forked from OSchip/llvm-project
[asan] Support line numbers in StackVarDescr
When -fsanitize-address-use-after-scope is used, the instrumentation produces line numbers in stack frame descriptions. This patch make sure the ASan runtime supports this format (ParseFrameDescription needs to be able to parse "varname:line") and prepares lit tests to allow line numbers in ASan report output. Differential Revision: https://reviews.llvm.org/D31484 llvm-svn: 299043
This commit is contained in:
parent
51c1365501
commit
8ed2928d2c
|
@ -252,6 +252,9 @@ static void PrintAccessAndVarIntersection(const StackVarDescr &var, uptr addr,
|
||||||
str.append("%c", var.name_pos[i]);
|
str.append("%c", var.name_pos[i]);
|
||||||
}
|
}
|
||||||
str.append("'");
|
str.append("'");
|
||||||
|
if (var.line > 0) {
|
||||||
|
str.append(" (line %d)", var.line);
|
||||||
|
}
|
||||||
if (pos_descr) {
|
if (pos_descr) {
|
||||||
Decorator d;
|
Decorator d;
|
||||||
// FIXME: we may want to also print the size of the access here,
|
// FIXME: we may want to also print the size of the access here,
|
||||||
|
|
|
@ -88,7 +88,8 @@ bool ParseFrameDescription(const char *frame_descr,
|
||||||
char *p;
|
char *p;
|
||||||
// This string is created by the compiler and has the following form:
|
// This string is created by the compiler and has the following form:
|
||||||
// "n alloc_1 alloc_2 ... alloc_n"
|
// "n alloc_1 alloc_2 ... alloc_n"
|
||||||
// where alloc_i looks like "offset size len ObjectName".
|
// where alloc_i looks like "offset size len ObjectName"
|
||||||
|
// or "offset size len ObjectName:line".
|
||||||
uptr n_objects = (uptr)internal_simple_strtoll(frame_descr, &p, 10);
|
uptr n_objects = (uptr)internal_simple_strtoll(frame_descr, &p, 10);
|
||||||
if (n_objects == 0)
|
if (n_objects == 0)
|
||||||
return false;
|
return false;
|
||||||
|
@ -101,7 +102,14 @@ bool ParseFrameDescription(const char *frame_descr,
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
p++;
|
p++;
|
||||||
StackVarDescr var = {beg, size, p, len};
|
char *colon_pos = internal_strchr(p, ':');
|
||||||
|
uptr line = 0;
|
||||||
|
uptr name_len = len;
|
||||||
|
if (colon_pos != nullptr && colon_pos < p + len) {
|
||||||
|
name_len = colon_pos - p;
|
||||||
|
line = (uptr)internal_simple_strtoll(colon_pos + 1, nullptr, 10);
|
||||||
|
}
|
||||||
|
StackVarDescr var = {beg, size, p, name_len, line};
|
||||||
vars->push_back(var);
|
vars->push_back(var);
|
||||||
p += len;
|
p += len;
|
||||||
}
|
}
|
||||||
|
|
|
@ -23,6 +23,7 @@ struct StackVarDescr {
|
||||||
uptr size;
|
uptr size;
|
||||||
const char *name_pos;
|
const char *name_pos;
|
||||||
uptr name_len;
|
uptr name_len;
|
||||||
|
uptr line;
|
||||||
};
|
};
|
||||||
|
|
||||||
// Returns the number of globals close to the provided address and copies
|
// Returns the number of globals close to the provided address and copies
|
||||||
|
|
|
@ -15,10 +15,10 @@ int main(int argc, char **argv) {
|
||||||
// A1: AddressSanitizer: stack-buffer-overflow
|
// A1: AddressSanitizer: stack-buffer-overflow
|
||||||
// A1: {{#0.*memmem}}
|
// A1: {{#0.*memmem}}
|
||||||
// A1-NEXT: {{#1.*main}}
|
// A1-NEXT: {{#1.*main}}
|
||||||
// A1: 'a1' <== Memory access at offset
|
// A1: 'a1'{{.*}} <== Memory access at offset
|
||||||
//
|
//
|
||||||
// A2: AddressSanitizer: stack-buffer-overflow
|
// A2: AddressSanitizer: stack-buffer-overflow
|
||||||
// A2: {{#0.*memmem}}
|
// A2: {{#0.*memmem}}
|
||||||
// A2: 'a2' <== Memory access at offset
|
