This is an archive of the discontinued LLVM Phabricator instance.

Differential D9017

More string interceptors: strstr, strcasestr, strspn, strcspn, strpbrk
ClosedPublic

Authored by m.guseva on Apr 14 2015, 8:00 AM.

Details

Reviewers
kcc
glider
dvyukov
samsonov
Commits
rG0ca65fd83d50: [sanitizer] More string interceptors: strstr, strcasestr, strspn, strcspn…
rCRT238406: [sanitizer] More string interceptors: strstr, strcasestr, strspn, strcspn…
rL238406: [sanitizer] More string interceptors: strstr, strcasestr, strspn, strcspn…
Summary

This is a patch for Issue 346: moar string interceptors: strstr, strcasestr, strcspn, strpbrk.
The initial patch for this issue was: http://reviews.llvm.org/D6056. But it was abandoned and splitted in two parts: New "strict_string_checks" run-time flag and this one.

Diff Detail

Repository
rL LLVM

Event Timeline

m.guseva updated this revision to Diff 23733.Apr 14 2015, 8:00 AM
m.guseva retitled this revision from to More string interceptors: strstr, strcasestr, strcspn, strpbrk.
m.guseva updated this object.
m.guseva edited the test plan for this revision. (Show Details)
m.guseva added reviewers: samsonov, glider, kcc, dvyukov.
m.guseva added subscribers: Unknown Object (MLST), kubamracek, joerg, ygribov.
dvyukov added inline comments.Apr 14 2015, 9:45 AM
lib/sanitizer_common/sanitizer_common_interceptors.inc
269 ↗(On Diff #23733)

delete empty line (two consequent empty lines)

271 ↗(On Diff #23733)

delete empty line (that's how it is written everywhere in this file)

277 ↗(On Diff #23733)

Is "r - s1 + len2 + 1" correct?
I think it should be "r - s1 + len2", because strstr can read only len2 bytes to find a match.

279 ↗(On Diff #23733)

I am not sure such complex computations are necessary. People should not rely on such things.
If anything, I think, the fifth argument should be 1, because if I call strstr("aaaaaaaaaaaa", "bcdef") I can "expect" that the function will read only the first symbol "b" from the second string.

283 ↗(On Diff #23733)

add parens around COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED

288 ↗(On Diff #23733)

drop {}

294 ↗(On Diff #23733)

#define INIT_STRSTR \

COMMON_INTERCEPT_FUNCTION(strstr); \
COMMON_INTERCEPT_FUNCTION(strcasestr);

and move below

306 ↗(On Diff #23733)

remove

310 ↗(On Diff #23733)

remove

312 ↗(On Diff #23733)

delete empty line

315 ↗(On Diff #23733)

delete empty line

322 ↗(On Diff #23733)

I don't believe this is necessary. Make it just:
READ_RANGE(s2, REAL(strlen)(s2) + 1);

328 ↗(On Diff #23733)

move below (see how it is formatted in other case in this file)

337 ↗(On Diff #23733)

I don't believe this complex code is necessary. Make it just:
READ_RANGE(s2, REAL(strlen)(s2) + 1);

4945 ↗(On Diff #23733)

delete

lib/sanitizer_common/sanitizer_flags.inc
156 ↗(On Diff #23733)

do we need all these additional flags? why?

lib/sanitizer_common/sanitizer_platform_interceptors.h
58 ↗(On Diff #23733)

this is unused, delete

60 ↗(On Diff #23733)

delete

m.guseva added inline comments.Apr 15 2015, 9:21 AM
lib/sanitizer_common/sanitizer_common_interceptors.inc
279 ↗(On Diff #23733)

Do you mean the following: (ctx, s2, len2, r ? len2 + 1 : (len2 <= len1 ? 1 : len1 + 1)); ?
In that case we may not check real read of bigger length from s2 in case there is some not null intersection of s1 and s2.
The most accurate result would be if repeat explicitly strstr computations and find that real length. But I've just added non-strict check assuming the worst case.

322 ↗(On Diff #23733)

Why not?
Indeed we don't need to read the full length of s2. User may expect it in non-strict case.

337 ↗(On Diff #23733)

The same - please explain. My intention was to avoid strict checks when possible.

lib/sanitizer_common/sanitizer_flags.inc
156 ↗(On Diff #23733)

It was discussed in initial patch for this http://reviews.llvm.org/D6056#92330: glider suggested to have individual flags. I agree, it's more flexible.

lib/sanitizer_common/sanitizer_platform_interceptors.h
58 ↗(On Diff #23733)

It's my bug, SANITIZER_INTERCEPT_STRCASESTR must be used in sanitizer_common_interceptors.inc cause indeed there is no strcasestr on Windows. I'll fix it.

The rest is always 1 so I agree it could be removed. I wonder why there are other defines allways equal to 1 in sanitizer_platform_interceptors.h?

m.guseva updated this object.Apr 15 2015, 9:23 AM
dvyukov added inline comments.Apr 20 2015, 7:02 AM
lib/sanitizer_common/sanitizer_common_interceptors.inc
279 ↗(On Diff #23733)

The worst case is strlen(s2)+1. An implementation is allowed to read that much.
The non-strict mode should consider the _best_ case if anything. But I would just delete this complexity and use strlen.

322 ↗(On Diff #23733)

Because these are very complex expressions with lots of corner cases and potential off-by-ones.
User should not expect that the function won't read the whole string. There are not such guarantees in the documentation. Documentation refers to arguments as to strings. Strings are addressable zero-terminated regions of memory.

lib/sanitizer_common/sanitizer_flags.inc
156 ↗(On Diff #23733)

Okay
I am not very strong about this

lib/sanitizer_common/sanitizer_platform_interceptors.h
58 ↗(On Diff #23733)

I mean delete them because they are unused, not because they are always 1.
I guess we have always 1 defines for flexibility and consistency.

m.guseva added inline comments.Apr 21 2015, 8:29 AM
lib/sanitizer_common/sanitizer_common_interceptors.inc
279 ↗(On Diff #23733)

The non-strict mode should consider the _best_ case if anything.

I understand the non-strict mode as ability to check less then full string length when it's possible. It shouldn't rely on best case, it should check at least as much as needed for getting the result. I think it's better to check more bytes than to miss incorrect read. If proposed read check is inaccurate I agree it's better to replace with full length check.

322 ↗(On Diff #23733)

User should not expect that the function won't read the whole string. There are not such guarantees in the documentation.

The "strict_string_checks" flag was introduced exactly cause user may expect such behaviour despite of documentation. Which are corner cases here? Can I just cover them?

ygribov added inline comments.Apr 21 2015, 10:51 AM
lib/sanitizer_common/sanitizer_common_interceptors.inc
322 ↗(On Diff #23733)

I guess Dmitry means that there is a tradeoff between functionality and code complexity. And he'd prefer to drop overly complex checks in favor of simplicity.

dvyukov added inline comments.Apr 22 2015, 12:38 AM
lib/sanitizer_common/sanitizer_common_interceptors.inc
322 ↗(On Diff #23733)

Yes, what Yury said. "r ? internal_strchr(s2, *r) - s2 + 1 : *s1 ? REAL(strlen)(s2) + 1 : 0" is complex without providing any obvious benefit.

