• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // RUN: %clang_scudo %s -o %t
2 // RUN:                                     not %run %t malloc     2>&1 | FileCheck %s
3 // RUN: %env_scudo_opts=QuarantineSizeKb=64 not %run %t quarantine 2>&1 | FileCheck %s
4 
5 // Tests that header corruption of an allocated or quarantined chunk is caught.
6 
7 #include <assert.h>
8 #include <stdlib.h>
9 #include <string.h>
10 
main(int argc,char ** argv)11 int main(int argc, char **argv)
12 {
13   ssize_t offset = sizeof(void *) == 8 ? 8 : 0;
14 
15   assert(argc == 2);
16 
17   if (!strcmp(argv[1], "malloc")) {
18     // Simulate a header corruption of an allocated chunk (1-bit)
19     void *p = malloc(1U << 4);
20     assert(p);
21     ((char *)p)[-(offset + 1)] ^= 1;
22     free(p);
23   }
24   if (!strcmp(argv[1], "quarantine")) {
25     void *p = malloc(1U << 4);
26     assert(p);
27     free(p);
28     // Simulate a header corruption of a quarantined chunk
29     ((char *)p)[-(offset + 2)] ^= 1;
30     // Trigger the quarantine recycle
31     for (int i = 0; i < 0x100; i++) {
32       p = malloc(1U << 8);
33       free(p);
34     }
35   }
36   return 0;
37 }
38 
39 // CHECK: ERROR: corrupted chunk header at address
40