From efbdbc89e6324468f944e8338001bd719d4295c5 Mon Sep 17 00:00:00 2001
From: Timur Iskhodzhanov <timurrrr@google.com>
Date: Thu, 15 May 2014 15:13:06 +0000
Subject: [PATCH] [ASan/Win tests] Add more DLL tests

git-svn-id: https://llvm.org/svn/llvm-project/compiler-rt/trunk@208893 91177308-0d34-0410-b5e6-96231b3b80d8
---
 test/asan/TestCases/Windows/dll_malloc_left_oob.cc | 10 +++----
 test/asan/TestCases/Windows/dll_malloc_uaf.cc      | 16 +++++-----
 test/asan/TestCases/Windows/dll_noreturn.cc        | 28 +++++++++++++++++
 test/asan/TestCases/Windows/dll_poison_unpoison.cc | 35 ++++++++++++++++++++++
 .../Windows/dll_stack_use_after_return.cc          | 28 +++++++++++++++++
 .../Windows/dll_thread_stack_array_left_oob.cc     | 35 ++++++++++++++++++++++
 6 files changed, 139 insertions(+), 13 deletions(-)
 create mode 100644 test/asan/TestCases/Windows/dll_noreturn.cc
 create mode 100644 test/asan/TestCases/Windows/dll_poison_unpoison.cc
 create mode 100644 test/asan/TestCases/Windows/dll_stack_use_after_return.cc
 create mode 100644 test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc

diff --git a/test/asan/TestCases/Windows/dll_malloc_left_oob.cc b/test/asan/TestCases/Windows/dll_malloc_left_oob.cc
index 75c90c100..b7380484f 100644
--- a/test/asan/TestCases/Windows/dll_malloc_left_oob.cc
+++ b/test/asan/TestCases/Windows/dll_malloc_left_oob.cc
@@ -10,13 +10,13 @@ int test_function() {
   buffer[-1] = 42;
 // CHECK: AddressSanitizer: heap-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
 // CHECK: WRITE of size 1 at [[ADDR]] thread T0
-// CHECK:   test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-3]]
-// CHECK:   main {{.*}}dll_host.cc
+// CHECK:      test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-3]]
+// CHECK-NEXT: main {{.*}}dll_host.cc
 // CHECK: [[ADDR]] is located 1 bytes to the left of 42-byte region
 // CHECK-LABEL: allocated by thread T0 here:
-// CHECK:   malloc
-// CHECK:   test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-9]]
-// CHECK:   main {{.*}}dll_host.cc
+// CHECK:        malloc
+// CHECK:        test_function {{.*}}dll_malloc_left_oob.cc:[[@LINE-9]]
+// CHECK-NEXT:   main {{.*}}dll_host.cc
 // CHECK-LABEL: SUMMARY
   free(buffer);
   return 0;
diff --git a/test/asan/TestCases/Windows/dll_malloc_uaf.cc b/test/asan/TestCases/Windows/dll_malloc_uaf.cc
index e65cf81af..8cf6a4753 100644
--- a/test/asan/TestCases/Windows/dll_malloc_uaf.cc
+++ b/test/asan/TestCases/Windows/dll_malloc_uaf.cc
@@ -12,16 +12,16 @@ int test_function() {
   buffer[0] = 42;
 // CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]]
 // CHECK: WRITE of size 1 at [[ADDR]] thread T0
-// CHECK:   test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-3]]
-// CHECK:   main {{.*}}dll_host
+// CHECK:       test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-3]]
+// CHECK-NEXT:  main {{.*}}dll_host
 // CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region
 // CHECK-LABEL: freed by thread T0 here:
-// CHECK:   free
-// CHECK:   test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-9]]
-// CHECK:   main {{.*}}dll_host
+// CHECK:       free
+// CHECK:       test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-9]]
+// CHECK-NEXT:  main {{.*}}dll_host
 // CHECK-LABEL: previously allocated by thread T0 here:
-// CHECK:   malloc
-// CHECK:   test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-14]]
-// CHECK:   main {{.*}}dll_host
+// CHECK:       malloc
+// CHECK:       test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-14]]
+// CHECK-NEXT:  main {{.*}}dll_host
   return 0;
 }
diff --git a/test/asan/TestCases/Windows/dll_noreturn.cc b/test/asan/TestCases/Windows/dll_noreturn.cc
new file mode 100644
index 000000000..f3f5e3228
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_noreturn.cc
@@ -0,0 +1,28 @@
+// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t %t.dll 2>&1 | cat | FileCheck %s
+
+#include <process.h>
+
+void noreturn_f() {
+  int subscript = -1;
+  char buffer[42];
+  buffer[subscript] = 42;
+  _exit(1);
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK:       noreturn_f {{.*}}dll_noreturn.cc:[[@LINE-4]]
+// CHECK-NEXT:  test_function {{.*}}dll_noreturn.cc
+// CHECK-NEXT:  main {{.*}}dll_host.cc
