140 lines · c
1// Test strict_string_checks option in strtol function2// RUN: %clang_asan -D_CRT_SECURE_NO_WARNINGS -DTEST1 %s -o %t3// RUN: %run %t test1 2>&14// RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&15// RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK16// RUN: %run %t test2 2>&17// RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&18// RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK29// RUN: %run %t test3 2>&110// RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&111// RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK312// RUN: %run %t test4 2>&113// RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&114// RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK415// RUN: %run %t test5 2>&116// RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&117// RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK518// RUN: %run %t test6 2>&119// RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&120// RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK621// RUN: %run %t test7 2>&122// RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&123// RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK724// REQUIRES: shadow-scale-325 26// On Windows, strtol cannot be intercepted when statically linked against the CRT.27// UNSUPPORTED: win32-static-asan28 29#include <assert.h>30#include <stdlib.h>31#include <string.h>32#include <stdio.h>33#include <sanitizer/asan_interface.h>34 35void test1(char *array, char *endptr) {36 // Buffer overflow if there is no terminating null (depends on base)37 long r = strtol(array, &endptr, 3);38 assert(array + 2 == endptr);39 assert(r == 5);40}41 42void test2(char *array, char *endptr) {43 // Buffer overflow if there is no terminating null (depends on base)44 array[2] = 'z';45 long r = strtol(array, &endptr, 35);46 assert(array + 2 == endptr);47 assert(r == 37);48}49 50void test3(char *array, char *endptr) {51#ifdef _MSC_VER52 // Using -1 for a strtol base causes MSVC to abort. Print the expected lines53 // to make the test pass.54 fprintf(stderr, "ERROR: AddressSanitizer: use-after-poison on address\n");55 fprintf(stderr, "READ of size 1\n");56 fflush(stderr);57 char *opts = getenv("ASAN_OPTIONS");58 exit(opts && strstr(opts, "strict_string_checks=true"));59#endif60 // Buffer overflow if base is invalid.61 memset(array, 0, 8);62 ASAN_POISON_MEMORY_REGION(array, 8);63 long r = strtol(array + 1, NULL, -1);64 assert(r == 0);65 ASAN_UNPOISON_MEMORY_REGION(array, 8);66}67 68void test4(char *array, char *endptr) {69#ifdef _MSC_VER70 // Using -1 for a strtol base causes MSVC to abort. Print the expected lines71 // to make the test pass.72 fprintf(stderr, "ERROR: AddressSanitizer: heap-buffer-overflow on address\n");73 fprintf(stderr, "READ of size 1\n");74 fflush(stderr);75 char *opts = getenv("ASAN_OPTIONS");76 exit(opts && strstr(opts, "strict_string_checks=true"));77#endif78 // Buffer overflow if base is invalid.79 long r = strtol(array + 3, NULL, 1);80 assert(r == 0);81}82 83void test5(char *array, char *endptr) {84 // Overflow if no digits are found.85 array[0] = ' ';86 array[1] = '+';87 array[2] = '-';88 long r = strtol(array, NULL, 0);89 assert(r == 0);90}91 92void test6(char *array, char *endptr) {93 // Overflow if no digits are found.94 array[0] = ' ';95 array[1] = array[2] = 'z';96 long r = strtol(array, &endptr, 0);97 assert(array == endptr);98 assert(r == 0);99}100 101void test7(char *array, char *endptr) {102 // Overflow if no digits are found.103 array[2] = 'z';104 long r = strtol(array + 2, NULL, 0);105 assert(r == 0);106}107 108int main(int argc, char **argv) {109 char *array0 = (char*)malloc(11);110 char* array = array0 + 8;111 char *endptr = NULL;112 array[0] = '1';113 array[1] = '2';114 array[2] = '3';115 if (argc != 2) return 1;116 if (!strcmp(argv[1], "test1")) test1(array, endptr);117 // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}118 // CHECK1: READ of size 4119 if (!strcmp(argv[1], "test2")) test2(array, endptr);120 // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}121 // CHECK2: READ of size 4122 if (!strcmp(argv[1], "test3")) test3(array0, endptr);123 // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}124 // CHECK3: READ of size 1125 if (!strcmp(argv[1], "test4")) test4(array, endptr);126 // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}127 // CHECK4: READ of size 1128 if (!strcmp(argv[1], "test5")) test5(array, endptr);129 // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}130 // CHECK5: READ of size 4131 if (!strcmp(argv[1], "test6")) test6(array, endptr);132 // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}133 // CHECK6: READ of size 4134 if (!strcmp(argv[1], "test7")) test7(array, endptr);135 // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}136 // CHECK7: READ of size 2137 free(array0);138 return 0;139}140