[asan] provide better reports for cases where memcpy/etc get negative size parameter. Also fix a typo found by Tetsuo Kiso

llvm-svn: 206158

1 files changed, 9 insertions, 0 deletions

diff --git a/compiler-rt/test/asan/TestCases/memset_test.cc b/compiler-rt/test/asan/TestCases/memset_test.cc
index ea7702566fc..fc796f5bc9c 100644
--- a/compiler-rt/test/asan/TestCases/memset_test.cc
+++ b/compiler-rt/test/asan/TestCases/memset_test.cc
@@ -27,6 +27,9 @@
 // RUN: %clangxx_asan -O3 -DTEST_MEMMOVE %s -o %t && not %t 2>&1 | \
 // RUN:     FileCheck %s --check-prefix=CHECK-MEMMOVE
 
+// RUN: %clangxx_asan -O2 -DTEST_MEMCPY_SIZE_OVERFLOW %s -o %t && not %t 2>&1 | \
+// RUN:     FileCheck %s --check-prefix=CHECK-MEMCPY_SIZE_OVERFLOW
+
 #include <assert.h>
 #include <string.h>
 #include <stdlib.h>
@@ -34,6 +37,8 @@
 
 #include <sanitizer/asan_interface.h>
 
+typedef void *(*memcpy_t)(void *, const void *, size_t);
+
 int main(int argc, char **argv) {
   char * volatile p = (char *)malloc(3000);
   __asan_poison_memory_region(p + 512, 16);
@@ -53,6 +58,10 @@ int main(int argc, char **argv) {
   memmove(q, p, 3000);
   // CHECK-MEMMOVE: AddressSanitizer: use-after-poison on address
   // CHECK-MEMMOVE: in {{.*(memmove|memcpy)}}
+#elif defined(TEST_MEMCPY_SIZE_OVERFLOW)
+  volatile memcpy_t my_memcpy = &memcpy;
+  my_memcpy(p, q, -argc);
+  // CHECK-MEMCPY_SIZE_OVERFLOW: AddressSanitizer: negative-size-param: (size=-1)
 #endif
   assert(q[1] == 0);
   free(q);