If anything, non-strict mode check at _most_ (rather than at least) as much as needed for getting the result. But what is required to get the result? It depends on the implementation of the function in libc.
For example, I, as a user, can argue than strstr("aaaaaaaaaaaa", "bcdef") must read no more than 1 byte from the second string. While your non-strict implementation checks more, thus will cause a crash which looks non-legitimate to me.
The non-strict checks were introduced based on real cases that we observed and were unable to fix. Adding them proactively looks wrong to me. If a user hits such a case, then the first thing he should try is to fix the code (formally it is illegal). This should cover majority of the cases. If fixing the code is not possible, then he can use the flag to disable the interceptor. Meanwhile we can figure out whether we want to relax checking in the interceptor or not.

m.guseva updated this revision to Diff 26522.May 26 2015, 10:46 AM

Hi,

I've uploaded new patch with fixes suggested by Dmitry. Could you please take a look? Thank you.

dvyukov accepted this revision.May 26 2015, 11:12 AM
dvyukov edited edge metadata.

thanks, the code is now much easier to understand
LGTM

lib/sanitizer_common/sanitizer_common_interceptors.inc
276 ↗(On Diff #26522)

remove whitespace after s2

318 ↗(On Diff #26522)

please add strspn interceptor for completeness

This revision is now accepted and ready to land.May 26 2015, 11:12 AM
m.guseva updated this revision to Diff 26589.May 27 2015, 6:16 AM
m.guseva retitled this revision from More string interceptors: strstr, strcasestr, strcspn, strpbrk to More string interceptors: strstr, strcasestr, strspn, strcspn, strpbrk.
m.guseva edited edge metadata.

Thank you. I've uploaded new patch with strspn interceptors added. I moved both strspn and strcspn under the same flag intercept_strspn and one macro SANITIZER_INTERCEPT_STRSPN.

ygribov added a comment.May 27 2015, 6:37 AM

I'll submit tomorrow (if no objections from Dima) so that we are around to cope with bugs.

Closed by commit rL238406: [sanitizer] More string interceptors: strstr, strcasestr, strspn, strcspn… (authored by ygribov). · Explain WhyMay 28 2015, 2:28 AM
This revision was automatically updated to reflect the committed changes.

Revision Contents

PathSize
compiler-rt/
trunk/
lib/
sanitizer_common/
95 lines
9 lines
4 lines
tsan/
rtl/
11 lines
test/
asan/
TestCases/
23 lines
23 lines
28 lines
19 lines
19 lines
26 lines
19 lines
19 lines
25 lines
19 lines
19 lines
25 lines
19 lines
19 lines
25 lines
sanitizer_common/
TestCases/
16 lines
13 lines
14 lines
13 lines
12 lines

