[asan] implement more strict checking for memset/etc parameters. Instead of checking the first and the last byte, we check the entire shadow region. This costs ~10 slowdown for the instrumented functions. Motivated by a nasty memset-buffer-overflow-by-140-bytes in chrome which was reported as a use-after-free or not at all

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@171198 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 20 insertions, 0 deletions

diff --git a/lib/sanitizer_common/tests/sanitizer_libc_test.cc b/lib/sanitizer_common/tests/sanitizer_libc_test.cc
index ff38e16ae..b9d8414e0 100644
--- a/lib/sanitizer_common/tests/sanitizer_libc_test.cc
+++ b/lib/sanitizer_common/tests/sanitizer_libc_test.cc
@@ -20,3 +20,23 @@ TEST(SanitizerCommon, InternalMemmoveRegression) {
   EXPECT_EQ(dest[0], src[0]);
   EXPECT_EQ(dest[4], src[4]);
 }
+
+TEST(SanitizerCommon, mem_is_zero) {
+  size_t size = 128;
+  char *x = new char[size];
+  memset(x, 0, size);
+  for (size_t pos = 0; pos < size; pos++) {
+    x[pos] = 1;
+    for (size_t beg = 0; beg < size; beg++) {
+      for (size_t end = beg; end < size; end++) {
+        // fprintf(stderr, "pos %zd beg %zd end %zd \n", pos, beg, end);
+        if (beg <= pos && pos < end)
+          EXPECT_FALSE(__sanitizer::mem_is_zero(x + beg, end - beg));
+        else
+          EXPECT_TRUE(__sanitizer::mem_is_zero(x + beg, end - beg));
+      }
+    }
+    x[pos] = 0;
+  }
+  delete [] x;
+}