1// Test strict_string_checks option in strtol function
2// RUN: %clang_asan -D_CRT_SECURE_NO_WARNINGS -DTEST1 %s -o %t
3// RUN: %run %t test1 2>&1
4// RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1
5// RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1
6// RUN: %run %t test2 2>&1
7// RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1
8// RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2
9// RUN: %run %t test3 2>&1
10// RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1
11// RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3
12// RUN: %run %t test4 2>&1
13// RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1
14// RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4
15// RUN: %run %t test5 2>&1
16// RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1
17// RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5
18// RUN: %run %t test6 2>&1
19// RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1
20// RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6
21// RUN: %run %t test7 2>&1
22// RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1
23// RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7
24// REQUIRES: shadow-scale-3
25
26// On Windows, strtol cannot be intercepted when statically linked against the CRT.
27// UNSUPPORTED: win32-static-asan
28
29#include <assert.h>
30#include <stdlib.h>
31#include <string.h>
32#include <stdio.h>
33#include <sanitizer/asan_interface.h>
34
35void test1(char *array, char *endptr) {
36 // Buffer overflow if there is no terminating null (depends on base)
37 long r = strtol(nptr: array, endptr: &endptr, base: 3);
38 assert(array + 2 == endptr);
39 assert(r == 5);
40}
41
42void test2(char *array, char *endptr) {
43 // Buffer overflow if there is no terminating null (depends on base)
44 array[2] = 'z';
45 long r = strtol(nptr: array, endptr: &endptr, base: 35);
46 assert(array + 2 == endptr);
47 assert(r == 37);
48}
49
50void test3(char *array, char *endptr) {
51#ifdef _MSC_VER
52 // Using -1 for a strtol base causes MSVC to abort. Print the expected lines
53 // to make the test pass.
54 fprintf(stderr, "ERROR: AddressSanitizer: use-after-poison on address\n");
55 fprintf(stderr, "READ of size 1\n");
56 fflush(stderr);
57 char *opts = getenv("ASAN_OPTIONS");
58 exit(opts && strstr(opts, "strict_string_checks=true"));
59#endif
60 // Buffer overflow if base is invalid.
61 memset(s: array, c: 0, n: 8);
62 ASAN_POISON_MEMORY_REGION(array, 8);
63 long r = strtol(nptr: array + 1, NULL, base: -1);
64 assert(r == 0);
65 ASAN_UNPOISON_MEMORY_REGION(array, 8);
66}
67
68void test4(char *array, char *endptr) {
69#ifdef _MSC_VER
70 // Using -1 for a strtol base causes MSVC to abort. Print the expected lines
71 // to make the test pass.
72 fprintf(stderr, "ERROR: AddressSanitizer: heap-buffer-overflow on address\n");
73 fprintf(stderr, "READ of size 1\n");
74 fflush(stderr);
75 char *opts = getenv("ASAN_OPTIONS");
76 exit(opts && strstr(opts, "strict_string_checks=true"));
77#endif
78 // Buffer overflow if base is invalid.
79 long r = strtol(nptr: array + 3, NULL, base: 1);
80 assert(r == 0);
81}
82
83void test5(char *array, char *endptr) {
84 // Overflow if no digits are found.
85 array[0] = ' ';
86 array[1] = '+';
87 array[2] = '-';
88 long r = strtol(nptr: array, NULL, base: 0);
89 assert(r == 0);
90}
91
92void test6(char *array, char *endptr) {
93 // Overflow if no digits are found.
94 array[0] = ' ';
95 array[1] = array[2] = 'z';
96 long r = strtol(nptr: array, endptr: &endptr, base: 0);
97 assert(array == endptr);
98 assert(r == 0);
99}
100
101void test7(char *array, char *endptr) {
102 // Overflow if no digits are found.
103 array[2] = 'z';
104 long r = strtol(nptr: array + 2, NULL, base: 0);
105 assert(r == 0);
106}
107
108int main(int argc, char **argv) {
109 char *array0 = (char*)malloc(size: 11);
110 char* array = array0 + 8;
111 char *endptr = NULL;
112 array[0] = '1';
113 array[1] = '2';
114 array[2] = '3';
115 if (argc != 2) return 1;
116 if (!strcmp(s1: argv[1], s2: "test1")) test1(array, endptr);
117 // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
118 // CHECK1: READ of size 4
119 if (!strcmp(s1: argv[1], s2: "test2")) test2(array, endptr);
120 // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
121 // CHECK2: READ of size 4
122 if (!strcmp(s1: argv[1], s2: "test3")) test3(array: array0, endptr);
123 // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}
124 // CHECK3: READ of size 1
125 if (!strcmp(s1: argv[1], s2: "test4")) test4(array, endptr);
126 // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
127 // CHECK4: READ of size 1
128 if (!strcmp(s1: argv[1], s2: "test5")) test5(array, endptr);
129 // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
130 // CHECK5: READ of size 4
131 if (!strcmp(s1: argv[1], s2: "test6")) test6(array, endptr);
132 // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
133 // CHECK6: READ of size 4
134 if (!strcmp(s1: argv[1], s2: "test7")) test7(array, endptr);
135 // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
136 // CHECK7: READ of size 2
137 free(ptr: array0);
138 return 0;
139}
140

source code of compiler-rt/test/asan/TestCases/strtol_strict.c