// A2: 'a2'{{.*}} <== Memory access at offset
|
||||||
return res == NULL;
|
return res == NULL;
|
||||||
}
|
}
|
||||||
|
|
|
@ -53,11 +53,11 @@ void Func2(char *x) {
|
||||||
// CHECK: WRITE of size 1 {{.*}} thread T0
|
// CHECK: WRITE of size 1 {{.*}} thread T0
|
||||||
// CHECK: #0{{.*}}Func2{{.*}}stack-use-after-return.cc:[[@LINE-2]]
|
// CHECK: #0{{.*}}Func2{{.*}}stack-use-after-return.cc:[[@LINE-2]]
|
||||||
// CHECK: is located in stack of thread T0 at offset
|
// CHECK: is located in stack of thread T0 at offset
|
||||||
// CHECK: 'local' <== Memory access at offset {{16|32}} is inside this variable
|
// CHECK: 'local'{{.*}} <== Memory access at offset {{16|32}} is inside this variable
|
||||||
// THREAD: WRITE of size 1 {{.*}} thread T{{[1-9]}}
|
// THREAD: WRITE of size 1 {{.*}} thread T{{[1-9]}}
|
||||||
// THREAD: #0{{.*}}Func2{{.*}}stack-use-after-return.cc:[[@LINE-6]]
|
// THREAD: #0{{.*}}Func2{{.*}}stack-use-after-return.cc:[[@LINE-6]]
|
||||||
// THREAD: is located in stack of thread T{{[1-9]}} at offset
|
// THREAD: is located in stack of thread T{{[1-9]}} at offset
|
||||||
// THREAD: 'local' <== Memory access at offset {{16|32}} is inside this variable
|
// THREAD: 'local'{{.*}} <== Memory access at offset {{16|32}} is inside this variable
|
||||||
// CHECK-20: T0: FakeStack created:{{.*}} stack_size_log: 20
|
// CHECK-20: T0: FakeStack created:{{.*}} stack_size_log: 20
|
||||||
// CHECK-24: T0: FakeStack created:{{.*}} stack_size_log: 24
|
// CHECK-24: T0: FakeStack created:{{.*}} stack_size_log: 24
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,6 @@ int test_function() {
|
||||||
// CHECK-NEXT: test_function {{.*}}dll_intercept_memchr.cc:[[@LINE-5]]
|
// CHECK-NEXT: test_function {{.*}}dll_intercept_memchr.cc:[[@LINE-5]]
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
||||||
// CHECK-NEXT: test_function {{.*}}dll_intercept_memchr.cc
|
// CHECK-NEXT: test_function {{.*}}dll_intercept_memchr.cc
|
||||||
// CHECK: 'buff' <== Memory access at offset {{.*}} overflows this variable
|
// CHECK: 'buff'{{.*}} <== Memory access at offset {{.*}} overflows this variable
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,6 @@ int test_function() {
|
||||||
// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy.cc:[[@LINE-4]]
|
// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy.cc:[[@LINE-4]]
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
||||||
// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy.cc
|
// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy.cc
|
||||||
// CHECK: 'buff2' <== Memory access at offset {{.*}} overflows this variable
|
// CHECK: 'buff2'{{.*}} <== Memory access at offset {{.*}} overflows this variable
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -29,6 +29,6 @@ int test_function() {
|
||||||
// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy_indirect.cc:[[@LINE-5]]
|
// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy_indirect.cc:[[@LINE-5]]
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
||||||
// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy_indirect.cc
|
// CHECK-NEXT: test_function {{.*}}dll_intercept_memcpy_indirect.cc
|
||||||
// CHECK: 'buff2' <== Memory access at offset {{.*}} overflows this variable
|
// CHECK: 'buff2'{{.*}} <== Memory access at offset {{.*}} overflows this variable
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,6 +27,6 @@ int test_function() {
|
||||||
// CHECK-NEXT: test_function {{.*}}dll_intercept_memset.cc:[[@LINE-4]]
|