Diff 26667

compiler-rt/trunk/lib/sanitizer_common/sanitizer_common_interceptors.inc

Show First 20 LinesShow All 265 Lines▼ Show 20 Lines
#define INIT_STRCASECMP COMMON_INTERCEPT_FUNCTION(strcasecmp) #define INIT_STRCASECMP COMMON_INTERCEPT_FUNCTION(strcasecmp)
#define INIT_STRNCASECMP COMMON_INTERCEPT_FUNCTION(strncasecmp) #define INIT_STRNCASECMP COMMON_INTERCEPT_FUNCTION(strncasecmp)
#else #else
#define INIT_STRCASECMP #define INIT_STRCASECMP
#define INIT_STRNCASECMP #define INIT_STRNCASECMP
#endif #endif
#if SANITIZER_INTERCEPT_STRSTR || SANITIZER_INTERCEPT_STRCASESTR
static inline void StrstrCheck(void *ctx, char *r, const char *s1,
const char *s2) {
uptr len1 = REAL(strlen)(s1);
uptr len2 = REAL(strlen)(s2);
COMMON_INTERCEPTOR_READ_STRING_OF_LEN(ctx, s1, len1,
r ? r - s1 + len2 : len1 + 1);
COMMON_INTERCEPTOR_READ_RANGE(ctx, s2, len2 + 1);
}
#endif
#if SANITIZER_INTERCEPT_STRSTR
INTERCEPTOR(char*, strstr, const char *s1, const char *s2) {
if (COMMON_INTERCEPTOR_NOTHING_IS_INITIALIZED)
return internal_strstr(s1, s2);
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strstr, s1, s2);
char *r = REAL(strstr)(s1, s2);
if (common_flags()->intercept_strstr)
StrstrCheck(ctx, r, s1, s2);
return r;
}
#define INIT_STRSTR COMMON_INTERCEPT_FUNCTION(strstr);
#else
#define INIT_STRSTR
#endif
#if SANITIZER_INTERCEPT_STRCASESTR
INTERCEPTOR(char*, strcasestr, const char *s1, const char *s2) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strcasestr, s1, s2);
char *r = REAL(strcasestr)(s1, s2);
if (common_flags()->intercept_strstr)
StrstrCheck(ctx, r, s1, s2);
return r;
}
#define INIT_STRCASESTR COMMON_INTERCEPT_FUNCTION(strcasestr);
#else
#define INIT_STRCASESTR
#endif
#if SANITIZER_INTERCEPT_STRSPN
INTERCEPTOR(SIZE_T, strspn, const char *s1, const char *s2) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strspn, s1, s2);
SIZE_T r = REAL(strspn)(s1, s2);
if (common_flags()->intercept_strspn) {
COMMON_INTERCEPTOR_READ_RANGE(ctx, s2, REAL(strlen)(s2) + 1);
COMMON_INTERCEPTOR_READ_STRING(ctx, s1, r + 1);
}
return r;
}
INTERCEPTOR(SIZE_T, strcspn, const char *s1, const char *s2) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strcspn, s1, s2);
SIZE_T r = REAL(strcspn)(s1, s2);
if (common_flags()->intercept_strspn) {
COMMON_INTERCEPTOR_READ_RANGE(ctx, s2, REAL(strlen)(s2) + 1);
COMMON_INTERCEPTOR_READ_STRING(ctx, s1, r + 1);
}
return r;
}
#define INIT_STRSPN \
COMMON_INTERCEPT_FUNCTION(strspn); \
COMMON_INTERCEPT_FUNCTION(strcspn);
#else
#define INIT_STRSPN
#endif
#if SANITIZER_INTERCEPT_STRPBRK
INTERCEPTOR(char *, strpbrk, const char *s1, const char *s2) {
void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, strpbrk, s1, s2);
char *r = REAL(strpbrk)(s1, s2);
if (common_flags()->intercept_strpbrk) {
COMMON_INTERCEPTOR_READ_RANGE(ctx, s2, REAL(strlen)(s2) + 1);
COMMON_INTERCEPTOR_READ_STRING(ctx, s1,
r ? r - s1 + 1 : REAL(strlen)(s1) + 1);
}
return r;
}
#define INIT_STRPBRK COMMON_INTERCEPT_FUNCTION(strpbrk);
#else
#define INIT_STRPBRK
#endif
#if SANITIZER_INTERCEPT_MEMCHR #if SANITIZER_INTERCEPT_MEMCHR
INTERCEPTOR(void*, memchr, const void *s, int c, SIZE_T n) { INTERCEPTOR(void*, memchr, const void *s, int c, SIZE_T n) {
void *ctx; void *ctx;
COMMON_INTERCEPTOR_ENTER(ctx, memchr, s, c, n); COMMON_INTERCEPTOR_ENTER(ctx, memchr, s, c, n);
void *res = REAL(memchr)(s, c, n); void *res = REAL(memchr)(s, c, n);
uptr len = res ? (char *)res - (const char *)s + 1 : n; uptr len = res ? (char *)res - (const char *)s + 1 : n;
COMMON_INTERCEPTOR_READ_RANGE(ctx, s, len); COMMON_INTERCEPTOR_READ_RANGE(ctx, s, len);
return res; return res;
▲ Show 20 LinesShow All 4,587 Lines▼ Show 20 Linesstatic void InitializeCommonInterceptors() {
static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1]; static u64 metadata_mem[sizeof(MetadataHashMap) / sizeof(u64) + 1];
interceptor_metadata_map = new((void *)&metadata_mem) MetadataHashMap(); interceptor_metadata_map = new((void *)&metadata_mem) MetadataHashMap();
INIT_TEXTDOMAIN; INIT_TEXTDOMAIN;
INIT_STRCMP; INIT_STRCMP;
INIT_STRNCMP; INIT_STRNCMP;
INIT_STRCASECMP; INIT_STRCASECMP;
INIT_STRNCASECMP; INIT_STRNCASECMP;
INIT_STRSTR;
INIT_STRCASESTR;
INIT_STRSPN;
INIT_STRPBRK;
INIT_MEMCHR; INIT_MEMCHR;
INIT_MEMRCHR; INIT_MEMRCHR;
INIT_READ; INIT_READ;
INIT_PREAD; INIT_PREAD;
INIT_PREAD64; INIT_PREAD64;
INIT_READV; INIT_READV;
INIT_PREADV; INIT_PREADV;
INIT_PREADV64; INIT_PREADV64;
▲ Show 20 LinesShow All 147 LinesShow Last 20 Lines

compiler-rt/trunk/lib/sanitizer_common/sanitizer_flags.inc

Show First 20 LinesShow All 148 Lines▼ Show 20 Lines
COMMON_FLAG(const char *, stack_trace_format, "DEFAULT", COMMON_FLAG(const char *, stack_trace_format, "DEFAULT",
"Format string used to render stack frames. " "Format string used to render stack frames. "
"See sanitizer_stacktrace_printer.h for the format description. " "See sanitizer_stacktrace_printer.h for the format description. "
"Use DEFAULT to get default format.") "Use DEFAULT to get default format.")
COMMON_FLAG(bool, no_huge_pages_for_shadow, true, COMMON_FLAG(bool, no_huge_pages_for_shadow, true,
"If true, the shadow is not allowed to use huge pages. ") "If true, the shadow is not allowed to use huge pages. ")
COMMON_FLAG(bool, strict_string_checks, false, COMMON_FLAG(bool, strict_string_checks, false,
"If set check that string arguments are properly null-terminated") "If set check that string arguments are properly null-terminated")
COMMON_FLAG(bool, intercept_strstr, true,
"If set, uses custom wrappers for strstr and strcasestr functions "
"to find more errors.")
COMMON_FLAG(bool, intercept_strspn, true,
"If set, uses custom wrappers for strspn and strcspn function "
"to find more errors.")
COMMON_FLAG(bool, intercept_strpbrk, true,
"If set, uses custom wrappers for strpbrk function "
"to find more errors.")

compiler-rt/trunk/lib/sanitizer_common/sanitizer_platform_interceptors.h

Show First 20 LinesShow All 48 Lines▼ Show 20 Lines
#if SANITIZER_IOS #if SANITIZER_IOS
# define SI_IOS 1 # define SI_IOS 1
#else #else
# define SI_IOS 0 # define SI_IOS 0
#endif #endif
#define SANITIZER_INTERCEPT_STRCMP 1 #define SANITIZER_INTERCEPT_STRCMP 1
#define SANITIZER_INTERCEPT_STRSTR 1
#define SANITIZER_INTERCEPT_STRCASESTR SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_STRSPN 1
#define SANITIZER_INTERCEPT_STRPBRK 1
#define SANITIZER_INTERCEPT_TEXTDOMAIN SI_LINUX_NOT_ANDROID #define SANITIZER_INTERCEPT_TEXTDOMAIN SI_LINUX_NOT_ANDROID
#define SANITIZER_INTERCEPT_STRCASECMP SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_STRCASECMP SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_MEMCHR 1 #define SANITIZER_INTERCEPT_MEMCHR 1
#define SANITIZER_INTERCEPT_MEMRCHR SI_FREEBSD || SI_LINUX #define SANITIZER_INTERCEPT_MEMRCHR SI_FREEBSD || SI_LINUX
#define SANITIZER_INTERCEPT_READ SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_READ SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_PREAD SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_PREAD SI_NOT_WINDOWS
#define SANITIZER_INTERCEPT_WRITE SI_NOT_WINDOWS #define SANITIZER_INTERCEPT_WRITE SI_NOT_WINDOWS
▲ Show 20 LinesShow All 187 LinesShow Last 20 Lines

