| 1 | // RUN: %clangxx_asan -O0 %s -o %t && %env_asan_opts=detect_stack_use_after_return=1 not %run %t 2>&1 | FileCheck %s |
|---|
| 2 | // RUN: %clangxx_asan -O0 %s -o %t -fsanitize-address-use-after-return=always && not %run %t 2>&1 | FileCheck %s |
|---|
| 3 | |
|---|
| 4 | #include "defines.h" |
|---|
| 5 | #include <stdint.h> |
|---|
| 6 | #include <string.h> |
|---|
| 7 | |
|---|
| 8 | #define kFrameSize (2048) |
|---|
| 9 | #define KFrameSizeMask (0x07ff) |
|---|
| 10 | |
|---|
| 11 | ATTRIBUTE_NOINLINE |
|---|
| 12 | char *pretend_to_do_something(char *x) { |
|---|
| 13 | __asm__ __volatile__("" : : "r" (x) : "memory" ); |
|---|
| 14 | return x; |
|---|
| 15 | } |
|---|
| 16 | |
|---|
| 17 | ATTRIBUTE_NOINLINE |
|---|
| 18 | char *OverwriteFakeFrameLastWord() { |
|---|
| 19 | char x[1024]; |
|---|
| 20 | memset(s: x, c: 0, n: sizeof(x)); |
|---|
| 21 | uint64_t ptr_int = (reinterpret_cast<uint64_t>(x) & ~KFrameSizeMask) + |
|---|
| 22 | kFrameSize - sizeof(char **); |
|---|
| 23 | char **ptr = reinterpret_cast<char **>(ptr_int); |
|---|
| 24 | *ptr = nullptr; |
|---|
| 25 | return pretend_to_do_something(x); |
|---|
| 26 | } |
|---|
| 27 | |
|---|
| 28 | int main(int argc, char **argv) { |
|---|
| 29 | char *x = OverwriteFakeFrameLastWord(); |
|---|
| 30 | // CHECK: ERROR: AddressSanitizer: stack-buffer-overflow on address |
|---|
| 31 | // CHECK: is located in stack of thread T0 at offset {{2040|2044}} in frame |
|---|
| 32 | // CHECK: in OverwriteFakeFrameLastWord{{.*}}fakeframe-right-redzone.cpp: |
|---|
| 33 | // CHECK: [{{16|32}}, {{1040|1056}}) 'x' |
|---|
| 34 | pretend_to_do_something(x); |
|---|
| 35 | return 0; |
|---|
| 36 | } |
|---|
| 37 | |
|---|
