t_asan_double_free.sh revision 1.2
1# $NetBSD: t_asan_double_free.sh,v 1.2 2018/07/16 07:27:26 kamil Exp $ 2# 3# Copyright (c) 2018 The NetBSD Foundation, Inc. 4# All rights reserved. 5# 6# This code is derived from software contributed to The NetBSD Foundation 7# by Siddharth Muralee. 8# 9# Redistribution and use in source and binary forms, with or without 10# modification, are permitted provided that the following conditions 11# are met: 12# 1. Redistributions of source code must retain the above copyright 13# notice, this list of conditions and the following disclaimer. 14# 2. Redistributions in binary form must reproduce the above copyright 15# notice, this list of conditions and the following disclaimer in the 16# documentation and/or other materials provided with the distribution. 17# 18# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 19# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 20# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 21# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 22# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 23# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 24# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 25# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 26# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 27# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 28# POSSIBILITY OF SUCH DAMAGE. 29# 30 31SUPPORT='n' 32test_target() { 33 if uname -m | grep -q "amd64"; then 34 SUPPORT='y' 35 fi 36 37 if uname -m | grep -q "i386"; then 38 SUPPORT='y' 39 fi 40} 41 42atf_test_case double_free 43double_free_head() { 44 atf_set "descr" "compile and run \"Double Free example\"" 45 atf_set "require.progs" "c++ paxctl" 46} 47 48atf_test_case double_free_profile 49double_free_profile_head() { 50 atf_set "descr" "compile and run \"Double Free example\" with profiling option" 51 atf_set "require.progs" "c++ paxctl" 52} 53 54atf_test_case double_free_pic 55double_free_pic_head() { 56 atf_set "descr" "compile and run PIC \"Double Free example\"" 57 atf_set "require.progs" "c++ paxctl" 58} 59 60atf_test_case double_free_pie 61double_free_pie_head() { 62 atf_set "descr" "compile and run position independent (PIE) \"Double Free example\"" 63 atf_set "require.progs" "c++ paxctl" 64} 65 66atf_test_case double_free32 67double_free32_head() { 68 atf_set "descr" "compile and run \"Double Free example\" for/in netbsd32 emulation" 69 atf_set "require.progs" "c++ paxctl file diff cat" 70} 71 72atf_test_case target_not_supported 73target_not_supported_head() 74{ 75 atf_set "descr" "Test forced skip" 76} 77 78double_free_body() { 79 cat > test.cpp << EOF 80#include <stdlib.h> 81#include <string.h> 82#include <stdio.h> 83void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); } 84int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); } 85EOF 86 c++ -fsanitize=address -o test test.cpp 87 paxctl +a test 88 atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test 89} 90 91double_free_profile_body() { 92 cat > test.cpp << EOF 93#include <stdlib.h> 94#include <string.h> 95#include <stdio.h> 96void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); } 97int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); } 98EOF 99 c++ -fsanitize=address -o test -pg test.cpp 100 paxctl +a test 101 atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test 102} 103 104double_free_pic_body() { 105 cat > test.cpp << EOF 106#include <stdlib.h> 107#include <stdio.h> 108#include <stdio.h> 109int foo(int); 110int main(int argc, char **argv) {foo(argc - 1); printf("CHECK\n"); exit(0);} 111EOF 112 cat > pic.cpp << EOF 113#include <stdlib.h> 114#include <string.h> 115#include <stdio.h> 116int foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); } 117EOF 118 c++ -fsanitize=address -fPIC -shared -o libtest.so pic.cpp 119 c++ -o test test.cpp -fsanitize=address -L. -ltest 120 paxctl +a test 121 122 export LD_LIBRARY_PATH=. 123 atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test 124} 125 126double_free_pie_body() { 127 # check whether this arch supports -pice 128 if ! c++ -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 129 atf_set_skip "c++ -pie not supported on this architecture" 130 fi 131 cat > test.cpp << EOF 132#include <stdlib.h> 133#include <string.h> 134#include <stdio.h> 135void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); } 136int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); } 137EOF 138 c++ -fsanitize=address -o test -fpie -pie test.cpp 139 paxctl +a test 140 atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test 141} 142 143double_free32_body() { 144 # check whether this arch is 64bit 145 if ! c++ -dM -E - < /dev/null | fgrep -q _LP64; then 146 atf_skip "this is not a 64 bit architecture" 147 fi 148 if ! c++ -m32 -dM -E - < /dev/null 2>/dev/null > ./def32; then 149 atf_skip "c++ -m32 not supported on this architecture" 150 else 151 if fgrep -q _LP64 ./def32; then 152 atf_fail "c++ -m32 does not generate netbsd32 binaries" 153 fi 154fi 155 156 cat > test.cpp << EOF 157#include <stdlib.h> 158#include <string.h> 159#include <stdio.h> 160void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); } 161int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); } 162EOF 163 c++ -fsanitize=address -o df32 -m32 test.cpp 164 c++ -fsanitize=address -o df64 test.cpp 165 file -b ./df32 > ./ftype32 166 file -b ./df64 > ./ftype64 167 if diff ./ftype32 ./ftype64 >/dev/null; then 168 atf_fail "generated binaries do not differ" 169 fi 170 echo "32bit binaries on this platform are:" 171 cat ./ftype32 172 echo "While native (64bit) binaries are:" 173 cat ./ftype64 174 paxctl +a df32 175 atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./df32 176 177# do another test with static 32bit binaries 178# and another test with profile 32bit binaries 179 cat > test.cpp << EOF 180#include <stdlib.h> 181#include <string.h> 182#include <stdio.h> 183void foo(int index) { char *x = (char*)malloc(10 * sizeof(char)); memset(x, 0, 10); free(x); free(x - index); } 184int main(int argc, char **argv) { foo(argc - 1); printf("CHECK\n"); exit(0); } 185EOF 186 c++ -fsanitize=address -o test -pg -m32 test.cpp 187 paxctl +a test 188 atf_check -s not-exit:0 -o not-match:"CHECK\n" -e match:"double-free" ./test 189} 190 191target_not_supported_body() 192{ 193 atf_skip "Target is not supported" 194} 195 196atf_init_test_cases() 197{ 198 test_target 199 test $SUPPORT = 'n' && { 200 atf_add_test_case target_not_supported 201 return 0 202 } 203 204 atf_add_test_case double_free 205# atf_add_test_case double_free_profile 206 atf_add_test_case double_free_pic 207 atf_add_test_case double_free_pie 208# atf_add_test_case double_free32 209 # static option not supported 210 # -static and -fsanitize=address can't be used together for compilation 211 # (gcc version 5.4.0 and clang 7.1) tested on April 2nd 2018. 212} 213