compiler-rt/trunk/lib/tsan/rtl/tsan_interceptors.cc

Show First 20 LinesShow All 653 Lines▼ Show 20 Lines
TSAN_INTERCEPTOR(char*, strncpy, char *dst, char *src, uptr n) { TSAN_INTERCEPTOR(char*, strncpy, char *dst, char *src, uptr n) {
SCOPED_TSAN_INTERCEPTOR(strncpy, dst, src, n); SCOPED_TSAN_INTERCEPTOR(strncpy, dst, src, n);
uptr srclen = internal_strnlen(src, n); uptr srclen = internal_strnlen(src, n);
MemoryAccessRange(thr, pc, (uptr)dst, n, true); MemoryAccessRange(thr, pc, (uptr)dst, n, true);
MemoryAccessRange(thr, pc, (uptr)src, min(srclen + 1, n), false); MemoryAccessRange(thr, pc, (uptr)src, min(srclen + 1, n), false);
return REAL(strncpy)(dst, src, n); return REAL(strncpy)(dst, src, n);
} }
TSAN_INTERCEPTOR(const char*, strstr, const char *s1, const char *s2) {
SCOPED_TSAN_INTERCEPTOR(strstr, s1, s2);
const char *res = REAL(strstr)(s1, s2);
uptr len1 = internal_strlen(s1);
uptr len2 = internal_strlen(s2);
MemoryAccessRange(thr, pc, (uptr)s1, len1 + 1, false);
MemoryAccessRange(thr, pc, (uptr)s2, len2 + 1, false);
return res;
}
TSAN_INTERCEPTOR(char*, strdup, const char *str) { TSAN_INTERCEPTOR(char*, strdup, const char *str) {
SCOPED_TSAN_INTERCEPTOR(strdup, str); SCOPED_TSAN_INTERCEPTOR(strdup, str);
// strdup will call malloc, so no instrumentation is required here. // strdup will call malloc, so no instrumentation is required here.
return REAL(strdup)(str); return REAL(strdup)(str);
} }
static bool fix_mmap_addr(void **addr, long_t sz, int flags) { static bool fix_mmap_addr(void **addr, long_t sz, int flags) {
if (*addr) { if (*addr) {
▲ Show 20 LinesShow All 1,787 Lines▼ Show 20 Lines#endif
TSAN_INTERCEPT(memcpy); TSAN_INTERCEPT(memcpy);
TSAN_INTERCEPT(memmove); TSAN_INTERCEPT(memmove);
TSAN_INTERCEPT(memcmp); TSAN_INTERCEPT(memcmp);
TSAN_INTERCEPT(strchr); TSAN_INTERCEPT(strchr);
TSAN_INTERCEPT(strchrnul); TSAN_INTERCEPT(strchrnul);
TSAN_INTERCEPT(strrchr); TSAN_INTERCEPT(strrchr);
TSAN_INTERCEPT(strcpy); // NOLINT TSAN_INTERCEPT(strcpy); // NOLINT
TSAN_INTERCEPT(strncpy); TSAN_INTERCEPT(strncpy);
TSAN_INTERCEPT(strstr);
TSAN_INTERCEPT(strdup); TSAN_INTERCEPT(strdup);
TSAN_INTERCEPT(pthread_create); TSAN_INTERCEPT(pthread_create);
TSAN_INTERCEPT(pthread_join); TSAN_INTERCEPT(pthread_join);
TSAN_INTERCEPT(pthread_detach); TSAN_INTERCEPT(pthread_detach);
TSAN_INTERCEPT_VER(pthread_cond_init, "GLIBC_2.3.2"); TSAN_INTERCEPT_VER(pthread_cond_init, "GLIBC_2.3.2");
TSAN_INTERCEPT_VER(pthread_cond_signal, "GLIBC_2.3.2"); TSAN_INTERCEPT_VER(pthread_cond_signal, "GLIBC_2.3.2");
▲ Show 20 LinesShow All 128 LinesShow Last 20 Lines

compiler-rt/trunk/test/asan/TestCases/strcasestr-1.c

// Test haystack overflow in strcasestr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1
// There's no interceptor for strcasestr on Windows
// XFAIL: win32
#define _GNU_SOURCE
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s2[] = "c";
char s1[] = {'a', 'b'};
char s3 = 0;
r = strcasestr(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strcasestr-2.c

// Test needle overflow in strcasestr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1
// There's no interceptor for strcasestr on Windows
// XFAIL: win32
#define _GNU_SOURCE
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "ab";
char s2[] = {'c'};
char s3 = 0;
r = strcasestr(s1, s2);
assert(r == 0);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strcasestr_strict.c

// Test strict_string_checks option in strcasestr function
// RUN: %clang_asan %s -o %t && %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// There's no interceptor for strcasestr on Windows
// XFAIL: win32
#define _GNU_SOURCE
#include <assert.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char **argv) {
size_t size = 100;
char *s1 = (char*)malloc(size);
char *s2 = (char*)malloc(size);
memset(s1, 'o', size);
memset(s2, 'O', size);
s2[size - 1]='\0';
char* r = strcasestr(s1, s2);
// CHECK: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK: READ of size 101
assert(r == s1);
free(s1);
free(s2);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strcspn-1.c

// Test string s1 overflow in strcspn function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strspn asan option
// RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s2[] = "ab";
char s1[] = {'c', 'd'};
char s3 = 0;
r = strcspn(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r >= sizeof(s1));
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strcspn-2.c

// Test stopset overflow in strcspn function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strcspn asan option
// RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s1[] = "ab";
char s2[] = {'c', 'd'};
char s3 = 0;
r = strcspn(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == sizeof(s1) - 1);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strcspn_strict.c

// Test strict_string_checks option in strcspn function
// RUN: %clang_asan %s -o %t && %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char **argv) {
size_t size = 100;
char fill = 'o';
char *s1 = (char*)malloc(size);
char *s2 = (char*)malloc(size);
memset(s1, fill, size);
s1[0] = 'z';
memset(s2, fill, size);
s2[size-1] = '\0';
size_t r = strcspn(s1, s2);
// CHECK: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK: READ of size 101
assert(r == 1);
free(s1);
free(s2);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strpbrk-1.c

// Test string s1 overflow in strpbrk function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strpbrk asan option
// RUN: ASAN_OPTIONS=intercept_strpbrk=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r;
char s2[] = "ab";
char s1[] = {'c', 'd'};
char s3[] = "a";
r = strpbrk(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r <= s3);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strpbrk-2.c

// Test stopset overflow in strpbrk function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strpbrk asan option
// RUN: ASAN_OPTIONS=intercept_strpbrk=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r;
char s1[] = "a";
char s2[] = {'b', 'c'};
char s3 = 0;
r = strpbrk(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == (r ? s1 : 0));
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strpbrk_strict.c

// Test strict_string_checks option in strpbrk function
// RUN: %clang_asan %s -o %t && %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char **argv) {
size_t size = 100;
char fill = 'o';
char *s1 = (char*)malloc(size);
char *s2 = (char*)malloc(2);
memset(s1, fill, size);
s2[0] = fill;
s2[1]='\0';
char* r = strpbrk(s1, s2);
// CHECK: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK: READ of size 101
assert(r == s1);
free(s1);
free(s2);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strspn-1.c

