summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/allocators_sanity.cc37
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/calloc_left_oob.cc18
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/calloc_right_oob.cc18
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/calloc_uaf.cc21
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/double_free.cc22
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/double_operator_delete.cc23
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/malloc_left_oob.cc18
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/malloc_right_oob.cc18
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/malloc_uaf.cc21
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/realloc_left_oob.cc18
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/realloc_right_oob.cc18
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/realloc_uaf.cc21
-rw-r--r--compiler-rt/test/asan/TestCases/Windows/use_after_realloc.cc24
13 files changed, 277 insertions, 0 deletions
diff --git a/compiler-rt/test/asan/TestCases/Windows/allocators_sanity.cc b/compiler-rt/test/asan/TestCases/Windows/allocators_sanity.cc
new file mode 100644
index 00000000000..55cfdfff0f2
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/allocators_sanity.cc
@@ -0,0 +1,37 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// RUN: %run %t | FileCheck %s
+
+#include <malloc.h>
+#include <stdio.h>
+
+int main() {
+ int *p = (int*)malloc(1024 * sizeof(int));
+ p[512] = 0;
+ free(p);
+
+ p = (int*)malloc(128);
+ p = (int*)realloc(p, 2048 * sizeof(int));
+ p[1024] = 0;
+ free(p);
+
+ p = (int*)calloc(16, sizeof(int));
+ if (p[8] != 0)
+ return 1;
+ p[15]++;
+ if (16 * sizeof(int) != _msize(p))
+ return 2;
+ free(p);
+
+ p = new int;
+ *p = 42;
+ delete p;
+
+ p = new int[42];
+ p[15]++;
+ delete [] p;
+
+ printf("All ok\n");
+// CHECK: All ok
+
+ return 0;
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/calloc_left_oob.cc b/compiler-rt/test/asan/TestCases/Windows/calloc_left_oob.cc
new file mode 100644
index 00000000000..d005e08694e
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/calloc_left_oob.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *buffer = (int*)calloc(42, sizeof(int));
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*calloc_left_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 4 bytes to the left of 168-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* calloc }}
+// CHECK-NEXT: {{#1 .* main .*calloc_left_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/calloc_right_oob.cc b/compiler-rt/test/asan/TestCases/Windows/calloc_right_oob.cc
new file mode 100644
index 00000000000..f013d8b767b
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/calloc_right_oob.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *buffer = (int*)calloc(42, sizeof(int));
+ buffer[42] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*calloc_right_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 168-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* calloc }}
+// CHECK-NEXT: {{#1 .* main .*calloc_right_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/calloc_uaf.cc b/compiler-rt/test/asan/TestCases/Windows/calloc_uaf.cc
new file mode 100644
index 00000000000..824d2b8b4b4
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/calloc_uaf.cc
@@ -0,0 +1,21 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *buffer = (int*)calloc(42, sizeof(int));
+ free(buffer);
+ buffer[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 4 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*calloc_uaf.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 168-byte region
+// CHECK: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*calloc_uaf.cc}}:[[@LINE-8]]
+// CHECK: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* calloc }}
+// CHECK-NEXT: {{#1 .* main .*calloc_uaf.cc}}:[[@LINE-12]]
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/double_free.cc b/compiler-rt/test/asan/TestCases/Windows/double_free.cc
new file mode 100644
index 00000000000..de0c0b5c7bc
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/double_free.cc
@@ -0,0 +1,22 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *x = (int*)malloc(42 * sizeof(int));
+ free(x);
+ free(x);
+// CHECK: AddressSanitizer: attempting double-free on [[ADDR:0x[0-9a-f]+]]
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*double_free.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 168-byte region
+// CHECK-LABEL: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*double_free.cc}}:[[@LINE-8]]
+// CHECK-LABEL: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* malloc }}
+// CHECK-NEXT: {{#1 .* main .*double_free.cc}}:[[@LINE-12]]
+ return 0;
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/double_operator_delete.cc b/compiler-rt/test/asan/TestCases/Windows/double_operator_delete.cc
new file mode 100644
index 00000000000..795af4ac88a
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/double_operator_delete.cc
@@ -0,0 +1,23 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ int *x = new int[42];
+ delete [] x;
+ delete [] x;
+// CHECK: AddressSanitizer: attempting double-free on [[ADDR:0x[0-9a-f]+]]
