strtol_strict.c source code [compiler-rt/test/asan/TestCases/strtol_strict.c]

1	// Test strict_string_checks option in strtol function
2	// RUN: %clang_asan -D_CRT_SECURE_NO_WARNINGS -DTEST1 %s -o %t
3	// RUN: %run %t test1 2>&1
4	// RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1
5	// RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 \| FileCheck %s --check-prefix=CHECK1
6	// RUN: %run %t test2 2>&1
7	// RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1
8	// RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 \| FileCheck %s --check-prefix=CHECK2
9	// RUN: %run %t test3 2>&1
10	// RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1
11	// RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 \| FileCheck %s --check-prefix=CHECK3
12	// RUN: %run %t test4 2>&1
13	// RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1
14	// RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 \| FileCheck %s --check-prefix=CHECK4
15	// RUN: %run %t test5 2>&1
16	// RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1
17	// RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 \| FileCheck %s --check-prefix=CHECK5
18	// RUN: %run %t test6 2>&1
19	// RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1
20	// RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 \| FileCheck %s --check-prefix=CHECK6
21	// RUN: %run %t test7 2>&1
22	// RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1
23	// RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 \| FileCheck %s --check-prefix=CHECK7
24	// REQUIRES: shadow-scale-3
25
26	#include <assert.h>
27	#include <stdlib.h>
28	#include <string.h>
29	#include <stdio.h>
30	#include <sanitizer/asan_interface.h>
31
32	void test1(char array, char* *endptr) {
33	// Buffer overflow if there is no terminating null (depends on base)
34	long r = strtol(nptr: array, endptr: &endptr, base: `3`);
35	assert(array + `2` == endptr);
36	assert(r == `5`);
37	}
38
39	void test2(char array, char* *endptr) {
40	// Buffer overflow if there is no terminating null (depends on base)
41	array[`2`] = `'z'`;
42	long r = strtol(nptr: array, endptr: &endptr, base: `35`);
43	assert(array + `2` == endptr);
44	assert(r == `37`);
45	}
46
47	void test3(char array, char* *endptr) {
48	#ifdef _MSC_VER
49	// Using -1 for a strtol base causes MSVC to abort. Print the expected lines
50	// to make the test pass.
51	fprintf(stderr, "ERROR: AddressSanitizer: use-after-poison on address\n");
52	fprintf(stderr, "READ of size 1\n");
53	fflush(stderr);
54	char *opts = getenv("ASAN_OPTIONS");
55	exit(opts && strstr(opts, "strict_string_checks=true"));
56	#endif
57	// Buffer overflow if base is invalid.
58	memset(s: array, c: `0`, n: `8`);
59	ASAN_POISON_MEMORY_REGION(array, `8`);
60	long r = strtol(nptr: array + `1`, NULL, base: -`1`);
61	assert(r == `0`);
62	ASAN_UNPOISON_MEMORY_REGION(array, `8`);
63	}
64
65	void test4(char array, char* *endptr) {
66	#ifdef _MSC_VER
67	// Using -1 for a strtol base causes MSVC to abort. Print the expected lines
68	// to make the test pass.
69	fprintf(stderr, "ERROR: AddressSanitizer: heap-buffer-overflow on address\n");
70	fprintf(stderr, "READ of size 1\n");
71	fflush(stderr);
72	char *opts = getenv("ASAN_OPTIONS");
73	exit(opts && strstr(opts, "strict_string_checks=true"));
74	#endif
75	// Buffer overflow if base is invalid.
76	long r = strtol(nptr: array + `3`, NULL, base: `1`);
77	assert(r == `0`);
78	}
79
80	void test5(char array, char* *endptr) {
81	// Overflow if no digits are found.
82	array[`0`] = `' '`;
83	array[`1`] = `'+'`;
84	array[`2`] = `'-'`;
85	long r = strtol(nptr: array, NULL, base: `0`);
86	assert(r == `0`);
87	}
88
89	void test6(char array, char* *endptr) {
90	// Overflow if no digits are found.
91	array[`0`] = `' '`;
92	array[`1`] = array[`2`] = `'z'`;
93	long r = strtol(nptr: array, endptr: &endptr, base: `0`);
94	assert(array == endptr);
95	assert(r == `0`);
96	}
97
98	void test7(char array, char* *endptr) {
99	// Overflow if no digits are found.
100	array[`2`] = `'z'`;
101	long r = strtol(nptr: array + `2`, NULL, base: `0`);
102	assert(r == `0`);
103	}
104
105	int main(int argc, char **argv) {
106	char array0 = (char**)malloc(size: `11`);
107	char* array = array0 + `8`;
108	char *endptr = NULL;
109	array[`0`] = `'1'`;
110	array[`1`] = `'2'`;
111	array[`2`] = `'3'`;
112	if (argc != `2`) return `1`;
113	if (!strcmp(s1: argv[`1`], s2: "test1")) test1(array, endptr);
114	// CHECK1: {{.ERROR: AddressSanitizer: heap-buffer-overflow on address}}*
115	// CHECK1: READ of size 4
116	if (!strcmp(s1: argv[`1`], s2: "test2")) test2(array, endptr);
117	// CHECK2: {{.ERROR: AddressSanitizer: heap-buffer-overflow on address}}*
118	// CHECK2: READ of size 4
119	if (!strcmp(s1: argv[`1`], s2: "test3")) test3(array: array0, endptr);
120	// CHECK3: {{.ERROR: AddressSanitizer: use-after-poison on address}}*
121	// CHECK3: READ of size 1
122	if (!strcmp(s1: argv[`1`], s2: "test4")) test4(array, endptr);
123	// CHECK4: {{.ERROR: AddressSanitizer: heap-buffer-overflow on address}}*
124	// CHECK4: READ of size 1
125	if (!strcmp(s1: argv[`1`], s2: "test5")) test5(array, endptr);
126	// CHECK5: {{.ERROR: AddressSanitizer: heap-buffer-overflow on address}}*
127	// CHECK5: READ of size 4
128	if (!strcmp(s1: argv[`1`], s2: "test6")) test6(array, endptr);
129	// CHECK6: {{.ERROR: AddressSanitizer: heap-buffer-overflow on address}}*
130	// CHECK6: READ of size 4
131	if (!strcmp(s1: argv[`1`], s2: "test7")) test7(array, endptr);
132	// CHECK7: {{.ERROR: AddressSanitizer: heap-buffer-overflow on address}}*
133	// CHECK7: READ of size 2
134	free(ptr: array0);
135	return `0`;
136	}
137

source code of compiler-rt/test/asan/TestCases/strtol_strict.c