File: strndup.cc

package info (click to toggle)
llvm-toolchain-7 1%3A7.0.1-8
  • links: PTS, VCS
  • area: main
  • in suites: buster
  • size: 733,456 kB
  • sloc: cpp: 3,776,651; ansic: 633,271; asm: 350,301; python: 142,716; objc: 107,612; sh: 22,626; lisp: 11,056; perl: 7,999; pascal: 6,742; ml: 5,537; awk: 3,536; makefile: 2,557; cs: 2,027; xml: 841; ruby: 156
file content (28 lines) | stat: -rw-r--r-- 1,022 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
// RUN: %clangxx_msan %s -o %t && not %run %t 2>&1 | FileCheck --check-prefix=ON %s
// RUN: %clangxx_msan %s -o %t && MSAN_OPTIONS=intercept_strndup=0 %run %t 2>&1 | FileCheck --check-prefix=OFF --allow-empty %s

// When built as C on Linux, strndup is transformed to __strndup.
// RUN: %clangxx_msan -O3 -xc %s -o %t && not %run %t 2>&1 | FileCheck --check-prefix=ON %s

// UNSUPPORTED: win32

#include <assert.h>
#include <stdlib.h>
#include <string.h>
#include <sanitizer/msan_interface.h>

int main(int argc, char **argv) {
  char kString[4] = "abc";
  __msan_poison(kString + 2, 1);
  char *copy = strndup(kString, 4); // BOOM
  assert(__msan_test_shadow(copy, 4) == 2); // Poisoning is preserved.
  free(copy);
  return 0;
  // ON: Uninitialized bytes in __interceptor_{{(__)?}}strndup at offset 2 inside [{{.*}}, 4)
  // ON: MemorySanitizer: use-of-uninitialized-value
  // ON: #0 {{.*}}main {{.*}}strndup.cc:[[@LINE-6]]
  // ON-LABEL: SUMMARY
  // ON: {{.*}}strndup.cc:[[@LINE-8]]
  // OFF-NOT: MemorySanitizer
}