[PATCH] Introduce tests for -fsanitize=use-after-scope

Martin Liška Fri, 06 May 2016 04:08:51 -0700

Hi.

This is a new test coverage for the new sanitizer option.


Martin

>From 753bfb3edb12c9f3fd13f320e308556f63330c97 Mon Sep 17 00:00:00 2001
From: marxin <mli...@suse.cz>
Date: Wed, 4 May 2016 12:57:05 +0200
Subject: [PATCH 2/2] Introduce tests for -fsanitize=use-after-scope

gcc/testsuite/ChangeLog:

2016-05-04  Martin Liska  <mli...@suse.cz>
	* gcc.dg/asan/use-after-scope-1.c: New test.
	* gcc.dg/asan/use-after-scope-2.c: New test.
	* gcc.dg/asan/use-after-scope-3.c: New test.
	* gcc.dg/asan/use-after-scope-4.c: New test.
	* gcc.dg/asan/use-after-scope-goto-1.c: New test.
---
 gcc/testsuite/gcc.dg/asan/use-after-scope-1.c      | 19 +++++++++
 gcc/testsuite/gcc.dg/asan/use-after-scope-2.c      | 48 ++++++++++++++++++++++
 gcc/testsuite/gcc.dg/asan/use-after-scope-3.c      | 21 ++++++++++
 gcc/testsuite/gcc.dg/asan/use-after-scope-4.c      | 17 ++++++++
 gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c | 22 ++++++++++
 5 files changed, 127 insertions(+)
 create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
 create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
 create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
 create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
 create mode 100644 gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c

diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
new file mode 100644
index 0000000..b4a4f52
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-1.c
@@ -0,0 +1,19 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope -fstack-reuse=none" }
+// { dg-shouldfail "asan" }
+
+int
+main (void)
+{
+  char *ptr;
+  {
+    char my_char[9];
+    ptr = &my_char[0];
+  }
+
+  *(ptr+9) = 'c';
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "WRITE of size 1 at.*" }
+// { dg-output ".*'my_char' <== Memory access at offset \[0-9\]* overflows this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
new file mode 100644
index 0000000..3f99fb7
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-2.c
@@ -0,0 +1,48 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope -fstack-reuse=none" }
+// { dg-shouldfail "asan" }
+
+int *bar (int *x, int *y) { return y; }
+
+int foo (void)
+{
+  char *p;
+  {
+    char a = 0;
+    p = &a;
+  }
+
+  if (*p)
+    return 1;
+  else
+    return 0;
+}
+
+int
+main (void)
+{
+  char *ptr;
+  {
+    char my_char[9];
+    ptr = &my_char[0];
+  }
+
+  int a[16];
+  int *p, *q = a;
+  {
+    int b[16];
+    p = bar (a, b);
+  }
+  bar (a, q);
+  {
+    int c[16];
+    q = bar (a, c);
+  }
+  int v = *bar (a, q);
+  return v;
+}
+
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "READ of size 4 at.*" }
+// { dg-output ".*'c' <== Memory access at offset \[0-9\]* is inside this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
new file mode 100644
index 0000000..abaaaad
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-3.c
@@ -0,0 +1,21 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope -fstack-reuse=none" }
+// { dg-shouldfail "asan" }
+
+int
+main (void)
+{
+  char *ptr;
+  char *ptr2;
+  {
+    char my_char[9];
+    ptr = &my_char[0];
+    __builtin_memcpy (&ptr2, &ptr, sizeof (ptr2));
+  }
+
+  *(ptr2+9) = 'c';
+}
+
+// { dg-output "ERROR: AddressSanitizer: stack-use-after-scope on address.*(\n|\r\n|\r)" }
+// { dg-output "WRITE of size 1 at.*" }
+// { dg-output ".*'my_char' <== Memory access at offset \[0-9\]* overflows this variable.*" }
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
new file mode 100644
index 0000000..7254c9c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-4.c
@@ -0,0 +1,17 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope -fstack-reuse=none" }
+
+int
+__attribute__((no_sanitize_address))
+main (void)
+{
+  char *ptr;
+  char *ptr2;
+  {
+    char my_char[9];
+    ptr = &my_char[0];
+    __builtin_memcpy (&ptr2, &ptr, sizeof (ptr2));
+  }
+
+  *(ptr2+9) = 'c';
+}
diff --git a/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c
new file mode 100644
index 0000000..7bb8ba4
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/asan/use-after-scope-goto-1.c
@@ -0,0 +1,22 @@
+// { dg-do run }
+// { dg-additional-options "-fsanitize=use-after-scope -fstack-reuse=none" }
+
+int main(int argc, char **argv)
+{
+  int a = 123;
+
+  if (argc == 0)
+  {
+    int *ptr;
+    label:
+      {
+	ptr = &a;
+        *ptr = 1;
+	return 0;
+      }
+  }
+  else
+    goto label;
+
+  return 0;
+}
-- 
2.8.1

[PATCH] Introduce tests for -fsanitize=use-after-scope

Reply via email to