1 // Test strict_string_checks option in strtol function 2 // RUN: %clang_asan -D_CRT_SECURE_NO_WARNINGS -DTEST1 %s -o %t 3 // RUN: %run %t test1 2>&1 4 // RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1 5 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1 6 // RUN: %run %t test2 2>&1 7 // RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1 8 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2 9 // RUN: %run %t test3 2>&1 10 // RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1 11 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3 12 // RUN: %run %t test4 2>&1 13 // RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1 14 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4 15 // RUN: %run %t test5 2>&1 16 // RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1 17 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5 18 // RUN: %run %t test6 2>&1 19 // RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1 20 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6 21 // RUN: %run %t test7 2>&1 22 // RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1 23 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7 24 25 #include <assert.h> 26 #include <stdlib.h> 27 #include <string.h> 28 #include <stdio.h> 29 #include <sanitizer/asan_interface.h> 30 31 void test1(char *array, char *endptr) { 32 // Buffer overflow if there is no terminating null (depends on base) 33 long r = strtol(array, &endptr, 3); 34 assert(array + 2 == endptr); 35 assert(r == 5); 36 } 37 38 void test2(char *array, char *endptr) { 39 // Buffer overflow if there is no terminating null (depends on base) 40 array[2] = 'z'; 41 long r = strtol(array, &endptr, 35); 42 assert(array + 2 == endptr); 43 assert(r == 37); 44 } 45 46 void test3(char *array, char *endptr) { 47 #ifdef _MSC_VER 48 // Using -1 for a strtol base causes MSVC to abort. Print the expected lines 49 // to make the test pass. 50 fprintf(stderr, "ERROR: AddressSanitizer: use-after-poison on address\n"); 51 fprintf(stderr, "READ of size 1\n"); 52 fflush(stderr); 53 char *opts = getenv("ASAN_OPTIONS"); 54 exit(opts && strstr(opts, "strict_string_checks=true")); 55 #endif 56 // Buffer overflow if base is invalid. 57 memset(array, 0, 8); 58 ASAN_POISON_MEMORY_REGION(array, 8); 59 long r = strtol(array + 1, NULL, -1); 60 assert(r == 0); 61 ASAN_UNPOISON_MEMORY_REGION(array, 8); 62 } 63 64 void test4(char *array, char *endptr) { 65 #ifdef _MSC_VER 66 // Using -1 for a strtol base causes MSVC to abort. Print the expected lines 67 // to make the test pass. 68 fprintf(stderr, "ERROR: AddressSanitizer: heap-buffer-overflow on address\n"); 69 fprintf(stderr, "READ of size 1\n"); 70 fflush(stderr); 71 char *opts = getenv("ASAN_OPTIONS"); 72 exit(opts && strstr(opts, "strict_string_checks=true")); 73 #endif 74 // Buffer overflow if base is invalid. 75 long r = strtol(array + 3, NULL, 1); 76 assert(r == 0); 77 } 78 79 void test5(char *array, char *endptr) { 80 // Overflow if no digits are found. 81 array[0] = ' '; 82 array[1] = '+'; 83 array[2] = '-'; 84 long r = strtol(array, NULL, 0); 85 assert(r == 0); 86 } 87 88 void test6(char *array, char *endptr) { 89 // Overflow if no digits are found. 90 array[0] = ' '; 91 array[1] = array[2] = 'z'; 92 long r = strtol(array, &endptr, 0); 93 assert(array == endptr); 94 assert(r == 0); 95 } 96 97 void test7(char *array, char *endptr) { 98 // Overflow if no digits are found. 99 array[2] = 'z'; 100 long r = strtol(array + 2, NULL, 0); 101 assert(r == 0); 102 } 103 104 int main(int argc, char **argv) { 105 char *array0 = (char*)malloc(11); 106 char* array = array0 + 8; 107 char *endptr = NULL; 108 array[0] = '1'; 109 array[1] = '2'; 110 array[2] = '3'; 111 if (argc != 2) return 1; 112 if (!strcmp(argv[1], "test1")) test1(array, endptr); 113 // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}} 114 // CHECK1: READ of size 4 115 if (!strcmp(argv[1], "test2")) test2(array, endptr); 116 // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}} 117 // CHECK2: READ of size 4 118 if (!strcmp(argv[1], "test3")) test3(array0, endptr); 119 // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}} 120 // CHECK3: READ of size 1 121 if (!strcmp(argv[1], "test4")) test4(array, endptr); 122 // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}} 123 // CHECK4: READ of size 1 124 if (!strcmp(argv[1], "test5")) test5(array, endptr); 125 // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}} 126 // CHECK5: READ of size 4 127 if (!strcmp(argv[1], "test6")) test6(array, endptr); 128 // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}} 129 // CHECK6: READ of size 4 130 if (!strcmp(argv[1], "test7")) test7(array, endptr); 131 // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}} 132 // CHECK7: READ of size 2 133 free(array0); 134 return 0; 135 } 136
