File: strndup.cc

package info (click to toggle)
llvm-toolchain-6.0 1%3A6.0.1-10
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 598,080 kB
  • sloc: cpp: 3,046,253; ansic: 595,057; asm: 271,965; python: 128,926; objc: 106,554; sh: 21,906; lisp: 10,191; pascal: 6,094; ml: 5,544; perl: 5,265; makefile: 2,227; cs: 2,027; xml: 686; php: 212; csh: 117
file content (28 lines) | stat: -rw-r--r-- 1,022 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
// RUN: %clangxx_msan %s -o %t && not %run %t 2>&1 | FileCheck --check-prefix=ON %s
// RUN: %clangxx_msan %s -o %t && MSAN_OPTIONS=intercept_strndup=0 %run %t 2>&1 | FileCheck --check-prefix=OFF --allow-empty %s

// When built as C on Linux, strndup is transformed to __strndup.
// RUN: %clangxx_msan -O3 -xc %s -o %t && not %run %t 2>&1 | FileCheck --check-prefix=ON %s

// UNSUPPORTED: win32

#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <sanitizer/msan_interface.h>

int main(int argc, char **argv) {
  char kString[4] = "abc";
  __msan_poison(kString + 2, 1);
  char *copy = strndup(kString, 4); // BOOM
  assert(__msan_test_shadow(copy, 4) == 2); // Poisoning is preserved.
  free(copy);
  return 0;
  // ON: Uninitialized bytes in __interceptor_{{(__)?}}strndup at offset 2 inside [{{.*}}, 4)
  // ON: MemorySanitizer: use-of-uninitialized-value
  // ON: #0 {{.*}}main {{.*}}strndup.cc:[[@LINE-6]]
  // ON-LABEL: SUMMARY
  // ON: {{.*}}strndup.cc:[[@LINE-8]]
  // OFF-NOT: MemorySanitizer
}