1// RUN: %clang_scudo %s -o %t
2// RUN: not %run %t malloc 2>&1 | FileCheck %s
3// RUN: %env_scudo_opts=QuarantineSizeKb=64 not %run %t quarantine 2>&1 | FileCheck %s
4
5// Tests that header corruption of an allocated or quarantined chunk is caught.
6
7#include <assert.h>
8#include <stdlib.h>
9#include <string.h>
10
11int main(int argc, char **argv) {
12 ssize_t offset = sizeof(void *) == 8 ? 8 : 0;
13
14 assert(argc == 2);
15
16 if (!strcmp(s1: argv[1], s2: "malloc")) {
17 // Simulate a header corruption of an allocated chunk (1-bit)
18 void *p = malloc(size: 1U << 4);
19 assert(p);
20 ((char *)p)[-(offset + 1)] ^= 1;
21 free(ptr: p);
22 }
23 if (!strcmp(s1: argv[1], s2: "quarantine")) {
24 void *p = malloc(size: 1U << 4);
25 assert(p);
26 free(ptr: p);
27 // Simulate a header corruption of a quarantined chunk
28 ((char *)p)[-(offset + 2)] ^= 1;
29 // Trigger the quarantine recycle
30 for (int i = 0; i < 0x100; i++) {
31 p = malloc(size: 1U << 8);
32 free(ptr: p);
33 }
34 }
35 return 0;
36}
37
38// CHECK: ERROR: corrupted chunk header at address
39

source code of compiler-rt/test/scudo/overflow.c