diff --git a/compiler-rt/test/asan/TestCases/Windows/dll_malloc_left_oob.cc b/compiler-rt/test/asan/TestCases/Windows/dll_malloc_left_oob.cc index 75c90c1007f3..b7380484fd0f 100644 --- a/compiler-rt/test/asan/TestCases/Windows/dll_malloc_left_oob.cc +++ b/compiler-rt/test/asan/TestCases/Windows/dll_malloc_left_oob.cc @@ -10,13 +10,13 @@ int test_function() { buffer[-1] = 42; // CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]] // CHECK: WRITE of size 1 at [[ADDR]] thread T0 -// CHECK: test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-3]] -// CHECK: main {{.*}}dll_host.cc +// CHECK: test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-3]] +// CHECK-NEXT: main {{.*}}dll_host.cc // CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region // CHECK-LABEL: allocated by thread T0 here: -// CHECK: malloc -// CHECK: test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-9]] -// CHECK: main {{.*}}dll_host.cc +// CHECK: malloc +// CHECK: test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-9]] +// CHECK-NEXT: main {{.*}}dll_host.cc // CHECK-LABEL: SUMMARY free(buffer); return 0; diff --git a/compiler-rt/test/asan/TestCases/Windows/dll_malloc_uaf.cc b/compiler-rt/test/asan/TestCases/Windows/dll_malloc_uaf.cc index e65cf81afcbd..8cf6a4753c5d 100644 --- a/compiler-rt/test/asan/TestCases/Windows/dll_malloc_uaf.cc +++ b/compiler-rt/test/asan/TestCases/Windows/dll_malloc_uaf.cc @@ -12,16 +12,16 @@ int test_function() { buffer[0] = 42; // CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]] // CHECK: WRITE of size 1 at [[ADDR]] thread T0 -// CHECK: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-3]] -// CHECK: main {{.*}}dll_host +// CHECK: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-3]] +// CHECK-NEXT: main {{.*}}dll_host // CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region // CHECK-LABEL: freed by thread T0 here: -// CHECK: free -// CHECK: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-9]] -// CHECK: main {{.*}}dll_host +// CHECK: free +// CHECK: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-9]] +// CHECK-NEXT: main {{.*}}dll_host // CHECK-LABEL: previously allocated by thread T0 here: -// CHECK: malloc -// CHECK: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-14]] -// CHECK: main {{.*}}dll_host +// CHECK: malloc +// CHECK: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-14]] +// CHECK-NEXT: main {{.*}}dll_host return 0; } diff --git a/compiler-rt/test/asan/TestCases/Windows/dll_noreturn.cc b/compiler-rt/test/asan/TestCases/Windows/dll_noreturn.cc new file mode 100644 index 000000000000..f3f5e322811c --- /dev/null +++ b/compiler-rt/test/asan/TestCases/Windows/dll_noreturn.cc @@ -0,0 +1,28 @@ +// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t +// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll +// FIXME: 'cat' is needed due to PR19744. +// RUN: not %run %t %t.dll 2>&1 | cat | FileCheck %s + +#include + +void noreturn_f() { + int subscript = -1; + char buffer[42]; + buffer[subscript] = 42; + _exit(1); +// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]] +// CHECK: WRITE of size 1 at [[ADDR]] thread T0 +// CHECK: noreturn_f {{.*}}dll_noreturn.cc:[[@LINE-4]] +// CHECK-NEXT: test_function {{.*}}dll_noreturn.cc +// CHECK-NEXT: main {{.*}}dll_host.cc +// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame +// CHECK-NEXT: noreturn_f {{.