1 | // Compile the intermediate function to a dylib without -fsanitize to avoid |
2 | // suppressing symbols in sanitized code. |
3 | // RUN: %clangxx -O0 -DSHARED_LIB %s -dynamiclib -o %t.dylib -framework Foundation |
4 | |
5 | // Check that without suppressions, we catch the issue. |
6 | // RUN: %clangxx_asan -O0 %s -o %t -framework Foundation %t.dylib |
7 | // RUN: not %run %t 2>&1 | FileCheck --check-prefix=CHECK-CRASH %s |
8 | |
9 | // Check that suppressing a function name works within a no-fork sandbox |
10 | // RUN: echo "interceptor_via_fun:createCFString" > %t.supp |
11 | // RUN: %env_asan_opts=suppressions='"%t.supp"' \ |
12 | // RUN: sandbox-exec -p '(version 1)(allow default)(deny process-fork)' \ |
13 | // RUN: %run %t 2>&1 | FileCheck --check-prefix=CHECK-IGNORE %s |
14 | |
15 | // sandbox-exec isn't available on iOS |
16 | // UNSUPPORTED: ios |
17 | |
18 | #include <CoreFoundation/CoreFoundation.h> |
19 | |
20 | #if defined(SHARED_LIB) |
21 | |
22 | extern "C" { |
23 | // Disable optimizations to ensure that this function appears on the stack trace so our |
24 | // configured suppressions `interceptor_via_fun:createCFString` can take effect. |
25 | __attribute__((disable_tail_calls)) CFStringRef |
26 | createCFString(const unsigned char *bytes, CFIndex length) { |
27 | return CFStringCreateWithBytes(kCFAllocatorDefault, bytes, length, |
28 | kCFStringEncodingUTF8, FALSE); |
29 | } |
30 | } |
31 | |
32 | #else |
33 | |
34 | extern "C" { |
35 | CFStringRef createCFString(const unsigned char *bytes, CFIndex length); |
36 | } |
37 | |
38 | int main() { |
39 | char *a = (char *)malloc(6); |
40 | strcpy(a, "hello" ); |
41 | // Intentional out-of-bounds access that will be caught unless an ASan suppression is provided. |
42 | CFStringRef str = createCFString((unsigned char *)a, 10); // BOOM |
43 | // If this is printed to stderr then the ASan suppression has worked. |
44 | fprintf(stderr, "Ignored.\n" ); |
45 | free(a); |
46 | CFRelease(str); |
47 | } |
48 | |
49 | #endif |
50 | |
51 | // CHECK-CRASH: AddressSanitizer: heap-buffer-overflow |
52 | // CHECK-CRASH-NOT: Ignored. |
53 | // CHECK-IGNORE-NOT: AddressSanitizer: heap-buffer-overflow |
54 | // CHECK-IGNORE: Ignored. |
55 | |