1 // Test strict_string_checks option in strtoll function
2 // RUN: %clang_asan %s -o %t
3 // RUN: %run %t test1 2>&1
4 // RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1
5 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1
6 // RUN: %run %t test2 2>&1
7 // RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1
8 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2
9 // RUN: %run %t test3 2>&1
10 // RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1
11 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3
12 // RUN: %run %t test4 2>&1
13 // RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1
14 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4
15 // RUN: %run %t test5 2>&1
16 // RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1
17 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5
18 // RUN: %run %t test6 2>&1
19 // RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1
20 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6
21 // RUN: %run %t test7 2>&1
22 // RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1
23 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7
24
25 // FIXME: Enable strtoll interceptor.
26 // XFAIL: win32
27
28 #include <assert.h>
29 #include <stdlib.h>
30 #include <string.h>
31 #include <sanitizer/asan_interface.h>
32
test1(char * array,char * endptr)33 void test1(char *array, char *endptr) {
34 // Buffer overflow if there is no terminating null (depends on base)
35 long long r = strtoll(array, &endptr, 3);
36 assert(array + 2 == endptr);
37 assert(r == 5);
38 }
39
test2(char * array,char * endptr)40 void test2(char *array, char *endptr) {
41 // Buffer overflow if there is no terminating null (depends on base)
42 array[2] = 'z';
43 long long r = strtoll(array, &endptr, 35);
44 assert(array + 2 == endptr);
45 assert(r == 37);
46 }
47
test3(char * array,char * endptr)48 void test3(char *array, char *endptr) {
49 // Buffer overflow if base is invalid.
50 memset(array, 0, 8);
51 ASAN_POISON_MEMORY_REGION(array, 8);
52 long long r = strtoll(array + 1, NULL, -1);
53 assert(r == 0);
54 ASAN_UNPOISON_MEMORY_REGION(array, 8);
55 }
56
test4(char * array,char * endptr)57 void test4(char *array, char *endptr) {
58 // Buffer overflow if base is invalid.
59 long long r = strtoll(array + 3, NULL, 1);
60 assert(r == 0);
61 }
62
test5(char * array,char * endptr)63 void test5(char *array, char *endptr) {
64 // Overflow if no digits are found.
65 array[0] = ' ';
66 array[1] = '+';
67 array[2] = '-';
68 long long r = strtoll(array, NULL, 0);
69 assert(r == 0);
70 }
71
test6(char * array,char * endptr)72 void test6(char *array, char *endptr) {
73 // Overflow if no digits are found.
74 array[0] = ' ';
75 array[1] = array[2] = 'z';
76 long long r = strtoll(array, &endptr, 0);
77 assert(array == endptr);
78 assert(r == 0);
79 }
80
test7(char * array,char * endptr)81 void test7(char *array, char *endptr) {
82 // Overflow if no digits are found.
83 array[2] = 'z';
84 long long r = strtoll(array + 2, NULL, 0);
85 assert(r == 0);
86 }
87
main(int argc,char ** argv)88 int main(int argc, char **argv) {
89 char *array0 = (char*)malloc(11);
90 char* array = array0 + 8;
91 char *endptr = NULL;
92 array[0] = '1';
93 array[1] = '2';
94 array[2] = '3';
95 if (argc != 2) return 1;
96 if (!strcmp(argv[1], "test1")) test1(array, endptr);
97 // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
98 // CHECK1: READ of size 4
99 if (!strcmp(argv[1], "test2")) test2(array, endptr);
100 // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
101 // CHECK2: READ of size 4
102 if (!strcmp(argv[1], "test3")) test3(array0, endptr);
103 // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}
104 // CHECK3: READ of size 1
105 if (!strcmp(argv[1], "test4")) test4(array, endptr);
106 // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
107 // CHECK4: READ of size 1
108 if (!strcmp(argv[1], "test5")) test5(array, endptr);
109 // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
110 // CHECK5: READ of size 4
111 if (!strcmp(argv[1], "test6")) test6(array, endptr);
112 // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
113 // CHECK6: READ of size 4
114 if (!strcmp(argv[1], "test7")) test7(array, endptr);
115 // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
116 // CHECK7: READ of size 2
117 free(array0);
118 return 0;
119 }
120