compiler-rt/test/asan/TestCases/strtoll_strict.c

   1 // Test strict_string_checks option in strtoll function
   2 // RUN: %clang_asan %s -o %t
   3 // RUN: %run %t test1 2>&1
   4 // RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1
   5 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1
   6 // RUN: %run %t test2 2>&1
   7 // RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1
   8 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2
   9 // RUN: %run %t test3 2>&1
  10 // RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1
  11 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3
  12 // RUN: %run %t test4 2>&1
  13 // RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1
  14 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4
  15 // RUN: %run %t test5 2>&1
  16 // RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1
  17 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5
  18 // RUN: %run %t test6 2>&1
  19 // RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1
  20 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6
  21 // RUN: %run %t test7 2>&1
  22 // RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1
  23 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7
  24
  25 // FIXME: Enable strtoll interceptor.
  26 // REQUIRES: shadow-scale-3
  27 // XFAIL: target={{.*windows-msvc.*}}
  28
  29 #include <assert.h>
  30 #include <stdlib.h>
  31 #include <string.h>
  32 #include <sanitizer/asan_interface.h>
  33
  34 void test1(char *array, char *endptr) {
  35   // Buffer overflow if there is no terminating null (depends on base)
  36   long long r = strtoll(array, &endptr, 3);
  37   assert(array + 2 == endptr);
  38   assert(r == 5);
  39 }
  40
  41 void test2(char *array, char *endptr) {
  42   // Buffer overflow if there is no terminating null (depends on base)
  43   array[2] = 'z';
  44   long long r = strtoll(array, &endptr, 35);
  45   assert(array + 2 == endptr);
  46   assert(r == 37);
  47 }
  48
  49 void test3(char *array, char *endptr) {
  50   // Buffer overflow if base is invalid.
  51   memset(array, 0, 8);
  52   ASAN_POISON_MEMORY_REGION(array, 8);
  53   long long r = strtoll(array + 1, NULL, -1);
  54   assert(r == 0);
  55   ASAN_UNPOISON_MEMORY_REGION(array, 8);
  56 }
  57
  58 void test4(char *array, char *endptr) {
  59   // Buffer overflow if base is invalid.
  60   long long r = strtoll(array + 3, NULL, 1);
  61   assert(r == 0);
  62 }
  63
  64 void test5(char *array, char *endptr) {
  65   // Overflow if no digits are found.
  66   array[0] = ' ';
  67   array[1] = '+';
  68   array[2] = '-';
  69   long long r = strtoll(array, NULL, 0);
  70   assert(r == 0);
  71 }
  72
  73 void test6(char *array, char *endptr) {
  74   // Overflow if no digits are found.
  75   array[0] = ' ';
  76   array[1] = array[2] = 'z';
  77   long long r = strtoll(array, &endptr, 0);
  78   assert(array == endptr);
  79   assert(r == 0);
  80 }
  81
  82 void test7(char *array, char *endptr) {
  83   // Overflow if no digits are found.
  84   array[2] = 'z';
  85   long long r = strtoll(array + 2, NULL, 0);
  86   assert(r == 0);
  87 }
  88
  89 int main(int argc, char **argv) {
  90   char *array0 = (char*)malloc(11);
  91   char* array = array0 + 8;
  92   char *endptr = NULL;
  93   array[0] = '1';
  94   array[1] = '2';
  95   array[2] = '3';
  96   if (argc != 2) return 1;
  97   if (!strcmp(argv[1], "test1")) test1(array, endptr);
  98   // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
  99   // CHECK1: READ of size 4
 100   if (!strcmp(argv[1], "test2")) test2(array, endptr);
 101   // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 102   // CHECK2: READ of size 4
 103   if (!strcmp(argv[1], "test3")) test3(array0, endptr);
 104   // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}
 105   // CHECK3: READ of size 1
 106   if (!strcmp(argv[1], "test4")) test4(array, endptr);
 107   // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 108   // CHECK4: READ of size 1
 109   if (!strcmp(argv[1], "test5")) test5(array, endptr);
 110   // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 111   // CHECK5: READ of size 4
 112   if (!strcmp(argv[1], "test6")) test6(array, endptr);
 113   // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 114   // CHECK6: READ of size 4
 115   if (!strcmp(argv[1], "test7")) test7(array, endptr);
 116   // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 117   // CHECK7: READ of size 2
 118   free(array0);
 119   return 0;
 120 }