
<div dir="ltr">This breaks a very simple test. <div>Please revert or fix ASAP. <div><br><div><div>#include <string.h></div><div>char x[1] = {'x'};</div><div>char *ptr;</div><div>int main() {</div><div>  ptr = strndup(x, 1);</div><div>}</div></div><div><br></div><div><div>clang -fsanitize=address -g   strndup_test.cc && ./a.out </div><div>=================================================================</div><div>==14657==ERROR: AddressSanitizer: global-buffer-overflow on address 0x000000713ba1 at pc 0x00000042c616 bp 0x7ffeb4cadff0 sp 0x7ffeb4cad790</div><div>READ of size 2 at 0x000000713ba1 thread T0</div><div>    #0 0x42c615 in strndup</div><div>    #1 0x4e4419 in main strndup_test.cc:5:9</div></div><div><br></div><div><br></div></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Thu, May 11, 2017 at 1:53 AM, Pierre Gousseau via llvm-commits <span dir="ltr"><<a href="mailto:llvm-commits@lists.llvm.org" target="_blank">llvm-commits@lists.llvm.org</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">Author: pgousseau<br>

Date: Thu May 11 03:53:24 2017<br>

New Revision: 302781<br>

<br>

URL: <a href="http://llvm.org/viewvc/llvm-project?rev=302781&view=rev" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project?rev=302781&view=rev</a><br>

Log:<br>

[asan] Recommit of r301904: Add strndup/__strndup interceptors<br>

<br>

Fix undeclared __interceptor_malloc in esan_interceptors.cc<br>

Fix undeclared strnlen on OSX<br>

<br>

Differential Revision: <a href="https://reviews.llvm.org/D31457" rel="noreferrer" target="_blank">https://reviews.llvm.org/<wbr>D31457</a><br>

<br>

Added:<br>

    compiler-rt/trunk/test/asan/<wbr>TestCases/Posix/strndup_oob_<wbr>test.cc<br>

    compiler-rt/trunk/test/msan/<wbr>strndup.cc<br>

Modified:<br>

    compiler-rt/trunk/lib/asan/<wbr>asan_flags.cc<br>

    compiler-rt/trunk/lib/asan/<wbr>tests/asan_str_test.cc<br>

    compiler-rt/trunk/lib/esan/<wbr>esan_interceptors.cpp<br>

    compiler-rt/trunk/lib/msan/<wbr>msan_interceptors.cc<br>

    compiler-rt/trunk/lib/msan/<wbr>tests/msan_test.cc<br>

    compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>common_interceptors.inc<br>

    compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>flags.inc<br>

    compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>platform_interceptors.h<br>

    compiler-rt/trunk/lib/<wbr>sanitizer_common/tests/<wbr>sanitizer_test_utils.h<br>

<br>

Modified: compiler-rt/trunk/lib/asan/<wbr>asan_flags.cc<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/asan_flags.cc?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>asan/asan_flags.cc?rev=302781&<wbr>r1=302780&r2=302781&view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/asan/<wbr>asan_flags.cc (original)<br>

+++ compiler-rt/trunk/lib/asan/<wbr>asan_flags.cc Thu May 11 03:53:24 2017<br>

@@ -194,6 +194,10 @@ void InitializeFlags() {<br>

     Report("WARNING: strchr* interceptors are enabled even though "<br>

            "replace_str=0. Use intercept_strchr=0 to disable them.");<br>

   }<br>

+  if (!f->replace_str && common_flags()->intercept_<wbr>strndup) {<br>

+    Report("WARNING: strndup* interceptors are enabled even though "<br>

+           "replace_str=0. Use intercept_strndup=0 to disable them.");<br>

+  }<br>

 }<br>

<br>

 }  // namespace __asan<br>

<br>

Modified: compiler-rt/trunk/lib/asan/<wbr>tests/asan_str_test.cc<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/asan/tests/asan_str_test.cc?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>asan/tests/asan_str_test.cc?<wbr>rev=302781&r1=302780&r2=<wbr>302781&view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/asan/<wbr>tests/asan_str_test.cc (original)<br>

+++ compiler-rt/trunk/lib/asan/<wbr>tests/asan_str_test.cc Thu May 11 03:53:24 2017<br>

@@ -154,6 +154,27 @@ TEST(AddressSanitizer, MAYBE_StrDupOOBTe<br>

   free(str);<br>

 }<br>

<br>

+#if SANITIZER_TEST_HAS_STRNDUP<br>

+TEST(AddressSanitizer, MAYBE_StrNDupOOBTest) {<br>

+  size_t size = Ident(42);<br>

+  char *str = MallocAndMemsetString(size);<br>

+  char *new_str;<br>

+  // Normal strndup calls.<br>

+  str[size - 1] = '\0';<br>

+  new_str = strndup(str, size - 13);<br>

+  free(new_str);<br>

+  new_str = strndup(str + size - 1, 13);<br>

+  free(new_str);<br>

+  // Argument points to not allocated memory.<br>

+  EXPECT_DEATH(Ident(strndup(str - 1, 13)), LeftOOBReadMessage(1));<br>

+  EXPECT_DEATH(Ident(strndup(str + size, 13)), RightOOBReadMessage(0));<br>

+  // Overwrite the terminating '\0' and hit unallocated memory.<br>

+  str[size - 1] = 'z';<br>

+  EXPECT_DEATH(Ident(strndup(<wbr>str, size + 13)), RightOOBReadMessage(0));<br>

+  free(str);<br>

+}<br>

+#endif // SANITIZER_TEST_HAS_STRNDUP<br>

+<br>

 TEST(AddressSanitizer, StrCpyOOBTest) {<br>

   size_t to_size = Ident(30);<br>

   size_t from_size = Ident(6);  // less than to_size<br>

<br>

Modified: compiler-rt/trunk/lib/esan/<wbr>esan_interceptors.cpp<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/esan/esan_interceptors.cpp?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>esan/esan_interceptors.cpp?<wbr>rev=302781&r1=302780&r2=<wbr>302781&view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/esan/<wbr>esan_interceptors.cpp (original)<br>

+++ compiler-rt/trunk/lib/esan/<wbr>esan_interceptors.cpp Thu May 11 03:53:24 2017<br>

@@ -31,6 +31,8 @@ using namespace __esan; // NOLINT<br>

 // Get the per-platform defines for what is possible to intercept<br>

 #include "sanitizer_common/sanitizer_<wbr>platform_interceptors.h"<br>

<br>

+DECLARE_REAL_AND_INTERCEPTOR(<wbr>void *, malloc, uptr)<br>

+<br>

 // TODO(bruening): tsan disables several interceptors (getpwent, etc.) claiming<br>

 // that interception is a perf hit: should we do the same?<br>

<br>

<br>

Modified: compiler-rt/trunk/lib/msan/<wbr>msan_interceptors.cc<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/msan_interceptors.cc?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>msan/msan_interceptors.cc?rev=<wbr>302781&r1=302780&r2=302781&<wbr>view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/msan/<wbr>msan_interceptors.cc (original)<br>

+++ compiler-rt/trunk/lib/msan/<wbr>msan_interceptors.cc Thu May 11 03:53:24 2017<br>

@@ -341,33 +341,6 @@ INTERCEPTOR(char *, __strdup, char *src)<br>

 #define MSAN_MAYBE_INTERCEPT___STRDUP<br>

 #endif<br>

<br>

-INTERCEPTOR(char *, strndup, char *src, SIZE_T n) {<br>

-  ENSURE_MSAN_INITED();<br>

-  GET_STORE_STACK_TRACE;<br>

-  // On FreeBSD strndup() leverages strnlen().<br>

-  InterceptorScope interceptor_scope;<br>

-  SIZE_T copy_size = REAL(strnlen)(src, n);<br>

-  char *res = REAL(strndup)(src, n);<br>

-  CopyShadowAndOrigin(res, src, copy_size, &stack);<br>

-  __msan_unpoison(res + copy_size, 1); // \0<br>

-  return res;<br>

-}<br>

-<br>

-#if !SANITIZER_FREEBSD<br>

-INTERCEPTOR(char *, __strndup, char *src, SIZE_T n) {<br>

-  ENSURE_MSAN_INITED();<br>

-  GET_STORE_STACK_TRACE;<br>

-  SIZE_T copy_size = REAL(strnlen)(src, n);<br>

-  char *res = REAL(__strndup)(src, n);<br>

-  CopyShadowAndOrigin(res, src, copy_size, &stack);<br>

-  __msan_unpoison(res + copy_size, 1); // \0<br>

-  return res;<br>

-}<br>

-#define MSAN_MAYBE_INTERCEPT___STRNDUP INTERCEPT_FUNCTION(__strndup)<br>

-#else<br>

-#define MSAN_MAYBE_INTERCEPT___STRNDUP<br>

-#endif<br>

-<br>

 INTERCEPTOR(char *, gcvt, double number, SIZE_T ndigit, char *buf) {<br>

   ENSURE_MSAN_INITED();<br>

   char *res = REAL(gcvt)(number, ndigit, buf);<br>

@@ -1371,6 +1344,13 @@ int OnExit() {<br>

     return __msan_memcpy(to, from, size);                   \<br>

   }<br>

<br>

+#define COMMON_INTERCEPTOR_COPY_<wbr>STRING(ctx, to, from, size)                    \<br>

+  do {                                                                         \<br>

+    GET_STORE_STACK_TRACE;                                                     \<br>

+    CopyShadowAndOrigin(to, from, size, &stack);                               \<br>

+    __msan_unpoison(to + size, 1);                                             \<br>

+  } while (false)<br>

+<br>

 #include "sanitizer_common/sanitizer_<wbr>platform_interceptors.h"<br>

 #include "sanitizer_common/sanitizer_<wbr>common_interceptors.inc"<br>

<br>

@@ -1538,8 +1518,6 @@ void InitializeInterceptors() {<br>

   INTERCEPT_FUNCTION(stpcpy);  // NOLINT<br>

   INTERCEPT_FUNCTION(strdup);<br>

   MSAN_MAYBE_INTERCEPT___STRDUP;<br>

-  INTERCEPT_FUNCTION(strndup);<br>

-  MSAN_MAYBE_INTERCEPT___<wbr>STRNDUP;<br>

   INTERCEPT_FUNCTION(strncpy);  // NOLINT<br>

   INTERCEPT_FUNCTION(gcvt);<br>

   INTERCEPT_FUNCTION(strcat);  // NOLINT<br>

<br>

Modified: compiler-rt/trunk/lib/msan/<wbr>tests/msan_test.cc<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/msan/tests/msan_test.cc?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>msan/tests/msan_test.cc?rev=<wbr>302781&r1=302780&r2=302781&<wbr>view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/msan/<wbr>tests/msan_test.cc (original)<br>

+++ compiler-rt/trunk/lib/msan/<wbr>tests/msan_test.cc Thu May 11 03:53:24 2017<br>

@@ -1581,7 +1581,8 @@ TEST(MemorySanitizer, strdup) {<br>

 TEST(MemorySanitizer, strndup) {<br>

   char buf[4] = "abc";<br>

   __msan_poison(buf + 2, sizeof(*buf));<br>

-  char *x = strndup(buf, 3);<br>

+  char *x;<br>

+  EXPECT_UMR(x = strndup(buf, 3));<br>

   EXPECT_NOT_POISONED(x[0]);<br>

   EXPECT_NOT_POISONED(x[1]);<br>

   EXPECT_POISONED(x[2]);<br>

@@ -1593,7 +1594,8 @@ TEST(MemorySanitizer, strndup_short) {<br>

   char buf[4] = "abc";<br>

   __msan_poison(buf + 1, sizeof(*buf));<br>

   __msan_poison(buf + 2, sizeof(*buf));<br>

-  char *x = strndup(buf, 2);<br>

+  char *x;<br>

+  EXPECT_UMR(x = strndup(buf, 2));<br>

   EXPECT_NOT_POISONED(x[0]);<br>

   EXPECT_POISONED(x[1]);<br>

   EXPECT_NOT_POISONED(x[2]);<br>

<br>

Modified: compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>common_interceptors.inc<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>common_interceptors.inc?rev=<wbr>302781&r1=302780&r2=302781&<wbr>view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>common_interceptors.inc (original)<br>

+++ compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>common_interceptors.inc Thu May 11 03:53:24 2017<br>

@@ -34,6 +34,8 @@<br>

 //   COMMON_INTERCEPTOR_MEMSET_IMPL<br>

 //   COMMON_INTERCEPTOR_MEMMOVE_<wbr>IMPL<br>

 //   COMMON_INTERCEPTOR_MEMCPY_IMPL<br>

+//   COMMON_INTERCEPTOR_COPY_STRING<br>

+//   COMMON_INTERCEPTOR_STRNDUP_<wbr>IMPL<br>

 //===-------------------------<wbr>------------------------------<wbr>---------------===//<br>

