xref: /llvm-project/compiler-rt/test/hwasan/TestCases/heap-buffer-overflow-into.c (revision 29f8e23ab8a009f074c58d05a1ad5a14c80645c8) 
1 // RUN: %clang_hwasan  %s -o %t
2 // RUN: not %run %t   5  10  26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK5
3 // RUN: not %run %t   7  10  26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK7
4 // RUN: not %run %t   8  20  26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK8
5 // RUN: not %run %t 295 300  26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK295
6 // RUN: not %run %t   1 550 550 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_SMALL,CHECK1
7 
8 // Full granule.
9 // RUN: not %run %t  32  20  26 2>&1 | FileCheck %s --check-prefixes=CHECK,CHECK_FULL,CHECK32
10 
11 #include <sanitizer/hwasan_interface.h>
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 
main(int argc,char ** argv)16 int main(int argc, char **argv) {
17   __hwasan_enable_allocator_tagging();
18   if (argc < 2) {
19     fprintf(stderr, "Invalid number of arguments.");
20     abort();
21   }
22   int read_offset = atoi(argv[1]);
23   int size = atoi(argv[2]);
24   int access_size = atoi(argv[3]);
25   while (1) {
26     char *volatile x = (char *)malloc(size);
27     if (__hwasan_test_shadow(x, size + 1) == size)
28       memset(x + read_offset, 0, access_size);
29     free(x);
30   }
31 
32   // CHECK_SMALL: WRITE of size {{26|550}} at {{.*}} tags: [[TAG:[0-9a-f]+]]/{{[0-9a-f]+}}([[TAG]]) (ptr/mem)
33   // CHECK_FULL: WRITE of size 26 at {{.*}} tags: [[TAG:[0-9a-f]+]]/00 (ptr/mem)
34 
35   // CHECK5: Invalid access starting at offset 5
36   // CHECK5: is located 5 bytes inside a 10-byte region
37   // CHECK7: Invalid access starting at offset 3
38   // CHECK7: is located 7 bytes inside a 10-byte region
39   // CHECK8: Invalid access starting at offset 12
40   // CHECK8: is located 8 bytes inside a 20-byte region
41   // CHECK295: Invalid access starting at offset 5
42   // CHECK295: is located 295 bytes inside a 300-byte region
43   // CHECK1: Invalid access starting at offset 549
44   // CHECK1: is located 1 bytes inside a 550-byte region
45 
46   // CHECK32-NOT: Invalid access starting at offset
47   // CHECK32: is located 12 bytes after a 20-byte region
48 
49   // CHECK-LABEL: Memory tags around the buggy address
50   // CHECK5: =>{{.*}}[0a]
51   // CHECK7: =>{{.*}}[0a]
52   // CHECK8: =>{{.*}}[04]
53   // CHECK295: =>{{.*}}[0c]
54   // CHECK1: =>{{.*}}[06]
55 
56   // CHECK32: =>{{.*}}[00]
57 
58   // CHECK-LABEL: Tags for short granules around the buggy address
59   // CHECK_SMALL: =>{{.*}}{{\[}}[[TAG]]{{\]}}
60   // CHECK_FULL: =>{{.*}}[..]
61 }
62