40 lines
1.0 KiB
C
40 lines
1.0 KiB
C
// RUN: %clang_scudo %s -o %t
|
|
// RUN: not %run %t malloc 2>&1 | FileCheck %s
|
|
// RUN: %env_scudo_opts=QuarantineSizeKb=64 not %run %t quarantine 2>&1 | FileCheck %s
|
|
|
|
// Tests that header corruption of an allocated or quarantined chunk is caught.
|
|
|
|
#include <assert.h>
|
|
#include <stdlib.h>
|
|
#include <string.h>
|
|
|
|
int main(int argc, char **argv)
|
|
{
|
|
ssize_t offset = sizeof(void *) == 8 ? 8 : 0;
|
|
|
|
assert(argc == 2);
|
|
|
|
if (!strcmp(argv[1], "malloc")) {
|
|
// Simulate a header corruption of an allocated chunk (1-bit)
|
|
void *p = malloc(1U << 4);
|
|
assert(p);
|
|
((char *)p)[-(offset + 1)] ^= 1;
|
|
free(p);
|
|
}
|
|
if (!strcmp(argv[1], "quarantine")) {
|
|
void *p = malloc(1U << 4);
|
|
assert(p);
|
|
free(p);
|
|
// Simulate a header corruption of a quarantined chunk
|
|
((char *)p)[-(offset + 2)] ^= 1;
|
|
// Trigger the quarantine recycle
|
|
for (int i = 0; i < 0x100; i++) {
|
|
p = malloc(1U << 8);
|
|
free(p);
|
|
}
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
// CHECK: ERROR: corrupted chunk header at address
|