You've already forked linux-packaging-mono
							
							
		
			
	
	
		
			129 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
		
		
			
		
	
	
			129 lines
		
	
	
		
			4.0 KiB
		
	
	
	
		
			C++
		
	
	
	
	
	
|   | //===-- asan_oob_test.cc --------------------------------------------------===//
 | ||
|  | //
 | ||
|  | //                     The LLVM Compiler Infrastructure
 | ||
|  | //
 | ||
|  | // This file is distributed under the University of Illinois Open Source
 | ||
|  | // License. See LICENSE.TXT for details.
 | ||
|  | //
 | ||
|  | //===----------------------------------------------------------------------===//
 | ||
|  | //
 | ||
|  | // This file is a part of AddressSanitizer, an address sanity checker.
 | ||
|  | //
 | ||
|  | //===----------------------------------------------------------------------===//
 | ||
|  | #include "asan_test_utils.h"
 | ||
|  | 
 | ||
|  | NOINLINE void asan_write_sized_aligned(uint8_t *p, size_t size) { | ||
|  |   EXPECT_EQ(0U, ((uintptr_t)p % size)); | ||
|  |   if      (size == 1) asan_write((uint8_t*)p); | ||
|  |   else if (size == 2) asan_write((uint16_t*)p); | ||
|  |   else if (size == 4) asan_write((uint32_t*)p); | ||
|  |   else if (size == 8) asan_write((uint64_t*)p); | ||
|  | } | ||
|  | 
 | ||
|  | template<typename T> | ||
|  | NOINLINE void oob_test(int size, int off) { | ||
|  |   char *p = (char*)malloc_aaa(size); | ||
|  |   // fprintf(stderr, "writing %d byte(s) into [%p,%p) with offset %d\n",
 | ||
|  |   //        sizeof(T), p, p + size, off);
 | ||
|  |   asan_write((T*)(p + off)); | ||
|  |   free_aaa(p); | ||
|  | } | ||
|  | 
 | ||
|  | template<typename T> | ||
|  | void OOBTest() { | ||
|  |   char expected_str[100]; | ||
|  |   for (int size = sizeof(T); size < 20; size += 5) { | ||
|  |     for (int i = -5; i < 0; i++) { | ||
|  |       const char *str = | ||
|  |           "is located.*%d byte.*to the left"; | ||
|  |       sprintf(expected_str, str, abs(i)); | ||
|  |       EXPECT_DEATH(oob_test<T>(size, i), expected_str); | ||
|  |     } | ||
|  | 
 | ||
|  |     for (int i = 0; i < (int)(size - sizeof(T) + 1); i++) | ||
|  |       oob_test<T>(size, i); | ||
|  | 
 | ||
|  |     for (int i = size - sizeof(T) + 1; i <= (int)(size + 2 * sizeof(T)); i++) { | ||
|  |       const char *str = | ||
|  |           "is located.*%d byte.*to the right"; | ||
|  |       int off = i >= size ? (i - size) : 0; | ||
|  |       // we don't catch unaligned partially OOB accesses.
 | ||
|  |       if (i % sizeof(T)) continue; | ||
|  |       sprintf(expected_str, str, off); | ||
|  |       EXPECT_DEATH(oob_test<T>(size, i), expected_str); | ||
|  |     } | ||
|  |   } | ||
|  | 
 | ||
|  |   EXPECT_DEATH(oob_test<T>(kLargeMalloc, -1), | ||
|  |           "is located.*1 byte.*to the left"); | ||
|  |   EXPECT_DEATH(oob_test<T>(kLargeMalloc, kLargeMalloc), | ||
|  |           "is located.*0 byte.*to the right"); | ||
|  | } | ||
|  | 
 | ||
|  | // TODO(glider): the following tests are EXTREMELY slow on Darwin:
 | ||
|  | //   AddressSanitizer.OOB_char (125503 ms)
 | ||
|  | //   AddressSanitizer.OOB_int (126890 ms)
 | ||
|  | //   AddressSanitizer.OOBRightTest (315605 ms)
 | ||
|  | //   AddressSanitizer.SimpleStackTest (366559 ms)
 | ||
|  | 
 | ||
|  | TEST(AddressSanitizer, OOB_char) { | ||
|  |   OOBTest<U1>(); | ||
|  | } | ||
|  | 
 | ||
|  | TEST(AddressSanitizer, OOB_int) { | ||
|  |   OOBTest<U4>(); | ||
|  | } | ||
|  | 
 | ||
|  | TEST(AddressSanitizer, OOBRightTest) { | ||
|  |   size_t max_access_size = SANITIZER_WORDSIZE == 64 ? 8 : 4; | ||
|  |   for (size_t access_size = 1; access_size <= max_access_size; | ||
|  |        access_size *= 2) { | ||
|  |     for (size_t alloc_size = 1; alloc_size <= 8; alloc_size++) { | ||
|  |       for (size_t offset = 0; offset <= 8; offset += access_size) { | ||
|  |         void *p = malloc(alloc_size); | ||
|  |         // allocated: [p, p + alloc_size)
 | ||
|  |         // accessed:  [p + offset, p + offset + access_size)
 | ||
|  |         uint8_t *addr = (uint8_t*)p + offset; | ||
|  |         if (offset + access_size <= alloc_size) { | ||
|  |           asan_write_sized_aligned(addr, access_size); | ||
|  |         } else { | ||
|  |           int outside_bytes = offset > alloc_size ? (offset - alloc_size) : 0; | ||
|  |           const char *str = | ||
|  |               "is located.%d *byte.*to the right"; | ||
|  |           char expected_str[100]; | ||
|  |           sprintf(expected_str, str, outside_bytes); | ||
|  |           EXPECT_DEATH(asan_write_sized_aligned(addr, access_size), | ||
|  |                        expected_str); | ||
|  |         } | ||
|  |         free(p); | ||
|  |       } | ||
|  |     } | ||
|  |   } | ||
|  | } | ||
|  | 
 | ||
|  | TEST(AddressSanitizer, LargeOOBRightTest) { | ||
|  |   size_t large_power_of_two = 1 << 19; | ||
|  |   for (size_t i = 16; i <= 256; i *= 2) { | ||
|  |     size_t size = large_power_of_two - i; | ||
|  |     char *p = Ident(new char[size]); | ||
|  |     EXPECT_DEATH(p[size] = 0, "is located 0 bytes to the right"); | ||
|  |     delete [] p; | ||
|  |   } | ||
|  | } | ||
|  | 
 | ||
|  | TEST(AddressSanitizer, DISABLED_DemoOOBLeftLow) { | ||
|  |   oob_test<U1>(10, -1); | ||
|  | } | ||
|  | 
 | ||
|  | TEST(AddressSanitizer, DISABLED_DemoOOBLeftHigh) { | ||
|  |   oob_test<U1>(kLargeMalloc, -1); | ||
|  | } | ||
|  | 
 | ||
|  | TEST(AddressSanitizer, DISABLED_DemoOOBRightLow) { | ||
|  |   oob_test<U1>(10, 10); | ||
|  | } | ||
|  | 
 | ||
|  | TEST(AddressSanitizer, DISABLED_DemoOOBRightHigh) { | ||
|  |   oob_test<U1>(kLargeMalloc, kLargeMalloc); | ||
|  | } |