diff options
author | Kostya Serebryany <kcc@google.com> | 2012-12-28 15:24:16 +0000 |
---|---|---|
committer | Kostya Serebryany <kcc@google.com> | 2012-12-28 15:24:16 +0000 |
commit | eb2809311c94b73c269ccef8d68ae368642e5754 (patch) | |
tree | 7ba1859ac988ec258410e9e94a1599e7debaaa0c /lib/sanitizer_common/tests/sanitizer_libc_test.cc | |
parent | a6d4cf7c4be9b81793ea6be63c4b92d9c162a66c (diff) |
[asan] implement more strict checking for memset/etc parameters. Instead of checking the first and the last byte, we check the entire shadow region. This costs ~10 slowdown for the instrumented functions. Motivated by a nasty memset-buffer-overflow-by-140-bytes in chrome which was reported as a use-after-free or not at all
git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@171198 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'lib/sanitizer_common/tests/sanitizer_libc_test.cc')
-rw-r--r-- | lib/sanitizer_common/tests/sanitizer_libc_test.cc | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/lib/sanitizer_common/tests/sanitizer_libc_test.cc b/lib/sanitizer_common/tests/sanitizer_libc_test.cc index ff38e16ae..b9d8414e0 100644 --- a/lib/sanitizer_common/tests/sanitizer_libc_test.cc +++ b/lib/sanitizer_common/tests/sanitizer_libc_test.cc @@ -20,3 +20,23 @@ TEST(SanitizerCommon, InternalMemmoveRegression) { EXPECT_EQ(dest[0], src[0]); EXPECT_EQ(dest[4], src[4]); } + +TEST(SanitizerCommon, mem_is_zero) { + size_t size = 128; + char *x = new char[size]; + memset(x, 0, size); + for (size_t pos = 0; pos < size; pos++) { + x[pos] = 1; + for (size_t beg = 0; beg < size; beg++) { + for (size_t end = beg; end < size; end++) { + // fprintf(stderr, "pos %zd beg %zd end %zd \n", pos, beg, end); + if (beg <= pos && pos < end) + EXPECT_FALSE(__sanitizer::mem_is_zero(x + beg, end - beg)); + else + EXPECT_TRUE(__sanitizer::mem_is_zero(x + beg, end - beg)); + } + } + x[pos] = 0; + } + delete [] x; +} |