[compiler-rt] [HWASAN] Add test to detected use after free in memcmp (PR #67204)

Kirill Stoimenov via llvm-commits llvm-commits at lists.llvm.org
Fri Sep 22 17:11:05 PDT 2023 

https://github.com/kstoimenov updated https://github.com/llvm/llvm-project/pull/67204

>From 3483b52cfaec660a0acc577679d0f4ce3e7e7eef Mon Sep 17 00:00:00 2001
From: Kirill Stoimenov <kstoimenov at google.com>
Date: Fri, 22 Sep 2023 22:57:55 +0000
Subject: [PATCH 1/3] [HWASAN] Add test to detected use after free in memcmp

---
 .../test/sanitizer_common/TestCases/memcmp.cpp    | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp

diff --git a/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp b/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp
new file mode 100644
index 000000000000000..23fe8e2cfe0d620
--- /dev/null
+++ b/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp
@@ -0,0 +1,15 @@
+// RUN: %clangxx -O0 %s -o %t && %run %t
+// XFAIL: *
+// UNSUPPORTED: lsan, ubsan
+// FIXME: HWASAN should work when we have intercepptors.
+// UNSUPPORTED: hwasan
+
+#include <cstring>
+#include <cstdio>
+
+int main(int argc, char** argv) {
+  int *x = new int(7);
+  delete x;
+  // Trigger use after free error.
+  return memcmp(x, &argc, sizeof(int)) == 0 ? 1 : 0;
+}
\ No newline at end of file

>From 05db158c4f765b2e85516461fc8bf50b31c3caea Mon Sep 17 00:00:00 2001
From: Kirill Stoimenov <kstoimenov at google.com>
Date: Sat, 23 Sep 2023 00:07:05 +0000
Subject: [PATCH 2/3] Addressed review comments.

---
 compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp b/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp
index 23fe8e2cfe0d620..df408b6c3c33eec 100644
--- a/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp
+++ b/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp
@@ -4,12 +4,11 @@
 // FIXME: HWASAN should work when we have intercepptors.
 // UNSUPPORTED: hwasan
 
-#include <cstring>
-#include <cstdio>
+#include <string.h>
 
 int main(int argc, char** argv) {
   int *x = new int(7);
   delete x;
   // Trigger use after free error.
   return memcmp(x, &argc, sizeof(int)) == 0 ? 1 : 0;
-}
\ No newline at end of file
+}

>From b24c9b8a46e891b6038e58c453924071fc6bec8e Mon Sep 17 00:00:00 2001
From: Kirill Stoimenov <kstoimenov at google.com>
Date: Sat, 23 Sep 2023 00:10:43 +0000
Subject: [PATCH 3/3] Addressed comments.

---
 .../test/hwasan/TestCases/memcmp_test.cpp     | 20 +++++++++++++++++++
 .../sanitizer_common/TestCases/memcmp.cpp     | 14 -------------
 2 files changed, 20 insertions(+), 14 deletions(-)
 create mode 100644 compiler-rt/test/hwasan/TestCases/memcmp_test.cpp
 delete mode 100644 compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp

diff --git a/compiler-rt/test/hwasan/TestCases/memcmp_test.cpp b/compiler-rt/test/hwasan/TestCases/memcmp_test.cpp
new file mode 100644
index 000000000000000..610f74d8e5b2936
--- /dev/null
+++ b/compiler-rt/test/hwasan/TestCases/memcmp_test.cpp
@@ -0,0 +1,20 @@
+// RUN: %clangxx_hwasan -O0 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -O1 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -O2 %s -o %t && not %run %t 2>&1 | FileCheck %s
+// RUN: %clangxx_hwasan -O3 %s -o %t && not %run %t 2>&1 | FileCheck %s
+
+// REQUIRES: compiler-rt-optimized
+
+// FIXME: we need to implement memcmp intercepptor to make this work.
+// UNSUPPORTED: hwasan
+
+#include <string.h>
+int main(int argc, char **argv) {
+  char a1[] = {static_cast<char>(argc), 2, 3, 4};
+  char a2[] = {1, static_cast<char>(2*argc), 3, 4};
+  int res = memcmp(a1, a2, 4 + argc);  // BOOM
+  // CHECK: AddressSanitizer: stack-buffer-overflow
+  // CHECK: {{#[0-9]+ .*memcmp}}
+  // CHECK: {{#[0-9]+ .*main}}
+  return res;
+}
diff --git a/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp b/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp
deleted file mode 100644
index df408b6c3c33eec..000000000000000
--- a/compiler-rt/test/sanitizer_common/TestCases/memcmp.cpp
+++ /dev/null
@@ -1,14 +0,0 @@
-// RUN: %clangxx -O0 %s -o %t && %run %t
-// XFAIL: *
-// UNSUPPORTED: lsan, ubsan
-// FIXME: HWASAN should work when we have intercepptors.
-// UNSUPPORTED: hwasan
-
-#include <string.h>
-
-int main(int argc, char** argv) {
-  int *x = new int(7);
-  delete x;
-  // Trigger use after free error.
-  return memcmp(x, &argc, sizeof(int)) == 0 ? 1 : 0;
-}

More information about the llvm-commits mailing list