| 1 | // RUN: %clang_hwasan %s -o %t |
|---|
| 2 | // RUN: not %run %t 5 10 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK5 |
|---|
| 3 | // RUN: not %run %t 7 10 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK7 |
|---|
| 4 | // RUN: not %run %t 8 20 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK8 |
|---|
| 5 | // RUN: not %run %t 295 300 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK295 |
|---|
| 6 | // RUN: not %run %t 1 550 550 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK1 |
|---|
| 7 | |
|---|
| 8 | // Full granule. |
|---|
| 9 | // RUN: not %run %t 32 20 26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_FULL,CHECK32 |
|---|
| 10 | |
|---|
| 11 | #include <sanitizer/hwasan_interface.h> |
|---|
| 12 | #include <stdio.h> |
|---|
| 13 | #include <stdlib.h> |
|---|
| 14 | #include <string.h> |
|---|
| 15 | |
|---|
| 16 | int main(int argc, char **argv) { |
|---|
| 17 | __hwasan_enable_allocator_tagging(); |
|---|
| 18 | if (argc < 2) { |
|---|
| 19 | fprintf(stderr, format: "Invalid number of arguments." ); |
|---|
| 20 | abort(); |
|---|
| 21 | } |
|---|
| 22 | int read_offset = atoi(nptr: argv[1]); |
|---|
| 23 | int size = atoi(nptr: argv[2]); |
|---|
| 24 | int access_size = atoi(nptr: argv[3]); |
|---|
| 25 | while (1) { |
|---|
| 26 | char *volatile x = (char *)malloc(size: size); |
|---|
| 27 | if (__hwasan_test_shadow(x, size: size + 1) == size) |
|---|
| 28 | memset(s: x + read_offset, c: 0, n: access_size); |
|---|
| 29 | free(ptr: x); |
|---|
| 30 | } |
|---|
| 31 | |
|---|
| 32 | // CHECK_SMALL: WRITE of size {{26|550}} at {{.*}} tags: [[TAG:[0-9a-f]+]]/{{[0-9a-f]+}}([[TAG]]) (ptr/mem) |
|---|
| 33 | // CHECK_FULL: WRITE of size 26 at {{.*}} tags: [[TAG:[0-9a-f]+]]/00 (ptr/mem) |
|---|
| 34 | |
|---|
| 35 | // CHECK5: Invalid access starting at offset 5 |
|---|
| 36 | // CHECK5: is located 5 bytes inside a 10-byte region |
|---|
| 37 | // CHECK7: Invalid access starting at offset 3 |
|---|
| 38 | // CHECK7: is located 7 bytes inside a 10-byte region |
|---|
| 39 | // CHECK8: Invalid access starting at offset 12 |
|---|
| 40 | // CHECK8: is located 8 bytes inside a 20-byte region |
|---|
| 41 | // CHECK295: Invalid access starting at offset 5 |
|---|
| 42 | // CHECK295: is located 295 bytes inside a 300-byte region |
|---|
| 43 | // CHECK1: Invalid access starting at offset 549 |
|---|
| 44 | // CHECK1: is located 1 bytes inside a 550-byte region |
|---|
| 45 | |
|---|
| 46 | // CHECK32-NOT: Invalid access starting at offset |
|---|
| 47 | // CHECK32: is located 12 bytes after a 20-byte region |
|---|
| 48 | |
|---|
| 49 | // CHECK-LABEL: Memory tags around the buggy address |
|---|
| 50 | // CHECK5: =>{{.*}}[0a] |
|---|
| 51 | // CHECK7: =>{{.*}}[0a] |
|---|
| 52 | // CHECK8: =>{{.*}}[04] |
|---|
| 53 | // CHECK295: =>{{.*}}[0c] |
|---|
| 54 | // CHECK1: =>{{.*}}[06] |
|---|
| 55 | |
|---|
| 56 | // CHECK32: =>{{.*}}[00] |
|---|
| 57 | |
|---|
| 58 | // CHECK-LABEL: Tags for short granules around the buggy address |
|---|
| 59 | // CHECK_SMALL: =>{{.*}}{{\[}}[[TAG]]{{\]}} |
|---|
| 60 | // CHECK_FULL: =>{{.*}}[..] |
|---|
| 61 | } |
|---|
| 62 | |
|---|