// CHECK-NEXT: test_function {{.*}}dll_intercept_memset.cc:[[@LINE-4]]
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
||||||
// CHECK-NEXT: test_function {{.*}}dll_intercept_memset.cc
|
// CHECK-NEXT: test_function {{.*}}dll_intercept_memset.cc
|
||||||
// CHECK: 'buff' <== Memory access at offset {{.*}} overflows this variable
|
// CHECK: 'buff'{{.*}} <== Memory access at offset {{.*}} overflows this variable
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -17,7 +17,7 @@ void noreturn_f() {
|
||||||
//
|
//
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
||||||
// CHECK-NEXT: noreturn_f{{.*}}dll_noreturn.cc
|
// CHECK-NEXT: noreturn_f{{.*}}dll_noreturn.cc
|
||||||
// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] underflows this variable
|
// CHECK: 'buffer'{{.*}} <== Memory access at offset [[OFFSET]] underflows this variable
|
||||||
// CHECK-LABEL: SUMMARY
|
// CHECK-LABEL: SUMMARY
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -30,6 +30,6 @@ int test_function() {
|
||||||
//
|
//
|
||||||
// CHECK: [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
// CHECK: [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
||||||
// CHECK-NEXT: test_function{{.*}}\dll_poison_unpoison.cc
|
// CHECK-NEXT: test_function{{.*}}\dll_poison_unpoison.cc
|
||||||
// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] is inside this variable
|
// CHECK: 'buffer'{{.*}} <== Memory access at offset [[OFFSET]] is inside this variable
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,7 +22,7 @@ int test_function() {
|
||||||
//
|
//
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
||||||
// CHECK-NEXT: #0 {{.*}} foo{{.*}}dll_stack_use_after_return.cc
|
// CHECK-NEXT: #0 {{.*}} foo{{.*}}dll_stack_use_after_return.cc
|
||||||
// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] is inside this variable
|
// CHECK: 'stack_buffer'{{.*}} <== Memory access at offset [[OFFSET]] is inside this variable
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -16,7 +16,7 @@ DWORD WINAPI thread_proc(void *context) {
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T1 at offset [[OFFSET:.*]] in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T1 at offset [[OFFSET:.*]] in frame
|
||||||
// CHECK-NEXT: thread_proc{{.*}}dll_thread_stack_array_left_oob.cc
|
// CHECK-NEXT: thread_proc{{.*}}dll_thread_stack_array_left_oob.cc
|
||||||
//
|
//
|
||||||
// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] underflows this variable
|
// CHECK: 'stack_buffer'{{.*}} <== Memory access at offset [[OFFSET]] underflows this variable
|
||||||
|
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -27,5 +27,5 @@ int main() {
|
||||||
// CHECK-NEXT: main {{.*}}intercept_memcpy.cc:[[@LINE-5]]
|
// CHECK-NEXT: main {{.*}}intercept_memcpy.cc:[[@LINE-5]]
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
||||||
// CHECK-NEXT: #0 {{.*}} main
|
// CHECK-NEXT: #0 {{.*}} main
|
||||||
// CHECK: 'buff2' <== Memory access at offset {{.*}} overflows this variable
|
// CHECK: 'buff2'{{.*}} <== Memory access at offset {{.*}} overflows this variable
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,6 @@ int main() {
|
||||||
// CHECK-NEXT: main {{.*}}intercept_strlen.cc:[[@LINE-5]]
|
// CHECK-NEXT: main {{.*}}intercept_strlen.cc:[[@LINE-5]]
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset {{.*}} in frame
|
||||||
// CHECK-NEXT: main {{.*}}intercept_strlen.cc
|
// CHECK-NEXT: main {{.*}}intercept_strlen.cc
|
||||||
