| 1 | // RUN: %clangxx_asan -O0 %s -o %t 2>&1 |
|---|
| 2 | // RUN: not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK --check-prefix=MALLOC-CTX |
|---|
| 3 | |
|---|
| 4 | // Also works if no malloc context is available. |
|---|
| 5 | // RUN: %env_asan_opts=malloc_context_size=0:fast_unwind_on_malloc=0 not %run %t 2>&1 | FileCheck %s |
|---|
| 6 | // RUN: %env_asan_opts=malloc_context_size=0:fast_unwind_on_malloc=1 not %run %t 2>&1 | FileCheck %s |
|---|
| 7 | |
|---|
| 8 | // RUN: %clangxx_asan -O0 -fsanitize-recover=address %s -o %t 2>&1 |
|---|
| 9 | // RUN: %env_asan_opts=halt_on_error=false %run %t 2>&1 | FileCheck %s --check-prefix CHECK-RECOVER |
|---|
| 10 | // REQUIRES: stable-runtime |
|---|
| 11 | |
|---|
| 12 | #include <stdlib.h> |
|---|
| 13 | #include <string.h> |
|---|
| 14 | int main(int argc, char **argv) { |
|---|
| 15 | char *x = (char*)malloc(size: 10 * sizeof(char)); |
|---|
| 16 | memset(s: x, c: 0, n: 10); |
|---|
| 17 | int res = x[argc]; |
|---|
| 18 | free(ptr: x); |
|---|
| 19 | free(ptr: x + argc - 1); // BOOM |
|---|
| 20 | // CHECK: AddressSanitizer: attempting double-free{{.*}}in thread T0 |
|---|
| 21 | // CHECK: #0 0x{{.*}} in {{.*}}free |
|---|
| 22 | // CHECK: #{{[1-3]}} 0x{{.*}} in main {{.*}}double-free.cpp:[[@LINE-3]] |
|---|
| 23 | // CHECK: freed by thread T0 here: |
|---|
| 24 | // MALLOC-CTX: #0 0x{{.*}} in {{.*}}free |
|---|
| 25 | // MALLOC-CTX: #{{[1-3]}} 0x{{.*}} in main {{.*}}double-free.cpp:[[@LINE-7]] |
|---|
| 26 | // CHECK: allocated by thread T0 here: |
|---|
| 27 | // MALLOC-CTX: double-free.cpp:[[@LINE-12]] |
|---|
| 28 | // CHECK-RECOVER: AddressSanitizer: attempting double-free{{.*}}in thread T0 |
|---|
| 29 | // CHECK-RECOVER-NOT: AddressSanitizer CHECK failed: |
|---|
| 30 | return res; |
|---|
| 31 | } |
|---|
| 32 | |
|---|
