1 // RUN: export ASAN_OPTIONS=detect_stack_use_after_return=1 2 // RUN: %clangxx_asan -O0 %s -o %t && \ 3 // RUN: not %run %t 2>&1 | FileCheck %s 4 // RUN: %clangxx_asan -O2 %s -o %t && \ 5 // RUN: not %run %t 2>&1 | FileCheck %s 6 // XFAIL: arm-linux-gnueabi 7 8 // FIXME: Fix this test under GCC. 9 // REQUIRES: Clang 10 11 #include <stdio.h> 12 #include <string.h> 13 #include <stdlib.h> 14 15 __attribute__((noinline)) pretend_to_do_something(char * x)16char *pretend_to_do_something(char *x) { 17 __asm__ __volatile__("" : : "r" (x) : "memory"); 18 return x; 19 } 20 21 __attribute__((noinline)) LeakStack()22char *LeakStack() { 23 char x[1024]; 24 memset(x, 0, sizeof(x)); 25 return pretend_to_do_something(x); 26 } 27 28 template<size_t kFrameSize> 29 __attribute__((noinline)) RecuriveFunctionWithStackFrame(int depth)30void RecuriveFunctionWithStackFrame(int depth) { 31 if (depth <= 0) return; 32 char x[kFrameSize]; 33 x[0] = depth; 34 pretend_to_do_something(x); 35 RecuriveFunctionWithStackFrame<kFrameSize>(depth - 1); 36 } 37 main(int argc,char ** argv)38int main(int argc, char **argv) { 39 int n_iter = argc >= 2 ? atoi(argv[1]) : 1000; 40 int depth = argc >= 3 ? atoi(argv[2]) : 500; 41 for (int i = 0; i < n_iter; i++) { 42 RecuriveFunctionWithStackFrame<10>(depth); 43 RecuriveFunctionWithStackFrame<100>(depth); 44 RecuriveFunctionWithStackFrame<500>(depth); 45 RecuriveFunctionWithStackFrame<1024>(depth); 46 RecuriveFunctionWithStackFrame<2000>(depth); 47 RecuriveFunctionWithStackFrame<5000>(depth); 48 RecuriveFunctionWithStackFrame<10000>(depth); 49 } 50 char *stale_stack = LeakStack(); 51 RecuriveFunctionWithStackFrame<1024>(10); 52 stale_stack[100]++; 53 // CHECK: ERROR: AddressSanitizer: stack-use-after-return on address 54 // CHECK: is located in stack of thread T0 at offset {{116|132}} in frame 55 // CHECK: in LeakStack(){{.*}}heavy_uar_test.cc: 56 // CHECK: [{{16|32}}, {{1040|1056}}) 'x' 57 return 0; 58 } 59