compiler-rt/test/hwasan/TestCases/thread-uaf.c

   1 // Tests UAF detection where Allocate/Deallocate/Use
   2 // happen in separate threads.
   3 // RUN: %clang_hwasan %s -o %t && not %run %t 2>&1 | FileCheck %s
   4 // REQUIRES: stable-runtime
   5
   6 #include <pthread.h>
   7 #include <stdlib.h>
   8 #include <stdio.h>
   9
  10 #include <sanitizer/hwasan_interface.h>
  11
  12 char *volatile x;
  13 int state;
  14
  15 void *Allocate(void *arg) {
  16   x = (char*)malloc(10);
  17   __sync_fetch_and_add(&state, 1);
  18   while (__sync_fetch_and_add(&state, 0) != 3) {}
  19   return NULL;
  20 }
  21 void *Deallocate(void *arg) {
  22   free(x);
  23   __sync_fetch_and_add(&state, 1);
  24   while (__sync_fetch_and_add(&state, 0) != 3) {}
  25   return NULL;
  26 }
  27
  28 void *Use(void *arg) {
  29   x[5] = 42;
  30   // CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address
  31   // CHECK: WRITE of size 1 {{.*}} in thread T3
  32   // CHECK: thread-uaf.c:[[@LINE-3]]
  33   // CHECK: Cause: use-after-free
  34   // CHECK: freed by thread T2 here
  35   // CHECK: in Deallocate
  36   // CHECK: previously allocated here:
  37   // CHECK: in Allocate
  38   // CHECK-DAG: Thread: T2 0x
  39   // CHECK-DAG: Thread: T3 0x
  40   // CHECK-DAG: Thread: T0 0x
  41   // CHECK-DAG: Thread: T1 0x
  42   __sync_fetch_and_add(&state, 1);
  43   return NULL;
  44 }
  45
  46 int main() {
  47   __hwasan_enable_allocator_tagging();
  48   pthread_t t1, t2, t3;
  49
  50   pthread_create(&t1, NULL, Allocate, NULL);
  51   while (__sync_fetch_and_add(&state, 0) != 1) {}
  52   pthread_create(&t2, NULL, Deallocate, NULL);
  53   while (__sync_fetch_and_add(&state, 0) != 2) {}
  54   pthread_create(&t3, NULL, Use, NULL);
  55
  56   pthread_join(t1, NULL);
  57   pthread_join(t2, NULL);
  58   pthread_join(t3, NULL);
  59 }