reference, declaration → definition
definition → references, declarations, derived classes, virtual overrides
reference to multiple definitions → definitions
unreferenced

    1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81
   82
   83
   84
   85
   86
   87
   88
   89
   90
   91
   92
   93
   94
   95
   96
   97
   98
   99
  100
  101
  102
  103
  104
  105
  106
  107
  108
  109
  110
  111
  112
  113
  114
  115
  116
  117
  118
  119
  120

// Test strict_string_checks option in strtoll function
// RUN: %clang_asan %s -o %t
// RUN: %run %t test1 2>&1
// RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1
// RUN: %run %t test2 2>&1
// RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2
// RUN: %run %t test3 2>&1
// RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3
// RUN: %run %t test4 2>&1
// RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4
// RUN: %run %t test5 2>&1
// RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5
// RUN: %run %t test6 2>&1
// RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6
// RUN: %run %t test7 2>&1
// RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7

// FIXME: Enable strtoll interceptor.
// REQUIRES: shadow-scale-3
// XFAIL: windows-msvc

#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <sanitizer/asan_interface.h>

void test1(char *array, char *endptr) {
  // Buffer overflow if there is no terminating null (depends on base)
  long long r = strtoll(array, &endptr, 3);
  assert(array + 2 == endptr);
  assert(r == 5);
}

void test2(char *array, char *endptr) {
  // Buffer overflow if there is no terminating null (depends on base)
  array[2] = 'z';
  long long r = strtoll(array, &endptr, 35);
  assert(array + 2 == endptr);
  assert(r == 37);
}

void test3(char *array, char *endptr) {
  // Buffer overflow if base is invalid.
  memset(array, 0, 8);
  ASAN_POISON_MEMORY_REGION(array, 8);
  long long r = strtoll(array + 1, NULL, -1);
  assert(r == 0);
  ASAN_UNPOISON_MEMORY_REGION(array, 8);
}

void test4(char *array, char *endptr) {
  // Buffer overflow if base is invalid.
  long long r = strtoll(array + 3, NULL, 1);
  assert(r == 0);
}

void test5(char *array, char *endptr) {
  // Overflow if no digits are found.
  array[0] = ' ';
  array[1] = '+';
  array[2] = '-';
  long long r = strtoll(array, NULL, 0);
  assert(r == 0);
}

void test6(char *array, char *endptr) {
  // Overflow if no digits are found.
  array[0] = ' ';
  array[1] = array[2] = 'z';
  long long r = strtoll(array, &endptr, 0);
  assert(array == endptr);
  assert(r == 0);
}

void test7(char *array, char *endptr) {
  // Overflow if no digits are found.
  array[2] = 'z';
  long long r = strtoll(array + 2, NULL, 0);
  assert(r == 0);
}

int main(int argc, char **argv) {
  char *array0 = (char*)malloc(11);
  char* array = array0 + 8;
  char *endptr = NULL;
  array[0] = '1';
  array[1] = '2';
  array[2] = '3';
  if (argc != 2) return 1;
  if (!strcmp(argv[1], "test1")) test1(array, endptr);
  // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
  // CHECK1: READ of size 4
  if (!strcmp(argv[1], "test2")) test2(array, endptr);
  // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
  // CHECK2: READ of size 4
  if (!strcmp(argv[1], "test3")) test3(array0, endptr);
  // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}
  // CHECK3: READ of size 1
  if (!strcmp(argv[1], "test4")) test4(array, endptr);
  // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
  // CHECK4: READ of size 1
  if (!strcmp(argv[1], "test5")) test5(array, endptr);
  // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
  // CHECK5: READ of size 4
  if (!strcmp(argv[1], "test6")) test6(array, endptr);
  // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
  // CHECK6: READ of size 4
  if (!strcmp(argv[1], "test7")) test7(array, endptr);
  // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
  // CHECK7: READ of size 2
  free(array0);
  return 0;
}