setrlimit(RLIMIT_CORE, &rl) == -1) + _exit(EX_OSERR); +} + +/* + * Replaces stdin with a file that we can actually read from, for tests where + * we want a FILE * or fd that we can get data from. + */ +static void __unused +replace_stdin(void) +{ + int fd; + + fd = new_tmpfile(); + + (void)dup2(fd, STDIN_FILENO); + if (fd != STDIN_FILENO) + close(fd); +} + +ATF_TC_WITHOUT_HEAD(arc4random_buf_before_end); +ATF_TC_BODY(arc4random_buf_before_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + unsigned char __buf[42]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 42 - 1; + const size_t __idx __unused = __len - 1; + + arc4random_buf(__stack.__buf, __len); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(arc4random_buf_end); +ATF_TC_BODY(arc4random_buf_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + unsigned char __buf[42]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = 42; + const size_t __idx __unused = __len - 1; + + arc4random_buf(__stack.__buf, __len); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(arc4random_buf_heap_before_end); +ATF_TC_BODY(arc4random_buf_heap_before_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); + const size_t __len = 42 - 1; + const size_t __idx __unused = __len - 1; + + __stack.__buf = malloc(__bufsz); + + arc4random_buf(__stack.__buf, __len); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(arc4random_buf_heap_end); +ATF_TC_BODY(arc4random_buf_heap_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); + const size_t __len = 42; + const size_t __idx __unused = __len - 1; + + __stack.__buf = malloc(__bufsz); + + arc4random_buf(__stack.__buf, __len); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(arc4random_buf_heap_after_end); +ATF_TC_BODY(arc4random_buf_heap_after_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (42); + const size_t __len = 42 + 1; + const size_t __idx __unused = __len - 1; + pid_t __child; + int __status; + + __child = fork(); + ATF_REQUIRE(__child >= 0); + if (__child > 0) + goto monitor; + + /* Child */ + disable_coredumps(); + __stack.__buf = malloc(__bufsz); + + arc4random_buf(__stack.__buf, __len); + _exit(EX_SOFTWARE); /* Should have aborted. */ + +monitor: + while (waitpid(__child, &__status, 0) != __child) { + ATF_REQUIRE_EQ(EINTR, errno); + } + + if (!WIFSIGNALED(__status)) { + switch (WEXITSTATUS(__status)) { + case EX_SOFTWARE: + atf_tc_fail("FORTIFY_SOURCE failed to abort"); + break; + case EX_OSERR: + atf_tc_fail("setrlimit(2) failed"); + break; + default: + atf_tc_fail("child exited with status %d", + WEXITSTATUS(__status)); + } + } else { + ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); + } +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(realpath_before_end); +ATF_TC_BODY(realpath_before_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + unsigned char __buf[PATH_MAX + 1]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = PATH_MAX + 1; + const size_t __idx __unused = __len - 1; + + realpath(".", __stack.__buf); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(realpath_end); +ATF_TC_BODY(realpath_end, tc) +{ +#define BUF &__stack.__buf + struct { + uint8_t padding_l; + unsigned char __buf[PATH_MAX]; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(__stack.__buf); + const size_t __len = PATH_MAX; + const size_t __idx __unused = __len - 1; + + realpath(".", __stack.__buf); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(realpath_heap_before_end); +ATF_TC_BODY(realpath_heap_before_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (PATH_MAX + 1); + const size_t __len = PATH_MAX + 1; + const size_t __idx __unused = __len - 1; + + __stack.__buf = malloc(__bufsz); + + realpath(".", __stack.__buf); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(realpath_heap_end); +ATF_TC_BODY(realpath_heap_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (PATH_MAX); + const size_t __len = PATH_MAX; + const size_t __idx __unused = __len - 1; + + __stack.__buf = malloc(__bufsz); + + realpath(".", __stack.__buf); +#undef BUF + +} + +ATF_TC_WITHOUT_HEAD(realpath_heap_after_end); +ATF_TC_BODY(realpath_heap_after_end, tc) +{ +#define BUF __stack.__buf + struct { + uint8_t padding_l; + unsigned char * __buf; + uint8_t padding_r; + } __stack; + const size_t __bufsz __unused = sizeof(*__stack.__buf) * (PATH_MAX - 1); + const size_t __len = PATH_MAX - 1; + const size_t __idx __unused = __len - 1; + pid_t __child; + int __status; + + __child = fork(); + ATF_REQUIRE(__child >= 0); + if (__child > 0) + goto monitor; + + /* Child */ + disable_coredumps(); + __stack.__buf = malloc(__bufsz); + + realpath(".", __stack.__buf); + _exit(EX_SOFTWARE); /* Should have aborted. */ + +monitor: + while (waitpid(__child, &__status, 0) != __child) { + ATF_REQUIRE_EQ(EINTR, errno); + } + + if (!WIFSIGNALED(__status)) { + switch (WEXITSTATUS(__status)) { + case EX_SOFTWARE: + atf_tc_fail("FORTIFY_SOURCE failed to abort"); + break; + case EX_OSERR: + atf_tc_fail("setrlimit(2) failed"); + break; + default: + atf_tc_fail("child exited with status %d", + WEXITSTATUS(__status)); + } + } else { + ATF_REQUIRE_EQ(SIGABRT, WTERMSIG(__status)); + } +#undef BUF + +} + +ATF_TP_ADD_TCS(tp) +{ + ATF_TP_ADD_TC(tp, arc4random_buf_before_end); + ATF_TP_ADD_TC(tp, arc4random_buf_end); + ATF_TP_ADD_TC(tp, arc4random_buf_heap_before_end); + ATF_TP_ADD_TC(tp, arc4random_buf_heap_end); + ATF_TP_ADD_TC(tp, arc4random_buf_heap_after_end); + ATF_TP_ADD_TC(tp, realpath_before_end); + ATF_TP_ADD_TC(tp, realpath_end); + ATF_TP_ADD_TC(tp, realpath_heap_before_end); + ATF_TP_ADD_TC(tp, realpath_heap_end); + ATF_TP_ADD_TC(tp, realpath_heap_after_end); + return (atf_no_error()); +} diff --git a/lib/libc/tests/secure/generate-fortify-tests.lua b/lib/libc/tests/secure/generate-fortify-tests.lua index bb654bbf2f71..b559fbded070 100755 --- a/lib/libc/tests/secure/generate-fortify-tests.lua +++ b/lib/libc/tests/secure/generate-fortify-tests.lua @@ -262,6 +262,26 @@ local all_tests = { ]], }, }, + stdlib = { + -- + { + func = "arc4random_buf", + arguments = { + "__buf", + "__len", + }, + exclude = excludes_stack_overflow, + }, + { + func = "realpath", + bufsize = "PATH_MAX", + arguments = { + "\".\"", + "__buf", + }, + exclude = excludes_stack_overflow, + }, + }, string = { -- {