1 // Test the behavior of malloc/calloc/realloc when the allocation size is huge.
2 // By default (allocator_may_return_null=0) the process should crash.
3 // With allocator_may_return_null=1 the allocator should return 0.
5 // RUN: %clangxx_asan -O0 %s -o %t
6 // RUN: not %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH
7 // RUN: ASAN_OPTIONS=allocator_may_return_null=0 not %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mCRASH
8 // RUN: ASAN_OPTIONS=allocator_may_return_null=1 %t malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mNULL
9 // RUN: ASAN_OPTIONS=allocator_may_return_null=0 not %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cCRASH
10 // RUN: ASAN_OPTIONS=allocator_may_return_null=1 %t calloc 2>&1 | FileCheck %s --check-prefix=CHECK-cNULL
11 // RUN: ASAN_OPTIONS=allocator_may_return_null=0 not %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coCRASH
12 // RUN: ASAN_OPTIONS=allocator_may_return_null=1 %t calloc-overflow 2>&1 | FileCheck %s --check-prefix=CHECK-coNULL
13 // RUN: ASAN_OPTIONS=allocator_may_return_null=0 not %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rCRASH
14 // RUN: ASAN_OPTIONS=allocator_may_return_null=1 %t realloc 2>&1 | FileCheck %s --check-prefix=CHECK-rNULL
15 // RUN: ASAN_OPTIONS=allocator_may_return_null=0 not %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrCRASH
16 // RUN: ASAN_OPTIONS=allocator_may_return_null=1 %t realloc-after-malloc 2>&1 | FileCheck %s --check-prefix=CHECK-mrNULL
24 int main(int argc
, char **argv
) {
25 volatile size_t size
= std::numeric_limits
<size_t>::max() - 10000;
28 if (!strcmp(argv
[1], "malloc")) {
29 fprintf(stderr
, "malloc:\n");
30 x
= (char*)malloc(size
);
32 if (!strcmp(argv
[1], "calloc")) {
33 fprintf(stderr
, "calloc:\n");
34 x
= (char*)calloc(size
/ 4, 4);
37 if (!strcmp(argv
[1], "calloc-overflow")) {
38 fprintf(stderr
, "calloc-overflow:\n");
39 volatile size_t kMaxSizeT
= std::numeric_limits
<size_t>::max();
40 size_t kArraySize
= 4096;
41 volatile size_t kArraySize2
= kMaxSizeT
/ kArraySize
+ 10;
42 x
= (char*)calloc(kArraySize
, kArraySize2
);
45 if (!strcmp(argv
[1], "realloc")) {
46 fprintf(stderr
, "realloc:\n");
47 x
= (char*)realloc(0, size
);
49 if (!strcmp(argv
[1], "realloc-after-malloc")) {
50 fprintf(stderr
, "realloc-after-malloc:\n");
51 char *t
= (char*)malloc(100);
53 x
= (char*)realloc(t
, size
);
56 // The NULL pointer is printed differently on different systems, while (long)0
57 // is always the same.
58 fprintf(stderr
, "x: %lx\n", (long)x
);
61 // CHECK-mCRASH: malloc:
62 // CHECK-mCRASH: AddressSanitizer's allocator is terminating the process
63 // CHECK-cCRASH: calloc:
64 // CHECK-cCRASH: AddressSanitizer's allocator is terminating the process
65 // CHECK-coCRASH: calloc-overflow:
66 // CHECK-coCRASH: AddressSanitizer's allocator is terminating the process
67 // CHECK-rCRASH: realloc:
68 // CHECK-rCRASH: AddressSanitizer's allocator is terminating the process
69 // CHECK-mrCRASH: realloc-after-malloc:
70 // CHECK-mrCRASH: AddressSanitizer's allocator is terminating the process
72 // CHECK-mNULL: malloc:
74 // CHECK-cNULL: calloc:
76 // CHECK-coNULL: calloc-overflow:
78 // CHECK-rNULL: realloc:
80 // CHECK-mrNULL: realloc-after-malloc: