From 2bfff021adbac5889ad54bac5fc997e13e09d3a0 Mon Sep 17 00:00:00 2001
From: Kostya Serebryany <kcc@google.com>
Date: Sat, 22 Oct 2016 00:05:44 +0000
Subject: [libFuzzer] add a test for asan's strict_string_checks=1

llvm-svn: 284902
---
 llvm/lib/Fuzzer/test/CMakeLists.txt     |  1 +
 llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp | 21 +++++++++++++++++++++
 llvm/lib/Fuzzer/test/fuzzer.test        |  4 ++++
 3 files changed, 26 insertions(+)
 create mode 100644 llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp

(limited to 'llvm/lib')

diff --git a/llvm/lib/Fuzzer/test/CMakeLists.txt b/llvm/lib/Fuzzer/test/CMakeLists.txt
index 1475c663f22..d869bfaaffa 100644
--- a/llvm/lib/Fuzzer/test/CMakeLists.txt
+++ b/llvm/lib/Fuzzer/test/CMakeLists.txt
@@ -100,6 +100,7 @@ set(Tests
   ShrinkControlFlowTest
   ShrinkValueProfileTest
   StrcmpTest
+  StrncmpOOBTest
   StrncmpTest
   StrstrTest
   SwapCmpTest
diff --git a/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp b/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp
new file mode 100644
index 00000000000..f70b003afad
--- /dev/null
+++ b/llvm/lib/Fuzzer/test/StrncmpOOBTest.cpp
@@ -0,0 +1,21 @@
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+
+// Test that libFuzzer itself does not read out of bounds.
+#include <assert.h>
+#include <cstdint>
+#include <cstring>
+#include <cstdlib>
+#include <cstddef>
+#include <iostream>
+
+static volatile int Sink;
+
+extern "C" int LLVMFuzzerTestOneInput(const uint8_t *Data, size_t Size) {
+  if (Size < 5) return 0;
+  const char *Ch = reinterpret_cast<const char *>(Data);
+  if (Ch[Size - 3] == 'a')
+    Sink = strncmp(Ch + Size - 3, "abcdefg", 6);
+  return 0;
+}
+
diff --git a/llvm/lib/Fuzzer/test/fuzzer.test b/llvm/lib/Fuzzer/test/fuzzer.test
index fe408596f5f..df694987f09 100644
--- a/llvm/lib/Fuzzer/test/fuzzer.test
+++ b/llvm/lib/Fuzzer/test/fuzzer.test
@@ -57,3 +57,7 @@ RUN: LLVMFuzzer-SimpleTest-TracePC  -exit_on_src_pos=SimpleTest.cpp:17
 RUN: LLVMFuzzer-ShrinkControlFlowTest-TracePC  -exit_on_src_pos=ShrinkControlFlowTest.cpp:23 2>&1 | FileCheck %s --check-prefix=EXIT_ON_SRC_POS
 EXIT_ON_SRC_POS: INFO: found line matching '{{.*}}', exiting.
 
+RUN: ASAN_OPTIONS=strict_string_checks=1 not LLVMFuzzer-StrncmpOOBTest -seed=1 -runs=1000000 2>&1 | FileCheck %s --check-prefix=STRNCMP
+STRNCMP: AddressSanitizer: heap-buffer-overflow
+STRNCMP-NOT: __sanitizer_weak_hook_strncmp
+STRNCMP: in LLVMFuzzerTestOneInput
-- 
cgit v1.2.3