<br>

 #include "interception/interception.h"<br>

@@ -217,6 +219,25 @@ bool PlatformHasDifferentMemcpyAndM<wbr>emmov<br>

   }<br>

 #endif<br>

<br>

+#ifndef COMMON_INTERCEPTOR_COPY_STRING<br>

+#define COMMON_INTERCEPTOR_COPY_<wbr>STRING(ctx, to, from, size) {}<br>

+#endif<br>

+<br>

+#ifndef COMMON_INTERCEPTOR_STRNDUP_<wbr>IMPL<br>

+#define COMMON_INTERCEPTOR_STRNDUP_<wbr>IMPL(ctx, s, size)                          \<br>

+  COMMON_INTERCEPTOR_ENTER(ctx, strndup, s, size);                             \<br>

+  uptr from_length = internal_strnlen(s, size);                                \<br>

+  uptr copy_length = Min(size, from_length);                                   \<br>

+  char *new_mem = (char *)WRAP(malloc)(copy_length + 1);                       \<br>

+  if (common_flags()->intercept_<wbr>strndup) {                                     \<br>

+    COMMON_INTERCEPTOR_READ_RANGE(<wbr>ctx, s, copy_length + 1);                    \<br>

+  }                                                                            \<br>

+  COMMON_INTERCEPTOR_COPY_<wbr>STRING(ctx, new_mem, s, copy_length);                \<br>

+  internal_memcpy(new_mem, s, copy_length);                                    \<br>

+  new_mem[copy_length] = '\0';                                                 \<br>

+  return new_mem;<br>

+#endif<br>

+<br>

 struct FileMetadata {<br>

   // For open_memstream().<br>

   char **addr;<br>

@@ -300,6 +321,26 @@ INTERCEPTOR(SIZE_T, strnlen, const char<br>

 #define INIT_STRNLEN<br>

 #endif<br>

<br>

+#if SANITIZER_INTERCEPT_STRNDUP<br>

+INTERCEPTOR(char*, strndup, const char *s, uptr size) {<br>

+  void *ctx;<br>

+  COMMON_INTERCEPTOR_STRNDUP_<wbr>IMPL(ctx, s, size);<br>

+}<br>

+#define INIT_STRNDUP COMMON_INTERCEPT_FUNCTION(<wbr>strndup)<br>

+#else<br>

+#define INIT_STRNDUP<br>

+#endif // SANITIZER_INTERCEPT_STRNDUP<br>

+<br>

+#if SANITIZER_INTERCEPT___STRNDUP<br>

+INTERCEPTOR(char*, __strndup, const char *s, uptr size) {<br>

+  void *ctx;<br>

+  COMMON_INTERCEPTOR_STRNDUP_<wbr>IMPL(ctx, s, size);<br>

+}<br>

+#define INIT___STRNDUP COMMON_INTERCEPT_FUNCTION(__<wbr>strndup)<br>

+#else<br>

+#define INIT___STRNDUP<br>

+#endif // SANITIZER_INTERCEPT___STRNDUP<br>

+<br>

 #if SANITIZER_INTERCEPT_TEXTDOMAIN<br>

 INTERCEPTOR(char*, textdomain, const char *domainname) {<br>

   void *ctx;<br>

@@ -6163,6 +6204,8 @@ static void InitializeCommonInterceptors<br>

   INIT_TEXTDOMAIN;<br>

   INIT_STRLEN;<br>

   INIT_STRNLEN;<br>

+  INIT_STRNDUP;<br>

+  INIT___STRNDUP;<br>

   INIT_STRCMP;<br>

   INIT_STRNCMP;<br>

   INIT_STRCASECMP;<br>

<br>

Modified: compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>flags.inc<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_flags.inc?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>flags.inc?rev=302781&r1=<wbr>302780&r2=302781&view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>flags.inc (original)<br>

+++ compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>flags.inc Thu May 11 03:53:24 2017<br>

@@ -195,6 +195,9 @@ COMMON_FLAG(bool, intercept_strpbrk, tru<br>

 COMMON_FLAG(bool, intercept_strlen, true,<br>

             "If set, uses custom wrappers for strlen and strnlen functions "<br>

             "to find more errors.")<br>

+COMMON_FLAG(bool, intercept_strndup, true,<br>

+            "If set, uses custom wrappers for strndup functions "<br>

+            "to find more errors.")<br>

 COMMON_FLAG(bool, intercept_strchr, true,<br>

             "If set, uses custom wrappers for strchr, strchrnul, and strrchr "<br>

             "functions to find more errors.")<br>

<br>

Modified: compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>platform_interceptors.h<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>platform_interceptors.h?rev=<wbr>302781&r1=302780&r2=302781&<wbr>view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>platform_interceptors.h (original)<br>

