1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
| // Test strict_string_checks option in strcat function
// RUN: %clang_asan %s -o %t
// RUN: not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1-NONSTRICT --check-prefix=CHECK1
// RUN: %env_asan_opts=strict_string_checks=false not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1-NONSTRICT --check-prefix=CHECK1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1-STRICT --check-prefix=CHECK1
// RUN: not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2-NONSTRICT --check-prefix=CHECK2
// RUN: %env_asan_opts=strict_string_checks=false not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2-NONSTRICT --check-prefix=CHECK2
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2-STRICT --check-prefix=CHECK2
#include <assert.h>
#include <stdlib.h>
#include <string.h>
void test1(char *to, int to_size, char *from) {
// One of arguments points to not allocated memory.
char* r = strcat(to + to_size, from);
}
void test2(char *to, int to_size, char *from) {
// "to" is not zero-terminated.
memset(to, 'z', to_size);
char* r = strcat(to, from);
}
int main(int argc, char **argv) {
size_t to_size = 100;
char *to = (char*)malloc(to_size);
size_t from_size = 20;
char *from = (char*)malloc(from_size);
memset(from, 'z', from_size);
from[from_size - 1] = '\0';
if (argc != 2) return 1;
if (!strcmp(argv[1], "test1")) test1(to, to_size, from);
// CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK1-STRICT: READ of size 1
// CHECK1-NONSTRICT: WRITE of size 20
if (!strcmp(argv[1], "test2")) test2(to, to_size, from);
// CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK2-STRICT: READ of size 101
// CHECK2-NONSTRICT: WRITE of size 20
free(to);
free(from);
return 0;
}
|