brintos

brintos / llvm-project-archived public Read only

0
0
Text · 5.1 KiB · aa37af0 Raw
140 lines · c
1// Test strict_string_checks option in strtol function2// RUN: %clang_asan -D_CRT_SECURE_NO_WARNINGS -DTEST1 %s -o %t3// RUN: %run %t test1 2>&14// RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&15// RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK16// RUN: %run %t test2 2>&17// RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&18// RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK29// RUN: %run %t test3 2>&110// RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&111// RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK312// RUN: %run %t test4 2>&113// RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&114// RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK415// RUN: %run %t test5 2>&116// RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&117// RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK518// RUN: %run %t test6 2>&119// RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&120// RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK621// RUN: %run %t test7 2>&122// RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&123// RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK724// REQUIRES: shadow-scale-325 26// On Windows, strtol cannot be intercepted when statically linked against the CRT.27// UNSUPPORTED: win32-static-asan28 29#include <assert.h>30#include <stdlib.h>31#include <string.h>32#include <stdio.h>33#include <sanitizer/asan_interface.h>34 35void test1(char *array, char *endptr) {36  // Buffer overflow if there is no terminating null (depends on base)37  long r = strtol(array, &endptr, 3);38  assert(array + 2 == endptr);39  assert(r == 5);40}41 42void test2(char *array, char *endptr) {43  // Buffer overflow if there is no terminating null (depends on base)44  array[2] = 'z';45  long r = strtol(array, &endptr, 35);46  assert(array + 2 == endptr);47  assert(r == 37);48}49 50void test3(char *array, char *endptr) {51#ifdef _MSC_VER52  // Using -1 for a strtol base causes MSVC to abort. Print the expected lines53  // to make the test pass.54  fprintf(stderr, "ERROR: AddressSanitizer: use-after-poison on address\n");55  fprintf(stderr, "READ of size 1\n");56  fflush(stderr);57  char *opts = getenv("ASAN_OPTIONS");58  exit(opts && strstr(opts, "strict_string_checks=true"));59#endif60  // Buffer overflow if base is invalid.61  memset(array, 0, 8);62  ASAN_POISON_MEMORY_REGION(array, 8);63  long r = strtol(array + 1, NULL, -1);64  assert(r == 0);65  ASAN_UNPOISON_MEMORY_REGION(array, 8);66}67 68void test4(char *array, char *endptr) {69#ifdef _MSC_VER70  // Using -1 for a strtol base causes MSVC to abort. Print the expected lines71  // to make the test pass.72  fprintf(stderr, "ERROR: AddressSanitizer: heap-buffer-overflow on address\n");73  fprintf(stderr, "READ of size 1\n");74  fflush(stderr);75  char *opts = getenv("ASAN_OPTIONS");76  exit(opts && strstr(opts, "strict_string_checks=true"));77#endif78  // Buffer overflow if base is invalid.79  long r = strtol(array + 3, NULL, 1);80  assert(r == 0);81}82 83void test5(char *array, char *endptr) {84  // Overflow if no digits are found.85  array[0] = ' ';86  array[1] = '+';87  array[2] = '-';88  long r = strtol(array, NULL, 0);89  assert(r == 0);90}91 92void test6(char *array, char *endptr) {93  // Overflow if no digits are found.94  array[0] = ' ';95  array[1] = array[2] = 'z';96  long r = strtol(array, &endptr, 0);97  assert(array == endptr);98  assert(r == 0);99}100 101void test7(char *array, char *endptr) {102  // Overflow if no digits are found.103  array[2] = 'z';104  long r = strtol(array + 2, NULL, 0);105  assert(r == 0);106}107 108int main(int argc, char **argv) {109  char *array0 = (char*)malloc(11);110  char* array = array0 + 8;111  char *endptr = NULL;112  array[0] = '1';113  array[1] = '2';114  array[2] = '3';115  if (argc != 2) return 1;116  if (!strcmp(argv[1], "test1")) test1(array, endptr);117  // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}118  // CHECK1: READ of size 4119  if (!strcmp(argv[1], "test2")) test2(array, endptr);120  // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}121  // CHECK2: READ of size 4122  if (!strcmp(argv[1], "test3")) test3(array0, endptr);123  // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}124  // CHECK3: READ of size 1125  if (!strcmp(argv[1], "test4")) test4(array, endptr);126  // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}127  // CHECK4: READ of size 1128  if (!strcmp(argv[1], "test5")) test5(array, endptr);129  // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}130  // CHECK5: READ of size 4131  if (!strcmp(argv[1], "test6")) test6(array, endptr);132  // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}133  // CHECK6: READ of size 4134  if (!strcmp(argv[1], "test7")) test7(array, endptr);135  // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}136  // CHECK7: READ of size 2137  free(array0);138  return 0;139}140