1 // RUN: %clang_scudo %s -o %t
2 // RUN: not %run %t malloc 2>&1 | FileCheck %s
3 // RUN: SCUDO_OPTIONS=QuarantineSizeMb=1 not %run %t quarantine 2>&1 | FileCheck %s
4
5 // Tests that header corruption of an allocated or quarantined chunk is caught.
6
7 #include <assert.h>
8 #include <stdlib.h>
9 #include <string.h>
10
main(int argc,char ** argv)11 int main(int argc, char **argv)
12 {
13 assert(argc == 2);
14 if (!strcmp(argv[1], "malloc")) {
15 // Simulate a header corruption of an allocated chunk (1-bit)
16 void *p = malloc(1U << 4);
17 if (!p)
18 return 1;
19 ((char *)p)[-1] ^= 1;
20 free(p);
21 }
22 if (!strcmp(argv[1], "quarantine")) {
23 void *p = malloc(1U << 4);
24 if (!p)
25 return 1;
26 free(p);
27 // Simulate a header corruption of a quarantined chunk
28 ((char *)p)[-2] ^= 1;
29 // Trigger the quarantine recycle
30 for (int i = 0; i < 0x100; i++) {
31 p = malloc(1U << 16);
32 free(p);
33 }
34 }
35 return 0;
36 }
37
38 // CHECK: ERROR: corrupted chunk header at address
39