strtok.c
3.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
// RUN: %clang_asan %s -o %t
// Test overflows with strict_string_checks
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test1 2>&1 | \
// RUN: FileCheck %s --check-prefix=CHECK1
// RUN: %env_asan_opts=intercept_strtok=false %run %t test1 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test2 2>&1 | \
// RUN: FileCheck %s --check-prefix=CHECK2
// RUN: %env_asan_opts=intercept_strtok=false %run %t test2 2>&1
// RUN: %env_asan_opts=strict_string_checks=true not %run %t test3 2>&1 | \
// RUN: FileCheck %s --check-prefix=CHECK3
// RUN: %env_asan_opts=intercept_strtok=false %run %t test3 2>&1
// RUN: %env_asan_opts=strict_string_checks=true %run %t test4 2>&1
// RUN: %env_asan_opts=intercept_strtok=false %run %t test4 2>&1
// Test overflows with !strict_string_checks
// RUN: %env_asan_opts=strict_string_checks=false not %run %t test5 2>&1 | \
// RUN: FileCheck %s --check-prefix=CHECK5
// RUN: %env_asan_opts=intercept_strtok=false %run %t test5 2>&1
// RUN: %env_asan_opts=strict_string_checks=false not %run %t test6 2>&1 | \
// RUN: FileCheck %s --check-prefix=CHECK6
// RUN: %env_asan_opts=intercept_strtok=false %run %t test6 2>&1
#include <assert.h>
#include <string.h>
#include <sanitizer/asan_interface.h>
// Check that we find overflows in the delimiters on the first call
// with strict_string_checks.
void test1() {
char *token;
char s[4] = "abc";
char token_delimiter[2] = "b";
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
token = strtok(s, token_delimiter);
// CHECK1: 'token_delimiter'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
}
// Check that we find overflows in the delimiters on the second call (str == NULL)
// with strict_string_checks.
void test2() {
char *token;
char s[4] = "abc";
char token_delimiter[2] = "b";
token = strtok(s, token_delimiter);
assert(strcmp(token, "a") == 0);
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
token = strtok(NULL, token_delimiter);
// CHECK2: 'token_delimiter'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
}
// Check that we find overflows in the string (only on the first call) with strict_string_checks.
void test3() {
char *token;
char s[4] = "abc";
char token_delimiter[2] = "b";
__asan_poison_memory_region ((char *)&s[3], 2);
token = strtok(s, token_delimiter);
// CHECK3: 's'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
}
// Check that we do not crash when strtok returns NULL with strict_string_checks.
void test4() {
char *token;
char s[] = "";
char token_delimiter[] = "a";
token = strtok(s, token_delimiter);
assert(token == NULL);
}
// Check that we find overflows in the string (only on the first call) with !strict_string_checks.
void test5() {
char *token;
char s[4] = "abc";
char token_delimiter[2] = "d";
__asan_poison_memory_region ((char *)&s[2], 2);
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
token = strtok(s, token_delimiter);
// CHECK5: 's'{{.*}} <== Memory access at offset {{[0-9]+}} partially overflows this variable
}
// Check that we find overflows in the delimiters (only on the first call) with !strict_string_checks.
void test6() {
char *token;
char s[4] = "abc";
char token_delimiter[1] = {'d'};
__asan_poison_memory_region ((char *)&token_delimiter[1], 2);
token = strtok(s, &token_delimiter[1]);
// CHECK6: 'token_delimiter'{{.*}} <== Memory access at offset {{[0-9]+}} overflows this variable
}
int main(int argc, char **argv) {
if (argc != 2) return 1;
if (!strcmp(argv[1], "test1")) test1();
if (!strcmp(argv[1], "test2")) test2();
if (!strcmp(argv[1], "test3")) test3();
if (!strcmp(argv[1], "test4")) test4();
if (!strcmp(argv[1], "test5")) test5();
if (!strcmp(argv[1], "test6")) test6();
return 0;
}