1 // Test that ASan detects buffer overflow on read from socket via recvfrom.
2 //
3 // RUN: %clangxx_asan %s -DRECVFROM -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-RECVFROM
4 // RUN: %clangxx_asan %s -DSENDTO -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-SENDTO
5 // RUN: %clangxx_asan %s -DSENDTO -o %t && %env_asan_opts=intercept_send=0 %run %t 2>&1
6 //
7 // UNSUPPORTED: android
8
9 #include <stdio.h>
10 #include <unistd.h>
11 #include <stdlib.h>
12 #include <string.h>
13 #include <netdb.h>
14 #include <sys/types.h>
15 #include <sys/socket.h>
16 #include <pthread.h>
17
18 #define CHECK_ERROR(p, m) \
19 do { \
20 if (p) { \
21 fprintf(stderr, "ERROR " m "\n"); \
22 exit(1); \
23 } \
24 } while (0)
25
26 const int kBufSize = 10;
27 int sockfd;
28
client_thread_udp(void * data)29 static void *client_thread_udp(void *data) {
30 #ifdef SENDTO
31 const char buf[kBufSize / 2] = {0, };
32 #else
33 const char buf[kBufSize] = {0, };
34 #endif
35 struct sockaddr_in serveraddr;
36 socklen_t addrlen = sizeof(serveraddr);
37
38 int succeeded = getsockname(sockfd, (struct sockaddr *)&serveraddr, &addrlen);
39 CHECK_ERROR(succeeded < 0, "in getsockname");
40
41 succeeded = sendto(sockfd, buf, kBufSize, 0, (struct sockaddr *)&serveraddr,
42 sizeof(serveraddr));
43 // CHECK-SENDTO: {{READ of size 10 at 0x.* thread T1}}
44 // CHECK-SENDTO: {{ #1 0x.* in client_thread_udp.*recvfrom.cc:}}[[@LINE-3]]
45 CHECK_ERROR(succeeded < 0, "in sending message");
46 return NULL;
47 }
48
main()49 int main() {
50 #ifdef RECVFROM
51 char buf[kBufSize / 2];
52 #else
53 char buf[kBufSize];
54 #endif
55 pthread_t client_thread;
56 struct sockaddr_in serveraddr;
57
58 sockfd = socket(AF_INET, SOCK_DGRAM, 0);
59 CHECK_ERROR(sockfd < 0, "opening socket");
60
61 memset(&serveraddr, 0, sizeof(serveraddr));
62 serveraddr.sin_family = AF_INET;
63 serveraddr.sin_addr.s_addr = htonl(INADDR_ANY);
64 serveraddr.sin_port = 0;
65
66 int bound = bind(sockfd, (struct sockaddr *)&serveraddr, sizeof(serveraddr));
67 CHECK_ERROR(bound < 0, "on binding");
68
69 int succeeded =
70 pthread_create(&client_thread, NULL, client_thread_udp, &serveraddr);
71 CHECK_ERROR(succeeded, "creating thread");
72
73 recvfrom(sockfd, buf, kBufSize, 0, NULL, NULL); // BOOM
74 // CHECK-RECVFROM: {{WRITE of size 10 at 0x.* thread T0}}
75 // CHECK-RECVFROM: {{ #1 0x.* in main.*recvfrom.cc:}}[[@LINE-2]]
76 // CHECK-RECVFROM: {{Address 0x.* is located in stack of thread T0 at offset}}
77 // CHECK-RECVFROM-NEXT: in{{.*}}main{{.*}}recvfrom.cc
78 succeeded = pthread_join(client_thread, NULL);
79 CHECK_ERROR(succeeded, "joining thread");
80 return 0;
81 }
82