Skip to content

Commit 29f8e23

Browse files
vitalybukavitalybuka
authored
[TEST][hwasan] Check more details in overflow test (llvm#67059)
1 parent 0065d75 commit 29f8e23

File tree

1 file changed

+40
-9
lines changed

1 file changed

+40
-9
lines changed

compiler-rt/test/hwasan/TestCases/heap-buffer-overflow-into.c

Lines changed: 40 additions & 9 deletions
Original file line numberDiff line numberDiff line change
@@ -1,8 +1,12 @@
11
// RUN: %clang_hwasan %s -o %t
2-
// RUN: not %run %t 5 10 2>&1 | FileCheck %s --check-prefix=CHECK5
3-
// RUN: not %run %t 7 10 2>&1 | FileCheck %s --check-prefix=CHECK7
4-
// RUN: not %run %t 8 20 2>&1 | FileCheck %s --check-prefix=CHECK8
5-
// RUN: not %run %t 32 20 2>&1 | FileCheck %s --check-prefix=CHECK32
2+
// RUN: not %run %t 5 10 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK5
3+
// RUN: not %run %t 7 10 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK7
4+
// RUN: not %run %t 8 20 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK8
5+
// RUN: not %run %t 295 300 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK295
6+
// RUN: not %run %t 1 550 550 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK1
7+
8+
// Full granule.
9+
// RUN: not %run %t 32 20 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_FULL,CHECK32
610

711
#include <sanitizer/hwasan_interface.h>
812
#include <stdio.h>
@@ -15,16 +19,43 @@ int main(int argc, char **argv) {
1519
fprintf(stderr, "Invalid number of arguments.");
1620
abort();
1721
}
18-
int read_offset = argc < 2 ? 5 : atoi(argv[1]);
19-
int size = argc < 3 ? 10 : atoi(argv[2]);
20-
char *volatile x = (char *)malloc(size);
21-
memset(x + read_offset, 0, 26);
22+
int read_offset = atoi(argv[1]);
23+
int size = atoi(argv[2]);
24+
int access_size = atoi(argv[3]);
25+
while (1) {
26+
char *volatile x = (char *)malloc(size);
27+
if (__hwasan_test_shadow(x, size + 1) == size)
28+
memset(x + read_offset, 0, access_size);
29+
free(x);
30+
}
31+
32+
// CHECK_SMALL: WRITE of size {{26|550}} at {{.*}} tags: [[TAG:[0-9a-f]+]]/{{[0-9a-f]+}}([[TAG]]) (ptr/mem)
33+
// CHECK_FULL: WRITE of size 26 at {{.*}} tags: [[TAG:[0-9a-f]+]]/00 (ptr/mem)
34+
2235
// CHECK5: Invalid access starting at offset 5
2336
// CHECK5: is located 5 bytes inside a 10-byte region
2437
// CHECK7: Invalid access starting at offset 3
2538
// CHECK7: is located 7 bytes inside a 10-byte region
2639
// CHECK8: Invalid access starting at offset 12
2740
// CHECK8: is located 8 bytes inside a 20-byte region
41+
// CHECK295: Invalid access starting at offset 5
42+
// CHECK295: is located 295 bytes inside a 300-byte region
43+
// CHECK1: Invalid access starting at offset 549
44+
// CHECK1: is located 1 bytes inside a 550-byte region
45+
46+
// CHECK32-NOT: Invalid access starting at offset
2847
// CHECK32: is located 12 bytes after a 20-byte region
29-
free(x);
48+
49+
// CHECK-LABEL: Memory tags around the buggy address
50+
// CHECK5: =>{{.*}}[0a]
51+
// CHECK7: =>{{.*}}[0a]
52+
// CHECK8: =>{{.*}}[04]
53+
// CHECK295: =>{{.*}}[0c]
54+
// CHECK1: =>{{.*}}[06]
55+
56+
// CHECK32: =>{{.*}}[00]
57+
58+
// CHECK-LABEL: Tags for short granules around the buggy address
59+
// CHECK_SMALL: =>{{.*}}{{\[}}[[TAG]]{{\]}}
60+
// CHECK_FULL: =>{{.*}}[..]
3061
}

0 commit comments

Comments
 (0)