blob: 38e06d28932b2faad7c3f51244ad0e3010ad1308 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
|
// RUN: %clang_hwasan %s -o %t
// RUN: not %run %t 40 2>&1 | FileCheck %s --check-prefix=CHECK40-LEFT
// RUN: %env_hwasan_opts=malloc_align_right=2 not %run %t 40 2>&1 | FileCheck %s --check-prefix=CHECK40-RIGHT
// RUN: not %run %t 80 2>&1 | FileCheck %s --check-prefix=CHECK80-LEFT
// RUN: %env_hwasan_opts=malloc_align_right=2 not %run %t 80 2>&1 | FileCheck %s --check-prefix=CHECK80-RIGHT
// RUN: not %run %t -30 2>&1 | FileCheck %s --check-prefix=CHECKm30
// RUN: not %run %t -30 1000000 2>&1 | FileCheck %s --check-prefix=CHECKMm30
// RUN: not %run %t 1000000 1000000 2>&1 | FileCheck %s --check-prefix=CHECKM
// Test OOB within the granule.
// Misses the bug when malloc is left-aligned, catches it otherwise.
// RUN: %run %t 31
// RUN: %env_hwasan_opts=malloc_align_right=2 not %run %t 31 2>&1 | FileCheck %s --check-prefix=CHECK31
// RUN: %run %t 30 20
// RUN: %env_hwasan_opts=malloc_align_right=9 not %run %t 30 20 2>&1 | FileCheck %s --check-prefix=CHECK20-RIGHT8
// RUN: %env_hwasan_opts=malloc_align_right=42 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-WRONG-FLAG
// REQUIRES: stable-runtime
#include <stdlib.h>
#include <stdio.h>
#include <sanitizer/hwasan_interface.h>
int main(int argc, char **argv) {
__hwasan_enable_allocator_tagging();
int offset = argc < 2 ? 40 : atoi(argv[1]);
int size = argc < 3 ? 30 : atoi(argv[2]);
char * volatile x = (char*)malloc(size);
fprintf(stderr, "base: %p access: %p\n", x, &x[offset]);
x[offset] = 42;
// CHECK40-LEFT: allocated heap chunk; size: 32 offset: 8
// CHECK40-LEFT: is located 10 bytes to the right of 30-byte region
// CHECK40-RIGHT: allocated heap chunk; size: 32 offset: 10
// CHECK40-RIGHT: is located 10 bytes to the right of 30-byte region
//
// CHECK80-LEFT: allocated heap chunk; size: 32 offset: 16
// CHECK80-LEFT: is located 50 bytes to the right of 30-byte region
// CHECK80-RIGHT: allocated heap chunk; size: 32 offset: 18
// CHECK80-RIGHT: is located 50 bytes to the right of 30-byte region
//
// CHECKm30: allocated heap chunk; size: 32 offset: 2
// CHECKm30: is located 30 bytes to the left of 30-byte region
//
// CHECKMm30: is a large allocated heap chunk; size: 1003520 offset: -30
// CHECKMm30: is located 30 bytes to the left of 1000000-byte region
//
// CHECKM: is a large allocated heap chunk; size: 1003520 offset: 1000000
// CHECKM: is located 0 bytes to the right of 1000000-byte region
//
// CHECK31: is located 1 bytes to the right of 30-byte region
//
// CHECK20-RIGHT8: is located 10 bytes to the right of 20-byte region [0x{{.*}}8,0x{{.*}}c)
//
// CHECK-WRONG-FLAG: ERROR: unsupported value of malloc_align_right flag: 42
free(x);
}
|
