1//===-- msan_test.cc ------------------------------------------------------===// 2// 3// The LLVM Compiler Infrastructure 4// 5// This file is distributed under the University of Illinois Open Source 6// License. See LICENSE.TXT for details. 7// 8//===----------------------------------------------------------------------===// 9// 10// This file is a part of MemorySanitizer. 11// 12// MemorySanitizer unit tests. 13//===----------------------------------------------------------------------===// 14 15#ifndef MSAN_EXTERNAL_TEST_CONFIG 16#include "msan_test_config.h" 17#endif // MSAN_EXTERNAL_TEST_CONFIG 18 19#include "sanitizer_common/tests/sanitizer_test_utils.h" 20 21#include "sanitizer/allocator_interface.h" 22#include "sanitizer/msan_interface.h" 23 24#if defined(__FreeBSD__) 25# define _KERNEL // To declare 'shminfo' structure. 26# include <sys/shm.h> 27# undef _KERNEL 28extern "C" { 29// <sys/shm.h> doesn't declare these functions in _KERNEL mode. 30void *shmat(int, const void *, int); 31int shmget(key_t, size_t, int); 32int shmctl(int, int, struct shmid_ds *); 33int shmdt(const void *); 34} 35#endif 36 37#include <inttypes.h> 38#include <stdlib.h> 39#include <stdarg.h> 40#include <stdio.h> 41#include <wchar.h> 42#include <math.h> 43 44#include <arpa/inet.h> 45#include <dlfcn.h> 46#include <grp.h> 47#include <unistd.h> 48#include <link.h> 49#include <limits.h> 50#include <sys/time.h> 51#include <poll.h> 52#include <sys/types.h> 53#include <sys/stat.h> 54#include <fcntl.h> 55#include <sys/resource.h> 56#include <sys/ioctl.h> 57#include <sys/statvfs.h> 58#include <sys/utsname.h> 59#include <sys/mman.h> 60#include <dirent.h> 61#include <pwd.h> 62#include <sys/socket.h> 63#include <netdb.h> 64#include <wordexp.h> 65#include <sys/ipc.h> 66#include <sys/shm.h> 67 68#if defined(__NetBSD__) 69# include <signal.h> 70# include <netinet/in.h> 71# include <sys/uio.h> 72# include <sys/mount.h> 73# include <sys/sysctl.h> 74# include <net/if.h> 75# include <net/if_ether.h> 76#elif defined(__FreeBSD__) 77# include <signal.h> 78# include <netinet/in.h> 79# include <pthread_np.h> 80# include <sys/uio.h> 81# include <sys/mount.h> 82# include <sys/sysctl.h> 83# include <net/ethernet.h> 84# define f_namelen f_namemax // FreeBSD names this statfs field so. 85# define cpu_set_t cpuset_t 86extern "C" { 87// FreeBSD's <ssp/string.h> defines mempcpy() to be a macro expanding into 88// a __builtin___mempcpy_chk() call, but since Msan RTL defines it as an 89// ordinary function, we can declare it here to complete the tests. 90void *mempcpy(void *dest, const void *src, size_t n); 91} 92#else 93# include <malloc.h> 94# include <sys/sysinfo.h> 95# include <sys/vfs.h> 96# include <mntent.h> 97# include <netinet/ether.h> 98# if defined(__linux__) 99# include <sys/uio.h> 100# endif 101#endif 102 103#if defined(__i386__) || defined(__x86_64__) 104# include <emmintrin.h> 105# define MSAN_HAS_M128 1 106#else 107# define MSAN_HAS_M128 0 108#endif 109 110#ifdef __AVX2__ 111# include <immintrin.h> 112#endif 113 114#if defined(__FreeBSD__) || defined(__NetBSD__) 115# define FILE_TO_READ "/bin/cat" 116# define DIR_TO_READ "/bin" 117# define SUBFILE_TO_READ "cat" 118# define SYMLINK_TO_READ "/usr/bin/tar" 119# define SUPERUSER_GROUP "wheel" 120#else 121# define FILE_TO_READ "/proc/self/stat" 122# define DIR_TO_READ "/proc/self" 123# define SUBFILE_TO_READ "stat" 124# define SYMLINK_TO_READ "/proc/self/exe" 125# define SUPERUSER_GROUP "root" 126#endif 127 128static uintptr_t GetPageSize() { 129 return sysconf(_SC_PAGESIZE); 130} 131 132const size_t kMaxPathLength = 4096; 133 134typedef unsigned char U1; 135typedef unsigned short U2; // NOLINT 136typedef unsigned int U4; 137typedef unsigned long long U8; // NOLINT 138typedef signed char S1; 139typedef signed short S2; // NOLINT 140typedef signed int S4; 141typedef signed long long S8; // NOLINT 142#define NOINLINE __attribute__((noinline)) 143#define INLINE __attribute__((always_inline)) 144 145static bool TrackingOrigins() { 146 S8 x; 147 __msan_set_origin(&x, sizeof(x), 0x1234); 148 U4 origin = __msan_get_origin(&x); 149 __msan_set_origin(&x, sizeof(x), 0); 150 return __msan_origin_is_descendant_or_same(origin, 0x1234); 151} 152 153#define EXPECT_ORIGIN(expected, origin) \ 154 EXPECT_TRUE(__msan_origin_is_descendant_or_same((origin), (expected))) 155 156#define EXPECT_UMR(action) \ 157 do { \ 158 __msan_set_expect_umr(1); \ 159 action; \ 160 __msan_set_expect_umr(0); \ 161 } while (0) 162 163#define EXPECT_UMR_O(action, origin) \ 164 do { \ 165 __msan_set_expect_umr(1); \ 166 action; \ 167 __msan_set_expect_umr(0); \ 168 if (TrackingOrigins()) EXPECT_ORIGIN(origin, __msan_get_umr_origin()); \ 169 } while (0) 170 171#define EXPECT_POISONED(x) ExpectPoisoned(x) 172 173template<typename T> 174void ExpectPoisoned(const T& t) { 175 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 176} 177 178#define EXPECT_POISONED_O(x, origin) \ 179 ExpectPoisonedWithOrigin(x, origin) 180 181template<typename T> 182void ExpectPoisonedWithOrigin(const T& t, unsigned origin) { 183 EXPECT_NE(-1, __msan_test_shadow((void*)&t, sizeof(t))); 184 if (TrackingOrigins()) EXPECT_ORIGIN(origin, __msan_get_origin((void *)&t)); 185} 186 187#define EXPECT_NOT_POISONED(x) EXPECT_EQ(true, TestForNotPoisoned((x))) 188#define EXPECT_NOT_POISONED2(data, size) \ 189 EXPECT_EQ(true, TestForNotPoisoned((data), (size))) 190 191bool TestForNotPoisoned(const void *data, size_t size) { 192 return __msan_test_shadow(data, size) == -1; 193} 194 195template<typename T> 196bool TestForNotPoisoned(const T& t) { 197 return TestForNotPoisoned((void *)&t, sizeof(t)); 198} 199 200static U8 poisoned_array[100]; 201template<class T> 202T *GetPoisoned(int i = 0, T val = 0) { 203 T *res = (T*)&poisoned_array[i]; 204 *res = val; 205 __msan_poison(&poisoned_array[i], sizeof(T)); 206 return res; 207} 208 209template<class T> 210T *GetPoisonedO(int i, U4 origin, T val = 0) { 211 T *res = (T*)&poisoned_array[i]; 212 *res = val; 213 __msan_poison(&poisoned_array[i], sizeof(T)); 214 __msan_set_origin(&poisoned_array[i], sizeof(T), origin); 215 return res; 216} 217 218template<typename T> 219T Poisoned(T v = 0, T s = (T)(-1)) { 220 __msan_partial_poison(&v, &s, sizeof(T)); 221 return v; 222} 223 224template<class T> NOINLINE T ReturnPoisoned() { return *GetPoisoned<T>(); } 225 226static volatile int g_one = 1; 227static volatile int g_zero = 0; 228static volatile int g_0 = 0; 229static volatile int g_1 = 1; 230 231S4 a_s4[100]; 232S8 a_s8[100]; 233 234// Check that malloc poisons memory. 235// A lot of tests below depend on this. 236TEST(MemorySanitizerSanity, PoisonInMalloc) { 237 int *x = (int*)malloc(sizeof(int)); 238 EXPECT_POISONED(*x); 239 free(x); 240} 241 242TEST(MemorySanitizer, NegativeTest1) { 243 S4 *x = GetPoisoned<S4>(); 244 if (g_one) 245 *x = 0; 246 EXPECT_NOT_POISONED(*x); 247} 248 249TEST(MemorySanitizer, PositiveTest1) { 250 // Load to store. 251 EXPECT_POISONED(*GetPoisoned<S1>()); 252 EXPECT_POISONED(*GetPoisoned<S2>()); 253 EXPECT_POISONED(*GetPoisoned<S4>()); 254 EXPECT_POISONED(*GetPoisoned<S8>()); 255 256 // S->S conversions. 257 EXPECT_POISONED(*GetPoisoned<S1>()); 258 EXPECT_POISONED(*GetPoisoned<S1>()); 259 EXPECT_POISONED(*GetPoisoned<S1>()); 260 261 EXPECT_POISONED(*GetPoisoned<S2>()); 262 EXPECT_POISONED(*GetPoisoned<S2>()); 263 EXPECT_POISONED(*GetPoisoned<S2>()); 264 265 EXPECT_POISONED(*GetPoisoned<S4>()); 266 EXPECT_POISONED(*GetPoisoned<S4>()); 267 EXPECT_POISONED(*GetPoisoned<S4>()); 268 269 EXPECT_POISONED(*GetPoisoned<S8>()); 270 EXPECT_POISONED(*GetPoisoned<S8>()); 271 EXPECT_POISONED(*GetPoisoned<S8>()); 272 273 // ZExt 274 EXPECT_POISONED(*GetPoisoned<U1>()); 275 EXPECT_POISONED(*GetPoisoned<U1>()); 276 EXPECT_POISONED(*GetPoisoned<U1>()); 277 EXPECT_POISONED(*GetPoisoned<U2>()); 278 EXPECT_POISONED(*GetPoisoned<U2>()); 279 EXPECT_POISONED(*GetPoisoned<U4>()); 280 281 // Unary ops. 282 EXPECT_POISONED(- *GetPoisoned<S4>()); 283 284 EXPECT_UMR(a_s4[g_zero] = 100 / *GetPoisoned<S4>(0, 1)); 285 286 287 a_s4[g_zero] = 1 - *GetPoisoned<S4>(); 288 a_s4[g_zero] = 1 + *GetPoisoned<S4>(); 289} 290 291TEST(MemorySanitizer, Phi1) { 292 S4 c; 293 if (g_one) { 294 c = *GetPoisoned<S4>(); 295 } else { 296 break_optimization(0); 297 c = 0; 298 } 299 EXPECT_POISONED(c); 300} 301 302TEST(MemorySanitizer, Phi2) { 303 S4 i = *GetPoisoned<S4>(); 304 S4 n = g_one; 305 EXPECT_UMR(for (; i < g_one; i++);); 306 EXPECT_POISONED(i); 307} 308 309NOINLINE void Arg1ExpectUMR(S4 a1) { EXPECT_POISONED(a1); } 310NOINLINE void Arg2ExpectUMR(S4 a1, S4 a2) { EXPECT_POISONED(a2); } 311NOINLINE void Arg3ExpectUMR(S1 a1, S4 a2, S8 a3) { EXPECT_POISONED(a3); } 312 313TEST(MemorySanitizer, ArgTest) { 314 Arg1ExpectUMR(*GetPoisoned<S4>()); 315 Arg2ExpectUMR(0, *GetPoisoned<S4>()); 316 Arg3ExpectUMR(0, 1, *GetPoisoned<S8>()); 317} 318 319 320TEST(MemorySanitizer, CallAndRet) { 321 ReturnPoisoned<S1>(); 322 ReturnPoisoned<S2>(); 323 ReturnPoisoned<S4>(); 324 ReturnPoisoned<S8>(); 325 326 EXPECT_POISONED(ReturnPoisoned<S1>()); 327 EXPECT_POISONED(ReturnPoisoned<S2>()); 328 EXPECT_POISONED(ReturnPoisoned<S4>()); 329 EXPECT_POISONED(ReturnPoisoned<S8>()); 330} 331 332// malloc() in the following test may be optimized to produce a compile-time 333// undef value. Check that we trap on the volatile assignment anyway. 334TEST(MemorySanitizer, DISABLED_MallocNoIdent) { 335 S4 *x = (int*)malloc(sizeof(S4)); 336 EXPECT_POISONED(*x); 337 free(x); 338} 339 340TEST(MemorySanitizer, Malloc) { 341 S4 *x = (int*)Ident(malloc(sizeof(S4))); 342 EXPECT_POISONED(*x); 343 free(x); 344} 345 346TEST(MemorySanitizer, Realloc) { 347 S4 *x = (int*)Ident(realloc(0, sizeof(S4))); 348 EXPECT_POISONED(x[0]); 349 x[0] = 1; 350 x = (int*)Ident(realloc(x, 2 * sizeof(S4))); 351 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 352 EXPECT_POISONED(x[1]); 353 x = (int*)Ident(realloc(x, 3 * sizeof(S4))); 354 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 355 EXPECT_POISONED(x[2]); 356 EXPECT_POISONED(x[1]); 357 x[2] = 1; // Init this here. Check that after realloc it is poisoned again. 358 x = (int*)Ident(realloc(x, 2 * sizeof(S4))); 359 EXPECT_NOT_POISONED(x[0]); // Ok, was inited before. 360 EXPECT_POISONED(x[1]); 361 x = (int*)Ident(realloc(x, 3 * sizeof(S4))); 362 EXPECT_POISONED(x[1]); 363 EXPECT_POISONED(x[2]); 364 free(x); 365} 366 367TEST(MemorySanitizer, Calloc) { 368 S4 *x = (int*)Ident(calloc(1, sizeof(S4))); 369 EXPECT_NOT_POISONED(*x); // Should not be poisoned. 370 EXPECT_EQ(0, *x); 371 free(x); 372} 373 374TEST(MemorySanitizer, CallocReturnsZeroMem) { 375 size_t sizes[] = {16, 1000, 10000, 100000, 2100000}; 376 for (size_t s = 0; s < sizeof(sizes)/sizeof(sizes[0]); s++) { 377 size_t size = sizes[s]; 378 for (size_t iter = 0; iter < 5; iter++) { 379 char *x = Ident((char*)calloc(1, size)); 380 EXPECT_EQ(x[0], 0); 381 EXPECT_EQ(x[size - 1], 0); 382 EXPECT_EQ(x[size / 2], 0); 383 EXPECT_EQ(x[size / 3], 0); 384 EXPECT_EQ(x[size / 4], 0); 385 memset(x, 0x42, size); 386 free(Ident(x)); 387 } 388 } 389} 390 391TEST(MemorySanitizer, AndOr) { 392 U4 *p = GetPoisoned<U4>(); 393 // We poison two bytes in the midle of a 4-byte word to make the test 394 // correct regardless of endianness. 