xref: /llvm-project/compiler-rt/test/scudo/overflow.c (revision f7c5c0d87b8ae5e55006fd3a31994cd68d64f102) 
1 // RUN: %clang_scudo %s -o %t
2 // RUN:                                     not %run %t malloc     2>&1 | FileCheck %s
3 // RUN: %env_scudo_opts=QuarantineSizeKb=64 not %run %t quarantine 2>&1 | FileCheck %s
4 
5 // Tests that header corruption of an allocated or quarantined chunk is caught.
6 
7 #include <assert.h>
8 #include <stdlib.h>
9 #include <string.h>
10 
main(int argc,char ** argv)11 int main(int argc, char **argv) {
12   ssize_t offset = sizeof(void *) == 8 ? 8 : 0;
13 
14   assert(argc == 2);
15 
16   if (!strcmp(argv[1], "malloc")) {
17     // Simulate a header corruption of an allocated chunk (1-bit)
18     void *p = malloc(1U << 4);
19     assert(p);
20     ((char *)p)[-(offset + 1)] ^= 1;
21     free(p);
22   }
23   if (!strcmp(argv[1], "quarantine")) {
24     void *p = malloc(1U << 4);
25     assert(p);
26     free(p);
27     // Simulate a header corruption of a quarantined chunk
28     ((char *)p)[-(offset + 2)] ^= 1;
29     // Trigger the quarantine recycle
30     for (int i = 0; i < 0x100; i++) {
31       p = malloc(1U << 8);
32       free(p);
33     }
34   }
35   return 0;
36 }
37 
38 // CHECK: ERROR: corrupted chunk header at address
39