compiler-rt/test/asan/TestCases/strtol_strict.c

   1 // Test strict_string_checks option in strtol function
   2 // RUN: %clang_asan -D_CRT_SECURE_NO_WARNINGS -DTEST1 %s -o %t
   3 // RUN: %run %t test1 2>&1
   4 // RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1
   5 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1
   6 // RUN: %run %t test2 2>&1
   7 // RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1
   8 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2
   9 // RUN: %run %t test3 2>&1
  10 // RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1
  11 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3
  12 // RUN: %run %t test4 2>&1
  13 // RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1
  14 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4
  15 // RUN: %run %t test5 2>&1
  16 // RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1
  17 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5
  18 // RUN: %run %t test6 2>&1
  19 // RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1
  20 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6
  21 // RUN: %run %t test7 2>&1
  22 // RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1
  23 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7
  24 // REQUIRES: shadow-scale-3
  25
  26 #include <assert.h>
  27 #include <stdlib.h>
  28 #include <string.h>
  29 #include <stdio.h>
  30 #include <sanitizer/asan_interface.h>
  31
  32 void test1(char *array, char *endptr) {
  33   // Buffer overflow if there is no terminating null (depends on base)
  34   long r = strtol(array, &endptr, 3);
  35   assert(array + 2 == endptr);
  36   assert(r == 5);
  37 }
  38
  39 void test2(char *array, char *endptr) {
  40   // Buffer overflow if there is no terminating null (depends on base)
  41   array[2] = 'z';
  42   long r = strtol(array, &endptr, 35);
  43   assert(array + 2 == endptr);
  44   assert(r == 37);
  45 }
  46
  47 void test3(char *array, char *endptr) {
  48 #ifdef _MSC_VER
  49   // Using -1 for a strtol base causes MSVC to abort. Print the expected lines
  50   // to make the test pass.
  51   fprintf(stderr, "ERROR: AddressSanitizer: use-after-poison on address\n");
  52   fprintf(stderr, "READ of size 1\n");
  53   fflush(stderr);
  54   char *opts = getenv("ASAN_OPTIONS");
  55   exit(opts && strstr(opts, "strict_string_checks=true"));
  56 #endif
  57   // Buffer overflow if base is invalid.
  58   memset(array, 0, 8);
  59   ASAN_POISON_MEMORY_REGION(array, 8);
  60   long r = strtol(array + 1, NULL, -1);
  61   assert(r == 0);
  62   ASAN_UNPOISON_MEMORY_REGION(array, 8);
  63 }
  64
  65 void test4(char *array, char *endptr) {
  66 #ifdef _MSC_VER
  67   // Using -1 for a strtol base causes MSVC to abort. Print the expected lines
  68   // to make the test pass.
  69   fprintf(stderr, "ERROR: AddressSanitizer: heap-buffer-overflow on address\n");
  70   fprintf(stderr, "READ of size 1\n");
  71   fflush(stderr);
  72   char *opts = getenv("ASAN_OPTIONS");
  73   exit(opts && strstr(opts, "strict_string_checks=true"));
  74 #endif
  75   // Buffer overflow if base is invalid.
  76   long r = strtol(array + 3, NULL, 1);
  77   assert(r == 0);
  78 }
  79
  80 void test5(char *array, char *endptr) {
  81   // Overflow if no digits are found.
  82   array[0] = ' ';
  83   array[1] = '+';
  84   array[2] = '-';
  85   long r = strtol(array, NULL, 0);
  86   assert(r == 0);
  87 }
  88
  89 void test6(char *array, char *endptr) {
  90   // Overflow if no digits are found.
  91   array[0] = ' ';
  92   array[1] = array[2] = 'z';
  93   long r = strtol(array, &endptr, 0);
  94   assert(array == endptr);
  95   assert(r == 0);
  96 }
  97
  98 void test7(char *array, char *endptr) {
  99   // Overflow if no digits are found.
 100   array[2] = 'z';
 101   long r = strtol(array + 2, NULL, 0);
 102   assert(r == 0);
 103 }
 104
 105 int main(int argc, char **argv) {
 106   char *array0 = (char*)malloc(11);
 107   char* array = array0 + 8;
 108   char *endptr = NULL;
 109   array[0] = '1';
 110   array[1] = '2';
 111   array[2] = '3';
 112   if (argc != 2) return 1;
 113   if (!strcmp(argv[1], "test1")) test1(array, endptr);
 114   // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 115   // CHECK1: READ of size 4
 116   if (!strcmp(argv[1], "test2")) test2(array, endptr);
 117   // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 118   // CHECK2: READ of size 4
 119   if (!strcmp(argv[1], "test3")) test3(array0, endptr);
 120   // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}
 121   // CHECK3: READ of size 1
 122   if (!strcmp(argv[1], "test4")) test4(array, endptr);
 123   // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 124   // CHECK4: READ of size 1
 125   if (!strcmp(argv[1], "test5")) test5(array, endptr);
 126   // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 127   // CHECK5: READ of size 4
 128   if (!strcmp(argv[1], "test6")) test6(array, endptr);
 129   // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 130   // CHECK6: READ of size 4
 131   if (!strcmp(argv[1], "test7")) test7(array, endptr);
 132   // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 133   // CHECK7: READ of size 2
 134   free(array0);
 135   return 0;
 136 }