395 ((U1*)p)[1] = 0; 396 ((U1*)p)[2] = 0xff; 397 EXPECT_NOT_POISONED(*p & 0x00ffff00); 398 EXPECT_NOT_POISONED(*p & 0x00ff0000); 399 EXPECT_NOT_POISONED(*p & 0x0000ff00); 400 EXPECT_POISONED(*p & 0xff000000); 401 EXPECT_POISONED(*p & 0x000000ff); 402 EXPECT_POISONED(*p & 0x0000ffff); 403 EXPECT_POISONED(*p & 0xffff0000); 404 405 EXPECT_NOT_POISONED(*p | 0xff0000ff); 406 EXPECT_NOT_POISONED(*p | 0xff00ffff); 407 EXPECT_NOT_POISONED(*p | 0xffff00ff); 408 EXPECT_POISONED(*p | 0xff000000); 409 EXPECT_POISONED(*p | 0x000000ff); 410 EXPECT_POISONED(*p | 0x0000ffff); 411 EXPECT_POISONED(*p | 0xffff0000); 412 413 EXPECT_POISONED(*GetPoisoned<bool>() & *GetPoisoned<bool>()); 414} 415 416template<class T> 417static bool applyNot(T value, T shadow) { 418 __msan_partial_poison(&value, &shadow, sizeof(T)); 419 return !value; 420} 421 422TEST(MemorySanitizer, Not) { 423 EXPECT_NOT_POISONED(applyNot<U4>(0x0, 0x0)); 424 EXPECT_NOT_POISONED(applyNot<U4>(0xFFFFFFFF, 0x0)); 425 EXPECT_POISONED(applyNot<U4>(0xFFFFFFFF, 0xFFFFFFFF)); 426 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0FFFFFFF)); 427 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00FFFFFF)); 428 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x0000FFFF)); 429 EXPECT_NOT_POISONED(applyNot<U4>(0xFF000000, 0x00000000)); 430 EXPECT_POISONED(applyNot<U4>(0xFF000000, 0xFF000000)); 431 EXPECT_NOT_POISONED(applyNot<U4>(0xFF800000, 0xFF000000)); 432 EXPECT_POISONED(applyNot<U4>(0x00008000, 0x00008000)); 433 434 EXPECT_NOT_POISONED(applyNot<U1>(0x0, 0x0)); 435 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0xFE)); 436 EXPECT_NOT_POISONED(applyNot<U1>(0xFF, 0x0)); 437 EXPECT_POISONED(applyNot<U1>(0xFF, 0xFF)); 438 439 EXPECT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-1))); 440 EXPECT_NOT_POISONED(applyNot<void*>((void*)0xFFFFFF, (void*)(-2))); 441} 442 443TEST(MemorySanitizer, Shift) { 444 U4 *up = GetPoisoned<U4>(); 445 ((U1*)up)[0] = 0; 446 ((U1*)up)[3] = 0xff; 447 EXPECT_NOT_POISONED(*up >> 30); 448 EXPECT_NOT_POISONED(*up >> 24); 449 EXPECT_POISONED(*up >> 23); 450 EXPECT_POISONED(*up >> 10); 451 452 EXPECT_NOT_POISONED(*up << 30); 453 EXPECT_NOT_POISONED(*up << 24); 454 EXPECT_POISONED(*up << 23); 455 EXPECT_POISONED(*up << 10); 456 457 S4 *sp = (S4*)up; 458 EXPECT_NOT_POISONED(*sp >> 30); 459 EXPECT_NOT_POISONED(*sp >> 24); 460 EXPECT_POISONED(*sp >> 23); 461 EXPECT_POISONED(*sp >> 10); 462 463 sp = GetPoisoned<S4>(); 464 ((S1*)sp)[1] = 0; 465 ((S1*)sp)[2] = 0; 466 EXPECT_POISONED(*sp >> 31); 467 468 EXPECT_POISONED(100 >> *GetPoisoned<S4>()); 469 EXPECT_POISONED(100U >> *GetPoisoned<S4>()); 470} 471 472NOINLINE static int GetPoisonedZero() { 473 int *zero = new int; 474 *zero = 0; 475 __msan_poison(zero, sizeof(*zero)); 476 int res = *zero; 477 delete zero; 478 return res; 479} 480 481TEST(MemorySanitizer, LoadFromDirtyAddress) { 482 int *a = new int; 483 *a = 0; 484 EXPECT_UMR(break_optimization((void*)(U8)a[GetPoisonedZero()])); 485 delete a; 486} 487 488TEST(MemorySanitizer, StoreToDirtyAddress) { 489 int *a = new int; 490 EXPECT_UMR(a[GetPoisonedZero()] = 0); 491 break_optimization(a); 492 delete a; 493} 494 495 496NOINLINE void StackTestFunc() { 497 S4 p4; 498 S4 ok4 = 1; 499 S2 p2; 500 S2 ok2 = 1; 501 S1 p1; 502 S1 ok1 = 1; 503 break_optimization(&p4); 504 break_optimization(&ok4); 505 break_optimization(&p2); 506 break_optimization(&ok2); 507 break_optimization(&p1); 508 break_optimization(&ok1); 509 510 EXPECT_POISONED(p4); 511 EXPECT_POISONED(p2); 512 EXPECT_POISONED(p1); 513 EXPECT_NOT_POISONED(ok1); 514 EXPECT_NOT_POISONED(ok2); 515 EXPECT_NOT_POISONED(ok4); 516} 517 518TEST(MemorySanitizer, StackTest) { 519 StackTestFunc(); 520} 521 522NOINLINE void StackStressFunc() { 523 int foo[10000]; 524 break_optimization(foo); 525} 526 527TEST(MemorySanitizer, DISABLED_StackStressTest) { 528 for (int i = 0; i < 1000000; i++) 529 StackStressFunc(); 530} 531 532template<class T> 533void TestFloatingPoint() { 534 static volatile T v; 535 static T g[100]; 536 break_optimization(&g); 537 T *x = GetPoisoned<T>(); 538 T *y = GetPoisoned<T>(1); 539 EXPECT_POISONED(*x); 540 EXPECT_POISONED((long long)*x); 541 EXPECT_POISONED((int)*x); 542 g[0] = *x; 543 g[1] = *x + *y; 544 g[2] = *x - *y; 545 g[3] = *x * *y; 546} 547 548TEST(MemorySanitizer, FloatingPointTest) { 549 TestFloatingPoint<float>(); 550 TestFloatingPoint<double>(); 551} 552 553TEST(MemorySanitizer, DynMem) { 554 S4 x = 0; 555 S4 *y = GetPoisoned<S4>(); 556 memcpy(y, &x, g_one * sizeof(S4)); 557 EXPECT_NOT_POISONED(*y); 558} 559 560static char *DynRetTestStr; 561 562TEST(MemorySanitizer, DynRet) { 563 ReturnPoisoned<S8>(); 564 EXPECT_NOT_POISONED(atoi("0")); 565} 566 567TEST(MemorySanitizer, DynRet1) { 568 ReturnPoisoned<S8>(); 569} 570 571struct LargeStruct { 572 S4 x[10]; 573}; 574 575NOINLINE 576LargeStruct LargeRetTest() { 577 LargeStruct res; 578 res.x[0] = *GetPoisoned<S4>(); 579 res.x[1] = *GetPoisoned<S4>(); 580 res.x[2] = *GetPoisoned<S4>(); 581 res.x[3] = *GetPoisoned<S4>(); 582 res.x[4] = *GetPoisoned<S4>(); 583 res.x[5] = *GetPoisoned<S4>(); 584 res.x[6] = *GetPoisoned<S4>(); 585 res.x[7] = *GetPoisoned<S4>(); 586 res.x[8] = *GetPoisoned<S4>(); 587 res.x[9] = *GetPoisoned<S4>(); 588 return res; 589} 590 591TEST(MemorySanitizer, strcmp) { 592 char s1[10]; 593 char s2[10]; 594 strncpy(s1, "foo", 10); 595 s2[0] = 'f'; 596 s2[1] = 'n'; 597 EXPECT_GT(strcmp(s1, s2), 0); 598 s2[1] = 'o'; 599 int res; 600 EXPECT_UMR(res = strcmp(s1, s2)); 601 EXPECT_NOT_POISONED(res); 602 EXPECT_EQ(strncmp(s1, s2, 1), 0); 603} 604 605TEST(MemorySanitizer, LargeRet) { 606 LargeStruct a = LargeRetTest(); 607 EXPECT_POISONED(a.x[0]); 608 EXPECT_POISONED(a.x[9]); 609} 610 611TEST(MemorySanitizer, strerror) { 612 char *buf = strerror(EINVAL); 613 EXPECT_NOT_POISONED(strlen(buf)); 614 buf = strerror(123456); 615 EXPECT_NOT_POISONED(strlen(buf)); 616} 617 618TEST(MemorySanitizer, strerror_r) { 619 errno = 0; 620 char buf[1000]; 621 char *res = (char*) (size_t) strerror_r(EINVAL, buf, sizeof(buf)); 622 ASSERT_EQ(0, errno); 623 if (!res) res = buf; // POSIX version success. 624 EXPECT_NOT_POISONED(strlen(res)); 625} 626 627TEST(MemorySanitizer, fread) { 628 char *x = new char[32]; 629 FILE *f = fopen(FILE_TO_READ, "r"); 630 ASSERT_TRUE(f != NULL); 631 fread(x, 1, 32, f); 632 EXPECT_NOT_POISONED(x[0]); 633 EXPECT_NOT_POISONED(x[16]); 634 EXPECT_NOT_POISONED(x[31]); 635 fclose(f); 636 delete[] x; 637} 638 639TEST(MemorySanitizer, read) { 640 char *x = new char[32]; 641 int fd = open(FILE_TO_READ, O_RDONLY); 642 ASSERT_GT(fd, 0); 643 int sz = read(fd, x, 32); 644 ASSERT_EQ(sz, 32); 645 EXPECT_NOT_POISONED(x[0]); 646 EXPECT_NOT_POISONED(x[16]); 647 EXPECT_NOT_POISONED(x[31]); 648 close(fd); 649 delete[] x; 650} 651 652TEST(MemorySanitizer, pread) { 653 char *x = new char[32]; 654 int fd = open(FILE_TO_READ, O_RDONLY); 655 ASSERT_GT(fd, 0); 656 int sz = pread(fd, x, 32, 0); 657 ASSERT_EQ(sz, 32); 658 EXPECT_NOT_POISONED(x[0]); 659 EXPECT_NOT_POISONED(x[16]); 660 EXPECT_NOT_POISONED(x[31]); 661 close(fd); 662 delete[] x; 663} 664 665TEST(MemorySanitizer, readv) { 666 char buf[2011]; 667 struct iovec iov[2]; 668 iov[0].iov_base = buf + 1; 669 iov[0].iov_len = 5; 670 iov[1].iov_base = buf + 10; 671 iov[1].iov_len = 2000; 672 int fd = open(FILE_TO_READ, O_RDONLY); 673 ASSERT_GT(fd, 0); 674 int sz = readv(fd, iov, 2); 675 ASSERT_GE(sz, 0); 676 ASSERT_LE(sz, 5 + 2000); 677 ASSERT_GT((size_t)sz, iov[0].iov_len); 678 EXPECT_POISONED(buf[0]); 679 EXPECT_NOT_POISONED(buf[1]); 680 EXPECT_NOT_POISONED(buf[5]); 681 EXPECT_POISONED(buf[6]); 682 EXPECT_POISONED(buf[9]); 683 EXPECT_NOT_POISONED(buf[10]); 684 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]); 685 EXPECT_POISONED(buf[11 + (sz - 1) - 5]); 686 close(fd); 687} 688 689TEST(MemorySanitizer, preadv) { 690 char buf[2011]; 691 struct iovec iov[2]; 692 iov[0].iov_base = buf + 1; 693 iov[0].iov_len = 5; 694 iov[1].iov_base = buf + 10; 695 iov[1].iov_len = 2000; 696 int fd = open(FILE_TO_READ, O_RDONLY); 697 ASSERT_GT(fd, 0); 698 int sz = preadv(fd, iov, 2, 3); 699 ASSERT_GE(sz, 0); 700 ASSERT_LE(sz, 5 + 2000); 701 ASSERT_GT((size_t)sz, iov[0].iov_len); 702 EXPECT_POISONED(buf[0]); 703 EXPECT_NOT_POISONED(buf[1]); 704 EXPECT_NOT_POISONED(buf[5]); 705 EXPECT_POISONED(buf[6]); 706 EXPECT_POISONED(buf[9]); 707 EXPECT_NOT_POISONED(buf[10]); 708 EXPECT_NOT_POISONED(buf[10 + (sz - 1) - 5]); 709 EXPECT_POISONED(buf[11 + (sz - 1) - 5]); 710 close(fd); 711} 712 713// FIXME: fails now. 714TEST(MemorySanitizer, DISABLED_ioctl) { 715 struct winsize ws; 716 EXPECT_EQ(ioctl(2, TIOCGWINSZ, &ws), 0); 717 EXPECT_NOT_POISONED(ws.ws_col); 718} 719 720TEST(MemorySanitizer, readlink) { 721 char *x = new char[1000]; 722 readlink(SYMLINK_TO_READ, x, 1000); 723 EXPECT_NOT_POISONED(x[0]); 724 delete [] x; 725} 726 727TEST(MemorySanitizer, readlinkat) { 728 char *x = new char[1000]; 729 readlinkat(AT_FDCWD, SYMLINK_TO_READ, x, 1000); 730 EXPECT_NOT_POISONED(x[0]); 731 delete[] x; 732} 733 734TEST(MemorySanitizer, stat) { 735 struct stat* st = new struct stat; 736 int res = stat(FILE_TO_READ, st); 737 ASSERT_EQ(0, res); 738 EXPECT_NOT_POISONED(st->st_dev); 739 EXPECT_NOT_POISONED(st->st_mode); 740 EXPECT_NOT_POISONED(st->st_size); 741} 742 743TEST(MemorySanitizer, fstatat) { 744 struct stat* st = new struct stat; 745 int dirfd = open(DIR_TO_READ, O_RDONLY); 746 ASSERT_GT(dirfd, 0); 747 int res = fstatat(dirfd, SUBFILE_TO_READ, st, 0); 748 ASSERT_EQ(0, res); 749 EXPECT_NOT_POISONED(st->st_dev); 750 EXPECT_NOT_POISONED(st->st_mode); 751 EXPECT_NOT_POISONED(st->st_size); 752 close(dirfd); 753} 754 755#if !defined(__NetBSD__) 756TEST(MemorySanitizer, statfs) { 757 struct statfs st; 758 int res = statfs("/", &st); 759 ASSERT_EQ(0, res); 760 EXPECT_NOT_POISONED(st.f_type); 761 EXPECT_NOT_POISONED(st.f_bfree); 762 EXPECT_NOT_POISONED(st.f_namelen); 763} 764#endif 765 766TEST(MemorySanitizer, statvfs) { 767 struct statvfs st; 768 int res = statvfs("/", &st); 769 ASSERT_EQ(0, res); 770 EXPECT_NOT_POISONED(st.f_bsize); 771 EXPECT_NOT_POISONED(st.f_blocks); 772 EXPECT_NOT_POISONED(st.f_bfree); 773 EXPECT_NOT_POISONED(st.f_namemax); 774} 775 776TEST(MemorySanitizer, fstatvfs) { 777 struct statvfs st; 778 int fd = open("/", O_RDONLY | O_DIRECTORY); 779 int res = fstatvfs(fd, &st); 780 ASSERT_EQ(0, res); 781 EXPECT_NOT_POISONED(st.f_bsize); 782 EXPECT_NOT_POISONED(st.f_blocks); 783 EXPECT_NOT_POISONED(st.f_bfree); 784 EXPECT_NOT_POISONED(st.f_namemax); 785 close(fd); 786} 787 788TEST(MemorySanitizer, pipe) { 789 int* pipefd = new int[2]; 790 int res = pipe(pipefd); 791 ASSERT_EQ(0, res); 792 EXPECT_NOT_POISONED(pipefd[0]); 793 EXPECT_NOT_POISONED(pipefd[1]); 794 close(pipefd[0]); 795 close(pipefd[1]); 796} 797 798TEST(MemorySanitizer, pipe2) { 799 int* pipefd = new int[2]; 800 int res = pipe2(pipefd, O_NONBLOCK); 801 ASSERT_EQ(0, res); 802 EXPECT_NOT_POISONED(pipefd[0]); 803 EXPECT_NOT_POISONED(pipefd[1]); 804 close(pipefd[0]); 805 close(pipefd[1]); 806} 807 808TEST(MemorySanitizer, socketpair) { 809 int sv[2]; 810 int res = socketpair(AF_UNIX, SOCK_STREAM, 0, sv); 811 ASSERT_EQ(0, res); 812 EXPECT_NOT_POISONED(sv[0]); 813 EXPECT_NOT_POISONED(sv[1]); 814 close(sv[0]); 815 close(sv[1]); 816} 817 818TEST(MemorySanitizer, poll) { 819 int* pipefd = new int[2]; 820 int res = pipe(pipefd); 821 ASSERT_EQ(0, res); 822 823 char data = 42; 824 res = write(pipefd[1], &data, 1); 825 ASSERT_EQ(1, res); 826 827 pollfd fds[2]; 828 fds[0].fd = pipefd[0]; 829 fds[0].events = POLLIN; 830 fds[1].fd = pipefd[1]; 831 fds[1].events = POLLIN; 832 res = poll(fds, 2, 500); 833 ASSERT_EQ(1, res); 834 EXPECT_NOT_POISONED(fds[0].revents); 835 EXPECT_NOT_POISONED(fds[1].revents); 836 837 close(pipefd[0]); 838 close(pipefd[1]); 839} 840 841#if !defined (__FreeBSD__) && !defined (__NetBSD__) 842TEST(MemorySanitizer, ppoll) { 843 int* pipefd = new int[2]; 844 int res = pipe(pipefd); 845 ASSERT_EQ(0, res); 846 847 char data = 42; 848 res = write(pipefd[1], &data, 1); 849 ASSERT_EQ(1, res); 850 851 pollfd fds[2]; 852 fds[0].fd = pipefd[0]; 853 fds[0].events = POLLIN; 854 fds[1].fd = pipefd[1]; 855 fds[1].events = POLLIN; 856 sigset_t ss; 857 sigemptyset(&ss); 858 res = ppoll(fds, 2, NULL, &ss); 859 ASSERT_EQ(1, res); 860 EXPECT_NOT_POISONED(fds[0].revents); 861 EXPECT_NOT_POISONED(fds[1].revents); 862 863 close(pipefd[0]); 864 close(pipefd[1]); 865} 866#endif 867 868TEST(MemorySanitizer, poll_positive) { 869 int* pipefd = new int[2]; 870 int res = pipe(pipefd); 871 ASSERT_EQ(0, res); 872 873 pollfd fds[2]; 874 fds[0].fd = pipefd[0]; 875 fds[0].events = POLLIN; 876 // fds[1].fd uninitialized 877 fds[1].events = POLLIN; 878 EXPECT_UMR(poll(fds, 2, 0)); 879 880 close(pipefd[0]); 881 close(pipefd[1]); 882} 883 884TEST(MemorySanitizer, bind_getsockname) { 885 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 886 887 struct sockaddr_in sai; 888 memset(&sai, 0, sizeof(sai)); 889 sai.sin_family = AF_UNIX; 890 int res = bind(sock, (struct sockaddr *)&sai, sizeof(sai)); 891 892 ASSERT_EQ(0, res); 893 char buf[200]; 894 socklen_t addrlen; 895 EXPECT_UMR(getsockname(sock, (struct sockaddr *)&buf, &addrlen)); 896 897 addrlen = sizeof(buf); 898 res = getsockname(sock, (struct sockaddr *)&buf, &addrlen); 899 EXPECT_NOT_POISONED(addrlen); 900 EXPECT_NOT_POISONED(buf[0]); 901 EXPECT_NOT_POISONED(buf[addrlen - 1]); 902 EXPECT_POISONED(buf[addrlen]); 903 close(sock); 904} 905 906class SocketAddr { 907 public: 908 virtual ~SocketAddr() = default; 909 virtual struct sockaddr *ptr() = 0; 910 virtual size_t size() const = 0; 911 912 template <class... Args> 913 static std::unique_ptr<SocketAddr> Create(int family, Args... args); 914}; 915 916class SocketAddr4 : public SocketAddr { 917 public: 918 SocketAddr4() { EXPECT_POISONED(sai_); } 919 explicit SocketAddr4(uint16_t port) { 920 memset(&sai_, 0, sizeof(sai_)); 921 sai_.sin_family = AF_INET; 922 sai_.sin_port = port; 923 sai_.