+++ compiler-rt/trunk/lib/<wbr>sanitizer_common/sanitizer_<wbr>platform_interceptors.h Thu May 11 03:53:24 2017<br>

@@ -25,6 +25,12 @@<br>

 # define SI_NOT_WINDOWS 0<br>

 #endif<br>

<br>

+#if SANITIZER_POSIX<br>

+# define SI_POSIX 1<br>

+#else<br>

+# define SI_POSIX 0<br>

+#endif<br>

+<br>

 #if SANITIZER_LINUX && !SANITIZER_ANDROID<br>

 # define SI_LINUX_NOT_ANDROID 1<br>

 #else<br>

@@ -69,6 +75,12 @@<br>

 # define SI_UNIX_NOT_MAC 0<br>

 #endif<br>

<br>

+#if SANITIZER_LINUX && !SANITIZER_FREEBSD<br>

+# define SI_LINUX_NOT_FREEBSD 1<br>

+# else<br>

+# define SI_LINUX_NOT_FREEBSD 0<br>

+#endif<br>

+<br>

 #define SANITIZER_INTERCEPT_STRLEN 1<br>

 #define SANITIZER_INTERCEPT_STRNLEN SI_NOT_MAC<br>

 #define SANITIZER_INTERCEPT_STRCMP 1<br>

@@ -86,6 +98,8 @@<br>

 #define SANITIZER_INTERCEPT_MEMMOVE 1<br>

 #define SANITIZER_INTERCEPT_MEMCPY 1<br>

 #define SANITIZER_INTERCEPT_MEMCMP 1<br>

+#define SANITIZER_INTERCEPT_STRNDUP SI_POSIX<br>

+#define SANITIZER_INTERCEPT___STRNDUP SI_LINUX_NOT_FREEBSD<br>

 #if defined(__ENVIRONMENT_MAC_OS_<wbr>X_VERSION_MIN_REQUIRED__) && \<br>

     __ENVIRONMENT_MAC_OS_X_<wbr>VERSION_MIN_REQUIRED__ < 1070<br>

 # define SI_MAC_DEPLOYMENT_BELOW_10_7 1<br>

<br>

Modified: compiler-rt/trunk/lib/<wbr>sanitizer_common/tests/<wbr>sanitizer_test_utils.h<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/lib/sanitizer_common/tests/sanitizer_test_utils.h?rev=302781&r1=302780&r2=302781&view=diff" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/lib/<wbr>sanitizer_common/tests/<wbr>sanitizer_test_utils.h?rev=<wbr>302781&r1=302780&r2=302781&<wbr>view=diff</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/lib/<wbr>sanitizer_common/tests/<wbr>sanitizer_test_utils.h (original)<br>

+++ compiler-rt/trunk/lib/<wbr>sanitizer_common/tests/<wbr>sanitizer_test_utils.h Thu May 11 03:53:24 2017<br>

@@ -124,4 +124,10 @@ static inline uint32_t my_rand() {<br>

 # define SANITIZER_TEST_HAS_PRINTF_L 0<br>

 #endif<br>

<br>

+#if !defined(_MSC_VER)<br>

+# define SANITIZER_TEST_HAS_STRNDUP 1<br>

+#else<br>

+# define SANITIZER_TEST_HAS_STRNDUP 0<br>

+#endif<br>

+<br>

 #endif  // SANITIZER_TEST_UTILS_H<br>

<br>

Added: compiler-rt/trunk/test/asan/<wbr>TestCases/Posix/strndup_oob_<wbr>test.cc<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/asan/TestCases/Posix/strndup_oob_test.cc?rev=302781&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/<wbr>test/asan/TestCases/Posix/<wbr>strndup_oob_test.cc?rev=<wbr>302781&view=auto</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/test/asan/<wbr>TestCases/Posix/strndup_oob_<wbr>test.cc (added)<br>

+++ compiler-rt/trunk/test/asan/<wbr>TestCases/Posix/strndup_oob_<wbr>test.cc Thu May 11 03:53:24 2017<br>

@@ -0,0 +1,26 @@<br>

+// RUN: %clangxx_asan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s<br>

+// RUN: %clangxx_asan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s<br>

+// RUN: %clangxx_asan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s<br>

+// RUN: %clangxx_asan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s<br>

+<br>

+// When built as C on Linux, strndup is transformed to __strndup.<br>

+// RUN: %clangxx_asan -O3 -xc %s -o %t && not %run %t 2>&1 | FileCheck %s<br>

+<br>

+// UNSUPPORTED: win32<br>

+<br>

+#include <string.h><br>

+<br>

+char kString[] = "foo";<br>

+<br>

+int main(int argc, char **argv) {<br>

+  char *copy = strndup(kString, 2);<br>

+  int x = copy[2 + argc];  // BOOM<br>

+  // CHECK: AddressSanitizer: heap-buffer-overflow<br>

+  // CHECK: #0 {{.*}}main {{.*}}strndup_oob_test.cc:[[@<wbr>LINE-2]]<br>

+  // CHECK-LABEL: allocated by thread T{{.*}} here:<br>

+  // CHECK: #{{[01]}} {{.*}}strndup<br>

+  // CHECK: #{{.*}}main {{.*}}strndup_oob_test.cc:[[@<wbr>LINE-6]]<br>

+  // CHECK-LABEL: SUMMARY<br>

+  // CHECK: strndup_oob_test.cc:[[@LINE-7]<wbr>]<br>

+  return x;<br>

+}<br>

<br>

Added: compiler-rt/trunk/test/msan/<wbr>strndup.cc<br>

URL: <a href="http://llvm.org/viewvc/llvm-project/compiler-rt/trunk/test/msan/strndup.cc?rev=302781&view=auto" rel="noreferrer" target="_blank">http://llvm.org/viewvc/llvm-<wbr>project/compiler-rt/trunk/<wbr>test/msan/strndup.cc?rev=<wbr>302781&view=auto</a><br>

==============================<wbr>==============================<wbr>==================<br>

--- compiler-rt/trunk/test/msan/<wbr>strndup.cc (added)<br>

+++ compiler-rt/trunk/test/msan/<wbr>strndup.cc Thu May 11 03:53:24 2017<br>

@@ -0,0 +1,28 @@<br>

+// RUN: %clangxx_msan %s -o %t && not %run %t 2>&1 | FileCheck --check-prefix=ON %s<br>

+// RUN: %clangxx_msan %s -o %t && MSAN_OPTIONS=intercept_<wbr>strndup=0 %run %t 2>&1 | FileCheck --check-prefix=OFF --allow-empty %s<br>

+<br>

+// When built as C on Linux, strndup is transformed to __strndup.<br>

+// RUN: %clangxx_msan -O3 -xc %s -o %t && not %run %t 2>&1 | FileCheck --check-prefix=ON %s<br>

+<br>

+// UNSUPPORTED: win32<br>

+<br>

+#include <assert.h><br>

+#include <stdlib.h><br>

+#include <string.h><br>

+#include <sanitizer/msan_interface.h><br>

+<br>

+int main(int argc, char **argv) {<br>

+  char kString[4] = "abc";<br>

+  __msan_poison(kString + 2, 1);<br>

+  char *copy = strndup(kString, 4); // BOOM<br>

+  assert(__msan_test_shadow(<wbr>copy, 4) == 2); // Poisoning is preserved.<br>

+  free(copy);<br>

+  return 0;<br>

+  // ON: Uninitialized bytes in __interceptor_{{(__)?}}strndup at offset 2 inside [{{.*}}, 4)<br>

+  // ON: MemorySanitizer: use-of-uninitialized-value<br>

+  // ON: #0 {{.*}}main {{.*}}strndup.cc:[[@LINE-6]]<br>

+  // ON-LABEL: SUMMARY<br>

+  // ON: {{.*}}strndup.cc:[[@LINE-8]]<br>

+  // OFF-NOT: MemorySanitizer<br>

+}<br>

+<br>

<br>

<br>

______________________________<wbr>_________________<br>

llvm-commits mailing list<br>

<a href="mailto:llvm-commits@lists.llvm.org">llvm-commits@lists.llvm.org</a><br>

<a href="http://lists.llvm.org/cgi-bin/mailman/listinfo/llvm-commits" rel="noreferrer" target="_blank">http://lists.llvm.org/cgi-bin/<wbr>mailman/listinfo/llvm-commits</a><br>

</blockquote></div><br></div>