1 // Test strict_string_checks option in strtoll function
2 // RUN: %clang_asan -DTEST1 %s -o %t
3 // RUN: %run %t test1 2>&1
4 // RUN: ASAN_OPTIONS=strict_string_checks=false %run %t test1 2>&1
5 // RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t test1 2>&1 | FileCheck %s --check-prefix=CHECK1
6 // RUN: %run %t test2 2>&1
7 // RUN: ASAN_OPTIONS=strict_string_checks=false %run %t test2 2>&1
8 // RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t test2 2>&1 | FileCheck %s --check-prefix=CHECK2
9 // RUN: %run %t test3 2>&1
10 // RUN: ASAN_OPTIONS=strict_string_checks=false %run %t test3 2>&1
11 // RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t test3 2>&1 | FileCheck %s --check-prefix=CHECK3
12 // RUN: %run %t test4 2>&1
13 // RUN: ASAN_OPTIONS=strict_string_checks=false %run %t test4 2>&1
14 // RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t test4 2>&1 | FileCheck %s --check-prefix=CHECK4
15 // RUN: %run %t test5 2>&1
16 // RUN: ASAN_OPTIONS=strict_string_checks=false %run %t test5 2>&1
17 // RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t test5 2>&1 | FileCheck %s --check-prefix=CHECK5
18 // RUN: %run %t test6 2>&1
19 // RUN: ASAN_OPTIONS=strict_string_checks=false %run %t test6 2>&1
20 // RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t test6 2>&1 | FileCheck %s --check-prefix=CHECK6
21 // RUN: %run %t test7 2>&1
22 // RUN: ASAN_OPTIONS=strict_string_checks=false %run %t test7 2>&1
23 // RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t test7 2>&1 | FileCheck %s --check-prefix=CHECK7
24 
25 #include <assert.h>
26 #include <stdlib.h>
27 #include <string.h>
28 
test1(char * array,char * endptr)29 void test1(char *array, char *endptr) {
30   // Buffer overflow if there is no terminating null (depends on base)
31   long long r = strtoll(array, &endptr, 3);
32   assert(array + 2 == endptr);
33   assert(r == 5);
34 }
35 
test2(char * array,char * endptr)36 void test2(char *array, char *endptr) {
37   // Buffer overflow if there is no terminating null (depends on base)
38   array[2] = 'z';
39   long long r = strtoll(array, &endptr, 35);
40   assert(array + 2 == endptr);
41   assert(r == 37);
42 }
43 
test3(char * array,char * endptr)44 void test3(char *array, char *endptr) {
45   // Buffer overflow if base is invalid.
46   long long r = strtoll(array - 1, NULL, -1);
47   assert(r == 0);
48 }
49 
test4(char * array,char * endptr)50 void test4(char *array, char *endptr) {
51   // Buffer overflow if base is invalid.
52   long long r = strtoll(array + 3, NULL, 1);
53   assert(r == 0);
54 }
55 
test5(char * array,char * endptr)56 void test5(char *array, char *endptr) {
57   // Overflow if no digits are found.
58   array[0] = ' ';
59   array[1] = '+';
60   array[2] = '-';
61   long long r = strtoll(array, NULL, 0);
62   assert(r == 0);
63 }
64 
test6(char * array,char * endptr)65 void test6(char *array, char *endptr) {
66   // Overflow if no digits are found.
67   array[0] = ' ';
68   array[1] = array[2] = 'z';
69   long long r = strtoll(array, &endptr, 0);
70   assert(array == endptr);
71   assert(r == 0);
72 }
73 
test7(char * array,char * endptr)74 void test7(char *array, char *endptr) {
75   // Overflow if no digits are found.
76   array[2] = 'z';
77   long long r = strtoll(array + 2, NULL, 0);
78   assert(r == 0);
79 }
80 
main(int argc,char ** argv)81 int main(int argc, char **argv) {
82   char *array = (char*)malloc(3);
83   char *endptr = NULL;
84   array[0] = '1';
85   array[1] = '2';
86   array[2] = '3';
87   if (argc != 2) return 1;
88   if (!strcmp(argv[1], "test1")) test1(array, endptr);
89   // CHECK1: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
90   // CHECK1: READ of size 4
91   if (!strcmp(argv[1], "test2")) test2(array, endptr);
92   // CHECK2: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
93   // CHECK2: READ of size 4
94   if (!strcmp(argv[1], "test3")) test3(array, endptr);
95   // CHECK3: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
96   // CHECK3: READ of size 5
97   if (!strcmp(argv[1], "test4")) test4(array, endptr);
98   // CHECK4: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
99   // CHECK4: READ of size 1
100   if (!strcmp(argv[1], "test5")) test5(array, endptr);
101   // CHECK5: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
102   // CHECK5: READ of size 4
103   if (!strcmp(argv[1], "test6")) test6(array, endptr);
104   // CHECK6: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
105   // CHECK6: READ of size 4
106   if (!strcmp(argv[1], "test7")) test7(array, endptr);
107   // CHECK7: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
108   // CHECK7: READ of size 2
109   free(array);
110   return 0;
111 }
112