// Test string s1 overflow in strspn function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strspn asan option
// RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s2[] = "ab";
char s1[] = {'a', 'a'};
char s3 = 0;
r = strspn(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r >= sizeof(s1));
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strspn-2.c

// Test stopset overflow in strspn function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strspn asan option
// RUN: ASAN_OPTIONS=intercept_strspn=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s1[] = "cc";
char s2[] = {'a', 'b'};
char s3 = 0;
r = strspn(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strspn_strict.c

// Test strict_str`ing_checks option in strspn function
// RUN: %clang_asan %s -o %t && %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char **argv) {
size_t size = 100;
char fill = 'o';
char *s1 = (char*)malloc(size);
char *s2 = (char*)malloc(2);
memset(s1, fill, size);
s1[0] = s2[0] = 'z';
s2[1] = '\0';
size_t r = strspn(s1, s2);
// CHECK: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK: READ of size 101
assert(r == 1);
free(s1);
free(s2);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strstr-1.c

// Test haystack overflow in strstr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s2[] = "c";
char s1[] = {'a', 'b'};
char s3 = 0;
r = strstr(s1, s2);
// CHECK:'s{{[1|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strstr-2.c

// Test needle overflow in strstr function
// RUN: %clang_asan %s -o %t && ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
// Test intercept_strstr asan option
// RUN: ASAN_OPTIONS=intercept_strstr=false %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "ab";
char s2[] = {'c'};
char s3 = 0;
r = strstr(s1, s2);
// CHECK:'s{{[2|3]}}' <== Memory access at offset {{[0-9]+ .*}}flows this variable
assert(r == 0);
return 0;
}

compiler-rt/trunk/test/asan/TestCases/strstr_strict.c

// Test strict_string_checks option in strstr function
// RUN: %clang_asan %s -o %t && %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=false %run %t 2>&1
// RUN: ASAN_OPTIONS=strict_string_checks=true not %run %t 2>&1 | FileCheck %s
#include <assert.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char **argv) {
size_t size = 100;
char fill = 'o';
char *s1 = (char*)malloc(size);
char *s2 = (char*)malloc(size);
memset(s1, fill, size);
memset(s2, fill, size);
s2[size - 1]='\0';
char* r = strstr(s1, s2);
// CHECK: {{.*ERROR: AddressSanitizer: heap-buffer-overflow on address}}
// CHECK: READ of size 101
assert(r == s1);
free(s1);
free(s2);
return 0;
}

compiler-rt/trunk/test/sanitizer_common/TestCases/strcasestr.c

// RUN: %clang %s -o %t && %run %t 2>&1
// There's no interceptor for strcasestr on Windows
// XFAIL: win32
#define _GNU_SOURCE
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "aB";
char s2[] = "b";
r = strcasestr(s1, s2);
assert(r == s1 + 1);
return 0;
}

compiler-rt/trunk/test/sanitizer_common/TestCases/strcspn.c

// RUN: %clang %s -o %t && %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s1[] = "ad";
char s2[] = "cd";
r = strcspn(s1, s2);
assert(r == 1);
return 0;
}

compiler-rt/trunk/test/sanitizer_common/TestCases/strpbrk.c

// RUN: %clang %s -o %t && %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "ad";
char s2[] = "cd";
r = strpbrk(s1, s2);
assert(r == s1 + 1);
return 0;
}

compiler-rt/trunk/test/sanitizer_common/TestCases/strspn.c

// RUN: %clang %s -o %t && %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
size_t r;
char s1[] = "ab";
char s2[] = "ac";
r = strspn(s1, s2);
assert(r == 1);
return 0;
}

compiler-rt/trunk/test/sanitizer_common/TestCases/strstr.c

// RUN: %clang %s -o %t && %run %t 2>&1
#include <assert.h>
#include <string.h>
int main(int argc, char **argv) {
char *r = 0;
char s1[] = "ab";
char s2[] = "b";
r = strstr(s1, s2);
assert(r == s1 + 1);
return 0;
}