// CHECK: 'str' <== Memory access at offset {{.*}} overflows this variable
|
// CHECK: 'str'{{.*}} <== Memory access at offset {{.*}} overflows this variable
|
||||||
return len < 6;
|
return len < 6;
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,5 +12,5 @@ int main() {
|
||||||
// CHECK-NEXT: {{#0 .* main .*stack_array_left_oob.cc}}:[[@LINE-3]]
|
// CHECK-NEXT: {{#0 .* main .*stack_array_left_oob.cc}}:[[@LINE-3]]
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
||||||
// CHECK-NEXT: {{#0 .* main .*stack_array_left_oob.cc}}
|
// CHECK-NEXT: {{#0 .* main .*stack_array_left_oob.cc}}
|
||||||
// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] underflows this variable
|
// CHECK: 'buffer'{{.*}} <== Memory access at offset [[OFFSET]] underflows this variable
|
||||||
}
|
}
|
||||||
|
|
|
@ -12,5 +12,5 @@ int main() {
|
||||||
// CHECK-NEXT: {{#0 .* main .*stack_array_right_oob.cc}}:[[@LINE-3]]
|
// CHECK-NEXT: {{#0 .* main .*stack_array_right_oob.cc}}:[[@LINE-3]]
|
||||||
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
||||||
// CHECK-NEXT: {{#0 .* main .*stack_array_right_oob.cc}}
|
// CHECK-NEXT: {{#0 .* main .*stack_array_right_oob.cc}}
|
||||||
// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] overflows this variable
|
// CHECK: 'buffer'{{.*}} <== Memory access at offset [[OFFSET]] overflows this variable
|
||||||
}
|
}
|
||||||
|
|
|
@ -18,5 +18,5 @@ int main() {
|
||||||
// CHECK: is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
// CHECK: is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
|
||||||
// CHECK-NEXT: {{#0 0x.* in foo.*stack_use_after_return.cc}}
|
// CHECK-NEXT: {{#0 0x.* in foo.*stack_use_after_return.cc}}
|
||||||
//
|
//
|
||||||
// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] is inside this variable
|
// CHECK: 'stack_buffer'{{.*}} <== Memory access at offset [[OFFSET]] is inside this variable
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,7 +20,7 @@ int main(void) {
|
||||||
// CHECK-NEXT: {{#0 0x[0-9a-f]* in main .*wrong_downcast_on_stack.cc}}:[[@LINE-3]]
|
// CHECK-NEXT: {{#0 0x[0-9a-f]* in main .*wrong_downcast_on_stack.cc}}:[[@LINE-3]]
|
||||||
// CHECK: [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:[0-9]+]] in frame
|
// CHECK: [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:[0-9]+]] in frame
|
||||||
// CHECK-NEXT: {{#0 0x[0-9a-f]* in main }}
|
// CHECK-NEXT: {{#0 0x[0-9a-f]* in main }}
|
||||||
// CHECK: 'p' <== Memory access at offset [[OFFSET]] overflows this variable
|
// CHECK: 'p'{{.*}} <== Memory access at offset [[OFFSET]] overflows this variable
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -30,15 +30,15 @@ int main(int argc, char **argv) {
|
||||||
// make sure BBB and CCC are not removed;
|
// make sure BBB and CCC are not removed;
|
||||||
return *(short*)(p) + BBB[argc % 2] + CCC[argc % 2];
|
return *(short*)(p) + BBB[argc % 2] + CCC[argc % 2];
|
||||||
}
|
}
|
||||||
// CHECK-m2: 'AAA' <== {{.*}}underflows this variable
|
// CHECK-m2: 'AAA'{{.*}} <== {{.*}}underflows this variable
|
||||||
// CHECK-m1: 'AAA' <== {{.*}}partially underflows this variable
|
// CHECK-m1: 'AAA'{{.*}} <== {{.*}}partially underflows this variable
|
||||||
// CHECK-9: 'AAA' <== {{.*}}partially overflows this variable
|
// CHECK-9: 'AAA'{{.*}} <== {{.*}}partially overflows this variable
|
||||||
// CHECK-10: 'AAA' <== {{.*}}overflows this variable
|
// CHECK-10: 'AAA'{{.*}} <== {{.*}}overflows this variable
|
||||||
// CHECK-30: 'BBB' <== {{.*}}underflows this variable
|