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT:  noreturn_f {{.*}}dll_noreturn.cc
+// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] underflows this variable
+// CHECK-LABEL: SUMMARY
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+  noreturn_f();
+  return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_poison_unpoison.cc b/test/asan/TestCases/Windows/dll_poison_unpoison.cc
new file mode 100644
index 000000000..ff3f5a309
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_poison_unpoison.cc
@@ -0,0 +1,35 @@
+// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t %t.dll 2>&1 | cat | FileCheck %s
+
+#include <sanitizer/asan_interface.h>
+
+void should_not_crash(volatile char *c) {
+  *c = 42;
+}
+
+void should_crash(volatile char *c) {
+  *c = 42;
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+  char buffer[256];
+  should_not_crash(&buffer[0]);
+  __asan_poison_memory_region(buffer, 128);
+  should_not_crash(&buffer[192]);
+  __asan_unpoison_memory_region(buffer, 64);
+  should_not_crash(&buffer[32]);
+
+  should_crash(&buffer[96]);
+// CHECK: AddressSanitizer: use-after-poison on address [[ADDR:0x[0-9a-f]+]]
+// CHECK-NEXT: WRITE of size 1 at [[ADDR]] thread T0
+// CHECK:      should_crash {{.*}}\dll_poison_unpoison.cc
+// CHECK-NEXT: test_function {{.*}}\dll_poison_unpoison.cc:[[@LINE-4]]
+// CHECK-NEXT: main
+// CHECK: [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: test_function {{.*}}\dll_poison_unpoison.cc
+// CHECK: 'buffer' <== Memory access at offset [[OFFSET]] is inside this variable
+  return 0;
+}
diff --git a/test/asan/TestCases/Windows/dll_stack_use_after_return.cc b/test/asan/TestCases/Windows/dll_stack_use_after_return.cc
new file mode 100644
index 000000000..9583bc2fe
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_stack_use_after_return.cc
@@ -0,0 +1,28 @@
+// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: ASAN_OPTIONS=detect_stack_use_after_return=1 not %run %t %t.dll 2>&1 | cat | FileCheck %s
+
+#include <malloc.h>
+
+char *x;
+
+void foo() {
+  char stack_buffer[42];
+  x = &stack_buffer[13];
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+  foo();
+  *x = 42;
+// CHECK: AddressSanitizer: stack-use-after-return
+// CHECK: WRITE of size 1 at [[ADDR:.*]] thread T0
+// CHECK:       test_function {{.*}}dll_stack_use_after_return.cc:[[@LINE-3]]
+// CHECK-NEXT:  main
+// CHECK: Address [[ADDR]] is located in stack of thread T0 at offset [[OFFSET:.*]] in frame
+// CHECK-NEXT: #0 {{.*}} foo {{.*}}dll_stack_use_after_return.cc
+// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] is inside this variable
+  return 0;
+}
+
diff --git a/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc b/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc
new file mode 100644
index 000000000..eb36df7e3
--- /dev/null
+++ b/test/asan/TestCases/Windows/dll_thread_stack_array_left_oob.cc
@@ -0,0 +1,35 @@
+// RUN: %clangxx_asan -O0 %p/dll_host.cc -Fe%t
+// RUN: %clangxx_asan -LD -O0 %s -Fe%t.dll
+// FIXME: 'cat' is needed due to PR19744.
+// RUN: not %run %t %t.dll 2>&1 | cat | FileCheck %s
+
+#include <windows.h>
+#include <malloc.h>
+
+DWORD WINAPI thread_proc(void *context) {
+  int subscript = -1;
+  char stack_buffer[42];
+  stack_buffer[subscript] = 42;
+// CHECK: AddressSanitizer: stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]]
+// CHECK: WRITE of size 1 at [[ADDR]] thread T1
+// CHECK:   thread_proc {{.*}}dll_thread_stack_array_left_oob.cc:[[@LINE-3]]
+// CHECK: Address [[ADDR]] is located in stack of thread T1 at offset [[OFFSET:.*]] in frame
+// CHECK:   thread_proc {{.*}}dll_thread_stack_array_left_oob.cc
+// CHECK: 'stack_buffer' <== Memory access at offset [[OFFSET]] underflows this variable
+
+  return 0;
+}
+
+extern "C" __declspec(dllexport)
+int test_function() {
+  HANDLE thr = CreateThread(NULL, 0, thread_proc, NULL, 0, NULL);
+// CHECK-LABEL: Thread T1 created by T0 here:
+// CHECK:         test_function {{.*}}dll_thread_stack_array_left_oob.cc:[[@LINE-2]]
+// CHECK-NEXT:    main {{.*}}dll_host.cc
+// CHECK-LABEL: SUMMARY
+  if (thr == 0)
+    return 1;
+  if (WAIT_OBJECT_0 != WaitForSingleObject(thr, INFINITE))
+    return 2;
+  return 0;
+}
-- 
2.11.4.GIT