| 1 | // Check that __asan_poison_memory_region and ASAN_OPTIONS=poison_history_size work. |
|---|
| 2 | // |
|---|
| 3 | // Poisoned access with history |
|---|
| 4 | // RUN: %clangxx_asan -O0 %s -o %t && env ASAN_OPTIONS=poison_history_size=1000 not %run %t 2>&1 | FileCheck %s --check-prefixes=CHECK-ACDE,CHECK-ABC,CHECK-AC,CHECK-A |
|---|
| 5 | // |
|---|
| 6 | // Not poisoned access |
|---|
| 7 | // RUN: %clangxx_asan -O0 %s -o %t && env ASAN_OPTIONS=poison_history_size=1000 %run %t 20 2>&1 | FileCheck %s --check-prefixes=CHECK-ABC,CHECK-B,CHECK-BDE |
|---|
| 8 | // |
|---|
| 9 | // Poisoned access with history (different stack trace) |
|---|
| 10 | // RUN: %clangxx_asan -O0 %s -o %t && env ASAN_OPTIONS=poison_history_size=1000 not %run %t 30 30 2>&1 | FileCheck %s --check-prefixes=CHECK-ACDE,CHECK-ABC,CHECK-AC,CHECK-C |
|---|
| 11 | // |
|---|
| 12 | // Poisoned access without history |
|---|
| 13 | // RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s --check-prefixes=CHECK-ACDE,CHECK-BDE,CHECK-D |
|---|
| 14 | // RUN: %clangxx_asan -O0 %s -o %t && env ASAN_OPTIONS=poison_history_size=0 not %run %t 2>&1 | FileCheck %s --check-prefixes=CHECK-ACDE,CHECK-BDE,CHECK-D |
|---|
| 15 | |
|---|
| 16 | // Poisoned access with insufficient history |
|---|
| 17 | // RUN: %clangxx_asan -O0 %s -o %t && env ASAN_OPTIONS=poison_history_size=1 not %run %t 2>&1 | FileCheck %s --check-prefixes=CHECK-ACDE,CHECK-BDE,CHECK-E |
|---|
| 18 | |
|---|
| 19 | // TODO |
|---|
| 20 | // REQUIRES: linux |
|---|
| 21 | // UNSUPPORTED: android |
|---|
| 22 | |
|---|
| 23 | #include <stdio.h> |
|---|
| 24 | #include <stdlib.h> |
|---|
| 25 | |
|---|
| 26 | extern "C" void __asan_poison_memory_region(void *, size_t); |
|---|
| 27 | extern "C" void __asan_unpoison_memory_region(void *, size_t); |
|---|
| 28 | |
|---|
| 29 | void honey_ive_poisoned_the_memory(char *x) { |
|---|
| 30 | __asan_poison_memory_region(x, 64); // A |
|---|
| 31 | __asan_unpoison_memory_region(x + 16, 8); // B |
|---|
| 32 | __asan_poison_memory_region(x + 24, 16); // C |
|---|
| 33 | } |
|---|
| 34 | |
|---|
| 35 | void foo(char *x) { honey_ive_poisoned_the_memory(x); } |
|---|
| 36 | |
|---|
| 37 | int main(int argc, char **argv) { |
|---|
| 38 | char *x = new char[64]; |
|---|
| 39 | x[10] = 0; |
|---|
| 40 | foo(x); |
|---|
| 41 | // Bytes [ 0, 15]: poisoned by A |
|---|
| 42 | // Bytes [16, 23]: unpoisoned by B |
|---|
| 43 | // Bytes [24, 63]: poisoned by C |
|---|
| 44 | |
|---|
| 45 | int res = x[argc * 10]; // BOOOM |
|---|
| 46 | // CHECK-ACDE: ERROR: AddressSanitizer: use-after-poison |
|---|
| 47 | // CHECK-ACDE: main{{.*}}use-after-poison-history-size.cpp:[[@LINE-2]] |
|---|
| 48 | // CHECK-B-NOT: ERROR: AddressSanitizer: use-after-poison |
|---|
| 49 | // CHECK-ABC-NOT: try the experimental setting ASAN_OPTIONS=poison_history_size= |
|---|
| 50 | // CHECK-D: try the experimental setting ASAN_OPTIONS=poison_history_size= |
|---|
| 51 | |
|---|
| 52 | // CHECK-AC: Memory was manually poisoned by thread T0: |
|---|
| 53 | // CHECK-A: honey_ive_poisoned_the_memory{{.*}}use-after-poison-history-size.cpp:[[@LINE-23]] |
|---|
| 54 | // CHECK-C: honey_ive_poisoned_the_memory{{.*}}use-after-poison-history-size.cpp:[[@LINE-22]] |
|---|
| 55 | // CHECK-AC: foo{{.*}}use-after-poison-history-size.cpp:[[@LINE-20]] |
|---|
| 56 | // CHECK-AC: main{{.*}}use-after-poison-history-size.cpp:[[@LINE-16]] |
|---|
| 57 | // CHECK-BDE-NOT: Memory was manually poisoned by thread T0: |
|---|
| 58 | |
|---|
| 59 | // CHECK-ABC-NOT: Try a larger value for ASAN_OPTIONS=poison_history_size= |
|---|
| 60 | // CHECK-D-NOT: Try a larger value for ASAN_OPTIONS=poison_history_size= |
|---|
| 61 | // CHECK-E: Try a larger value for ASAN_OPTIONS=poison_history_size= |
|---|
| 62 | |
|---|
| 63 | delete[] x; |
|---|
| 64 | |
|---|
| 65 | printf(format: "End of program reached\n" ); |
|---|
| 66 | // CHECK-B: End of program reached |
|---|
| 67 | |
|---|
| 68 | return 0; |
|---|
| 69 | } |
|---|
| 70 | |
|---|