// CHECK-30: 'BBB'{{.*}} <== {{.*}}underflows this variable
|
||||||
// CHECK-31: 'BBB' <== {{.*}}partially underflows this variable
|
// CHECK-31: 'BBB'{{.*}} <== {{.*}}partially underflows this variable
|
||||||
// CHECK-41: 'BBB' <== {{.*}}partially overflows this variable
|
// CHECK-41: 'BBB'{{.*}} <== {{.*}}partially overflows this variable
|
||||||
// CHECK-42: 'BBB' <== {{.*}}overflows this variable
|
// CHECK-42: 'BBB'{{.*}} <== {{.*}}overflows this variable
|
||||||
// CHECK-62: 'CCC' <== {{.*}}underflows this variable
|
// CHECK-62: 'CCC'{{.*}} <== {{.*}}underflows this variable
|
||||||
// CHECK-63: 'CCC' <== {{.*}}partially underflows this variable
|
// CHECK-63: 'CCC'{{.*}} <== {{.*}}partially underflows this variable
|
||||||
// CHECK-73: 'CCC' <== {{.*}}partially overflows this variable
|
// CHECK-73: 'CCC'{{.*}} <== {{.*}}partially overflows this variable
|
||||||
// CHECK-74: 'CCC' <== {{.*}}overflows this variable
|
// CHECK-74: 'CCC'{{.*}} <== {{.*}}overflows this variable
|
||||||
|
|
|
@ -19,7 +19,7 @@ int main(int argc, char **argv) {
|
||||||
char s1[4] = "abC";
|
char s1[4] = "abC";
|
||||||
__asan_poison_memory_region ((char *)&s1[2], 2);
|
__asan_poison_memory_region ((char *)&s1[2], 2);
|
||||||
r = strcasestr(s1, s2);
|
r = strcasestr(s1, s2);
|
||||||
// CHECK:'s1' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s1'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
assert(r == s1 + 2);
|
assert(r == s1 + 2);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -20,6 +20,6 @@ int main(int argc, char **argv) {
|
||||||
__asan_poison_memory_region ((char *)&s2[2], 2);
|
__asan_poison_memory_region ((char *)&s2[2], 2);
|
||||||
r = strcasestr(s1, s2);
|
r = strcasestr(s1, s2);
|
||||||
assert(r == 0);
|
assert(r == 0);
|
||||||
// CHECK:'s2' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s2'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ int main(int argc, char **argv) {
|
||||||
char s1[4] = "caB";
|
char s1[4] = "caB";
|
||||||
__asan_poison_memory_region ((char *)&s1[2], 2);
|
__asan_poison_memory_region ((char *)&s1[2], 2);
|
||||||
r = strcspn(s1, s2);
|
r = strcspn(s1, s2);
|
||||||
// CHECK:'s1' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s1'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
assert(r == 1);
|
assert(r == 1);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ int main(int argc, char **argv) {
|
||||||
char s2[4] = "abc";
|
char s2[4] = "abc";
|
||||||
__asan_poison_memory_region ((char *)&s2[2], 2);
|
__asan_poison_memory_region ((char *)&s2[2], 2);
|
||||||
r = strcspn(s1, s2);
|
r = strcspn(s1, s2);
|
||||||
// CHECK:'s2' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s2'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
assert(r == 0);
|
assert(r == 0);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ int main(int argc, char **argv) {
|
||||||
char s1[4] = "cab";
|
char s1[4] = "cab";
|
||||||
__asan_poison_memory_region ((char *)&s1[2], 2);
|
__asan_poison_memory_region ((char *)&s1[2], 2);
|
||||||
r = strpbrk(s1, s2);
|
r = strpbrk(s1, s2);
|
||||||
// CHECK:'s1' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s1'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
assert(r == s1 + 1);
|
assert(r == s1 + 1);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ int main(int argc, char **argv) {
|
||||||
char s2[4] = "bca";
|
char s2[4] = "bca";
|
||||||
__asan_poison_memory_region ((char *)&s2[2], 2);
|
__asan_poison_memory_region ((char *)&s2[2], 2);
|
||||||