+// CHECK-NEXT: {{#0 .* operator delete}}[]
+// CHECK-NEXT: {{#1 .* main .*double_operator_delete.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 168-byte region
+// CHECK-LABEL: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* operator delete}}[]
+// CHECK-NEXT: {{#1 .* main .*double_operator_delete.cc}}:[[@LINE-8]]
+// CHECK-LABEL: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* operator new}}[]
+// CHECK-NEXT: {{#1 .* main .*double_operator_delete.cc}}:[[@LINE-12]]
+ return 0;
+}
+
diff --git a/compiler-rt/test/asan/TestCases/Windows/malloc_left_oob.cc b/compiler-rt/test/asan/TestCases/Windows/malloc_left_oob.cc
new file mode 100644
index 00000000000..bf83ad4181d
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/malloc_left_oob.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)malloc(42);
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*malloc_left_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* malloc }}
+// CHECK-NEXT: {{#1 .* main .*malloc_left_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/malloc_right_oob.cc b/compiler-rt/test/asan/TestCases/Windows/malloc_right_oob.cc
new file mode 100644
index 00000000000..0d6b611f625
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/malloc_right_oob.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)malloc(42);
+ buffer[42] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*malloc_right_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 42-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* malloc }}
+// CHECK-NEXT: {{#1 .* main .*malloc_right_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/malloc_uaf.cc b/compiler-rt/test/asan/TestCases/Windows/malloc_uaf.cc
new file mode 100644
index 00000000000..aac64bae8d7
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/malloc_uaf.cc
@@ -0,0 +1,21 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)malloc(42);
+ free(buffer);
+ buffer[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*malloc_uaf.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region
+// CHECK: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*malloc_uaf.cc}}:[[@LINE-8]]
+// CHECK: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* malloc }}
+// CHECK-NEXT: {{#1 .* main .*malloc_uaf.cc}}:[[@LINE-12]]
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/realloc_left_oob.cc b/compiler-rt/test/asan/TestCases/Windows/realloc_left_oob.cc
new file mode 100644
index 00000000000..eb63d5617ed
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/realloc_left_oob.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)realloc(0, 42);
+ buffer[-1] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*realloc_left_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*realloc_left_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/realloc_right_oob.cc b/compiler-rt/test/asan/TestCases/Windows/realloc_right_oob.cc
new file mode 100644
index 00000000000..31dfe7b0ddd
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/realloc_right_oob.cc
@@ -0,0 +1,18 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)realloc(0, 42);
+ buffer[42] = 42;
+// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*realloc_right_oob.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes to the right of 42-byte region
+// CHECK: allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*realloc_right_oob.cc}}:[[@LINE-8]]
+ free(buffer);
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/realloc_uaf.cc b/compiler-rt/test/asan/TestCases/Windows/realloc_uaf.cc
new file mode 100644
index 00000000000..f35740b7d47
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/realloc_uaf.cc
@@ -0,0 +1,21 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)realloc(0, 42);
+ free(buffer);
+ buffer[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*realloc_uaf.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region
+// CHECK: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* free }}
+// CHECK-NEXT: {{#1 .* main .*realloc_uaf.cc}}:[[@LINE-8]]
+// CHECK: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*realloc_uaf.cc}}:[[@LINE-12]]
+}
diff --git a/compiler-rt/test/asan/TestCases/Windows/use_after_realloc.cc b/compiler-rt/test/asan/TestCases/Windows/use_after_realloc.cc
new file mode 100644
index 00000000000..2ec32a1c36d
--- /dev/null
+++ b/compiler-rt/test/asan/TestCases/Windows/use_after_realloc.cc
@@ -0,0 +1,24 @@
+// RUN: %clangxx_asan -O0 %s -Fe%t
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+int main() {
+ char *buffer = (char*)realloc(0, 32),
+ *stale = buffer;
+ buffer = (char*)realloc(buffer, 64);
+ // The 'stale' may now point to a free'd memory.
+ stale[0] = 42;
+// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK-NEXT: {{#0 .* main .*use_after_realloc.cc}}:[[@LINE-3]]
+// CHECK: [[ADDR]] is located 0 bytes inside of 32-byte region
+// CHECK: freed by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*use_after_realloc.cc}}:[[@LINE-9]]
+// CHECK: previously allocated by thread T0 here:
+// CHECK-NEXT: {{#0 .* realloc }}
+// CHECK-NEXT: {{#1 .* main .*use_after_realloc.cc}}:[[@LINE-14]]
+ free(buffer);
+}
OpenPOWER on IntegriCloud