1 | // RUN: %clangxx_cfi_dso -DSHARED_LIB %s -fPIC -shared -o %dynamiclib %ld_flags_rpath_so |
2 | // RUN: %clangxx_cfi_dso %s -o %t %ld_flags_rpath_exe |
3 | // RUN: %expect_crash %t 2>&1 | FileCheck --check-prefix=CFI %s |
4 | // RUN: %expect_crash %t x 2>&1 | FileCheck --check-prefix=CFI-CAST %s |
5 | |
6 | // RUN: %clangxx_cfi_dso -DB32 -DSHARED_LIB %s -fPIC -shared -o %dynamiclib %ld_flags_rpath_so |
7 | // RUN: %clangxx_cfi_dso -DB32 %s -o %t %ld_flags_rpath_exe |
8 | // RUN: %expect_crash %t 2>&1 | FileCheck --check-prefix=CFI %s |
9 | // RUN: %expect_crash %t x 2>&1 | FileCheck --check-prefix=CFI-CAST %s |
10 | |
11 | // RUN: %clangxx_cfi_dso -DB64 -DSHARED_LIB %s -fPIC -shared -o %dynamiclib %ld_flags_rpath_so |
12 | // RUN: %clangxx_cfi_dso -DB64 %s -o %t %ld_flags_rpath_exe |
13 | // RUN: %expect_crash %t 2>&1 | FileCheck --check-prefix=CFI %s |
14 | // RUN: %expect_crash %t x 2>&1 | FileCheck --check-prefix=CFI-CAST %s |
15 | |
16 | // RUN: %clangxx_cfi_dso -DBM -DSHARED_LIB %s -fPIC -shared -o %dynamiclib %ld_flags_rpath_so |
17 | // RUN: %clangxx_cfi_dso -DBM %s -o %t %ld_flags_rpath_exe |
18 | // RUN: %expect_crash %t 2>&1 | FileCheck --check-prefix=CFI %s |
19 | // RUN: %expect_crash %t x 2>&1 | FileCheck --check-prefix=CFI-CAST %s |
20 | |
21 | // RUN: %clangxx -DBM -DSHARED_LIB %s -fPIC -shared -o %dynamiclib %ld_flags_rpath_so |
22 | // RUN: %clangxx -DBM %s -o %t %ld_flags_rpath_exe |
23 | // RUN: %t 2>&1 | FileCheck --check-prefix=NCFI %s |
24 | // RUN: %t x 2>&1 | FileCheck --check-prefix=NCFI %s |
25 | |
26 | // RUN: %clangxx -DBM -DSHARED_LIB %s -fPIC -shared -o %dynamiclib %ld_flags_rpath_so |
27 | // RUN: %clangxx_cfi_dso -DBM %s -o %t %ld_flags_rpath_exe |
28 | // RUN: %t 2>&1 | FileCheck --check-prefix=NCFI %s |
29 | // RUN: %t x 2>&1 | FileCheck --check-prefix=NCFI %s |
30 | |
31 | // RUN: %clangxx_cfi_dso_diag -DSHARED_LIB %s -fPIC -shared -o %dynamiclib %ld_flags_rpath_so |
32 | // RUN: %clangxx_cfi_dso_diag %s -o %t %ld_flags_rpath_exe |
33 | // RUN: %t 2>&1 | FileCheck --check-prefix=CFI-DIAG-CALL %s |
34 | // RUN: %t x 2>&1 | FileCheck --check-prefix=CFI-DIAG-CALL --check-prefix=CFI-DIAG-CAST %s |
35 | |
36 | // Tests that the CFI mechanism crashes the program when making a virtual call |
37 | // to an object of the wrong class but with a compatible vtable, by casting a |
38 | // pointer to such an object and attempting to make a call through it. |
39 | |
40 | // REQUIRES: cxxabi |
41 | |
42 | #include <stdio.h> |
43 | #include <string.h> |
44 | |
45 | struct A { |
46 | virtual void f(); |
47 | }; |
48 | |
49 | void *create_B(); |
50 | |
51 | #ifdef SHARED_LIB |
52 | |
53 | #include "../utils.h" |
54 | struct B { |
55 | virtual void f(); |
56 | }; |
57 | void B::f() {} |
58 | |
59 | void *create_B() { |
60 | create_derivers<B>(); |
61 | return (void *)(new B()); |
62 | } |
63 | |
64 | #else |
65 | |
66 | void A::f() {} |
67 | |
68 | int main(int argc, char *argv[]) { |
69 | void *p = create_B(); |
70 | A *a; |
71 | |
72 | // CFI: =0= |
73 | // CFI-CAST: =0= |
74 | // NCFI: =0= |
75 | fprintf(stderr, format: "=0=\n" ); |
76 | |
77 | if (argc > 1 && argv[1][0] == 'x') { |
78 | // Test cast. BOOM. |
79 | // CFI-DIAG-CAST: runtime error: control flow integrity check for type 'A' failed during cast to unrelated type |
80 | // CFI-DIAG-CAST-NEXT: note: vtable is of type '{{(struct )?}}B' |
81 | a = (A*)p; |
82 | } else { |
83 | // Invisible to CFI. Test virtual call later. |
84 | memcpy(dest: &a, src: &p, n: sizeof(a)); |
85 | } |
86 | |
87 | // CFI: =1= |
88 | // CFI-CAST-NOT: =1= |
89 | // NCFI: =1= |
90 | fprintf(stderr, format: "=1=\n" ); |
91 | |
92 | // CFI-DIAG-CALL: runtime error: control flow integrity check for type 'A' failed during virtual call |
93 | // CFI-DIAG-CALL-NEXT: note: vtable is of type '{{(struct )?}}B' |
94 | a->f(); // UB here |
95 | |
96 | // CFI-NOT: =2= |
97 | // CFI-CAST-NOT: =2= |
98 | // NCFI: =2= |
99 | fprintf(stderr, format: "=2=\n" ); |
100 | } |
101 | #endif |
102 | |