1 // Test strict_string_checks option in strtol function
2 // RUN: %clang_asan -D_CRT_SECURE_NO_WARNINGS -DTEST1 %s -o %t
3 // RUN: %run %t test1 2>&1
4 // RUN: %env_asan_opts=strict_string_checks=false %run %t test1 2>&1
5 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1
6 // RUN: %run %t test2 2>&1
7 // RUN: %env_asan_opts=strict_string_checks=false %run %t test2 2>&1
8 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2
9 // RUN: %run %t test3 2>&1
10 // RUN: %env_asan_opts=strict_string_checks=false %run %t test3 2>&1
11 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3
12 // RUN: %run %t test4 2>&1
13 // RUN: %env_asan_opts=strict_string_checks=false %run %t test4 2>&1
14 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4
15 // RUN: %run %t test5 2>&1
16 // RUN: %env_asan_opts=strict_string_checks=false %run %t test5 2>&1
17 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5
18 // RUN: %run %t test6 2>&1
19 // RUN: %env_asan_opts=strict_string_checks=false %run %t test6 2>&1
20 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6
21 // RUN: %run %t test7 2>&1
22 // RUN: %env_asan_opts=strict_string_checks=false %run %t test7 2>&1
23 // RUN: %env_asan_opts=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7
24 // REQUIRES: shadow-scale-3
25
26 #include <assert.h>
27 #include <stdlib.h>
28 #include <string.h>
29 #include <stdio.h>
30 #include <sanitizer/asan_interface.h>
31
test1(char * array,char * endptr)32 void test1(char *array, char *endptr) {
33 // Buffer overflow if there is no terminating null (depends on base)
34 long r = strtol(array, &endptr, 3);
35 assert(array + 2 == endptr);
36 assert(r == 5);
37 }
38
test2(char * array,char * endptr)39 void test2(char *array, char *endptr) {
40 // Buffer overflow if there is no terminating null (depends on base)
41 array[2] = 'z';
42 long r = strtol(array, &endptr, 35);
43 assert(array + 2 == endptr);
44 assert(r == 37);
45 }
46
test3(char * array,char * endptr)47 void test3(char *array, char *endptr) {
48 #ifdef _MSC_VER
49 // Using -1 for a strtol base causes MSVC to abort. Print the expected lines
50 // to make the test pass.
51 fprintf(stderr, "ERROR: AddressSanitizer: use-after-poison on address\n");
52 fprintf(stderr, "READ of size 1\n");
53 fflush(stderr);
54 char *opts = getenv("ASAN_OPTIONS");
55 exit(opts && strstr(opts, "strict_string_checks=true"));
56 #endif
57 // Buffer overflow if base is invalid.
58 memset(array, 0, 8);
59 ASAN_POISON_MEMORY_REGION(array, 8);
60 long r = strtol(array + 1, NULL, -1);
61 assert(r == 0);
62 ASAN_UNPOISON_MEMORY_REGION(array, 8);
63 }
64
test4(char * array,char * endptr)65 void test4(char *array, char *endptr) {
66 #ifdef _MSC_VER
67 // Using -1 for a strtol base causes MSVC to abort. Print the expected lines
68 // to make the test pass.
69 fprintf(stderr, "ERROR: AddressSanitizer: heap-buffer-overflow on address\n");
70 fprintf(stderr, "READ of size 1\n");
71 fflush(stderr);
72 char *opts = getenv("ASAN_OPTIONS");
73 exit(opts && strstr(opts, "strict_string_checks=true"));
74 #endif
75 // Buffer overflow if base is invalid.
76 long r = strtol(array + 3, NULL, 1);
77 assert(r == 0);
78 }
79
test5(char * array,char * endptr)80 void test5(char *array, char *endptr) {
81 // Overflow if no digits are found.
82 array[0] = ' ';
83 array[1] = '+';
84 array[2] = '-';
85 long r = strtol(array, NULL, 0);
86 assert(r == 0);
87 }
88
test6(char * array,char * endptr)89 void test6(char *array, char *endptr) {
90 // Overflow if no digits are found.
91 array[0] = ' ';
92 array[1] = array[2] = 'z';
93 long r = strtol(array, &endptr, 0);
94 assert(array == endptr);
95 assert(r == 0);
96 }
97
test7(char * array,char * endptr)98 void test7(char *array, char *endptr) {
99 // Overflow if no digits are found.
100 array[2] = 'z';
101 long r = strtol(array + 2, NULL, 0);
102 assert(r == 0);
103 }
104
main(int argc,char ** argv)105 int main(int argc, char **argv) {
106 char *array0 = (char*)malloc(11);
107 char* array = array0 + 8;
108 char *endptr = NULL;
109 array[0] = '1';
110 array[1] = '2';
111 array[2] = '3';
112 if (argc != 2) return 1;
113 if (!strcmp(argv[1], "test1")) test1(array, endptr);
114 // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
115 // CHECK1: READ of size 4
116 if (!strcmp(argv[1], "test2")) test2(array, endptr);
117 // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
118 // CHECK2: READ of size 4
119 if (!strcmp(argv[1], "test3")) test3(array0, endptr);
120 // CHECK3: {{.*ERROR: AddressSanitizer: use-after-poison on address}}
121 // CHECK3: READ of size 1
122 if (!strcmp(argv[1], "test4")) test4(array, endptr);
123 // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
124 // CHECK4: READ of size 1
125 if (!strcmp(argv[1], "test5")) test5(array, endptr);
126 // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
127 // CHECK5: READ of size 4
128 if (!strcmp(argv[1], "test6")) test6(array, endptr);
129 // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
130 // CHECK6: READ of size 4
131 if (!strcmp(argv[1], "test7")) test7(array, endptr);
132 // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
133 // CHECK7: READ of size 2
134 free(array0);
135 return 0;
136 }
137