r = strpbrk(s1, s2);
|
r = strpbrk(s1, s2);
|
||||||
// CHECK:'s2' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s2'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
assert(r == s1);
|
assert(r == s1);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ int main(int argc, char **argv) {
|
||||||
char s1[4] = "acb";
|
char s1[4] = "acb";
|
||||||
__asan_poison_memory_region ((char *)&s1[2], 2);
|
__asan_poison_memory_region ((char *)&s1[2], 2);
|
||||||
r = strspn(s1, s2);
|
r = strspn(s1, s2);
|
||||||
// CHECK:'s1' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s1'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
assert(r == 1);
|
assert(r == 1);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -14,7 +14,7 @@ int main(int argc, char **argv) {
|
||||||
char s2[5] = "abcd";
|
char s2[5] = "abcd";
|
||||||
__asan_poison_memory_region ((char *)&s2[3], 2);
|
__asan_poison_memory_region ((char *)&s2[3], 2);
|
||||||
r = strspn(s1, s2);
|
r = strspn(s1, s2);
|
||||||
// CHECK:'s2' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s2'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
assert(r >= 2);
|
assert(r >= 2);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,7 +15,7 @@ int main(int argc, char **argv) {
|
||||||
char s1[4] = "acb";
|
char s1[4] = "acb";
|
||||||
__asan_poison_memory_region ((char *)&s1[2], 2);
|
__asan_poison_memory_region ((char *)&s1[2], 2);
|
||||||
r = strstr(s1, s2);
|
r = strstr(s1, s2);
|
||||||
// CHECK:'s1' <== Memory access at offset {{[0-9]+}} {{partially overflows this variable|is inside this variable}}
|
// CHECK:'s1'{{.*}} <== Memory access at offset {{[0-9]+}} {{partially overflows this variable|is inside this variable}}
|
||||||
assert(r == s1 + 1);
|
assert(r == s1 + 1);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -15,7 +15,7 @@ int main(int argc, char **argv) {
|
||||||
char s2[4] = "cab";
|
char s2[4] = "cab";
|
||||||
__asan_poison_memory_region ((char *)&s2[2], 2);
|
__asan_poison_memory_region ((char *)&s2[2], 2);
|
||||||
r = strstr(s1, s2);
|
r = strstr(s1, s2);
|
||||||
// CHECK:'s2' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK:'s2'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
assert(r == 0);
|
assert(r == 0);
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
|
@ -35,7 +35,7 @@ void test1() {
|
||||||
char token_delimiter[2] = "b";
|
char token_delimiter[2] = "b";
|
||||||
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
|
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
|
||||||
token = strtok(s, token_delimiter);
|
token = strtok(s, token_delimiter);
|
||||||
// CHECK1:'token_delimiter' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK1: 'token_delimiter'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check that we find overflows in the delimiters on the second call (str == NULL)
|
// Check that we find overflows in the delimiters on the second call (str == NULL)
|
||||||
|
@ -48,7 +48,7 @@ void test2() {
|
||||||
assert(strcmp(token, "a") == 0);
|
assert(strcmp(token, "a") == 0);
|
||||||
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
|
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
|
||||||
token = strtok(NULL, token_delimiter);
|
token = strtok(NULL, token_delimiter);
|
||||||
// CHECK2:'token_delimiter' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK2: 'token_delimiter'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check that we find overflows in the string (only on the first call) with strict_string_checks.
