diff options
Diffstat (limited to 'test/scudo/overflow.c')
-rw-r--r-- | test/scudo/overflow.c | 39 |
1 files changed, 39 insertions, 0 deletions
diff --git a/test/scudo/overflow.c b/test/scudo/overflow.c new file mode 100644 index 000000000..c5a58f87f --- /dev/null +++ b/test/scudo/overflow.c @@ -0,0 +1,39 @@ +// RUN: %clang_scudo %s -o %t +// RUN: not %run %t malloc 2>&1 | FileCheck %s +// RUN: %env_scudo_opts=QuarantineSizeKb=64 not %run %t quarantine 2>&1 | FileCheck %s + +// Tests that header corruption of an allocated or quarantined chunk is caught. + +#include <assert.h> +#include <stdlib.h> +#include <string.h> + +int main(int argc, char **argv) +{ + ssize_t offset = sizeof(void *) == 8 ? 8 : 0; + + assert(argc == 2); + + if (!strcmp(argv[1], "malloc")) { + // Simulate a header corruption of an allocated chunk (1-bit) + void *p = malloc(1U << 4); + assert(p); + ((char *)p)[-(offset + 1)] ^= 1; + free(p); + } + if (!strcmp(argv[1], "quarantine")) { + void *p = malloc(1U << 4); + assert(p); + free(p); + // Simulate a header corruption of a quarantined chunk + ((char *)p)[-(offset + 2)] ^= 1; + // Trigger the quarantine recycle + for (int i = 0; i < 0x100; i++) { + p = malloc(1U << 8); + free(p); + } + } + return 0; +} + +// CHECK: ERROR: corrupted chunk header at address |