File: scribble.cpp

package info (click to toggle)
llvm-toolchain-19 1%3A19.1.7-3
  • links: PTS, VCS
  • area: main
  • in suites: trixie
  • size: 1,998,520 kB
  • sloc: cpp: 6,951,680; ansic: 1,486,157; asm: 913,598; python: 232,024; f90: 80,126; objc: 75,281; lisp: 37,276; pascal: 16,990; sh: 10,009; ml: 5,058; perl: 4,724; awk: 3,523; makefile: 3,167; javascript: 2,504; xml: 892; fortran: 664; cs: 573
file content (65 lines) | stat: -rw-r--r-- 2,107 bytes parent folder | download | duplicates (26) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
 
// RUN: %clang_asan -O2 %s -o %t
// RUN: %run %t 2>&1 | FileCheck --check-prefix=CHECK-NOSCRIBBLE %s
// RUN: %env MallocScribble=1 MallocPreScribble=1 %run %t 2>&1 | FileCheck --check-prefix=CHECK-SCRIBBLE %s
// RUN: %env_asan_opts=max_free_fill_size=4096 %run %t 2>&1 | FileCheck --check-prefix=CHECK-SCRIBBLE %s

#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

struct Isa {
  const char *class_name;
};

struct MyClass {
  // User memory and `ChunkHeader` overlap. In particular the `free_context_id`
  // is stored at the beginning of user memory when it is freed. That part of
  // user memory is not scribbled and is changed when the memory is freed. This
  // test relies on `isa` being scribbled or unmodified after memory is freed.
  // In order for this to work the start of `isa` must come after whatever is in
  // `ChunkHeader` (currently the 64-bit `free_context_id`). The padding here is
  // to ensure this is the case.
  uint64_t padding;
  Isa *isa;
  long data;

  void print_my_class_name();
};

__attribute__((no_sanitize("address")))
void MyClass::print_my_class_name() {
  fprintf(stderr, "this = %p\n", this);
  fprintf(stderr, "padding = 0x%lx\n", this->padding);
  fprintf(stderr, "isa = %p\n", this->isa);

  if ((uint32_t)(uintptr_t)this->isa != 0x55555555) {
    fprintf(stderr, "class name: %s\n", this->isa->class_name);
  }
}

int main() {
  Isa *my_class_isa = (Isa *)malloc(sizeof(Isa));
  memset(my_class_isa, 0x77, sizeof(Isa));
  my_class_isa->class_name = "MyClass";

  MyClass *my_object = (MyClass *)malloc(sizeof(MyClass));
  memset(my_object, 0x88, sizeof(MyClass));
  my_object->isa = my_class_isa;
  my_object->data = 42;

  my_object->print_my_class_name();
  // CHECK-SCRIBBLE: class name: MyClass
  // CHECK-NOSCRIBBLE: class name: MyClass

  free(my_object);

  my_object->print_my_class_name();
  // CHECK-NOSCRIBBLE: class name: MyClass
  // CHECK-SCRIBBLE: isa = {{(0x)?}}{{5555555555555555|55555555}}

  fprintf(stderr, "okthxbai!\n");
  // CHECK-SCRIBBLE: okthxbai!
  // CHECK-NOSCRIBBLE: okthxbai!
  free(my_class_isa);
}