1 // Test that ASan detects buffer overflow on read from socket via recvfrom. 2 // 3 // RUN: %clangxx_asan %s -DRECVFROM -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-RECVFROM 4 // RUN: %clangxx_asan %s -DSENDTO -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-SENDTO 5 // RUN: %clangxx_asan %s -DSENDTO -o %t && %env_asan_opts=intercept_send=0 %run %t 2>&1 6 // 7 // UNSUPPORTED: android 8 9 #include <stdio.h> 10 #include <unistd.h> 11 #include <stdlib.h> 12 #include <string.h> 13 #include <netdb.h> 14 #include <sys/types.h> 15 #include <sys/socket.h> 16 #include <pthread.h> 17 18 #define CHECK_ERROR(p, m) \ 19 do { \ 20 if (p) { \ 21 fprintf(stderr, "ERROR " m "\n"); \ 22 exit(1); \ 23 } \ 24 } while (0) 25 26 const int kBufSize = 10; 27 int sockfd; 28 29 static void *client_thread_udp(void *data) { 30 #ifdef SENDTO 31 const char buf[kBufSize / 2] = {0, }; 32 #else 33 const char buf[kBufSize] = {0, }; 34 #endif 35 struct sockaddr_in serveraddr; 36 socklen_t addrlen = sizeof(serveraddr); 37 38 int succeeded = getsockname(sockfd, (struct sockaddr *)&serveraddr, &addrlen); 39 CHECK_ERROR(succeeded < 0, "in getsockname"); 40 41 succeeded = sendto(sockfd, buf, kBufSize, 0, (struct sockaddr *)&serveraddr, 42 sizeof(serveraddr)); 43 // CHECK-SENDTO: {{READ of size 10 at 0x.* thread T1}} 44 // CHECK-SENDTO: {{ #1 0x.* in client_thread_udp.*recvfrom.cc:}}[[@LINE-3]] 45 CHECK_ERROR(succeeded < 0, "in sending message"); 46 return NULL; 47 } 48 49 int main() { 50 #ifdef RECVFROM 51 char buf[kBufSize / 2]; 52 #else 53 char buf[kBufSize]; 54 #endif 55 pthread_t client_thread; 56 struct sockaddr_in serveraddr; 57 58 sockfd = socket(AF_INET, SOCK_DGRAM, 0); 59 CHECK_ERROR(sockfd < 0, "opening socket"); 60 61 memset(&serveraddr, 0, sizeof(serveraddr)); 62 serveraddr.sin_family = AF_INET; 63 serveraddr.sin_addr.s_addr = htonl(INADDR_ANY); 64 serveraddr.sin_port = 0; 65 66 int bound = bind(sockfd, (struct sockaddr *)&serveraddr, sizeof(serveraddr)); 67 CHECK_ERROR(bound < 0, "on binding"); 68 69 int succeeded = 70 pthread_create(&client_thread, NULL, client_thread_udp, &serveraddr); 71 CHECK_ERROR(succeeded, "creating thread"); 72 73 recvfrom(sockfd, buf, kBufSize, 0, NULL, NULL); // BOOM 74 // CHECK-RECVFROM: {{WRITE of size 10 at 0x.* thread T0}} 75 // CHECK-RECVFROM: {{ #1 0x.* in main.*recvfrom.cc:}}[[@LINE-2]] 76 // CHECK-RECVFROM: {{Address 0x.* is located in stack of thread T0 at offset}} 77 // CHECK-RECVFROM-NEXT: in{{.*}}main{{.*}}recvfrom.cc 78 succeeded = pthread_join(client_thread, NULL); 79 CHECK_ERROR(succeeded, "joining thread"); 80 return 0; 81 } 82