|
// Check that we find overflows in the string (only on the first call) with strict_string_checks.
|
||||||
|
@ -58,7 +58,7 @@ void test3() {
|
||||||
char token_delimiter[2] = "b";
|
char token_delimiter[2] = "b";
|
||||||
__asan_poison_memory_region ((char *)&s[3], 2);
|
__asan_poison_memory_region ((char *)&s[3], 2);
|
||||||
token = strtok(s, token_delimiter);
|
token = strtok(s, token_delimiter);
|
||||||
// CHECK3:'s' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK3: 's'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check that we do not crash when strtok returns NULL with strict_string_checks.
|
// Check that we do not crash when strtok returns NULL with strict_string_checks.
|
||||||
|
@ -78,7 +78,7 @@ void test5() {
|
||||||
__asan_poison_memory_region ((char *)&s[2], 2);
|
__asan_poison_memory_region ((char *)&s[2], 2);
|
||||||
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
|
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
|
||||||
token = strtok(s, token_delimiter);
|
token = strtok(s, token_delimiter);
|
||||||
// CHECK5:'s' <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
// CHECK5: 's'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check that we find overflows in the delimiters (only on the first call) with !strict_string_checks.
|
// Check that we find overflows in the delimiters (only on the first call) with !strict_string_checks.
|
||||||
|
@ -88,7 +88,7 @@ void test6() {
|
||||||
char token_delimiter[1] = {'d'};
|
char token_delimiter[1] = {'d'};
|
||||||
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
|
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
|
||||||
token = strtok(s, &token_delimiter[1]);
|
token = strtok(s, &token_delimiter[1]);
|
||||||
// CHECK6:'token_delimiter' <== Memory access at offset {{[0-9]+}} overflows this variable
|
// CHECK6: 'token_delimiter'{{.*}} <== Memory access at offset {{[0-9]+}} overflows this variable
|
||||||
}
|
}
|
||||||
|
|
||||||
int main(int argc, char **argv) {
|
int main(int argc, char **argv) {
|
||||||
|
|
|
@ -21,8 +21,8 @@ int main(int argc, char *argv[]) {
|
||||||
// CHECK: READ of size 4 at 0x{{.*}} thread T0
|
// CHECK: READ of size 4 at 0x{{.*}} thread T0
|
||||||
// CHECK: #0 0x{{.*}} in main
|
// CHECK: #0 0x{{.*}} in main
|
||||||
// CHECK: {{.*}}use-after-scope-inlined.cc:[[@LINE-4]]
|
// CHECK: {{.*}}use-after-scope-inlined.cc:[[@LINE-4]]
|
||||||
// CHECK: Address 0x{{.*}} is located in stack of thread T0 at offset
|
// CHECK: Address 0x{{.*}} is located in stack of thread T0 at offset [[OFFSET:[^ ]*]] in frame
|
||||||
// CHECK: [[OFFSET:[^ ]*]] in frame
|
// CHECK: {{.*}} in main
|
||||||
// CHECK: main
|
// CHECK: This frame has
|
||||||
// CHECK: {{\[}}[[OFFSET]], {{.*}}) 'x.i:[[@LINE-15]]'
|
// CHECK: {{\[}}[[OFFSET]], {{.*}}) 'x.i' (line [[@LINE-15]])
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue