1// RUN: %clangxx_asan -O2 %s -o %t
2// RUN: %env_asan_opts=fast_unwind_on_fatal=1 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-FAST
3// RUN: %env_asan_opts=fast_unwind_on_fatal=0 not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-SLOW
4
5// Test how well we unwind in presence of qsort in the stack
6// (i.e. if we can unwind through a function compiled w/o frame pointers).
7// https://code.google.com/p/address-sanitizer/issues/detail?id=137
8
9// Fast unwinder is only available on x86_64 and i386.
10// REQUIRES: x86-target-arch
11
12#include <stdlib.h>
13#include <stdio.h>
14
15int global_array[10];
16volatile int one = 1;
17
18extern "C" {
19int QsortCallback(const void *a, const void *b) {
20 char *x = (char*)a;
21 char *y = (char*)b;
22 printf(format: "Calling QsortCallback\n");
23 global_array[one * 10] = 0; // BOOM
24 return (int)*x - (int)*y;
25}
26
27__attribute__((noinline))
28void MyQsort(char *a, size_t size) {
29 printf(format: "Calling qsort\n");
30 qsort(base: a, nmemb: size, size: sizeof(char), compar: QsortCallback);
31 printf(format: "Done\n"); // Avoid tail call.
32}
33} // extern "C"
34
35int main() {
36 char a[2] = {1, 2};
37 MyQsort(a, size: 2);
38}
39
40// Fast unwind may not unwind through qsort.
41// CHECK-FAST: ERROR: AddressSanitizer: global-buffer-overflow
42// CHECK-FAST: #0{{.*}} in QsortCallback
43// CHECK-FAST: is located 0 bytes after global variable 'global_array
44
45// CHECK-SLOW: ERROR: AddressSanitizer: global-buffer-overflow
46// CHECK-SLOW: #0{{.*}} in QsortCallback
47// CHECK-SLOW: #{{.*}} in MyQsort
48// CHECK-SLOW: #{{.*}} in main
49// CHECK-SLOW: is located 0 bytes after global variable 'global_array
50

source code of compiler-rt/test/asan/TestCases/Linux/overflow-in-qsort.cpp