From 2c41329278aeda87f5f598789834eb6f4f765684 Mon Sep 17 00:00:00 2001 From: Timur Iskhodzhanov Date: Thu, 22 May 2014 13:28:27 +0000 Subject: [ASan/Win] Add more tests for operator new[] git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@209439 91177308-0d34-0410-b5e6-96231b3b80d8 --- .../Windows/dll_operator_array_new_left_oob.cc | 26 +++++++++++++++++ .../dll_operator_array_new_with_dtor_left_oob.cc | 34 ++++++++++++++++++++++ .../Windows/operator_array_new_left_oob.cc | 11 ++++--- .../operator_array_new_with_dtor_left_oob.cc | 25 ++++++++++++++++ 4 files changed, 90 insertions(+), 6 deletions(-) create mode 100644 test/asan/TestCases/Windows/dll_operator_array_new_left_oob.cc create mode 100644 test/asan/TestCases/Windows/dll_operator_array_new_with_dtor_left_oob.cc create mode 100644 test/asan/TestCases/Windows/operator_array_new_with_dtor_left_oob.cc (limited to 'test') diff --git a/test/asan/TestCases/Windows/dll_operator_array_new_left_oob.cc b/test/asan/TestCases/Windows/dll_operator_array_new_left_oob.cc new file mode 100644 index 000000000..0c9832256 --- /dev/null +++ b/test/asan/TestCases/Windows/dll_operator_array_new_left_oob.cc @@ -0,0 +1,26 @@ +// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t +// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll +// FIXME: 'cat' is needed due to PR19744. +// RUN: not %run %t %t.dll 2>&1 | cat | FileCheck %s + +extern "C" __declspec(dllexport) +int test_function() { + char *buffer = new char[42]; + buffer[-1] = 42; +// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]] +// CHECK: WRITE of size 1 at [[ADDR]] thread T0 +// CHECK-NEXT: test_function {{.*}}dll_operator_array_new_left_oob.cc:[[@LINE-3]] +// CHECK-NEXT: main {{.*}}dll_host.cc +// +// CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region +// CHECK-LABEL: allocated by thread T0 here: +// FIXME: should get rid of the malloc/free frames called from the inside of +// operator new/delete in DLLs. Also, the operator new frame should have []. +// CHECK-NEXT: malloc +// CHECK-NEXT: operator new +// CHECK-NEXT: test_function {{.*}}dll_operator_array_new_left_oob.cc:[[@LINE-13]] +// CHECK-NEXT: main {{.*}}dll_host.cc +// CHECK-LABEL: SUMMARY + delete [] buffer; + return 0; +} diff --git a/test/asan/TestCases/Windows/dll_operator_array_new_with_dtor_left_oob.cc b/test/asan/TestCases/Windows/dll_operator_array_new_with_dtor_left_oob.cc new file mode 100644 index 000000000..c014b4b90 --- /dev/null +++ b/test/asan/TestCases/Windows/dll_operator_array_new_with_dtor_left_oob.cc @@ -0,0 +1,34 @@ +// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t +// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll +// FIXME: 'cat' is needed due to PR19744. +// RUN: not %run %t %t.dll 2>&1 | cat | FileCheck %s + +struct C { + int x; + ~C() {} +}; + +extern "C" __declspec(dllexport) +int test_function() { + C *buffer = new C[42]; + buffer[-2].x = 42; +// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]] +// CHECK: WRITE of size 4 at [[ADDR]] thread T0 +// CHECK-NEXT: test_function {{.*}}dll_operator_array_new_with_dtor_left_oob.cc:[[@LINE-3]] +// CHECK-NEXT: main {{.*}}dll_host.cc +// +// FIXME: Currently it says "4 bytes ... left of 172-byte region", +// should be "8 bytes ... left of 168-byte region", see +// https://code.google.com/p/address-sanitizer/issues/detail?id=314 +// CHECK: [[ADDR]] is located {{.*}} bytes to the left of 172-byte region +// FIXME: should get rid of the malloc/free frames called from the inside of +// operator new/delete in DLLs. Also, the operator new frame should have []. +// CHECK-LABEL: allocated by thread T0 here: +// CHECK-NEXT: malloc +// CHECK-NEXT: operator new +// CHECK-NEXT: test_function {{.*}}dll_operator_array_new_with_dtor_left_oob.cc:[[@LINE-16]] +// CHECK-NEXT: main {{.*}}dll_host.cc +// CHECK-LABEL: SUMMARY + delete [] buffer; + return 0; +} diff --git a/test/asan/TestCases/Windows/operator_array_new_left_oob.cc b/test/asan/TestCases/Windows/operator_array_new_left_oob.cc index 3e5b96a2d..33b63776f 100644 --- a/test/asan/TestCases/Windows/operator_array_new_left_oob.cc +++ b/test/asan/TestCases/Windows/operator_array_new_left_oob.cc @@ -2,17 +2,16 @@ // FIXME: 'cat' is needed due to PR19744. // RUN: not %run %t 2>&1 | cat | FileCheck %s -#include - int main() { char *buffer = new char[42]; buffer[-1] = 42; // CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]] // CHECK: WRITE of size 1 at [[ADDR]] thread T0 -// CHECK: {{#0 .* main .*operator_array_new_left_oob.cc}}:[[@LINE-3]] +// CHECK-NEXT: {{#0 .* main .*operator_array_new_left_oob.cc}}:[[@LINE-3]] +// // CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region -// CHECK: allocated by thread T0 here: -// CHECK: {{#0 .* operator new}}[] -// CHECK: {{#1 .* main .*operator_array_new_left_oob.cc}}:[[@LINE-8]] +// CHECK-LABEL: allocated by thread T0 here: +// CHECK-NEXT: {{#0 .* operator new}}[] +// CHECK-NEXT: {{#1 .* main .*operator_array_new_left_oob.cc}}:[[@LINE-9]] delete [] buffer; } diff --git a/test/asan/TestCases/Windows/operator_array_new_with_dtor_left_oob.cc b/test/asan/TestCases/Windows/operator_array_new_with_dtor_left_oob.cc new file mode 100644 index 000000000..aa5f495ee --- /dev/null +++ b/test/asan/TestCases/Windows/operator_array_new_with_dtor_left_oob.cc @@ -0,0 +1,25 @@ +// RUN: %clangxx_asan -O0 %s -Fe%t +// FIXME: 'cat' is needed due to PR19744. +// RUN: not %run %t 2>&1 | cat | FileCheck %s + +struct C { + int x; + ~C() {} +}; + +int main() { + C *buffer = new C[42]; + buffer[-2].x = 42; +// CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]] +// CHECK: WRITE of size 4 at [[ADDR]] thread T0 +// CHECK-NEXT: {{#0 .* main .*operator_array_new_with_dtor_left_oob.cc}}:[[@LINE-3]] +// +// FIXME: Currently it says "4 bytes ... left of 172-byte region", +// should be "8 bytes ... left of 168-byte region", see +// https://code.google.com/p/address-sanitizer/issues/detail?id=314 +// CHECK: [[ADDR]] is located {{.*}} bytes to the left of 172-byte region +// CHECK-LABEL: allocated by thread T0 here: +// CHECK-NEXT: {{#0 .* operator new}}[] +// CHECK-NEXT: {{#1 .* main .*operator_array_new_with_dtor_left_oob.cc}}:[[@LINE-12]] + delete [] buffer; +} -- cgit v1.2.3