t_tsan_heap_use_after_free.sh revision 1.7
1 # Copyright (c) 2018 The NetBSD Foundation, Inc. 2 # All rights reserved. 3 # 4 # This code is derived from software contributed to The NetBSD Foundation 5 # by Yang Zheng. 6 # 7 # Redistribution and use in source and binary forms, with or without 8 # modification, are permitted provided that the following conditions 9 # are met: 10 # 1. Redistributions of source code must retain the above copyright 11 # notice, this list of conditions and the following disclaimer. 12 # 2. Redistributions in binary form must reproduce the above copyright 13 # notice, this list of conditions and the following disclaimer in the 14 # documentation and/or other materials provided with the distribution. 15 # 16 # THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS 17 # ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED 18 # TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR 19 # PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS 20 # BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 21 # CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 22 # SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 23 # INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 24 # CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 25 # ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 26 # POSSIBILITY OF SUCH DAMAGE. 27 # 28 29 tsan_available_archs() 30 { 31 atf_set "require.arch" "x86_64" 32 } 33 34 atf_test_case heap_use_after_free 35 heap_use_after_free_head() { 36 atf_set "descr" "Test thread sanitizer for use-after-free condition" 37 atf_set "require.progs" "cc paxctl" 38 tsan_available_archs 39 } 40 41 atf_test_case heap_use_after_free_profile 42 heap_use_after_free_profile_head() { 43 atf_set "descr" "Test thread sanitizer for use-after-free with profiling option" 44 atf_set "require.progs" "cc paxctl" 45 tsan_available_archs 46 } 47 atf_test_case heap_use_after_free_pic 48 heap_use_after_free_pic_head() { 49 atf_set "descr" "Test thread sanitizer for use-after-free with position independent code (PIC) flag" 50 atf_set "require.progs" "cc paxctl" 51 tsan_available_archs 52 } 53 atf_test_case heap_use_after_free_pie 54 heap_use_after_free_pie_head() { 55 atf_set "descr" "Test thread sanitizer for use-after-free with position independent execution (PIE) flag" 56 atf_set "require.progs" "cc paxctl" 57 tsan_available_archs 58 } 59 60 heap_use_after_free_body(){ 61 cat > test.c << EOF 62 #include <pthread.h> 63 #include <stdlib.h> 64 65 int *ptr; 66 pthread_barrier_t barrier; 67 void *Thread(void *a) { 68 pthread_barrier_wait(&barrier); 69 *ptr = 42; 70 return 0; 71 } 72 73 int main() { 74 pthread_t t; 75 pthread_barrier_init(&barrier, NULL, 2); 76 ptr = (int *)malloc(sizeof(int)); 77 pthread_create(&t, NULL, Thread, NULL); 78 free(ptr); 79 pthread_barrier_wait(&barrier); 80 pthread_join(t, NULL); 81 return 0; 82 } 83 EOF 84 85 cc -fsanitize=thread -o test test.c 86 paxctl +a test 87 atf_check -s ignore -o ignore -e match:"WARNING: ThreadSanitizer: heap-use-after-free" ./test 88 } 89 90 heap_use_after_free_profile_body(){ 91 atf_expect_fail "PR toolchain/55760" 92 cat > test.c << EOF 93 #include <pthread.h> 94 #include <stdlib.h> 95 96 int *ptr; 97 pthread_barrier_t barrier; 98 void *Thread(void *a) { 99 pthread_barrier_wait(&barrier); 100 *ptr = 42; 101 return 0; 102 } 103 104 int main() { 105 pthread_t t; 106 pthread_barrier_init(&barrier, NULL, 2); 107 ptr = (int *)malloc(sizeof(int)); 108 pthread_create(&t, NULL, Thread, NULL); 109 free(ptr); 110 pthread_barrier_wait(&barrier); 111 pthread_join(t, NULL); 112 return 0; 113 } 114 EOF 115 116 cc -fsanitize=thread -static -o test -pg test.c 117 paxctl +a test 118 atf_check -s ignore -o ignore -e match:"WARNING: ThreadSanitizer: heap-use-after-free" ./test 119 } 120 121 heap_use_after_free_pic_body(){ 122 cat > test.c << EOF 123 #include <stdio.h> 124 #include <stdlib.h> 125 int help(int); 126 int main(int argc, char **argv) {return help(argc);} 127 EOF 128 129 cat > pic.c << EOF 130 #include <pthread.h> 131 #include <stdlib.h> 132 133 int *ptr; 134 pthread_barrier_t barrier; 135 void *Thread(void *a) { 136 pthread_barrier_wait(&barrier); 137 *ptr = 42; 138 return 0; 139 } 140 141 int help(int argc) { 142 pthread_t t; 143 pthread_barrier_init(&barrier, NULL, 2); 144 ptr = (int *)malloc(sizeof(int)); 145 pthread_create(&t, NULL, Thread, NULL); 146 free(ptr); 147 pthread_barrier_wait(&barrier); 148 pthread_join(t, NULL); 149 return 0; 150 } 151 EOF 152 153 cc -fsanitize=thread -fPIC -shared -o libtest.so pic.c 154 cc -o test test.c -fsanitize=thread -L. -ltest 155 paxctl +a test 156 157 export LD_LIBRARY_PATH=. 158 atf_check -s ignore -o ignore -e match:"WARNING: ThreadSanitizer: heap-use-after-free" ./test 159 } 160 heap_use_after_free_pie_body(){ 161 162 #check whether -pie flag is supported on this architecture 163 if ! cc -pie -dM -E - < /dev/null 2>/dev/null >/dev/null; then 164 atf_set_skip "cc -pie not supported on this architecture" 165 fi 166 cat > test.c << EOF 167 #include <pthread.h> 168 #include <stdlib.h> 169 170 int *ptr; 171 pthread_barrier_t barrier; 172 void *Thread(void *a) { 173 pthread_barrier_wait(&barrier); 174 *ptr = 42; 175 return 0; 176 } 177 178 int main() { 179 pthread_t t; 180 pthread_barrier_init(&barrier, NULL, 2); 181 ptr = (int *)malloc(sizeof(int)); 182 pthread_create(&t, NULL, Thread, NULL); 183 free(ptr); 184 pthread_barrier_wait(&barrier); 185 pthread_join(t, NULL); 186 return 0; 187 } 188 EOF 189 190 cc -fsanitize=thread -o test -fpie -pie test.c 191 paxctl +a test 192 atf_check -s ignore -o ignore -e match:"WARNING: ThreadSanitizer: heap-use-after-free" ./test 193 } 194 195 atf_init_test_cases() 196 { 197 atf_add_test_case heap_use_after_free 198 atf_add_test_case heap_use_after_free_profile 199 atf_add_test_case heap_use_after_free_pie 200 atf_add_test_case heap_use_after_free_pic 201 } 202
Indexes created Thu Oct 23 22:10:10 GMT 2025