121 lines · c
1// Test strict_string_checks option in strtoll function2// RUN: %clang_asan %s -o %t3// RUN: %run %t test1 2>&14// RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&15// RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK16// RUN: %run %t test2 2>&17// RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&18// RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK29// RUN: %run %t test3 2>&110// RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&111// RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK312// RUN: %run %t test4 2>&113// RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&114// RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK415// RUN: %run %t test5 2>&116// RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&117// RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK518// RUN: %run %t test6 2>&119// RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&120// RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK621// RUN: %run %t test7 2>&122// RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&123// RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK724 25// FIXME: Enable strtoll interceptor.26// REQUIRES: shadow-scale-327// XFAIL: target={{.*windows-msvc.*}}28 29#include <assert.h>30#include <stdlib.h>31#include <string.h>32#include <sanitizer/asan_interface.h>33 34void test1(char *array, char *endptr) {35 // Buffer overflow if there is no terminating null (depends on base)36 long long r = strtoll(array, &endptr, 3);37 assert(array + 2 == endptr);38 assert(r == 5);39}40 41void test2(char *array, char *endptr) {42 // Buffer overflow if there is no terminating null (depends on base)43 array[2] = 'z';44 long long r = strtoll(array, &endptr, 35);45 assert(array + 2 == endptr);46 assert(r == 37);47}48 49void test3(char *array, char *endptr) {50 // Buffer overflow if base is invalid.51 memset(array, 0, 8);52 ASAN_POISON_MEMORY_REGION(array, 8);53 long long r = strtoll(array + 1, NULL, -1);54 assert(r == 0);55 ASAN_UNPOISON_MEMORY_REGION(array, 8);56}57 58void test4(char *array, char *endptr) {59 // Buffer overflow if base is invalid.60 long long r = strtoll(array + 3, NULL, 1);61 assert(r == 0);62}63 64void test5(char *array, char *endptr) {65 // Overflow if no digits are found.66 array[0] = ' ';67 array[1] = '+';68 array[2] = '-';69 long long r = strtoll(array, NULL, 0);70 assert(r == 0);71}72 73void test6(char *array, char *endptr) {74 // Overflow if no digits are found.75 array[0] = ' ';76 array[1] = array[2] = 'z';77 long long r = strtoll(array, &endptr, 0);78 assert(array == endptr);79 assert(r == 0);80}81 82void test7(char *array, char *endptr) {83 // Overflow if no digits are found.84 array[2] = 'z';85 long long r = strtoll(array + 2, NULL, 0);86 assert(r == 0);87}88 89int main(int argc, char **argv) {90 char *array0 = (char*)malloc(11);91 char* array = array0 + 8;92 char *endptr = NULL;93 array[0] = '1';94 array[1] = '2';95 array[2] = '3';96 if (argc != 2) return 1;97 if (!strcmp(argv[1], "test1")) test1(array, endptr);98 // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}99 // CHECK1: READ of size 4100 if (!strcmp(argv[1], "test2")) test2(array, endptr);101 // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}102 // CHECK2: READ of size 4103 if (!strcmp(argv[1], "test3")) test3(array0, endptr);104 // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}105 // CHECK3: READ of size 1106 if (!strcmp(argv[1], "test4")) test4(array, endptr);107 // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}108 // CHECK4: READ of size 1109 if (!strcmp(argv[1], "test5")) test5(array, endptr);110 // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}111 // CHECK5: READ of size 4112 if (!strcmp(argv[1], "test6")) test6(array, endptr);113 // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}114 // CHECK6: READ of size 4115 if (!strcmp(argv[1], "test7")) test7(array, endptr);116 // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}117 // CHECK7: READ of size 2118 free(array0);119 return 0;120}121