1*f7c5c0d8SMitch Phillips // RUN: %clang_scudo %s -o %t 2*f7c5c0d8SMitch Phillips // RUN: not %run %t malloc 2>&1 | FileCheck %s 3*f7c5c0d8SMitch Phillips // RUN: %env_scudo_opts=QuarantineSizeKb=64 not %run %t quarantine 2>&1 | FileCheck %s 4*f7c5c0d8SMitch Phillips 5*f7c5c0d8SMitch Phillips // Tests that header corruption of an allocated or quarantined chunk is caught. 6*f7c5c0d8SMitch Phillips 7*f7c5c0d8SMitch Phillips #include <assert.h> 8*f7c5c0d8SMitch Phillips #include <stdlib.h> 9*f7c5c0d8SMitch Phillips #include <string.h> 10*f7c5c0d8SMitch Phillips main(int argc,char ** argv)11*f7c5c0d8SMitch Phillipsint main(int argc, char **argv) { 12*f7c5c0d8SMitch Phillips ssize_t offset = sizeof(void *) == 8 ? 8 : 0; 13*f7c5c0d8SMitch Phillips 14*f7c5c0d8SMitch Phillips assert(argc == 2); 15*f7c5c0d8SMitch Phillips 16*f7c5c0d8SMitch Phillips if (!strcmp(argv[1], "malloc")) { 17*f7c5c0d8SMitch Phillips // Simulate a header corruption of an allocated chunk (1-bit) 18*f7c5c0d8SMitch Phillips void *p = malloc(1U << 4); 19*f7c5c0d8SMitch Phillips assert(p); 20*f7c5c0d8SMitch Phillips ((char *)p)[-(offset + 1)] ^= 1; 21*f7c5c0d8SMitch Phillips free(p); 22*f7c5c0d8SMitch Phillips } 23*f7c5c0d8SMitch Phillips if (!strcmp(argv[1], "quarantine")) { 24*f7c5c0d8SMitch Phillips void *p = malloc(1U << 4); 25*f7c5c0d8SMitch Phillips assert(p); 26*f7c5c0d8SMitch Phillips free(p); 27*f7c5c0d8SMitch Phillips // Simulate a header corruption of a quarantined chunk 28*f7c5c0d8SMitch Phillips ((char *)p)[-(offset + 2)] ^= 1; 29*f7c5c0d8SMitch Phillips // Trigger the quarantine recycle 30*f7c5c0d8SMitch Phillips for (int i = 0; i < 0x100; i++) { 31*f7c5c0d8SMitch Phillips p = malloc(1U << 8); 32*f7c5c0d8SMitch Phillips free(p); 33*f7c5c0d8SMitch Phillips } 34*f7c5c0d8SMitch Phillips } 35*f7c5c0d8SMitch Phillips return 0; 36*f7c5c0d8SMitch Phillips } 37*f7c5c0d8SMitch Phillips 38*f7c5c0d8SMitch Phillips // CHECK: ERROR: corrupted chunk header at address 39