src/compiler-rt/test/asan/TestCases/strtoll_strict.c

   1 // Test strict_string_checks option in strtoll function
   2 // RUN: %clang_asan %s -o %t
   3 // RUN: %run %t test1 2>&1
   4 // RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1
   5 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1
   6 // RUN: %run %t test2 2>&1
   7 // RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1
   8 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2
   9 // RUN: %run %t test3 2>&1
  10 // RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1
  11 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3
  12 // RUN: %run %t test4 2>&1
  13 // RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1
  14 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4
  15 // RUN: %run %t test5 2>&1
  16 // RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1
  17 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5
  18 // RUN: %run %t test6 2>&1
  19 // RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1
  20 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6
  21 // RUN: %run %t test7 2>&1
  22 // RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1
  23 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7
  24
  25 // FIXME: Enable strtoll interceptor.
  26 // XFAIL: win32
  27
  28 #include <assert.h>
  29 #include <stdlib.h>
  30 #include <string.h>
  31 #include <sanitizer/asan_interface.h>
  32
  33 void test1(char *array, char *endptr) {
  34   // Buffer overflow if there is no terminating null (depends on base)
  35   long long r = strtoll(array, &endptr, 3);
  36   assert(array + 2 == endptr);
  37   assert(r == 5);
  38 }
  39
  40 void test2(char *array, char *endptr) {
  41   // Buffer overflow if there is no terminating null (depends on base)
  42   array[2] = 'z';
  43   long long r = strtoll(array, &endptr, 35);
  44   assert(array + 2 == endptr);
  45   assert(r == 37);
  46 }
  47
  48 void test3(char *array, char *endptr) {
  49   // Buffer overflow if base is invalid.
  50   memset(array, 0, 8);
  51   ASAN_POISON_MEMORY_REGION(array, 8);
  52   long long r = strtoll(array + 1, NULL, -1);
  53   assert(r == 0);
  54   ASAN_UNPOISON_MEMORY_REGION(array, 8);
  55 }
  56
  57 void test4(char *array, char *endptr) {
  58   // Buffer overflow if base is invalid.
  59   long long r = strtoll(array + 3, NULL, 1);
  60   assert(r == 0);
  61 }
  62
  63 void test5(char *array, char *endptr) {
  64   // Overflow if no digits are found.
  65   array[0] = ' ';
  66   array[1] = '+';
  67   array[2] = '-';
  68   long long r = strtoll(array, NULL, 0);
  69   assert(r == 0);
  70 }
  71
  72 void test6(char *array, char *endptr) {
  73   // Overflow if no digits are found.
  74   array[0] = ' ';
  75   array[1] = array[2] = 'z';
  76   long long r = strtoll(array, &endptr, 0);
  77   assert(array == endptr);
  78   assert(r == 0);
  79 }
  80
  81 void test7(char *array, char *endptr) {
  82   // Overflow if no digits are found.
  83   array[2] = 'z';
  84   long long r = strtoll(array + 2, NULL, 0);
  85   assert(r == 0);
  86 }
  87
  88 int main(int argc, char **argv) {
  89   char *array0 = (char*)malloc(11);
  90   char* array = array0 + 8;
  91   char *endptr = NULL;
  92   array[0] = '1';
  93   array[1] = '2';
  94   array[2] = '3';
  95   if (argc != 2) return 1;
  96   if (!strcmp(argv[1], "test1")) test1(array, endptr);
  97   // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
  98   // CHECK1: READ of size 4
  99   if (!strcmp(argv[1], "test2")) test2(array, endptr);
 100   // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 101   // CHECK2: READ of size 4
 102   if (!strcmp(argv[1], "test3")) test3(array0, endptr);
 103   // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}
 104   // CHECK3: READ of size 1
 105   if (!strcmp(argv[1], "test4")) test4(array, endptr);
 106   // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 107   // CHECK4: READ of size 1
 108   if (!strcmp(argv[1], "test5")) test5(array, endptr);
 109   // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 110   // CHECK5: READ of size 4
 111   if (!strcmp(argv[1], "test6")) test6(array, endptr);
 112   // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 113   // CHECK6: READ of size 4
 114   if (!strcmp(argv[1], "test7")) test7(array, endptr);
 115   // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
 116   // CHECK7: READ of size 2
 117   free(array0);
 118   return 0;
 119 }