*}}dll_noreturn.cc +// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] underflows this variable +// CHECK-LABEL: SUMMARY +} + +extern "C" __declspec(dllexport) +int test_function() { + noreturn_f(); + return 0; +} diff --git a/compiler-rt/test/asan/TestCases/Windows/dll_poison_unpoison.cc b/compiler-rt/test/asan/TestCases/Windows/dll_poison_unpoison.cc new file mode 100644 index 000000000000..ff3f5a309a33 --- /dev/null +++ b/compiler-rt/test/asan/TestCases/Windows/dll_poison_unpoison.cc @@ -0,0 +1,35 @@ +// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t +// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll +// FIXME: 'cat' is needed due to PR19744. +// RUN: not %run %t %t.dll 2>&1 | cat | FileCheck %s + +#include + +void should_not_crash(volatile char *c) { + *c = 42; +} + +void should_crash(volatile char *c) { + *c = 42; +} + +extern "C" __declspec(dllexport) +int test_function() { + char buffer[256]; + should_not_crash(&buffer[0]); + __asan_poison_memory_region(buffer, 128); + should_not_crash(&buffer[192]); + __asan_unpoison_memory_region(buffer, 64); + should_not_crash(&buffer[32]); + + should_crash(&buffer[96]); +// CHECK: AddressSanitizer: use-after-poison on address [[ADDR:0x[0-9a-f]+]] +// CHECK-NEXT: WRITE of size 1 at [[ADDR]] thread T0 +// CHECK: should_crash {{.*}}\dll_poison_unpoison.cc +// CHECK-NEXT: test_function {{.*}}\dll_poison_unpoison.cc:[[@LINE-4]] +// CHECK-NEXT: main +// CHECK: [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame +// CHECK-NEXT: test_function {{.*}}\dll_poison_unpoison.cc +// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] is inside this variable + return 0; +} diff --git a/compiler-rt/test/asan/TestCases/Windows/dll_stack_use_after_return.cc b/compiler-rt/test/asan/TestCases/Windows/dll_stack_use_after_return.cc new file mode 100644 index 000000000000..9583bc2fe758 --- /dev/null +++ b/compiler-rt/test/asan/TestCases/Windows/dll_stack_use_after_return.cc @@ -0,0 +1,28 @@ +// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t +// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll +// FIXME: 'cat' is needed due to PR19744. +// RUN: ASAN_OPTIONS=detect_stack_use_after_return=1 not %run %t %t.dll 2>&1 | cat | FileCheck %s + +#include + +char *x; + +void foo() { + char stack_buffer[42]; + x = &stack_buffer[13]; +} + +extern "C" __declspec(dllexport) +int test_function() { + foo(); + *x = 42; +// CHECK: AddressSanitizer: stack-use-after-return +// CHECK: WRITE of size 1 at [[ADDR:.*]] thread T0 +// CHECK: test_function {{.*}}dll_stack_use_after_return.cc:[[@LINE-3]] +// CHECK-NEXT: main +// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame +// CHECK-NEXT: #0 {{.*}} foo {{.*}}dll_stack_use_after_return.cc +// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] is inside this variable + return 0; +} + diff --git a/compiler-rt/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc b/compiler-rt/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc new file mode 100644 index 000000000000..eb36df7e32db --- /dev/null +++ b/compiler-rt/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc @@ -0,0 +1,35 @@ +// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t +// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll +// FIXME: 'cat' is needed due to PR19744. +// RUN: not %run %t %t.dll 2>&1 | cat | FileCheck %s + +#include +#include + +DWORD WINAPI thread_proc(void *context) { + int subscript = -1; + char stack_buffer[42]; + stack_buffer[subscript] = 42; +// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]] +// CHECK: WRITE of size 1 at [[ADDR]] thread T1 +// CHECK: thread_proc {{.*}}dll_thread_stack_array_left_oob.cc:[[@LINE-3]] +// CHECK: Address [[ADDR]] is located in stack of thread T1 at offset [[OFFSET:.*]] in frame +// CHECK: thread_proc {{.*}}dll_thread_stack_array_left_oob.cc +// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] underflows this variable + + return 0; +} + +extern "C" __declspec(dllexport) +int test_function() { + HANDLE thr = CreateThread(NULL, 0, thread_proc, NULL, 0, NULL); +// CHECK-LABEL: Thread T1 created by T0 here: +// CHECK: test_function {{.*}}dll_thread_stack_array_left_oob.cc:[[@LINE-2]] +// CHECK-NEXT: main {{.*}}dll_host.cc +// CHECK-LABEL: SUMMARY + if (thr == 0) + return 1; + if (WAIT_OBJECT_0 != WaitForSingleObject(thr, INFINITE)) + return 2; + return 0; +}