1// RUN: %clang_hwasan %s -o %t
2// RUN: not %run %t 5 10 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK5
3// RUN: not %run %t 7 10 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK7
4// RUN: not %run %t 8 20 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK8
5// RUN: not %run %t 295 300 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK295
6// RUN: not %run %t 1 550 550 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK1
7
8// Full granule.
9// RUN: not %run %t 32 20 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_FULL,CHECK32
10
11#include <sanitizer/hwasan_interface.h>
12#include <stdio.h>
13#include <stdlib.h>
14#include <string.h>
15
16int main(int argc, char **argv) {
17 __hwasan_enable_allocator_tagging();
18 if (argc < 2) {
19 fprintf(stderr, format: "Invalid number of arguments.");
20 abort();
21 }
22 int read_offset = atoi(nptr: argv[1]);
23 int size = atoi(nptr: argv[2]);
24 int access_size = atoi(nptr: argv[3]);
25 while (1) {
26 char *volatile x = (char *)malloc(size: size);
27 if (__hwasan_test_shadow(x, size: size + 1) == size)
28 memset(s: x + read_offset, c: 0, n: access_size);
29 free(ptr: x);
30 }
31
32 // CHECK_SMALL: WRITE of size {{26|550}} at {{.*}} tags: [[TAG:[0-9a-f]+]]/{{[0-9a-f]+}}([[TAG]]) (ptr/mem)
33 // CHECK_FULL: WRITE of size 26 at {{.*}} tags: [[TAG:[0-9a-f]+]]/00 (ptr/mem)
34
35 // CHECK5: Invalid access starting at offset 5
36 // CHECK5: is located 5 bytes inside a 10-byte region
37 // CHECK7: Invalid access starting at offset 3
38 // CHECK7: is located 7 bytes inside a 10-byte region
39 // CHECK8: Invalid access starting at offset 12
40 // CHECK8: is located 8 bytes inside a 20-byte region
41 // CHECK295: Invalid access starting at offset 5
42 // CHECK295: is located 295 bytes inside a 300-byte region
43 // CHECK1: Invalid access starting at offset 549
44 // CHECK1: is located 1 bytes inside a 550-byte region
45
46 // CHECK32-NOT: Invalid access starting at offset
47 // CHECK32: is located 12 bytes after a 20-byte region
48
49 // CHECK-LABEL: Memory tags around the buggy address
50 // CHECK5: =>{{.*}}[0a]
51 // CHECK7: =>{{.*}}[0a]
52 // CHECK8: =>{{.*}}[04]
53 // CHECK295: =>{{.*}}[0c]
54 // CHECK1: =>{{.*}}[06]
55
56 // CHECK32: =>{{.*}}[00]
57
58 // CHECK-LABEL: Tags for short granules around the buggy address
59 // CHECK_SMALL: =>{{.*}}{{\[}}[[TAG]]{{\]}}
60 // CHECK_FULL: =>{{.*}}[..]
61}
62

source code of compiler-rt/test/hwasan/TestCases/heap-buffer-overflow-into.c