forked from OSchip/llvm-project
46 lines
1.0 KiB
C
46 lines
1.0 KiB
C
// RUN: %clang_hwasan %s -o %t && not %env_hwasan_opts=verbose_threads=1 %run %t 2>&1 | FileCheck %s
|
|
// REQUIRES: stable-runtime
|
|
|
|
#include <pthread.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
|
|
#include <sanitizer/hwasan_interface.h>
|
|
|
|
void *BoringThread(void *arg) {
|
|
char * volatile x = (char*)malloc(10);
|
|
x[5] = 0;
|
|
free(x);
|
|
return NULL;
|
|
}
|
|
|
|
// CHECK: Creating : T0
|
|
// CHECK: Creating : T1
|
|
// CHECK: Destroying: T1
|
|
// CHECK: Creating : T1100
|
|
// CHECK: Destroying: T1100
|
|
// CHECK: Creating : T1101
|
|
|
|
void *UAFThread(void *arg) {
|
|
char * volatile x = (char*)malloc(10);
|
|
fprintf(stderr, "ZZZ %p\n", x);
|
|
free(x);
|
|
x[5] = 42;
|
|
// CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address
|
|
// CHECK: WRITE of size 1
|
|
// CHECK: many-threads-uaf.c:[[@LINE-3]]
|
|
// CHECK: Thread: T1101
|
|
return NULL;
|
|
}
|
|
|
|
int main() {
|
|
__hwasan_enable_allocator_tagging();
|
|
pthread_t t;
|
|
for (int i = 0; i < 1100; i++) {
|
|
pthread_create(&t, NULL, BoringThread, NULL);
|
|
pthread_join(t, NULL);
|
|
}
|
|
pthread_create(&t, NULL, UAFThread, NULL);
|
|
pthread_join(t, NULL);
|
|
}
|