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 924 } 925 926 sockaddr *ptr() override { return reinterpret_cast<sockaddr *>(&sai_); } 927 928 size_t size() const override { return sizeof(sai_); } 929 930 private: 931 sockaddr_in sai_; 932}; 933 934class SocketAddr6 : public SocketAddr { 935 public: 936 SocketAddr6() { EXPECT_POISONED(sai_); } 937 explicit SocketAddr6(uint16_t port) { 938 memset(&sai_, 0, sizeof(sai_)); 939 sai_.sin6_family = AF_INET6; 940 sai_.sin6_port = port; 941 sai_.sin6_addr = in6addr_loopback; 942 } 943 944 sockaddr *ptr() override { return reinterpret_cast<sockaddr *>(&sai_); } 945 946 size_t size() const override { return sizeof(sai_); } 947 948 private: 949 sockaddr_in6 sai_; 950}; 951 952template <class... Args> 953std::unique_ptr<SocketAddr> SocketAddr::Create(int family, Args... args) { 954 if (family == AF_INET) 955 return std::unique_ptr<SocketAddr>(new SocketAddr4(args...)); 956 return std::unique_ptr<SocketAddr>(new SocketAddr6(args...)); 957} 958 959class MemorySanitizerIpTest : public ::testing::TestWithParam<int> { 960 public: 961 void SetUp() override { 962 ASSERT_TRUE(GetParam() == AF_INET || GetParam() == AF_INET6); 963 } 964 965 template <class... Args> 966 std::unique_ptr<SocketAddr> CreateSockAddr(Args... args) const { 967 return SocketAddr::Create(GetParam(), args...); 968 } 969 970 int CreateSocket(int socket_type) const { 971 return socket(GetParam(), socket_type, 0); 972 } 973}; 974 975std::vector<int> GetAvailableIpSocketFamilies() { 976 std::vector<int> result; 977 978 for (int i : {AF_INET, AF_INET6}) { 979 int s = socket(i, SOCK_STREAM, 0); 980 if (s > 0) { 981 auto sai = SocketAddr::Create(i, 0); 982 if (bind(s, sai->ptr(), sai->size()) == 0) result.push_back(i); 983 close(s); 984 } 985 } 986 987 return result; 988} 989 990INSTANTIATE_TEST_CASE_P(IpTests, MemorySanitizerIpTest, 991 ::testing::ValuesIn(GetAvailableIpSocketFamilies())); 992 993TEST_P(MemorySanitizerIpTest, accept) { 994 int listen_socket = CreateSocket(SOCK_STREAM); 995 ASSERT_LT(0, listen_socket); 996 997 auto sai = CreateSockAddr(0); 998 int res = bind(listen_socket, sai->ptr(), sai->size()); 999 ASSERT_EQ(0, res); 1000 1001 res = listen(listen_socket, 1); 1002 ASSERT_EQ(0, res); 1003 1004 socklen_t sz = sai->size(); 1005 res = getsockname(listen_socket, sai->ptr(), &sz); 1006 ASSERT_EQ(0, res); 1007 ASSERT_EQ(sai->size(), sz); 1008 1009 int connect_socket = CreateSocket(SOCK_STREAM); 1010 ASSERT_LT(0, connect_socket); 1011 res = fcntl(connect_socket, F_SETFL, O_NONBLOCK); 1012 ASSERT_EQ(0, res); 1013 res = connect(connect_socket, sai->ptr(), sai->size()); 1014 // On FreeBSD this connection completes immediately. 1015 if (res != 0) { 1016 ASSERT_EQ(-1, res); 1017 ASSERT_EQ(EINPROGRESS, errno); 1018 } 1019 1020 __msan_poison(sai->ptr(), sai->size()); 1021 int new_sock = accept(listen_socket, sai->ptr(), &sz); 1022 ASSERT_LT(0, new_sock); 1023 ASSERT_EQ(sai->size(), sz); 1024 EXPECT_NOT_POISONED2(sai->ptr(), sai->size()); 1025 1026 __msan_poison(sai->ptr(), sai->size()); 1027 res = getpeername(new_sock, sai->ptr(), &sz); 1028 ASSERT_EQ(0, res); 1029 ASSERT_EQ(sai->size(), sz); 1030 EXPECT_NOT_POISONED2(sai->ptr(), sai->size()); 1031 1032 close(new_sock); 1033 close(connect_socket); 1034 close(listen_socket); 1035} 1036 1037TEST_P(MemorySanitizerIpTest, recvmsg) { 1038 int server_socket = CreateSocket(SOCK_DGRAM); 1039 ASSERT_LT(0, server_socket); 1040 1041 auto sai = CreateSockAddr(0); 1042 int res = bind(server_socket, sai->ptr(), sai->size()); 1043 ASSERT_EQ(0, res); 1044 1045 socklen_t sz = sai->size(); 1046 res = getsockname(server_socket, sai->ptr(), &sz); 1047 ASSERT_EQ(0, res); 1048 ASSERT_EQ(sai->size(), sz); 1049 1050 int client_socket = CreateSocket(SOCK_DGRAM); 1051 ASSERT_LT(0, client_socket); 1052 1053 auto client_sai = CreateSockAddr(0); 1054 res = bind(client_socket, client_sai->ptr(), client_sai->size()); 1055 ASSERT_EQ(0, res); 1056 1057 sz = client_sai->size(); 1058 res = getsockname(client_socket, client_sai->ptr(), &sz); 1059 ASSERT_EQ(0, res); 1060 ASSERT_EQ(client_sai->size(), sz); 1061 1062 const char *s = "message text"; 1063 struct iovec iov; 1064 iov.iov_base = (void *)s; 1065 iov.iov_len = strlen(s) + 1; 1066 struct msghdr msg; 1067 memset(&msg, 0, sizeof(msg)); 1068 msg.msg_name = sai->ptr(); 1069 msg.msg_namelen = sai->size(); 1070 msg.msg_iov = &iov; 1071 msg.msg_iovlen = 1; 1072 res = sendmsg(client_socket, &msg, 0); 1073 ASSERT_LT(0, res); 1074 1075 char buf[1000]; 1076 struct iovec recv_iov; 1077 recv_iov.iov_base = (void *)&buf; 1078 recv_iov.iov_len = sizeof(buf); 1079 auto recv_sai = CreateSockAddr(); 1080 struct msghdr recv_msg; 1081 memset(&recv_msg, 0, sizeof(recv_msg)); 1082 recv_msg.msg_name = recv_sai->ptr(); 1083 recv_msg.msg_namelen = recv_sai->size(); 1084 recv_msg.msg_iov = &recv_iov; 1085 recv_msg.msg_iovlen = 1; 1086 res = recvmsg(server_socket, &recv_msg, 0); 1087 ASSERT_LT(0, res); 1088 1089 ASSERT_EQ(recv_sai->size(), recv_msg.msg_namelen); 1090 EXPECT_NOT_POISONED2(recv_sai->ptr(), recv_sai->size()); 1091 EXPECT_STREQ(s, buf); 1092 1093 close(server_socket); 1094 close(client_socket); 1095} 1096 1097#define EXPECT_HOSTENT_NOT_POISONED(he) \ 1098 do { \ 1099 EXPECT_NOT_POISONED(*(he)); \ 1100 ASSERT_NE((void *)0, (he)->h_name); \ 1101 ASSERT_NE((void *)0, (he)->h_aliases); \ 1102 ASSERT_NE((void *)0, (he)->h_addr_list); \ 1103 EXPECT_NOT_POISONED(strlen((he)->h_name)); \ 1104 char **p = (he)->h_aliases; \ 1105 while (*p) { \ 1106 EXPECT_NOT_POISONED(strlen(*p)); \ 1107 ++p; \ 1108 } \ 1109 char **q = (he)->h_addr_list; \ 1110 while (*q) { \ 1111 EXPECT_NOT_POISONED(*q[0]); \ 1112 ++q; \ 1113 } \ 1114 EXPECT_NOT_POISONED(*q); \ 1115 } while (0) 1116 1117TEST(MemorySanitizer, gethostent) { 1118 struct hostent *he = gethostent(); 1119 ASSERT_NE((void *)NULL, he); 1120 EXPECT_HOSTENT_NOT_POISONED(he); 1121} 1122 1123#ifndef MSAN_TEST_DISABLE_GETHOSTBYNAME 1124 1125TEST(MemorySanitizer, gethostbyname) { 1126 struct hostent *he = gethostbyname("localhost"); 1127 ASSERT_NE((void *)NULL, he); 1128 EXPECT_HOSTENT_NOT_POISONED(he); 1129} 1130 1131#endif // MSAN_TEST_DISABLE_GETHOSTBYNAME 1132 1133TEST(MemorySanitizer, getaddrinfo) { 1134 struct addrinfo *ai; 1135 struct addrinfo hints; 1136 memset(&hints, 0, sizeof(hints)); 1137 hints.ai_family = AF_INET; 1138 int res = getaddrinfo("localhost", NULL, &hints, &ai); 1139 ASSERT_EQ(0, res); 1140 EXPECT_NOT_POISONED(*ai); 1141 ASSERT_EQ(sizeof(sockaddr_in), ai->ai_addrlen); 1142 EXPECT_NOT_POISONED(*(sockaddr_in *)ai->ai_addr); 1143} 1144 1145TEST(MemorySanitizer, getnameinfo) { 1146 struct sockaddr_in sai; 1147 memset(&sai, 0, sizeof(sai)); 1148 sai.sin_family = AF_INET; 1149 sai.sin_port = 80; 1150 sai.sin_addr.s_addr = htonl(INADDR_LOOPBACK); 1151 char host[500]; 1152 char serv[500]; 1153 int res = getnameinfo((struct sockaddr *)&sai, sizeof(sai), host, 1154 sizeof(host), serv, sizeof(serv), 0); 1155 ASSERT_EQ(0, res); 1156 EXPECT_NOT_POISONED(host[0]); 1157 EXPECT_POISONED(host[sizeof(host) - 1]); 1158 1159 ASSERT_NE(0U, strlen(host)); 1160 EXPECT_NOT_POISONED(serv[0]); 1161 EXPECT_POISONED(serv[sizeof(serv) - 1]); 1162 ASSERT_NE(0U, strlen(serv)); 1163} 1164 1165TEST(MemorySanitizer, gethostbyname2) { 1166 struct hostent *he = gethostbyname2("localhost", AF_INET); 1167 ASSERT_NE((void *)NULL, he); 1168 EXPECT_HOSTENT_NOT_POISONED(he); 1169} 1170 1171TEST(MemorySanitizer, gethostbyaddr) { 1172 in_addr_t addr = inet_addr("127.0.0.1"); 1173 EXPECT_NOT_POISONED(addr); 1174 struct hostent *he = gethostbyaddr(&addr, sizeof(addr), AF_INET); 1175 ASSERT_NE((void *)NULL, he); 1176 EXPECT_HOSTENT_NOT_POISONED(he); 1177} 1178 1179#if !defined(__NetBSD__) 1180TEST(MemorySanitizer, gethostent_r) { 1181 char buf[2000]; 1182 struct hostent he; 1183 struct hostent *result; 1184 int err; 1185 int res = gethostent_r(&he, buf, sizeof(buf), &result, &err); 1186 ASSERT_EQ(0, res); 1187 EXPECT_NOT_POISONED(result); 1188 ASSERT_NE((void *)NULL, result); 1189 EXPECT_HOSTENT_NOT_POISONED(result); 1190 EXPECT_NOT_POISONED(err); 1191} 1192#endif 1193 1194#if !defined(__NetBSD__) 1195TEST(MemorySanitizer, gethostbyname_r) { 1196 char buf[2000]; 1197 struct hostent he; 1198 struct hostent *result; 1199 int err; 1200 int res = gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err); 1201 ASSERT_EQ(0, res); 1202 EXPECT_NOT_POISONED(result); 1203 ASSERT_NE((void *)NULL, result); 1204 EXPECT_HOSTENT_NOT_POISONED(result); 1205 EXPECT_NOT_POISONED(err); 1206} 1207#endif 1208 1209#if !defined(__NetBSD__) 1210TEST(MemorySanitizer, gethostbyname_r_bad_host_name) { 1211 char buf[2000]; 1212 struct hostent he; 1213 struct hostent *result; 1214 int err; 1215 int res = gethostbyname_r("bad-host-name", &he, buf, sizeof(buf), &result, &err); 1216 ASSERT_EQ((struct hostent *)0, result); 1217 EXPECT_NOT_POISONED(err); 1218} 1219#endif 1220 1221#if !defined(__NetBSD__) 1222TEST(MemorySanitizer, gethostbyname_r_erange) { 1223 char buf[5]; 1224 struct hostent he; 1225 struct hostent *result; 1226 int err; 1227 gethostbyname_r("localhost", &he, buf, sizeof(buf), &result, &err); 1228 ASSERT_EQ(ERANGE, errno); 1229 EXPECT_NOT_POISONED(err); 1230} 1231#endif 1232 1233#if !defined(__NetBSD__) 1234TEST(MemorySanitizer, gethostbyname2_r) { 1235 char buf[2000]; 1236 struct hostent he; 1237 struct hostent *result; 1238 int err; 1239 int res = gethostbyname2_r("localhost", AF_INET, &he, buf, sizeof(buf), 1240 &result, &err); 1241 ASSERT_EQ(0, res); 1242 EXPECT_NOT_POISONED(result); 1243 ASSERT_NE((void *)NULL, result); 1244 EXPECT_HOSTENT_NOT_POISONED(result); 1245 EXPECT_NOT_POISONED(err); 1246} 1247#endif 1248 1249#if !defined(__NetBSD__) 1250TEST(MemorySanitizer, gethostbyaddr_r) { 1251 char buf[2000]; 1252 struct hostent he; 1253 struct hostent *result; 1254 int err; 1255 in_addr_t addr = inet_addr("127.0.0.1"); 1256 EXPECT_NOT_POISONED(addr); 1257 int res = gethostbyaddr_r(&addr, sizeof(addr), AF_INET, &he, buf, sizeof(buf), 1258 &result, &err); 1259 ASSERT_EQ(0, res); 1260 EXPECT_NOT_POISONED(result); 1261 ASSERT_NE((void *)NULL, result); 1262 EXPECT_HOSTENT_NOT_POISONED(result); 1263 EXPECT_NOT_POISONED(err); 1264} 1265#endif 1266 1267TEST(MemorySanitizer, getsockopt) { 1268 int sock = socket(AF_UNIX, SOCK_STREAM, 0); 1269 struct linger l[2]; 1270 socklen_t sz = sizeof(l[0]); 1271 int res = getsockopt(sock, SOL_SOCKET, SO_LINGER, &l[0], &sz); 1272 ASSERT_EQ(0, res); 1273 ASSERT_EQ(sizeof(l[0]), sz); 1274 EXPECT_NOT_POISONED(l[0]); 1275 EXPECT_POISONED(*(char *)(l + 1)); 1276} 1277 1278TEST(MemorySanitizer, getcwd) { 1279 char path[PATH_MAX + 1]; 1280 char* res = getcwd(path, sizeof(path)); 1281 ASSERT_TRUE(res != NULL); 1282 EXPECT_NOT_POISONED(path[0]); 1283} 1284 1285TEST(MemorySanitizer, getcwd_gnu) { 1286 char* res = getcwd(NULL, 0); 1287 ASSERT_TRUE(res != NULL); 1288 EXPECT_NOT_POISONED(res[0]); 1289 free(res); 1290} 1291 1292#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1293TEST(MemorySanitizer, get_current_dir_name) { 1294 char* res = get_current_dir_name(); 1295 ASSERT_TRUE(res != NULL); 1296 EXPECT_NOT_POISONED(res[0]); 1297 free(res); 1298} 1299#endif 1300 1301TEST(MemorySanitizer, shmctl) { 1302 int id = shmget(IPC_PRIVATE, 4096, 0644 | IPC_CREAT); 1303 ASSERT_GT(id, -1); 1304 1305 struct shmid_ds ds; 1306 int res = shmctl(id, IPC_STAT, &ds); 1307 ASSERT_GT(res, -1); 1308 EXPECT_NOT_POISONED(ds); 1309 1310#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1311 struct shminfo si; 1312 res = shmctl(id, IPC_INFO, (struct shmid_ds *)&si); 1313 ASSERT_GT(res, -1); 1314 EXPECT_NOT_POISONED(si); 1315 1316 struct shm_info s_i; 1317 res = shmctl(id, SHM_INFO, (struct shmid_ds *)&s_i); 1318 ASSERT_GT(res, -1); 1319 EXPECT_NOT_POISONED(s_i); 1320#endif 1321 1322 res = shmctl(id, IPC_RMID, 0); 1323 ASSERT_GT(res, -1); 1324} 1325 1326TEST(MemorySanitizer, shmat) { 1327 const int kShmSize = 4096; 1328 void *mapping_start = mmap(NULL, kShmSize + SHMLBA, PROT_READ | PROT_WRITE, 1329 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 1330 ASSERT_NE(MAP_FAILED, mapping_start); 1331 1332 void *p = (void *)(((unsigned long)mapping_start + SHMLBA - 1) / SHMLBA * SHMLBA); 1333 // p is now SHMLBA-aligned; 1334 1335 ((char *)p)[10] = *GetPoisoned<U1>(); 1336 ((char *)p)[kShmSize - 1] = *GetPoisoned<U1>(); 1337 1338 int res = munmap(mapping_start, kShmSize + SHMLBA); 1339 ASSERT_EQ(0, res); 1340 1341 int id = shmget(IPC_PRIVATE, kShmSize, 0644 | IPC_CREAT); 1342 ASSERT_GT(id, -1); 1343 1344 void *q = shmat(id, p, 0); 1345 ASSERT_EQ(p, q); 1346 1347 EXPECT_NOT_POISONED(((char *)q)[0]); 1348 EXPECT_NOT_POISONED(((char *)q)[10]); 1349 EXPECT_NOT_POISONED(((char *)q)[kShmSize - 1]); 1350 1351 res = shmdt(q); 1352 ASSERT_EQ(0, res); 1353 1354 res = shmctl(id, IPC_RMID, 0); 1355 ASSERT_GT(res, -1); 1356} 1357 1358#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1359TEST(MemorySanitizer, random_r) { 1360 int32_t x; 1361 char z[64]; 1362 memset(z, 0, sizeof(z)); 1363 1364 struct random_data buf; 1365 memset(&buf, 0, sizeof(buf)); 1366 1367 int res = initstate_r(0, z, sizeof(z), &buf); 1368 ASSERT_EQ(0, res); 1369 1370 res = random_r(&buf, &x); 1371 ASSERT_EQ(0, res); 1372 EXPECT_NOT_POISONED(x); 1373} 1374#endif 1375 1376TEST(MemorySanitizer, confstr) { 1377 char buf[3]; 1378 size_t res = confstr(_CS_PATH, buf, sizeof(buf)); 1379 ASSERT_GT(res, sizeof(buf)); 1380 EXPECT_NOT_POISONED(buf[0]); 1381 EXPECT_NOT_POISONED(buf[sizeof(buf) - 1]); 1382 1383 char buf2[1000]; 1384 res = confstr(_CS_PATH, buf2, sizeof(buf2)); 1385 ASSERT_LT(res, sizeof(buf2)); 1386 EXPECT_NOT_POISONED(buf2[0]); 1387 EXPECT_NOT_POISONED(buf2[res - 1]); 1388 EXPECT_POISONED(buf2[res]); 1389 ASSERT_EQ(res, strlen(buf2) + 1); 1390} 1391 1392TEST(MemorySanitizer, opendir) { 1393 DIR *dir = opendir("."); 1394 closedir(dir); 1395 1396 char name[10] = "."; 1397 __msan_poison(name, sizeof(name)); 1398 EXPECT_UMR(dir = opendir(name)); 1399 closedir(dir); 1400} 1401 1402TEST(MemorySanitizer, readdir) { 1403 DIR *dir = opendir("."); 1404 struct dirent *d = readdir(dir); 1405 ASSERT_TRUE(d != NULL); 1406 EXPECT_NOT_POISONED(d->d_name[0]); 1407 closedir(dir); 1408} 1409 1410TEST(MemorySanitizer, readdir_r) { 1411 DIR *dir = opendir("."); 1412 struct dirent d; 1413 struct dirent *pd; 1414 int res = readdir_r(dir, &d, &pd); 1415 ASSERT_EQ(0, res); 1416 EXPECT_NOT_POISONED(pd); 1417 EXPECT_NOT_POISONED(d.d_name[0]); 1418 closedir(dir); 1419} 1420 1421TEST(MemorySanitizer, realpath) { 1422 const char* relpath = "."; 1423 char path[PATH_MAX + 1]; 1424 char* res = realpath(relpath, path); 1425 ASSERT_TRUE(res != NULL); 1426 EXPECT_NOT_POISONED(path[0]); 1427} 1428 1429TEST(MemorySanitizer, realpath_null) { 1430 const char* relpath = "."; 1431 char* res = realpath(relpath, NULL); 1432 printf("%d, %s\n", errno, strerror(errno)); 1433 ASSERT_TRUE(res != NULL); 1434 EXPECT_NOT_POISONED(res[0]); 1435 free(res); 1436} 1437 1438#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1439TEST(MemorySanitizer, canonicalize_file_name) { 1440 const char* relpath = "."; 1441 char* res = canonicalize_file_name(relpath); 1442 ASSERT_TRUE(res != NULL); 1443 EXPECT_NOT_POISONED(res[0]); 1444 free(res); 1445} 1446#endif 1447 1448extern char **environ; 1449 1450TEST(MemorySanitizer, setenv) { 1451 setenv("AAA", "BBB", 1); 1452 for (char **envp = environ; *envp; ++envp) { 1453 EXPECT_NOT_POISONED(*envp); 1454 EXPECT_NOT_POISONED(*envp[0]); 1455 } 1456} 1457 1458TEST(MemorySanitizer, putenv) { 1459 char s[] = "AAA=BBB"; 1460 putenv(s); 1461 for (char **envp = environ; *envp; ++envp) { 1462 EXPECT_NOT_POISONED(*envp); 1463 EXPECT_NOT_POISONED(*envp[0]); 1464 } 1465} 1466 1467TEST(MemorySanitizer, memcpy) { 1468 char* x = new char[2]; 1469 char* y = new char[2]; 1470 x[0] = 1; 1471 x[1] = *GetPoisoned<char>(); 1472 memcpy(y, x, 2); 1473 EXPECT_NOT_POISONED(y[0]); 1474 EXPECT_POISONED(y[1]); 1475} 1476 1477void TestUnalignedMemcpy(unsigned left, unsigned right, bool src_is_aligned, 1478 bool src_is_poisoned, bool dst_is_poisoned) { 1479 fprintf(stderr, "%s(%d, %d, %d, %d, %d)\n", __func__, left, right, 1480 src_is_aligned, src_is_poisoned, dst_is_poisoned); 1481 1482 const unsigned sz = 20; 1483 U4 dst_origin, src_origin; 1484 char *dst = (char *)malloc(sz); 1485 if (dst_is_poisoned) 1486 dst_origin = __msan_get_origin(dst); 1487 else 1488 memset(dst, 0, sz); 1489 1490 char *src = (char *)malloc(sz); 1491 if (src_is_poisoned) 1492 src_origin = __msan_get_origin(src); 1493 else 1494 memset(src, 0, sz); 1495 1496 memcpy(dst + left, src_is_aligned ? src + left : src, sz - left - right); 1497 1498 for (unsigned i = 0; i < (left & (~3U)); ++i) 1499 if (dst_is_poisoned) 1500 EXPECT_POISONED_O(dst[i], dst_origin); 1501 else 1502 EXPECT_NOT_POISONED(dst[i]); 1503 1504 for (unsigned i = 0; i < (right & (~3U)); ++i) 1505 if (dst_is_poisoned) 1506 EXPECT_POISONED_O(dst[sz - i - 1], dst_origin); 1507 else 1508 EXPECT_NOT_POISONED(dst[sz - i - 1]); 1509 1510 for (unsigned i = left; i < sz - right; ++i) 1511 if (src_is_poisoned) 1512 EXPECT_POISONED_O(dst[i], src_origin); 1513 else 1514 EXPECT_NOT_POISONED(dst[i]); 1515 1516 free(dst); 1517 free(src); 1518} 1519 1520TEST(MemorySanitizer, memcpy_unaligned) { 1521 for (int i = 0; i < 10; ++i) 1522 for (int j = 0; j < 10; ++j) 1523 for (int aligned = 0; aligned < 2; ++aligned) 1524 for (int srcp = 0; srcp < 2; ++srcp) 1525 for (int dstp = 0; dstp < 2; ++dstp) 1526 TestUnalignedMemcpy(i, j, aligned, srcp, dstp); 1527} 1528 1529TEST(MemorySanitizer, memmove) { 1530 char* x = new char[2]; 1531 char* y = new char[2]; 1532 x[0] = 1; 1533 x[1] = *GetPoisoned<char>(); 1534 memmove(y, x, 2); 1535 EXPECT_NOT_POISONED(y[0]); 1536 EXPECT_POISONED(y[1]); 1537} 1538 1539TEST(MemorySanitizer, memccpy_nomatch) { 1540 char* x = new char[5]; 1541 char* y = new char[5]; 1542 strcpy(x, "abc"); 1543 memccpy(y, x, 'd', 4); 1544 EXPECT_NOT_POISONED(y[0]); 1545 EXPECT_NOT_POISONED(y[1]); 1546 EXPECT_NOT_POISONED(y[2]); 1547 EXPECT_NOT_POISONED(y[3]); 1548 EXPECT_POISONED(y[4]); 1549 delete[] x; 1550 delete[] y; 1551} 1552 1553TEST(MemorySanitizer, memccpy_match) { 1554 char* x = new char[5]; 1555 char* y = new char[5]; 1556 strcpy(x, "abc"); 1557 memccpy(y, x, 'b', 4); 1558 EXPECT_NOT_POISONED(y[0]); 1559 EXPECT_NOT_POISONED(y[1]); 1560 EXPECT_POISONED(y[2]); 1561 EXPECT_POISONED(y[3]); 1562 EXPECT_POISONED(y[4]); 1563 delete[] x; 1564 delete[] y; 1565} 1566 1567TEST(MemorySanitizer, memccpy_nomatch_positive) { 1568 char* x = new char[5]; 1569 char* y = new char[5]; 1570 strcpy(x, "abc"); 1571 EXPECT_UMR(memccpy(y, x, 'd', 5)); 1572 delete[] x; 1573 delete[] y; 1574} 1575 1576TEST(MemorySanitizer, memccpy_match_positive) { 1577 char* x = new char[5]; 1578 char* y = new char[5]; 1579 x[0] = 'a'; 1580 x[2] = 'b'; 1581 EXPECT_UMR(memccpy(y, x, 'b', 5)); 1582 delete[] x; 1583 delete[] y; 1584} 1585 1586TEST(MemorySanitizer, bcopy) { 1587 char* x = new char[2]; 1588 char* y = new char[2]; 1589 x[0] = 1; 1590 x[1] = *GetPoisoned<char>(); 1591 bcopy(x, y, 2); 1592 EXPECT_NOT_POISONED(y[0]); 1593 EXPECT_POISONED(y[1]); 1594} 1595 1596TEST(MemorySanitizer, strdup) { 1597 char buf[4] = "abc"; 1598 __msan_poison(buf + 2, sizeof(*buf)); 1599 char *x = strdup(buf); 1600 EXPECT_NOT_POISONED(x[0]); 1601 EXPECT_NOT_POISONED(x[1]); 1602 EXPECT_POISONED(x[2]); 1603 EXPECT_NOT_POISONED(x[3]); 1604 free(x); 1605} 1606 1607TEST(MemorySanitizer, strndup) { 1608 char buf[4] = "abc"; 1609 __msan_poison(buf + 2, sizeof(*buf)); 1610 char *x; 1611 EXPECT_UMR(x = strndup(buf, 3)); 1612 EXPECT_NOT_POISONED(x[0]); 1613 EXPECT_NOT_POISONED(x[1]); 1614 EXPECT_POISONED(x[2]); 1615 EXPECT_NOT_POISONED(x[3]); 1616 free(x); 1617 // Check handling of non 0 terminated strings. 1618 buf[3] = 'z'; 1619 __msan_poison(buf + 3, sizeof(*buf)); 1620 EXPECT_UMR(x = strndup(buf + 3, 1)); 1621 EXPECT_POISONED(x[0]); 1622 EXPECT_NOT_POISONED(x[1]); 1623 free(x); 1624} 1625 1626TEST(MemorySanitizer, strndup_short) { 1627 char buf[4] = "abc"; 1628 __msan_poison(buf + 1, sizeof(*buf)); 1629 __msan_poison(buf + 2, sizeof(*buf)); 1630 char *x; 1631 EXPECT_UMR(x = strndup(buf, 2)); 1632 EXPECT_NOT_POISONED(x[0]); 1633 EXPECT_POISONED(x[1]); 1634 EXPECT_NOT_POISONED(x[2]); 1635 free(x); 1636} 1637 1638 1639template<class T, int size> 1640void TestOverlapMemmove() { 1641 T *x = new T[size]; 1642 ASSERT_GE(size, 3); 1643 x[2] = 0; 1644 memmove(x, x + 1, (size - 1) * sizeof(T)); 1645 EXPECT_NOT_POISONED(x[1]); 1646 EXPECT_POISONED(x[0]); 1647 EXPECT_POISONED(x[2]); 1648 delete [] x; 1649} 1650 1651TEST(MemorySanitizer, overlap_memmove) { 1652 TestOverlapMemmove<U1, 10>(); 1653 TestOverlapMemmove<U1, 1000>(); 1654 TestOverlapMemmove<U8, 4>(); 1655 TestOverlapMemmove<U8, 1000>(); 1656} 1657 1658TEST(MemorySanitizer, strcpy) { // NOLINT 1659 char* x = new char[3]; 1660 char* y = new char[3]; 1661 x[0] = 'a'; 1662 x[1] = *GetPoisoned<char>(1, 1); 1663 x[2] = 0; 1664 strcpy(y, x); // NOLINT 1665 EXPECT_NOT_POISONED(y[0]); 1666 EXPECT_POISONED(y[1]); 1667 EXPECT_NOT_POISONED(y[2]); 1668} 1669 1670TEST(MemorySanitizer, strncpy) { // NOLINT 1671 char* x = new char[3]; 1672 char* y = new char[5]; 1673 x[0] = 'a'; 1674 x[1] = *GetPoisoned<char>(1, 1); 1675 x[2] = '\0'; 1676 strncpy(y, x, 4); // NOLINT 1677 EXPECT_NOT_POISONED(y[0]); 1678 EXPECT_POISONED(y[1]); 1679 EXPECT_NOT_POISONED(y[2]); 1680 EXPECT_NOT_POISONED(y[3]); 1681 EXPECT_POISONED(y[4]); 1682} 1683 1684TEST(MemorySanitizer, stpcpy) { // NOLINT 1685 char* x = new char[3]; 1686 char* y = new char[3]; 1687 x[0] = 'a'; 1688 x[1] = *GetPoisoned<char>(1, 1); 1689 x[2] = 0; 1690 char *res = stpcpy(y, x); // NOLINT 1691 ASSERT_EQ(res, y + 2); 1692 EXPECT_NOT_POISONED(y[0]); 1693 EXPECT_POISONED(y[1]); 1694 EXPECT_NOT_POISONED(y[2]); 1695} 1696 1697TEST(MemorySanitizer, strcat) { // NOLINT 1698 char a[10]; 1699 char b[] = "def"; 1700 strcpy(a, "abc"); 1701 __msan_poison(b + 1, 1); 1702 strcat(a, b); 1703 EXPECT_NOT_POISONED(a[3]); 1704 EXPECT_POISONED(a[4]); 1705 EXPECT_NOT_POISONED(a[5]); 1706 EXPECT_NOT_POISONED(a[6]); 1707 EXPECT_POISONED(a[7]); 1708} 1709 1710TEST(MemorySanitizer, strncat) { // NOLINT 1711 char a[10]; 1712 char b[] = "def"; 1713 strcpy(a, "abc"); 1714 __msan_poison(b + 1, 1); 1715 strncat(a, b, 5); 1716 EXPECT_NOT_POISONED(a[3]); 1717 EXPECT_POISONED(a[4]); 1718 EXPECT_NOT_POISONED(a[5]); 1719 EXPECT_NOT_POISONED(a[6]); 1720 EXPECT_POISONED(a[7]); 1721} 1722 1723TEST(MemorySanitizer, strncat_overflow) { // NOLINT 1724 char a[10]; 1725 char b[] = "def"; 1726 strcpy(a, "abc"); 1727 __msan_poison(b + 1, 1); 1728 strncat(a, b, 2); 1729 EXPECT_NOT_POISONED(a[3]); 1730 EXPECT_POISONED(a[4]); 1731 EXPECT_NOT_POISONED(a[5]); 1732 EXPECT_POISONED(a[6]); 1733 EXPECT_POISONED(a[7]); 1734} 1735 1736TEST(MemorySanitizer, wcscat) { 1737 wchar_t a[10]; 1738 wchar_t b[] = L"def"; 1739 wcscpy(a, L"abc"); 1740 1741 wcscat(a, b); 1742 EXPECT_EQ(6U, wcslen(a)); 1743 EXPECT_POISONED(a[7]); 1744 1745 a[3] = 0; 1746 __msan_poison(b + 1, sizeof(wchar_t)); 1747 EXPECT_UMR(wcscat(a, b)); 1748 1749 __msan_unpoison(b + 1, sizeof(wchar_t)); 1750 __msan_poison(a + 2, sizeof(wchar_t)); 1751 EXPECT_UMR(wcscat(a, b)); 1752} 1753 1754TEST(MemorySanitizer, wcsncat) { 1755 wchar_t a[10]; 1756 wchar_t b[] = L"def"; 1757 wcscpy(a, L"abc"); 1758 1759 wcsncat(a, b, 5); 1760 EXPECT_EQ(6U, wcslen(a)); 1761 EXPECT_POISONED(a[7]); 1762 1763 a[3] = 0; 1764 __msan_poison(a + 4, sizeof(wchar_t) * 6); 1765 wcsncat(a, b, 2); 1766 EXPECT_EQ(5U, wcslen(a)); 1767 EXPECT_POISONED(a[6]); 1768 1769 a[3] = 0; 1770 __msan_poison(b + 1, sizeof(wchar_t)); 1771 EXPECT_UMR(wcsncat(a, b, 2)); 1772 1773 __msan_unpoison(b + 1, sizeof(wchar_t)); 1774 __msan_poison(a + 2, sizeof(wchar_t)); 1775 EXPECT_UMR(wcsncat(a, b, 2)); 1776} 1777 1778#define TEST_STRTO_INT(func_name, char_type, str_prefix) \ 1779 TEST(MemorySanitizer, func_name) { \ 1780 char_type *e; \ 1781 EXPECT_EQ(1U, func_name(str_prefix##"1", &e, 10)); \ 1782 EXPECT_NOT_POISONED((S8)e); \ 1783 } 1784 1785#define TEST_STRTO_FLOAT(func_name, char_type, str_prefix) \ 1786 TEST(MemorySanitizer, func_name) { \ 1787 char_type *e; \ 1788 EXPECT_NE(0, func_name(str_prefix##"1.5", &e)); \ 1789 EXPECT_NOT_POISONED((S8)e); \ 1790 } 1791 1792#define TEST_STRTO_FLOAT_LOC(func_name, char_type, str_prefix) \ 1793 TEST(MemorySanitizer, func_name) { \ 1794 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); \ 1795 char_type *e; \ 1796 EXPECT_NE(0, func_name(str_prefix##"1.5", &e, loc)); \ 1797 EXPECT_NOT_POISONED((S8)e); \ 1798 freelocale(loc); \ 1799 } 1800 1801#define TEST_STRTO_INT_LOC(func_name, char_type, str_prefix) \ 1802 TEST(MemorySanitizer, func_name) { \ 1803 locale_t loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t)0); \ 1804 char_type *e; \ 1805 ASSERT_EQ(1U, func_name(str_prefix##"1", &e, 10, loc)); \ 1806 EXPECT_NOT_POISONED((S8)e); \ 1807 freelocale(loc); \ 1808 } 1809 1810TEST_STRTO_INT(strtol, char, ) 1811TEST_STRTO_INT(strtoll, char, ) 1812TEST_STRTO_INT(strtoul, char, ) 1813TEST_STRTO_INT(strtoull, char, ) 1814TEST_STRTO_INT(strtouq, char, ) 1815 1816TEST_STRTO_FLOAT(strtof, char, ) 1817TEST_STRTO_FLOAT(strtod, char, ) 1818TEST_STRTO_FLOAT(strtold, char, ) 1819 1820TEST_STRTO_FLOAT_LOC(strtof_l, char, ) 1821TEST_STRTO_FLOAT_LOC(strtod_l, char, ) 1822TEST_STRTO_FLOAT_LOC(strtold_l, char, ) 1823 1824TEST_STRTO_INT_LOC(strtol_l, char, ) 1825TEST_STRTO_INT_LOC(strtoll_l, char, ) 1826TEST_STRTO_INT_LOC(strtoul_l, char, ) 1827TEST_STRTO_INT_LOC(strtoull_l, char, ) 1828 1829TEST_STRTO_INT(wcstol, wchar_t, L) 1830TEST_STRTO_INT(wcstoll, wchar_t, L) 1831TEST_STRTO_INT(wcstoul, wchar_t, L) 1832TEST_STRTO_INT(wcstoull, wchar_t, L) 1833 1834TEST_STRTO_FLOAT(wcstof, wchar_t, L) 1835TEST_STRTO_FLOAT(wcstod, wchar_t, L) 1836TEST_STRTO_FLOAT(wcstold, wchar_t, L) 1837 1838TEST_STRTO_FLOAT_LOC(wcstof_l, wchar_t, L) 1839TEST_STRTO_FLOAT_LOC(wcstod_l, wchar_t, L) 1840TEST_STRTO_FLOAT_LOC(wcstold_l, wchar_t, L) 1841 1842TEST_STRTO_INT_LOC(wcstol_l, wchar_t, L) 1843TEST_STRTO_INT_LOC(wcstoll_l, wchar_t, L) 1844TEST_STRTO_INT_LOC(wcstoul_l, wchar_t, L) 1845TEST_STRTO_INT_LOC(wcstoull_l, wchar_t, L) 1846 1847 1848TEST(MemorySanitizer, strtoimax) { 1849 char *e; 1850 ASSERT_EQ(1, strtoimax("1", &e, 10)); 1851 EXPECT_NOT_POISONED((S8) e); 1852} 1853 1854TEST(MemorySanitizer, strtoumax) { 1855 char *e; 1856 ASSERT_EQ(1U, strtoumax("1", &e, 10)); 1857 EXPECT_NOT_POISONED((S8) e); 1858} 1859 1860#ifdef __GLIBC__ 1861extern "C" float __strtof_l(const char *nptr, char **endptr, locale_t loc); 1862TEST_STRTO_FLOAT_LOC(__strtof_l, char, ) 1863extern "C" double __strtod_l(const char *nptr, char **endptr, locale_t loc); 1864TEST_STRTO_FLOAT_LOC(__strtod_l, char, ) 1865extern "C" long double __strtold_l(const char *nptr, char **endptr, 1866 locale_t loc); 1867TEST_STRTO_FLOAT_LOC(__strtold_l, char, ) 1868 1869extern "C" float __wcstof_l(const wchar_t *nptr, wchar_t **endptr, locale_t loc); 1870TEST_STRTO_FLOAT_LOC(__wcstof_l, wchar_t, L) 1871extern "C" double __wcstod_l(const wchar_t *nptr, wchar_t **endptr, locale_t loc); 1872TEST_STRTO_FLOAT_LOC(__wcstod_l, wchar_t, L) 1873extern "C" long double __wcstold_l(const wchar_t *nptr, wchar_t **endptr, 1874 locale_t loc); 1875TEST_STRTO_FLOAT_LOC(__wcstold_l, wchar_t, L) 1876#endif // __GLIBC__ 1877 1878TEST(MemorySanitizer, modf) { 1879 double x, y; 1880 x = modf(2.1, &y); 1881 EXPECT_NOT_POISONED(y); 1882} 1883 1884TEST(MemorySanitizer, modff) { 1885 float x, y; 1886 x = modff(2.1, &y); 1887 EXPECT_NOT_POISONED(y); 1888} 1889 1890TEST(MemorySanitizer, modfl) { 1891 long double x, y; 1892 x = modfl(2.1, &y); 1893 EXPECT_NOT_POISONED(y); 1894} 1895 1896#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1897TEST(MemorySanitizer, sincos) { 1898 double s, c; 1899 sincos(0.2, &s, &c); 1900 EXPECT_NOT_POISONED(s); 1901 EXPECT_NOT_POISONED(c); 1902} 1903#endif 1904 1905#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1906TEST(MemorySanitizer, sincosf) { 1907 float s, c; 1908 sincosf(0.2, &s, &c); 1909 EXPECT_NOT_POISONED(s); 1910 EXPECT_NOT_POISONED(c); 1911} 1912#endif 1913 1914#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1915TEST(MemorySanitizer, sincosl) { 1916 long double s, c; 1917 sincosl(0.2, &s, &c); 1918 EXPECT_NOT_POISONED(s); 1919 EXPECT_NOT_POISONED(c); 1920} 1921#endif 1922 1923TEST(MemorySanitizer, remquo) { 1924 int quo; 1925 double res = remquo(29.0, 3.0, &quo); 1926 ASSERT_NE(0.0, res); 1927 EXPECT_NOT_POISONED(quo); 1928} 1929 1930TEST(MemorySanitizer, remquof) { 1931 int quo; 1932 float res = remquof(29.0, 3.0, &quo); 1933 ASSERT_NE(0.0, res); 1934 EXPECT_NOT_POISONED(quo); 1935} 1936 1937#if !defined(__NetBSD__) 1938TEST(MemorySanitizer, remquol) { 1939 int quo; 1940 long double res = remquof(29.0, 3.0, &quo); 1941 ASSERT_NE(0.0, res); 1942 EXPECT_NOT_POISONED(quo); 1943} 1944#endif 1945 1946TEST(MemorySanitizer, lgamma) { 1947 double res = lgamma(1.1); 1948 ASSERT_NE(0.0, res); 1949 EXPECT_NOT_POISONED(signgam); 1950} 1951 1952TEST(MemorySanitizer, lgammaf) { 1953 float res = lgammaf(1.1); 1954 ASSERT_NE(0.0, res); 1955 EXPECT_NOT_POISONED(signgam); 1956} 1957 1958#if !defined(__NetBSD__) 1959TEST(MemorySanitizer, lgammal) { 1960 long double res = lgammal(1.1); 1961 ASSERT_NE(0.0, res); 1962 EXPECT_NOT_POISONED(signgam); 1963} 1964#endif 1965 1966TEST(MemorySanitizer, lgamma_r) { 1967 int sgn; 1968 double res = lgamma_r(1.1, &sgn); 1969 ASSERT_NE(0.0, res); 1970 EXPECT_NOT_POISONED(sgn); 1971} 1972 1973TEST(MemorySanitizer, lgammaf_r) { 1974 int sgn; 1975 float res = lgammaf_r(1.1, &sgn); 1976 ASSERT_NE(0.0, res); 1977 EXPECT_NOT_POISONED(sgn); 1978} 1979 1980#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1981TEST(MemorySanitizer, lgammal_r) { 1982 int sgn; 1983 long double res = lgammal_r(1.1, &sgn); 1984 ASSERT_NE(0.0, res); 1985 EXPECT_NOT_POISONED(sgn); 1986} 1987#endif 1988 1989#if !defined(__FreeBSD__) && !defined(__NetBSD__) 1990TEST(MemorySanitizer, drand48_r) { 1991 struct drand48_data buf; 1992 srand48_r(0, &buf); 1993 double d; 1994 drand48_r(&buf, &d); 1995 EXPECT_NOT_POISONED(d); 1996} 1997#endif 1998 1999#if !defined(__FreeBSD__) && !defined(__NetBSD__) 2000TEST(MemorySanitizer, lrand48_r) { 2001 struct drand48_data buf; 2002 srand48_r(0, &buf); 2003 long d; 2004 lrand48_r(&buf, &d); 2005 EXPECT_NOT_POISONED(d); 2006} 2007#endif 2008 2009TEST(MemorySanitizer, sprintf) { // NOLINT 2010 char buff[10]; 2011 break_optimization(buff); 2012 EXPECT_POISONED(buff[0]); 2013 int res = sprintf(buff, "%d", 1234567); // NOLINT 2014 ASSERT_EQ(res, 7); 2015 ASSERT_EQ(buff[0], '1'); 2016 ASSERT_EQ(buff[1], '2'); 2017 ASSERT_EQ(buff[2], '3'); 2018 ASSERT_EQ(buff[6], '7'); 2019 ASSERT_EQ(buff[7], 0); 2020 EXPECT_POISONED(buff[8]); 2021} 2022 2023TEST(MemorySanitizer, snprintf) { 2024 char buff[10]; 2025 break_optimization(buff); 2026 EXPECT_POISONED(buff[0]); 2027 int res = snprintf(buff, sizeof(buff), "%d", 1234567); 2028 ASSERT_EQ(res, 7); 2029 ASSERT_EQ(buff[0], '1'); 2030 ASSERT_EQ(buff[1], '2'); 2031 ASSERT_EQ(buff[2], '3'); 2032 ASSERT_EQ(buff[6], '7'); 2033 ASSERT_EQ(buff[7], 0); 2034 EXPECT_POISONED(buff[8]); 2035} 2036 2037TEST(MemorySanitizer, swprintf) { 2038 wchar_t buff[10]; 2039 ASSERT_EQ(4U, sizeof(wchar_t)); 2040 break_optimization(buff); 2041 EXPECT_POISONED(buff[0]); 2042 int res = swprintf(buff, 9, L"%d", 1234567); 2043 ASSERT_EQ(res, 7); 2044 ASSERT_EQ(buff[0], '1'); 2045 ASSERT_EQ(buff[1], '2'); 2046 ASSERT_EQ(buff[2], '3'); 2047 ASSERT_EQ(buff[6], '7'); 2048 ASSERT_EQ(buff[7], L'\0'); 2049 EXPECT_POISONED(buff[8]); 2050} 2051 2052TEST(MemorySanitizer, asprintf) { // NOLINT 2053 char *pbuf; 2054 EXPECT_POISONED(pbuf); 2055 int res = asprintf(&pbuf, "%d", 1234567); // NOLINT 2056 ASSERT_EQ(res, 7); 2057 EXPECT_NOT_POISONED(pbuf); 2058 ASSERT_EQ(pbuf[0], '1'); 2059 ASSERT_EQ(pbuf[1], '2'); 2060 ASSERT_EQ(pbuf[2], '3'); 2061 ASSERT_EQ(pbuf[6], '7'); 2062 ASSERT_EQ(pbuf[7], 0); 2063 free(pbuf); 2064} 2065 2066TEST(MemorySanitizer, mbstowcs) { 2067 const char *x = "abc"; 2068 wchar_t buff[10]; 2069 int res = mbstowcs(buff, x, 2); 2070 EXPECT_EQ(2, res); 2071 EXPECT_EQ(L'a', buff[0]); 2072 EXPECT_EQ(L'b', buff[1]); 2073 EXPECT_POISONED(buff[2]); 2074 res = mbstowcs(buff, x, 10); 2075 EXPECT_EQ(3, res); 2076 EXPECT_NOT_POISONED(buff[3]); 2077} 2078 2079TEST(MemorySanitizer, wcstombs) { 2080 const wchar_t *x = L"abc"; 2081 char buff[10]; 2082 int res = wcstombs(buff, x, 4); 2083 EXPECT_EQ(res, 3); 2084 EXPECT_EQ(buff[0], 'a'); 2085 EXPECT_EQ(buff[1], 'b'); 2086 EXPECT_EQ(buff[2], 'c'); 2087} 2088 2089TEST(MemorySanitizer, wcsrtombs) { 2090 const wchar_t *x = L"abc"; 2091 const wchar_t *p = x; 2092 char buff[10]; 2093 mbstate_t mbs; 2094 memset(&mbs, 0, sizeof(mbs)); 2095 int res = wcsrtombs(buff, &p, 4, &mbs); 2096 EXPECT_EQ(res, 3); 2097 EXPECT_EQ(buff[0], 'a'); 2098 EXPECT_EQ(buff[1], 'b'); 2099 EXPECT_EQ(buff[2], 'c'); 2100 EXPECT_EQ(buff[3], '\0'); 2101 EXPECT_POISONED(buff[4]); 2102} 2103 2104TEST(MemorySanitizer, wcsnrtombs) { 2105 const wchar_t *x = L"abc"; 2106 const wchar_t *p = x; 2107 char buff[10]; 2108 mbstate_t mbs; 2109 memset(&mbs, 0, sizeof(mbs)); 2110 int res = wcsnrtombs(buff, &p, 2, 4, &mbs); 2111 EXPECT_EQ(res, 2); 2112 EXPECT_EQ(buff[0], 'a'); 2113 EXPECT_EQ(buff[1], 'b'); 2114 EXPECT_POISONED(buff[2]); 2115} 2116 2117TEST(MemorySanitizer, wcrtomb) { 2118 wchar_t x = L'a'; 2119 char buff[10]; 2120 mbstate_t mbs; 2121 memset(&mbs, 0, sizeof(mbs)); 2122 size_t res = wcrtomb(buff, x, &mbs); 2123 EXPECT_EQ(res, (size_t)1); 2124 EXPECT_EQ(buff[0], 'a'); 2125} 2126 2127TEST(MemorySanitizer, wmemset) { 2128 wchar_t x[25]; 2129 break_optimization(x); 2130 EXPECT_POISONED(x[0]); 2131 wmemset(x, L'A', 10); 2132 EXPECT_EQ(x[0], L'A'); 2133 EXPECT_EQ(x[9], L'A'); 2134 EXPECT_POISONED(x[10]); 2135} 2136 2137TEST(MemorySanitizer, mbtowc) { 2138 const char *x = "abc"; 2139 wchar_t wx; 2140 int res = mbtowc(&wx, x, 3); 2141 EXPECT_GT(res, 0); 2142 EXPECT_NOT_POISONED(wx); 2143} 2144 2145TEST(MemorySanitizer, mbrtowc) { 2146 mbstate_t mbs = {}; 2147 2148 wchar_t wc; 2149 size_t res = mbrtowc(&wc, "\377", 1, &mbs); 2150 EXPECT_EQ(res, -1ULL); 2151 2152 res = mbrtowc(&wc, "abc", 3, &mbs); 2153 EXPECT_GT(res, 0ULL); 2154 EXPECT_NOT_POISONED(wc); 2155} 2156 2157TEST(MemorySanitizer, wcsftime) { 2158 wchar_t x[100]; 2159 time_t t = time(NULL); 2160 struct tm tms; 2161 struct tm *tmres = localtime_r(&t, &tms); 2162 ASSERT_NE((void *)0, tmres); 2163 size_t res = wcsftime(x, sizeof(x) / sizeof(x[0]), L"%Y-%m-%d", tmres); 2164 EXPECT_GT(res, 0UL); 2165 EXPECT_EQ(res, wcslen(x)); 2166} 2167 2168TEST(MemorySanitizer, gettimeofday) { 2169 struct timeval tv; 2170 struct timezone tz; 2171 break_optimization(&tv); 2172 break_optimization(&tz); 2173 ASSERT_EQ(16U, sizeof(tv)); 2174 ASSERT_EQ(8U, sizeof(tz)); 2175 EXPECT_POISONED(tv.tv_sec); 2176 EXPECT_POISONED(tv.tv_usec); 2177 EXPECT_POISONED(tz.tz_minuteswest); 2178 EXPECT_POISONED(tz.tz_dsttime); 2179 ASSERT_EQ(0, gettimeofday(&tv, &tz)); 2180 EXPECT_NOT_POISONED(tv.tv_sec); 2181 EXPECT_NOT_POISONED(tv.tv_usec); 2182 EXPECT_NOT_POISONED(tz.tz_minuteswest); 2183 EXPECT_NOT_POISONED(tz.tz_dsttime); 2184} 2185 2186TEST(MemorySanitizer, clock_gettime) { 2187 struct timespec tp; 2188 EXPECT_POISONED(tp.tv_sec); 2189 EXPECT_POISONED(tp.tv_nsec); 2190 ASSERT_EQ(0, clock_gettime(CLOCK_REALTIME, &tp)); 2191 EXPECT_NOT_POISONED(tp.tv_sec); 2192 EXPECT_NOT_POISONED(tp.tv_nsec); 2193} 2194 2195TEST(MemorySanitizer, clock_getres) { 2196 struct timespec tp; 2197 EXPECT_POISONED(tp.tv_sec); 2198 EXPECT_POISONED(tp.tv_nsec); 2199 ASSERT_EQ(0, clock_getres(CLOCK_REALTIME, 0)); 2200 EXPECT_POISONED(tp.tv_sec); 2201 EXPECT_POISONED(tp.tv_nsec); 2202 ASSERT_EQ(0, clock_getres(CLOCK_REALTIME, &tp)); 2203 EXPECT_NOT_POISONED(tp.tv_sec); 2204 EXPECT_NOT_POISONED(tp.tv_nsec); 2205} 2206 2207TEST(MemorySanitizer, getitimer) { 2208 struct itimerval it1, it2; 2209 int res; 2210 EXPECT_POISONED(it1.it_interval.tv_sec); 2211 EXPECT_POISONED(it1.it_interval.tv_usec); 2212 EXPECT_POISONED(it1.it_value.tv_sec); 2213 EXPECT_POISONED(it1.it_value.tv_usec); 2214 res = getitimer(ITIMER_VIRTUAL, &it1); 2215 ASSERT_EQ(0, res); 2216 EXPECT_NOT_POISONED(it1.it_interval.tv_sec); 2217 EXPECT_NOT_POISONED(it1.it_interval.tv_usec); 2218 EXPECT_NOT_POISONED(it1.it_value.tv_sec); 2219 EXPECT_NOT_POISONED(it1.it_value.tv_usec); 2220 2221 it1.it_interval.tv_sec = it1.it_value.tv_sec = 10000; 2222 it1.it_interval.tv_usec = it1.it_value.tv_usec = 0; 2223 2224 res = setitimer(ITIMER_VIRTUAL, &it1, &it2); 2225 ASSERT_EQ(0, res); 2226 EXPECT_NOT_POISONED(it2.it_interval.tv_sec); 2227 EXPECT_NOT_POISONED(it2.it_interval.tv_usec); 2228 EXPECT_NOT_POISONED(it2.it_value.tv_sec); 2229 EXPECT_NOT_POISONED(it2.it_value.tv_usec); 2230 2231 // Check that old_value can be 0, and disable the timer. 2232 memset(&it1, 0, sizeof(it1)); 2233 res = setitimer(ITIMER_VIRTUAL, &it1, 0); 2234 ASSERT_EQ(0, res); 2235} 2236 2237TEST(MemorySanitizer, setitimer_null) { 2238 setitimer(ITIMER_VIRTUAL, 0, 0); 2239 // Not testing the return value, since it the behaviour seems to differ 2240 // between libc implementations and POSIX. 2241 // Should never crash, though. 2242} 2243 2244TEST(MemorySanitizer, time) { 2245 time_t t; 2246 EXPECT_POISONED(t); 2247 time_t t2 = time(&t); 2248 ASSERT_NE(t2, (time_t)-1); 2249 EXPECT_NOT_POISONED(t); 2250} 2251 2252TEST(MemorySanitizer, strptime) { 2253 struct tm time; 2254 char *p = strptime("11/1/2013-05:39", "%m/%d/%Y-%H:%M", &time); 2255 ASSERT_TRUE(p != NULL); 2256 EXPECT_NOT_POISONED(time.tm_sec); 2257 EXPECT_NOT_POISONED(time.tm_hour); 2258 EXPECT_NOT_POISONED(time.tm_year); 2259} 2260 2261TEST(MemorySanitizer, localtime) { 2262 time_t t = 123; 2263 struct tm *time = localtime(&t); 2264 ASSERT_TRUE(time != NULL); 2265 EXPECT_NOT_POISONED(time->tm_sec); 2266 EXPECT_NOT_POISONED(time->tm_hour); 2267 EXPECT_NOT_POISONED(time->tm_year); 2268 EXPECT_NOT_POISONED(time->tm_isdst); 2269 EXPECT_NE(0U, strlen(time->tm_zone)); 2270} 2271 2272TEST(MemorySanitizer, localtime_r) { 2273 time_t t = 123; 2274 struct tm time; 2275 struct tm *res = localtime_r(&t, &time); 2276 ASSERT_TRUE(res != NULL); 2277 EXPECT_NOT_POISONED(time.tm_sec); 2278 EXPECT_NOT_POISONED(time.tm_hour); 2279 EXPECT_NOT_POISONED(time.tm_year); 2280 EXPECT_NOT_POISONED(time.tm_isdst); 2281 EXPECT_NE(0U, strlen(time.tm_zone)); 2282} 2283 2284#if !defined(__FreeBSD__) && !defined(__NetBSD__) 2285/* Creates a temporary file with contents similar to /etc/fstab to be used 2286 with getmntent{_r}. */ 2287class TempFstabFile { 2288 public: 2289 TempFstabFile() : fd (-1) { } 2290 ~TempFstabFile() { 2291 if (fd >= 0) 2292 close (fd); 2293 } 2294 2295 bool Create(void) { 2296 snprintf(tmpfile, sizeof(tmpfile), "/tmp/msan.getmntent.tmp.XXXXXX"); 2297 2298 fd = mkstemp(tmpfile); 2299 if (fd == -1) 2300 return false; 2301 2302 const char entry[] = "/dev/root / ext4 errors=remount-ro 0 1"; 2303 size_t entrylen = sizeof(entry); 2304 2305 size_t bytesWritten = write(fd, entry, entrylen); 2306 if (entrylen != bytesWritten) 2307 return false; 2308 2309 return true; 2310 } 2311 2312 const char* FileName(void) { 2313 return tmpfile; 2314 } 2315 2316 private: 2317 char tmpfile[128]; 2318 int fd; 2319}; 2320#endif 2321 2322#if !defined(__FreeBSD__) && !defined(__NetBSD__) 2323TEST(MemorySanitizer, getmntent) { 2324 TempFstabFile fstabtmp; 2325 ASSERT_TRUE(fstabtmp.Create()); 2326 FILE *fp = setmntent(fstabtmp.FileName(), "r"); 2327 2328 struct mntent *mnt = getmntent(fp); 2329 ASSERT_TRUE(mnt != NULL); 2330 ASSERT_NE(0U, strlen(mnt->mnt_fsname)); 2331 ASSERT_NE(0U, strlen(mnt->mnt_dir)); 2332 ASSERT_NE(0U, strlen(mnt->mnt_type)); 2333 ASSERT_NE(0U, strlen(mnt->mnt_opts)); 2334 EXPECT_NOT_POISONED(mnt->mnt_freq); 2335 EXPECT_NOT_POISONED(mnt->mnt_passno); 2336 fclose(fp); 2337} 2338#endif 2339 2340#if !defined(__FreeBSD__) && !defined(__NetBSD__) 2341TEST(MemorySanitizer, getmntent_r) { 2342 TempFstabFile fstabtmp; 2343 ASSERT_TRUE(fstabtmp.Create()); 2344 FILE *fp = setmntent(fstabtmp.FileName(), "r"); 2345 2346 struct mntent mntbuf; 2347 char buf[1000]; 2348 struct mntent *mnt = getmntent_r(fp, &mntbuf, buf, sizeof(buf)); 2349 ASSERT_TRUE(mnt != NULL); 2350 ASSERT_NE(0U, strlen(mnt->mnt_fsname)); 2351 ASSERT_NE(0U, strlen(mnt->mnt_dir)); 2352 ASSERT_NE(0U, strlen(mnt->mnt_type)); 2353 ASSERT_NE(0U, strlen(mnt->mnt_opts)); 2354 EXPECT_NOT_POISONED(mnt->mnt_freq); 2355 EXPECT_NOT_POISONED(mnt->mnt_passno); 2356 fclose(fp); 2357} 2358#endif 2359 2360#if !defined(__NetBSD__) 2361TEST(MemorySanitizer, ether) { 2362 const char *asc = "11:22:33:44:55:66"; 2363 struct ether_addr *paddr = ether_aton(asc); 2364 EXPECT_NOT_POISONED(*paddr); 2365 2366 struct ether_addr addr; 2367 paddr = ether_aton_r(asc, &addr); 2368 ASSERT_EQ(paddr, &addr); 2369 EXPECT_NOT_POISONED(addr); 2370 2371 char *s = ether_ntoa(&addr); 2372 ASSERT_NE(0U, strlen(s)); 2373 2374 char buf[100]; 2375 s = ether_ntoa_r(&addr, buf); 2376 ASSERT_EQ(s, buf); 2377 ASSERT_NE(0U, strlen(buf)); 2378} 2379#endif 2380 2381TEST(MemorySanitizer, mmap) { 2382 const int size = 4096; 2383 void *p1, *p2; 2384 p1 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); 2385 __msan_poison(p1, size); 2386 munmap(p1, size); 2387 for (int i = 0; i < 1000; i++) { 2388 p2 = mmap(0, size, PROT_READ|PROT_WRITE, MAP_PRIVATE|MAP_ANON, -1, 0); 2389 if (p2 == p1) 2390 break; 2391 else 2392 munmap(p2, size); 2393 } 2394 if (p1 == p2) { 2395 EXPECT_NOT_POISONED(*(char*)p2); 2396 munmap(p2, size); 2397 } 2398} 2399 2400#if !defined(__FreeBSD__) && !defined(__NetBSD__) 2401// FIXME: enable and add ecvt. 2402// FIXME: check why msandr does nt handle fcvt. 2403TEST(MemorySanitizer, fcvt) { 2404 int a, b; 2405 break_optimization(&a); 2406 break_optimization(&b); 2407 EXPECT_POISONED(a); 2408 EXPECT_POISONED(b); 2409 char *str = fcvt(12345.6789, 10, &a, &b); 2410 EXPECT_NOT_POISONED(a); 2411 EXPECT_NOT_POISONED(b); 2412 ASSERT_NE(nullptr, str); 2413 EXPECT_NOT_POISONED(str[0]); 2414 ASSERT_NE(0U, strlen(str)); 2415} 2416#endif 2417 2418#if !defined(__FreeBSD__) && !defined(__NetBSD__) 2419TEST(MemorySanitizer, fcvt_long) { 2420 int a, b; 2421 break_optimization(&a); 2422 break_optimization(&b); 2423 EXPECT_POISONED(a); 2424 EXPECT_POISONED(b); 2425 char *str = fcvt(111111112345.6789, 10, &a, &b); 2426 EXPECT_NOT_POISONED(a); 2427 EXPECT_NOT_POISONED(b); 2428 ASSERT_NE(nullptr, str); 2429 EXPECT_NOT_POISONED(str[0]); 2430 ASSERT_NE(0U, strlen(str)); 2431} 2432#endif 2433 2434TEST(MemorySanitizer, memchr) { 2435 char x[10]; 2436 break_optimization(x); 2437 EXPECT_POISONED(x[0]); 2438 x[2] = '2'; 2439 void *res; 2440 EXPECT_UMR(res = memchr(x, '2', 10)); 2441 EXPECT_NOT_POISONED(res); 2442 x[0] = '0'; 2443 x[1] = '1'; 2444 res = memchr(x, '2', 10); 2445 EXPECT_EQ(&x[2], res); 2446 EXPECT_UMR(res = memchr(x, '3', 10)); 2447 EXPECT_NOT_POISONED(res); 2448} 2449 2450TEST(MemorySanitizer, memrchr) { 2451 char x[10]; 2452 break_optimization(x); 2453 EXPECT_POISONED(x[0]); 2454 x[9] = '9'; 2455 void *res; 2456 EXPECT_UMR(res = memrchr(x, '9', 10)); 2457 EXPECT_NOT_POISONED(res); 2458 x[0] = '0'; 2459 x[1] = '1'; 2460 res = memrchr(x, '0', 2); 2461 EXPECT_EQ(&x[0], res); 2462 EXPECT_UMR(res = memrchr(x, '7', 10)); 2463 EXPECT_NOT_POISONED(res); 2464} 2465 2466TEST(MemorySanitizer, frexp) { 2467 int x; 2468 x = *GetPoisoned<int>(); 2469 double r = frexp(1.1, &x); 2470 EXPECT_NOT_POISONED(r); 2471 EXPECT_NOT_POISONED(x); 2472 2473 x = *GetPoisoned<int>(); 2474 float rf = frexpf(1.1, &x); 2475 EXPECT_NOT_POISONED(rf); 2476 EXPECT_NOT_POISONED(x); 2477 2478 x = *GetPoisoned<int>(); 2479 double rl = frexpl(1.1, &x); 2480 EXPECT_NOT_POISONED(rl); 2481 EXPECT_NOT_POISONED(x); 2482} 2483 2484namespace { 2485 2486static int cnt; 2487 2488void SigactionHandler(int signo, siginfo_t* si, void* uc) { 2489 ASSERT_EQ(signo, SIGPROF); 2490 ASSERT_TRUE(si != NULL); 2491 EXPECT_NOT_POISONED(si->si_errno); 2492 EXPECT_NOT_POISONED(si->si_pid); 2493#ifdef _UC_MACHINE_PC 2494 EXPECT_NOT_POISONED(_UC_MACHINE_PC((ucontext_t*)uc)); 2495#else 2496# if __linux__ 2497# if defined(__x86_64__) 2498 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_RIP]); 2499# elif defined(__i386__) 2500 EXPECT_NOT_POISONED(((ucontext_t*)uc)->uc_mcontext.gregs[REG_EIP]); 2501# endif 2502# endif 2503#endif 2504 ++cnt; 2505} 2506 2507TEST(MemorySanitizer, sigaction) { 2508 struct sigaction act = {}; 2509 struct sigaction oldact = {}; 2510 struct sigaction origact = {}; 2511 2512 sigaction(SIGPROF, 0, &origact); 2513 2514 act.sa_flags |= SA_SIGINFO; 2515 act.sa_sigaction = &SigactionHandler; 2516 sigaction(SIGPROF, &act, 0); 2517 2518 kill(getpid(), SIGPROF); 2519 2520 act.sa_flags &= ~SA_SIGINFO; 2521 act.sa_handler = SIG_DFL; 2522 sigaction(SIGPROF, &act, 0); 2523 2524 act.sa_flags &= ~SA_SIGINFO; 2525 act.sa_handler = SIG_IGN; 2526 sigaction(SIGPROF, &act, &oldact); 2527 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO); 2528 EXPECT_EQ(SIG_DFL, oldact.sa_handler); 2529 kill(getpid(), SIGPROF); 2530 2531 act.sa_flags |= SA_SIGINFO; 2532 act.sa_sigaction = &SigactionHandler; 2533 sigaction(SIGPROF, &act, &oldact); 2534 EXPECT_FALSE(oldact.sa_flags & SA_SIGINFO); 2535 EXPECT_EQ(SIG_IGN, oldact.sa_handler); 2536 kill(getpid(), SIGPROF); 2537 2538 act.sa_flags &= ~SA_SIGINFO; 2539 act.sa_handler = SIG_DFL; 2540 sigaction(SIGPROF, &act, &oldact); 2541 EXPECT_TRUE(oldact.sa_flags & SA_SIGINFO); 2542 EXPECT_EQ(&SigactionHandler, oldact.sa_sigaction); 2543 EXPECT_EQ(2, cnt); 2544 2545 sigaction(SIGPROF, &origact, 0); 2546} 2547 2548} // namespace 2549 2550 2551TEST(MemorySanitizer, sigemptyset) { 2552 sigset_t s; 2553 EXPECT_POISONED(s); 2554 int res = sigemptyset(&s); 2555 ASSERT_EQ(0, res); 2556 EXPECT_NOT_POISONED(s); 2557} 2558 2559TEST(MemorySanitizer, sigfillset) { 2560 sigset_t s; 2561 EXPECT_POISONED(s); 2562 int res = sigfillset(&s); 2563 ASSERT_EQ(0, res); 2564 EXPECT_NOT_POISONED(s); 2565} 2566 2567TEST(MemorySanitizer, sigpending) { 2568 sigset_t s; 2569 EXPECT_POISONED(s); 2570 int res = sigpending(&s); 2571 ASSERT_EQ(0, res); 2572 EXPECT_NOT_POISONED(s); 2573} 2574 2575TEST(MemorySanitizer, sigprocmask) { 2576 sigset_t s; 2577 EXPECT_POISONED(s); 2578 int res = sigprocmask(SIG_BLOCK, 0, &s); 2579 ASSERT_EQ(0, res); 2580 EXPECT_NOT_POISONED(s); 2581} 2582 2583struct StructWithDtor { 2584 ~StructWithDtor(); 2585}; 2586 2587NOINLINE StructWithDtor::~StructWithDtor() { 2588 break_optimization(0); 2589} 2590 2591TEST(MemorySanitizer, Invoke) { 2592 StructWithDtor s; // Will cause the calls to become invokes. 2593 EXPECT_NOT_POISONED(0); 2594 EXPECT_POISONED(*GetPoisoned<int>()); 2595 EXPECT_NOT_POISONED(0); 2596 EXPECT_POISONED(*GetPoisoned<int>()); 2597 EXPECT_POISONED(ReturnPoisoned<S4>()); 2598} 2599 2600TEST(MemorySanitizer, ptrtoint) { 2601 // Test that shadow is propagated through pointer-to-integer conversion. 2602 unsigned char c = 0; 2603 __msan_poison(&c, 1); 2604 uintptr_t u = (uintptr_t)c << 8; 2605 EXPECT_NOT_POISONED(u & 0xFF00FF); 2606 EXPECT_POISONED(u & 0xFF00); 2607 2608 break_optimization(&u); 2609 void* p = (void*)u; 2610 2611 break_optimization(&p); 2612 EXPECT_POISONED(p); 2613 EXPECT_NOT_POISONED(((uintptr_t)p) & 0xFF00FF); 2614 EXPECT_POISONED(((uintptr_t)p) & 0xFF00); 2615} 2616 2617static void vaargsfn2(int guard, ...) { 2618 va_list vl; 2619 va_start(vl, guard); 2620 EXPECT_NOT_POISONED(va_arg(vl, int)); 2621 EXPECT_NOT_POISONED(va_arg(vl, int)); 2622 EXPECT_NOT_POISONED(va_arg(vl, int)); 2623 EXPECT_POISONED(va_arg(vl, double)); 2624 va_end(vl); 2625} 2626 2627static void vaargsfn(int guard, ...) { 2628 va_list vl; 2629 va_start(vl, guard); 2630 EXPECT_NOT_POISONED(va_arg(vl, int)); 2631 EXPECT_POISONED(va_arg(vl, int)); 2632 // The following call will overwrite __msan_param_tls. 2633 // Checks after it test that arg shadow was somehow saved across the call. 2634 vaargsfn2(1, 2, 3, 4, *GetPoisoned<double>()); 2635 EXPECT_NOT_POISONED(va_arg(vl, int)); 2636 EXPECT_POISONED(va_arg(vl, int)); 2637 va_end(vl); 2638} 2639 2640TEST(MemorySanitizer, VAArgTest) { 2641 int* x = GetPoisoned<int>(); 2642 int* y = GetPoisoned<int>(4); 2643 vaargsfn(1, 13, *x, 42, *y); 2644} 2645 2646static void vaargsfn_many(int guard, ...) { 2647 va_list vl; 2648 va_start(vl, guard); 2649 EXPECT_NOT_POISONED(va_arg(vl, int)); 2650 EXPECT_POISONED(va_arg(vl, int)); 2651 EXPECT_NOT_POISONED(va_arg(vl, int)); 2652 EXPECT_NOT_POISONED(va_arg(vl, int)); 2653 EXPECT_NOT_POISONED(va_arg(vl, int)); 2654 EXPECT_NOT_POISONED(va_arg(vl, int)); 2655 EXPECT_NOT_POISONED(va_arg(vl, int)); 2656 EXPECT_NOT_POISONED(va_arg(vl, int)); 2657 EXPECT_NOT_POISONED(va_arg(vl, int)); 2658 EXPECT_POISONED(va_arg(vl, int)); 2659 va_end(vl); 2660} 2661 2662TEST(MemorySanitizer, VAArgManyTest) { 2663 int* x = GetPoisoned<int>(); 2664 int* y = GetPoisoned<int>(4); 2665 vaargsfn_many(1, 2, *x, 3, 4, 5, 6, 7, 8, 9, *y); 2666} 2667 2668static void vaargsfn_manyfix(int g1, int g2, int g3, int g4, int g5, int g6, int g7, int g8, int g9, ...) { 2669 va_list vl; 2670 va_start(vl, g9); 2671 EXPECT_NOT_POISONED(va_arg(vl, int)); 2672 EXPECT_POISONED(va_arg(vl, int)); 2673 va_end(vl); 2674} 2675 2676TEST(MemorySanitizer, VAArgManyFixTest) { 2677 int* x = GetPoisoned<int>(); 2678 int* y = GetPoisoned<int>(); 2679 vaargsfn_manyfix(1, *x, 3, 4, 5, 6, 7, 8, 9, 10, *y); 2680} 2681 2682static void vaargsfn_pass2(va_list vl) { 2683 EXPECT_NOT_POISONED(va_arg(vl, int)); 2684 EXPECT_NOT_POISONED(va_arg(vl, int)); 2685 EXPECT_POISONED(va_arg(vl, int)); 2686} 2687 2688static void vaargsfn_pass(int guard, ...) { 2689 va_list vl; 2690 va_start(vl, guard); 2691 EXPECT_POISONED(va_arg(vl, int)); 2692 vaargsfn_pass2(vl); 2693 va_end(vl); 2694} 2695 2696TEST(MemorySanitizer, VAArgPass) { 2697 int* x = GetPoisoned<int>(); 2698 int* y = GetPoisoned<int>(4); 2699 vaargsfn_pass(1, *x, 2, 3, *y); 2700} 2701 2702static void vaargsfn_copy2(va_list vl) { 2703 EXPECT_NOT_POISONED(va_arg(vl, int)); 2704 EXPECT_POISONED(va_arg(vl, int)); 2705} 2706 2707static void vaargsfn_copy(int guard, ...) { 2708 va_list vl; 2709 va_start(vl, guard); 2710 EXPECT_NOT_POISONED(va_arg(vl, int)); 2711 EXPECT_POISONED(va_arg(vl, int)); 2712 va_list vl2; 2713 va_copy(vl2, vl); 2714 vaargsfn_copy2(vl2); 2715 EXPECT_NOT_POISONED(va_arg(vl, int)); 2716 EXPECT_POISONED(va_arg(vl, int)); 2717 va_end(vl); 2718} 2719 2720TEST(MemorySanitizer, VAArgCopy) { 2721 int* x = GetPoisoned<int>(); 2722 int* y = GetPoisoned<int>(4); 2723 vaargsfn_copy(1, 2, *x, 3, *y); 2724} 2725 2726static void vaargsfn_ptr(int guard, ...) { 2727 va_list vl; 2728 va_start(vl, guard); 2729 EXPECT_NOT_POISONED(va_arg(vl, int*)); 2730 EXPECT_POISONED(va_arg(vl, int*)); 2731 EXPECT_NOT_POISONED(va_arg(vl, int*)); 2732 EXPECT_POISONED(va_arg(vl, double*)); 2733 va_end(vl); 2734} 2735 2736TEST(MemorySanitizer, VAArgPtr) { 2737 int** x = GetPoisoned<int*>(); 2738 double** y = GetPoisoned<double*>(8); 2739 int z; 2740 vaargsfn_ptr(1, &z, *x, &z, *y); 2741} 2742 2743static void vaargsfn_overflow(int guard, ...) { 2744 va_list vl; 2745 va_start(vl, guard); 2746 EXPECT_NOT_POISONED(va_arg(vl, int)); 2747 EXPECT_NOT_POISONED(va_arg(vl, int)); 2748 EXPECT_POISONED(va_arg(vl, int)); 2749 EXPECT_NOT_POISONED(va_arg(vl, int)); 2750 EXPECT_NOT_POISONED(va_arg(vl, int)); 2751 EXPECT_NOT_POISONED(va_arg(vl, int)); 2752 2753 EXPECT_NOT_POISONED(va_arg(vl, double)); 2754 EXPECT_NOT_POISONED(va_arg(vl, double)); 2755 EXPECT_NOT_POISONED(va_arg(vl, double)); 2756 EXPECT_POISONED(va_arg(vl, double)); 2757 EXPECT_NOT_POISONED(va_arg(vl, double)); 2758 EXPECT_POISONED(va_arg(vl, int*)); 2759 EXPECT_NOT_POISONED(va_arg(vl, double)); 2760 EXPECT_NOT_POISONED(va_arg(vl, double)); 2761 2762 EXPECT_POISONED(va_arg(vl, int)); 2763 EXPECT_POISONED(va_arg(vl, double)); 2764 EXPECT_POISONED(va_arg(vl, int*)); 2765 2766 EXPECT_NOT_POISONED(va_arg(vl, int)); 2767 EXPECT_NOT_POISONED(va_arg(vl, double)); 2768 EXPECT_NOT_POISONED(va_arg(vl, int*)); 2769 2770 EXPECT_POISONED(va_arg(vl, int)); 2771 EXPECT_POISONED(va_arg(vl, double)); 2772 EXPECT_POISONED(va_arg(vl, int*)); 2773 2774 va_end(vl); 2775} 2776 2777TEST(MemorySanitizer, VAArgOverflow) { 2778 int* x = GetPoisoned<int>(); 2779 double* y = GetPoisoned<double>(8); 2780 int** p = GetPoisoned<int*>(16); 2781 int z; 2782 vaargsfn_overflow(1, 2783 1, 2, *x, 4, 5, 6, 2784 1.1, 2.2, 3.3, *y, 5.5, *p, 7.7, 8.8, 2785 // the following args will overflow for sure 2786 *x, *y, *p, 2787 7, 9.9, &z, 2788 *x, *y, *p); 2789} 2790 2791static void vaargsfn_tlsoverwrite2(int guard, ...) { 2792 va_list vl; 2793 va_start(vl, guard); 2794 for (int i = 0; i < 20; ++i) 2795 EXPECT_NOT_POISONED(va_arg(vl, int)); 2796 va_end(vl); 2797} 2798 2799static void vaargsfn_tlsoverwrite(int guard, ...) { 2800 // This call will overwrite TLS contents unless it's backed up somewhere. 2801 vaargsfn_tlsoverwrite2(2, 2802 42, 42, 42, 42, 42, 2803 42, 42, 42, 42, 42, 2804 42, 42, 42, 42, 42, 2805 42, 42, 42, 42, 42); // 20x 2806 va_list vl; 2807 va_start(vl, guard); 2808 for (int i = 0; i < 20; ++i) 2809 EXPECT_POISONED(va_arg(vl, int)); 2810 va_end(vl); 2811} 2812 2813TEST(MemorySanitizer, VAArgTLSOverwrite) { 2814 int* x = GetPoisoned<int>(); 2815 vaargsfn_tlsoverwrite(1, 2816 *x, *x, *x, *x, *x, 2817 *x, *x, *x, *x, *x, 2818 *x, *x, *x, *x, *x, 2819 *x, *x, *x, *x, *x); // 20x 2820 2821} 2822 2823struct StructByVal { 2824 int a, b, c, d, e, f; 2825}; 2826 2827static void vaargsfn_structbyval(int guard, ...) { 2828 va_list vl; 2829 va_start(vl, guard); 2830 { 2831 StructByVal s = va_arg(vl, StructByVal); 2832 EXPECT_NOT_POISONED(s.a); 2833 EXPECT_POISONED(s.b); 2834 EXPECT_NOT_POISONED(s.c); 2835 EXPECT_POISONED(s.d); 2836 EXPECT_NOT_POISONED(s.e); 2837 EXPECT_POISONED(s.f); 2838 } 2839 { 2840 StructByVal s = va_arg(vl, StructByVal); 2841 EXPECT_NOT_POISONED(s.a); 2842 EXPECT_POISONED(s.b); 2843 EXPECT_NOT_POISONED(s.c); 2844 EXPECT_POISONED(s.d); 2845 EXPECT_NOT_POISONED(s.e); 2846 EXPECT_POISONED(s.f); 2847 } 2848 va_end(vl); 2849} 2850 2851TEST(MemorySanitizer, VAArgStructByVal) { 2852 StructByVal s; 2853 s.a = 1; 2854 s.b = *GetPoisoned<int>(); 2855 s.c = 2; 2856 s.d = *GetPoisoned<int>(); 2857 s.e = 3; 2858 s.f = *GetPoisoned<int>(); 2859 vaargsfn_structbyval(0, s, s); 2860} 2861 2862NOINLINE void StructByValTestFunc(struct StructByVal s) { 2863 EXPECT_NOT_POISONED(s.a); 2864 EXPECT_POISONED(s.b); 2865 EXPECT_NOT_POISONED(s.c); 2866 EXPECT_POISONED(s.d); 2867 EXPECT_NOT_POISONED(s.e); 2868 EXPECT_POISONED(s.f); 2869} 2870 2871NOINLINE void StructByValTestFunc1(struct StructByVal s) { 2872 StructByValTestFunc(s); 2873} 2874 2875NOINLINE void StructByValTestFunc2(int z, struct StructByVal s) { 2876 StructByValTestFunc(s); 2877} 2878 2879TEST(MemorySanitizer, StructByVal) { 2880 // Large aggregates are passed as "byval" pointer argument in LLVM. 2881 struct StructByVal s; 2882 s.a = 1; 2883 s.b = *GetPoisoned<int>(); 2884 s.c = 2; 2885 s.d = *GetPoisoned<int>(); 2886 s.e = 3; 2887 s.f = *GetPoisoned<int>(); 2888 StructByValTestFunc(s); 2889 StructByValTestFunc1(s); 2890 StructByValTestFunc2(0, s); 2891} 2892 2893 2894#if MSAN_HAS_M128 2895NOINLINE __m128i m128Eq(__m128i *a, __m128i *b) { return _mm_cmpeq_epi16(*a, *b); } 2896NOINLINE __m128i m128Lt(__m128i *a, __m128i *b) { return _mm_cmplt_epi16(*a, *b); } 2897TEST(MemorySanitizer, m128) { 2898 __m128i a = _mm_set1_epi16(0x1234); 2899 __m128i b = _mm_set1_epi16(0x7890); 2900 EXPECT_NOT_POISONED(m128Eq(&a, &b)); 2901 EXPECT_NOT_POISONED(m128Lt(&a, &b)); 2902} 2903// FIXME: add more tests for __m128i. 2904#endif // MSAN_HAS_M128 2905 2906// We should not complain when copying this poisoned hole. 2907struct StructWithHole { 2908 U4 a; 2909 // 4-byte hole. 2910 U8 b; 2911}; 2912 2913NOINLINE StructWithHole ReturnStructWithHole() { 2914 StructWithHole res; 2915 __msan_poison(&res, sizeof(res)); 2916 res.a = 1; 2917 res.b = 2; 2918 return res; 2919} 2920 2921TEST(MemorySanitizer, StructWithHole) { 2922 StructWithHole a = ReturnStructWithHole(); 2923 break_optimization(&a); 2924} 2925 2926template <class T> 2927NOINLINE T ReturnStruct() { 2928 T res; 2929 __msan_poison(&res, sizeof(res)); 2930 res.a = 1; 2931 return res; 2932} 2933 2934template <class T> 2935NOINLINE void TestReturnStruct() { 2936 T s1 = ReturnStruct<T>(); 2937 EXPECT_NOT_POISONED(s1.a); 2938 EXPECT_POISONED(s1.b); 2939} 2940 2941struct SSS1 { 2942 int a, b, c; 2943}; 2944struct SSS2 { 2945 int b, a, c; 2946}; 2947struct SSS3 { 2948 int b, c, a; 2949}; 2950struct SSS4 { 2951 int c, b, a; 2952}; 2953 2954struct SSS5 { 2955 int a; 2956 float b; 2957}; 2958struct SSS6 { 2959 int a; 2960 double b; 2961}; 2962struct SSS7 { 2963 S8 b; 2964 int a; 2965}; 2966struct SSS8 { 2967 S2 b; 2968 S8 a; 2969}; 2970 2971TEST(MemorySanitizer, IntStruct3) { 2972 TestReturnStruct<SSS1>(); 2973 TestReturnStruct<SSS2>(); 2974 TestReturnStruct<SSS3>(); 2975 TestReturnStruct<SSS4>(); 2976 TestReturnStruct<SSS5>(); 2977 TestReturnStruct<SSS6>(); 2978 TestReturnStruct<SSS7>(); 2979 TestReturnStruct<SSS8>(); 2980} 2981 2982struct LongStruct { 2983 U1 a1, b1; 2984 U2 a2, b2; 2985 U4 a4, b4; 2986 U8 a8, b8; 2987}; 2988 2989NOINLINE LongStruct ReturnLongStruct1() { 2990 LongStruct res; 2991 __msan_poison(&res, sizeof(res)); 2992 res.a1 = res.a2 = res.a4 = res.a8 = 111; 2993 // leaves b1, .., b8 poisoned. 2994 return res; 2995} 2996 2997NOINLINE LongStruct ReturnLongStruct2() { 2998 LongStruct res; 2999 __msan_poison(&res, sizeof(res)); 3000 res.b1 = res.b2 = res.b4 = res.b8 = 111; 3001 // leaves a1, .., a8 poisoned. 3002 return res; 3003} 3004 3005TEST(MemorySanitizer, LongStruct) { 3006 LongStruct s1 = ReturnLongStruct1(); 3007 __msan_print_shadow(&s1, sizeof(s1)); 3008 EXPECT_NOT_POISONED(s1.a1); 3009 EXPECT_NOT_POISONED(s1.a2); 3010 EXPECT_NOT_POISONED(s1.a4); 3011 EXPECT_NOT_POISONED(s1.a8); 3012 3013 EXPECT_POISONED(s1.b1); 3014 EXPECT_POISONED(s1.b2); 3015 EXPECT_POISONED(s1.b4); 3016 EXPECT_POISONED(s1.b8); 3017 3018 LongStruct s2 = ReturnLongStruct2(); 3019 __msan_print_shadow(&s2, sizeof(s2)); 3020 EXPECT_NOT_POISONED(s2.b1); 3021 EXPECT_NOT_POISONED(s2.b2); 3022 EXPECT_NOT_POISONED(s2.b4); 3023 EXPECT_NOT_POISONED(s2.b8); 3024 3025 EXPECT_POISONED(s2.a1); 3026 EXPECT_POISONED(s2.a2); 3027 EXPECT_POISONED(s2.a4); 3028 EXPECT_POISONED(s2.a8); 3029} 3030 3031#if defined(__FreeBSD__) || defined(__NetBSD__) 3032#define MSAN_TEST_PRLIMIT 0 3033#elif defined(__GLIBC__) 3034#define MSAN_TEST_PRLIMIT __GLIBC_PREREQ(2, 13) 3035#else 3036#define MSAN_TEST_PRLIMIT 1 3037#endif 3038 3039TEST(MemorySanitizer, getrlimit) { 3040 struct rlimit limit; 3041 __msan_poison(&limit, sizeof(limit)); 3042 int result = getrlimit(RLIMIT_DATA, &limit); 3043 ASSERT_EQ(result, 0); 3044 EXPECT_NOT_POISONED(limit.rlim_cur); 3045 EXPECT_NOT_POISONED(limit.rlim_max); 3046 3047#if MSAN_TEST_PRLIMIT 3048 struct rlimit limit2; 3049 __msan_poison(&limit2, sizeof(limit2)); 3050 result = prlimit(getpid(), RLIMIT_DATA, &limit, &limit2); 3051 ASSERT_EQ(result, 0); 3052 EXPECT_NOT_POISONED(limit2.rlim_cur); 3053 EXPECT_NOT_POISONED(limit2.rlim_max); 3054 3055 __msan_poison(&limit, sizeof(limit)); 3056 result = prlimit(getpid(), RLIMIT_DATA, nullptr, &limit); 3057 ASSERT_EQ(result, 0); 3058 EXPECT_NOT_POISONED(limit.rlim_cur); 3059 EXPECT_NOT_POISONED(limit.rlim_max); 3060 3061 result = prlimit(getpid(), RLIMIT_DATA, &limit, nullptr); 3062 ASSERT_EQ(result, 0); 3063#endif 3064} 3065 3066TEST(MemorySanitizer, getrusage) { 3067 struct rusage usage; 3068 __msan_poison(&usage, sizeof(usage)); 3069 int result = getrusage(RUSAGE_SELF, &usage); 3070 ASSERT_EQ(result, 0); 3071 EXPECT_NOT_POISONED(usage.ru_utime.tv_sec); 3072 EXPECT_NOT_POISONED(usage.ru_utime.tv_usec); 3073 EXPECT_NOT_POISONED(usage.ru_stime.tv_sec); 3074 EXPECT_NOT_POISONED(usage.ru_stime.tv_usec); 3075 EXPECT_NOT_POISONED(usage.ru_maxrss); 3076 EXPECT_NOT_POISONED(usage.ru_minflt); 3077 EXPECT_NOT_POISONED(usage.ru_majflt); 3078 EXPECT_NOT_POISONED(usage.ru_inblock); 3079 EXPECT_NOT_POISONED(usage.ru_oublock); 3080 EXPECT_NOT_POISONED(usage.ru_nvcsw); 3081 EXPECT_NOT_POISONED(usage.ru_nivcsw); 3082} 3083 3084#if defined(__FreeBSD__) || defined(__NetBSD__) 3085static void GetProgramPath(char *buf, size_t sz) { 3086#if defined(__FreeBSD__) 3087 int mib[4] = { CTL_KERN, KERN_PROC, KERN_PROC_PATHNAME, -1 }; 3088#elif defined(__NetBSD__) 3089 int mib[4] = { CTL_KERN, KERN_PROC_ARGS, -1, KERN_PROC_PATHNAME}; 3090#endif 3091 int res = sysctl(mib, 4, buf, &sz, NULL, 0); 3092 ASSERT_EQ(0, res); 3093} 3094#elif defined(__GLIBC__) 3095static void GetProgramPath(char *buf, size_t sz) { 3096 extern char *program_invocation_name; 3097 int res = snprintf(buf, sz, "%s", program_invocation_name); 3098 ASSERT_GE(res, 0); 3099 ASSERT_LT((size_t)res, sz); 3100} 3101#else 3102# error "TODO: port this" 3103#endif 3104 3105static void dladdr_testfn() {} 3106 3107TEST(MemorySanitizer, dladdr) { 3108 Dl_info info; 3109 __msan_poison(&info, sizeof(info)); 3110 int result = dladdr((const void*)dladdr_testfn, &info); 3111 ASSERT_NE(result, 0); 3112 EXPECT_NOT_POISONED((unsigned long)info.dli_fname); 3113 if (info.dli_fname) 3114 EXPECT_NOT_POISONED(strlen(info.dli_fname)); 3115 EXPECT_NOT_POISONED((unsigned long)info.dli_fbase); 3116 EXPECT_NOT_POISONED((unsigned long)info.dli_sname); 3117 if (info.dli_sname) 3118 EXPECT_NOT_POISONED(strlen(info.dli_sname)); 3119 EXPECT_NOT_POISONED((unsigned long)info.dli_saddr); 3120} 3121 3122#ifndef MSAN_TEST_DISABLE_DLOPEN 3123 3124static int dl_phdr_callback(struct dl_phdr_info *info, size_t size, void *data) { 3125 (*(int *)data)++; 3126 EXPECT_NOT_POISONED(info->dlpi_addr); 3127 EXPECT_NOT_POISONED(strlen(info->dlpi_name)); 3128 EXPECT_NOT_POISONED(info->dlpi_phnum); 3129 for (int i = 0; i < info->dlpi_phnum; ++i) 3130 EXPECT_NOT_POISONED(info->dlpi_phdr[i]); 3131 return 0; 3132} 3133 3134// Compute the path to our loadable DSO. We assume it's in the same 3135// directory. Only use string routines that we intercept so far to do this. 3136static void GetPathToLoadable(char *buf, size_t sz) { 3137 char program_path[kMaxPathLength]; 3138 GetProgramPath(program_path, sizeof(program_path)); 3139 3140 const char *last_slash = strrchr(program_path, '/'); 3141 ASSERT_NE(nullptr, last_slash); 3142 size_t dir_len = (size_t)(last_slash - program_path); 3143#if defined(__x86_64__) 3144 static const char basename[] = "libmsan_loadable.x86_64.so"; 3145#elif defined(__MIPSEB__) || defined(MIPSEB) 3146 static const char basename[] = "libmsan_loadable.mips64.so"; 3147#elif defined(__mips64) 3148 static const char basename[] = "libmsan_loadable.mips64el.so"; 3149#elif defined(__aarch64__) 3150 static const char basename[] = "libmsan_loadable.aarch64.so"; 3151#elif defined(__powerpc64__) && __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__ 3152 static const char basename[] = "libmsan_loadable.powerpc64.so"; 3153#elif defined(__powerpc64__) && __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__ 3154 static const char basename[] = "libmsan_loadable.powerpc64le.so"; 3155#endif 3156 int res = snprintf(buf, sz, "%.*s/%s", 3157 (int)dir_len, program_path, basename); 3158 ASSERT_GE(res, 0); 3159 ASSERT_LT((size_t)res, sz); 3160} 3161 3162TEST(MemorySanitizer, dl_iterate_phdr) { 3163 char path[kMaxPathLength]; 3164 GetPathToLoadable(path, sizeof(path)); 3165 3166 // Having at least one dlopen'ed library in the process makes this more 3167 // entertaining. 3168 void *lib = dlopen(path, RTLD_LAZY); 3169 ASSERT_NE((void*)0, lib); 3170 3171 int count = 0; 3172 int result = dl_iterate_phdr(dl_phdr_callback, &count); 3173 ASSERT_GT(count, 0); 3174 3175 dlclose(lib); 3176} 3177 3178TEST(MemorySanitizer, dlopen) { 3179 char path[kMaxPathLength]; 3180 GetPathToLoadable(path, sizeof(path)); 3181 3182 // We need to clear shadow for globals when doing dlopen. In order to test 3183 // this, we have to poison the shadow for the DSO before we load it. In 3184 // general this is difficult, but the loader tends to reload things in the 3185 // same place, so we open, close, and then reopen. The global should always 3186 // start out clean after dlopen. 3187 for (int i = 0; i < 2; i++) { 3188 void *lib = dlopen(path, RTLD_LAZY); 3189 if (lib == NULL) { 3190 printf("dlerror: %s\n", dlerror()); 3191 ASSERT_TRUE(lib != NULL); 3192 } 3193 void **(*get_dso_global)() = (void **(*)())dlsym(lib, "get_dso_global"); 3194 ASSERT_TRUE(get_dso_global != NULL); 3195 void **dso_global = get_dso_global(); 3196 EXPECT_NOT_POISONED(*dso_global); 3197 __msan_poison(dso_global, sizeof(*dso_global)); 3198 EXPECT_POISONED(*dso_global); 3199 dlclose(lib); 3200 } 3201} 3202 3203// Regression test for a crash in dlopen() interceptor. 3204TEST(MemorySanitizer, dlopenFailed) { 3205 const char *path = "/libmsan_loadable_does_not_exist.so"; 3206 void *lib = dlopen(path, RTLD_LAZY); 3207 ASSERT_TRUE(lib == NULL); 3208} 3209 3210#endif // MSAN_TEST_DISABLE_DLOPEN 3211 3212#if !defined(__FreeBSD__) && !defined(__NetBSD__) 3213TEST(MemorySanitizer, sched_getaffinity) { 3214 cpu_set_t mask; 3215 int res = sched_getaffinity(getpid(), sizeof(mask), &mask); 3216 ASSERT_EQ(0, res); 3217 EXPECT_NOT_POISONED(mask); 3218} 3219#endif 3220 3221TEST(MemorySanitizer, scanf) { 3222 const char *input = "42 hello"; 3223 int* d = new int; 3224 char* s = new char[7]; 3225 int res = sscanf(input, "%d %5s", d, s); 3226 printf("res %d\n", res); 3227 ASSERT_EQ(res, 2); 3228 EXPECT_NOT_POISONED(*d); 3229 EXPECT_NOT_POISONED(s[0]); 3230 EXPECT_NOT_POISONED(s[1]); 3231 EXPECT_NOT_POISONED(s[2]); 3232 EXPECT_NOT_POISONED(s[3]); 3233 EXPECT_NOT_POISONED(s[4]); 3234 EXPECT_NOT_POISONED(s[5]); 3235 EXPECT_POISONED(s[6]); 3236 delete[] s; 3237 delete d; 3238} 3239 3240static void *SimpleThread_threadfn(void* data) { 3241 return new int; 3242} 3243 3244TEST(MemorySanitizer, SimpleThread) { 3245 pthread_t t; 3246 void *p; 3247 int res = pthread_create(&t, NULL, SimpleThread_threadfn, NULL); 3248 ASSERT_EQ(0, res); 3249 EXPECT_NOT_POISONED(t); 3250 res = pthread_join(t, &p); 3251 ASSERT_EQ(0, res); 3252 EXPECT_NOT_POISONED(p); 3253 delete (int*)p; 3254} 3255 3256static void *SmallStackThread_threadfn(void* data) { 3257 return 0; 3258} 3259 3260#ifdef PTHREAD_STACK_MIN 3261# define SMALLSTACKSIZE PTHREAD_STACK_MIN 3262# define SMALLPRESTACKSIZE PTHREAD_STACK_MIN 3263#else 3264# define SMALLSTACKSIZE 64 * 1024 3265# define SMALLPRESTACKSIZE 16 * 1024 3266#endif 3267 3268TEST(MemorySanitizer, SmallStackThread) { 3269 pthread_attr_t attr; 3270 pthread_t t; 3271 void *p; 3272 int res; 3273 res = pthread_attr_init(&attr); 3274 ASSERT_EQ(0, res); 3275 res = pthread_attr_setstacksize(&attr, SMALLSTACKSIZE); 3276 ASSERT_EQ(0, res); 3277 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL); 3278 ASSERT_EQ(0, res); 3279 res = pthread_join(t, &p); 3280 ASSERT_EQ(0, res); 3281 res = pthread_attr_destroy(&attr); 3282 ASSERT_EQ(0, res); 3283} 3284 3285TEST(MemorySanitizer, SmallPreAllocatedStackThread) { 3286 pthread_attr_t attr; 3287 pthread_t t; 3288 int res; 3289 res = pthread_attr_init(&attr); 3290 ASSERT_EQ(0, res); 3291 void *stack; 3292 const size_t kStackSize = SMALLPRESTACKSIZE; 3293 res = posix_memalign(&stack, 4096, kStackSize); 3294 ASSERT_EQ(0, res); 3295 res = pthread_attr_setstack(&attr, stack, kStackSize); 3296 ASSERT_EQ(0, res); 3297 res = pthread_create(&t, &attr, SmallStackThread_threadfn, NULL); 3298 EXPECT_EQ(0, res); 3299 res = pthread_join(t, NULL); 3300 ASSERT_EQ(0, res); 3301 res = pthread_attr_destroy(&attr); 3302 ASSERT_EQ(0, res); 3303} 3304 3305TEST(MemorySanitizer, pthread_attr_get) { 3306 pthread_attr_t attr; 3307 int res; 3308 res = pthread_attr_init(&attr); 3309 ASSERT_EQ(0, res); 3310 { 3311 int v; 3312 res = pthread_attr_getdetachstate(&attr, &v); 3313 ASSERT_EQ(0, res); 3314 EXPECT_NOT_POISONED(v); 3315 } 3316 { 3317 size_t v; 3318 res = pthread_attr_getguardsize(&attr, &v); 3319 ASSERT_EQ(0, res); 3320 EXPECT_NOT_POISONED(v); 3321 } 3322 { 3323 struct sched_param v; 3324 res = pthread_attr_getschedparam(&attr, &v); 3325 ASSERT_EQ(0, res); 3326 EXPECT_NOT_POISONED(v); 3327 } 3328 { 3329 int v; 3330 res = pthread_attr_getschedpolicy(&attr, &v); 3331 ASSERT_EQ(0, res); 3332 EXPECT_NOT_POISONED(v); 3333 } 3334 { 3335 int v; 3336 res = pthread_attr_getinheritsched(&attr, &v); 3337 ASSERT_EQ(0, res); 3338 EXPECT_NOT_POISONED(v); 3339 } 3340 { 3341 int v; 3342 res = pthread_attr_getscope(&attr, &v); 3343 ASSERT_EQ(0, res); 3344 EXPECT_NOT_POISONED(v); 3345 } 3346 { 3347 size_t v; 3348 res = pthread_attr_getstacksize(&attr, &v); 3349 ASSERT_EQ(0, res); 3350 EXPECT_NOT_POISONED(v); 3351 } 3352 { 3353 void *v; 3354 size_t w; 3355 res = pthread_attr_getstack(&attr, &v, &w); 3356 ASSERT_EQ(0, res); 3357 EXPECT_NOT_POISONED(v); 3358 EXPECT_NOT_POISONED(w); 3359 } 3360#if !defined(__NetBSD__) 3361 { 3362 cpu_set_t v; 3363 res = pthread_attr_getaffinity_np(&attr, sizeof(v), &v); 3364 ASSERT_EQ(0, res); 3365 EXPECT_NOT_POISONED(v); 3366 } 3367#endif 3368 res = pthread_attr_destroy(&attr); 3369 ASSERT_EQ(0, res); 3370} 3371 3372TEST(MemorySanitizer, pthread_getschedparam) { 3373 int policy; 3374 struct sched_param param; 3375 int res = pthread_getschedparam(pthread_self(), &policy, ¶m); 3376 ASSERT_EQ(0, res); 3377 EXPECT_NOT_POISONED(policy); 3378 EXPECT_NOT_POISONED(param.sched_priority); 3379} 3380 3381TEST(MemorySanitizer, pthread_key_create) { 3382 pthread_key_t key; 3383 int res = pthread_key_create(&key, NULL); 3384 ASSERT_EQ(0, res); 3385 EXPECT_NOT_POISONED(key); 3386 res = pthread_key_delete(key); 3387 ASSERT_EQ(0, res); 3388} 3389 3390namespace { 3391struct SignalCondArg { 3392 pthread_cond_t* cond; 3393 pthread_mutex_t* mu; 3394 bool broadcast; 3395}; 3396 3397void *SignalCond(void *param) { 3398 SignalCondArg *arg = reinterpret_cast<SignalCondArg *>(param); 3399 pthread_mutex_lock(arg->mu); 3400 if (arg->broadcast) 3401 pthread_cond_broadcast(arg->cond); 3402 else 3403 pthread_cond_signal(arg->cond); 3404 pthread_mutex_unlock(arg->mu); 3405 return 0; 3406} 3407} // namespace 3408 3409TEST(MemorySanitizer, pthread_cond_wait) { 3410 pthread_cond_t cond; 3411 pthread_mutex_t mu; 3412 SignalCondArg args = {&cond, &mu, false}; 3413 pthread_cond_init(&cond, 0); 3414 pthread_mutex_init(&mu, 0); 3415 pthread_mutex_lock(&mu); 3416 3417 // signal 3418 pthread_t thr; 3419 pthread_create(&thr, 0, SignalCond, &args); 3420 int res = pthread_cond_wait(&cond, &mu); 3421 ASSERT_EQ(0, res); 3422 pthread_join(thr, 0); 3423 3424 // broadcast 3425 args.broadcast = true; 3426 pthread_create(&thr, 0, SignalCond, &args); 3427 res = pthread_cond_wait(&cond, &mu); 3428 ASSERT_EQ(0, res); 3429 pthread_join(thr, 0); 3430 3431 pthread_mutex_unlock(&mu); 3432 pthread_mutex_destroy(&mu); 3433 pthread_cond_destroy(&cond); 3434} 3435 3436TEST(MemorySanitizer, tmpnam) { 3437 char s[L_tmpnam]; 3438 char *res = tmpnam(s); 3439 ASSERT_EQ(s, res); 3440 EXPECT_NOT_POISONED(strlen(res)); 3441} 3442 3443TEST(MemorySanitizer, tempnam) { 3444 char *res = tempnam(NULL, "zzz"); 3445 EXPECT_NOT_POISONED(strlen(res)); 3446 free(res); 3447} 3448 3449TEST(MemorySanitizer, posix_memalign) { 3450 void *p; 3451 EXPECT_POISONED(p); 3452 int res = posix_memalign(&p, 4096, 13); 3453 ASSERT_EQ(0, res); 3454 EXPECT_NOT_POISONED(p); 3455 EXPECT_EQ(0U, (uintptr_t)p % 4096); 3456 free(p); 3457} 3458 3459#if !defined(__FreeBSD__) && !defined(__NetBSD__) 3460TEST(MemorySanitizer, memalign) { 3461 void *p = memalign(4096, 13); 3462 EXPECT_EQ(0U, (uintptr_t)p % 4096); 3463 free(p); 3464} 3465#endif 3466 3467TEST(MemorySanitizer, valloc) { 3468 void *a = valloc(100); 3469 uintptr_t PageSize = GetPageSize(); 3470 EXPECT_EQ(0U, (uintptr_t)a % PageSize); 3471 free(a); 3472} 3473 3474#if !defined(__FreeBSD__) && !defined(__NetBSD__) 3475TEST(MemorySanitizer, pvalloc) { 3476 uintptr_t PageSize = GetPageSize(); 3477 void *p = pvalloc(PageSize + 100); 3478 EXPECT_EQ(0U, (uintptr_t)p % PageSize); 3479 EXPECT_EQ(2 * PageSize, __sanitizer_get_allocated_size(p)); 3480 free(p); 3481 3482 p = pvalloc(0); // pvalloc(0) should allocate at least one page. 3483 EXPECT_EQ(0U, (uintptr_t)p % PageSize); 3484 EXPECT_EQ(PageSize, __sanitizer_get_allocated_size(p)); 3485 free(p); 3486} 3487#endif 3488 3489TEST(MemorySanitizer, inet_pton) { 3490 const char *s = "1:0:0:0:0:0:0:8"; 3491 unsigned char buf[sizeof(struct in6_addr)]; 3492 int res = inet_pton(AF_INET6, s, buf); 3493 ASSERT_EQ(1, res); 3494 EXPECT_NOT_POISONED(buf[0]); 3495 EXPECT_NOT_POISONED(buf[sizeof(struct in6_addr) - 1]); 3496 3497 char s_out[INET6_ADDRSTRLEN]; 3498 EXPECT_POISONED(s_out[3]); 3499 const char *q = inet_ntop(AF_INET6, buf, s_out, INET6_ADDRSTRLEN); 3500 ASSERT_NE((void*)0, q); 3501 EXPECT_NOT_POISONED(s_out[3]); 3502} 3503 3504TEST(MemorySanitizer, inet_aton) { 3505 const char *s = "127.0.0.1"; 3506 struct in_addr in[2]; 3507 int res = inet_aton(s, in); 3508 ASSERT_NE(0, res); 3509 EXPECT_NOT_POISONED(in[0]); 3510 EXPECT_POISONED(*(char *)(in + 1)); 3511} 3512 3513TEST(MemorySanitizer, uname) { 3514 struct utsname u; 3515 int res = uname(&u); 3516 ASSERT_EQ(0, res); 3517 EXPECT_NOT_POISONED(strlen(u.sysname)); 3518 EXPECT_NOT_POISONED(strlen(u.nodename)); 3519 EXPECT_NOT_POISONED(strlen(u.release)); 3520 EXPECT_NOT_POISONED(strlen(u.version)); 3521 EXPECT_NOT_POISONED(strlen(u.machine)); 3522} 3523 3524TEST(MemorySanitizer, gethostname) { 3525 char buf[100]; 3526 int res = gethostname(buf, 100); 3527 ASSERT_EQ(0, res); 3528 EXPECT_NOT_POISONED(strlen(buf)); 3529} 3530 3531#if !defined(__FreeBSD__) && !defined(__NetBSD__) 3532TEST(MemorySanitizer, sysinfo) { 3533 struct sysinfo info; 3534 int res = sysinfo(&info); 3535 ASSERT_EQ(0, res); 3536 EXPECT_NOT_POISONED(info); 3537} 3538#endif 3539 3540TEST(MemorySanitizer, getpwuid) { 3541 struct passwd *p = getpwuid(0); // root 3542 ASSERT_TRUE(p != NULL); 3543 EXPECT_NOT_POISONED(p->pw_name); 3544 ASSERT_TRUE(p->pw_name != NULL); 3545 EXPECT_NOT_POISONED(p->pw_name[0]); 3546 EXPECT_NOT_POISONED(p->pw_uid); 3547 ASSERT_EQ(0U, p->pw_uid); 3548} 3549 3550TEST(MemorySanitizer, getpwuid_r) { 3551 struct passwd pwd; 3552 struct passwd *pwdres; 3553 char buf[10000]; 3554 int res = getpwuid_r(0, &pwd, buf, sizeof(buf), &pwdres); 3555 ASSERT_EQ(0, res); 3556 EXPECT_NOT_POISONED(pwd.pw_name); 3557 ASSERT_TRUE(pwd.pw_name != NULL); 3558 EXPECT_NOT_POISONED(pwd.pw_name[0]); 3559 EXPECT_NOT_POISONED(pwd.pw_uid); 3560 ASSERT_EQ(0U, pwd.pw_uid); 3561 EXPECT_NOT_POISONED(pwdres); 3562} 3563 3564TEST(MemorySanitizer, getpwnam_r) { 3565 struct passwd pwd; 3566 struct passwd *pwdres; 3567 char buf[10000]; 3568 int res = getpwnam_r("root", &pwd, buf, sizeof(buf), &pwdres); 3569 ASSERT_EQ(0, res); 3570 EXPECT_NOT_POISONED(pwd.pw_name); 3571 ASSERT_TRUE(pwd.pw_name != NULL); 3572 EXPECT_NOT_POISONED(pwd.pw_name[0]); 3573 EXPECT_NOT_POISONED(pwd.pw_uid); 3574 ASSERT_EQ(0U, pwd.pw_uid); 3575 EXPECT_NOT_POISONED(pwdres); 3576} 3577 3578TEST(MemorySanitizer, getpwnam_r_positive) { 3579 struct passwd pwd; 3580 struct passwd *pwdres; 3581 char s[5]; 3582 strncpy(s, "abcd", 5); 3583 __msan_poison(s, 5); 3584 char buf[10000]; 3585 int res; 3586 EXPECT_UMR(res = getpwnam_r(s, &pwd, buf, sizeof(buf), &pwdres)); 3587} 3588 3589TEST(MemorySanitizer, getgrnam_r) { 3590 struct group grp; 3591 struct group *grpres; 3592 char buf[10000]; 3593 int res = getgrnam_r(SUPERUSER_GROUP, &grp, buf, sizeof(buf), &grpres); 3594 ASSERT_EQ(0, res); 3595 // Note that getgrnam_r() returns 0 if the matching group is not found. 3596 ASSERT_NE(nullptr, grpres); 3597 EXPECT_NOT_POISONED(grp.gr_name); 3598 ASSERT_TRUE(grp.gr_name != NULL); 3599 EXPECT_NOT_POISONED(grp.gr_name[0]); 3600 EXPECT_NOT_POISONED(grp.gr_gid); 3601 EXPECT_NOT_POISONED(grpres); 3602} 3603 3604TEST(MemorySanitizer, getpwent) { 3605 setpwent(); 3606 struct passwd *p = getpwent(); 3607 ASSERT_TRUE(p != NULL); 3608 EXPECT_NOT_POISONED(p->pw_name); 3609 ASSERT_TRUE(p->pw_name != NULL); 3610 EXPECT_NOT_POISONED(p->pw_name[0]); 3611 EXPECT_NOT_POISONED(p->pw_uid); 3612} 3613 3614TEST(MemorySanitizer, getpwent_r) { 3615 struct passwd pwd; 3616 struct passwd *pwdres; 3617 char buf[10000]; 3618 setpwent(); 3619 int res = getpwent_r(&pwd, buf, sizeof(buf), &pwdres); 3620 ASSERT_EQ(0, res); 3621 EXPECT_NOT_POISONED(pwd.pw_name); 3622 ASSERT_TRUE(pwd.pw_name != NULL); 3623 EXPECT_NOT_POISONED(pwd.pw_name[0]); 3624 EXPECT_NOT_POISONED(pwd.pw_uid); 3625 EXPECT_NOT_POISONED(pwdres); 3626} 3627 3628#if !defined(__FreeBSD__) && !defined(__NetBSD__) 3629TEST(MemorySanitizer, fgetpwent) { 3630 FILE *fp = fopen("/etc/passwd", "r"); 3631 struct passwd *p = fgetpwent(fp); 3632 ASSERT_TRUE(p != NULL); 3633 EXPECT_NOT_POISONED(p->pw_name); 3634 ASSERT_TRUE(p->pw_name != NULL); 3635 EXPECT_NOT_POISONED(p->pw_name[0]); 3636 EXPECT_NOT_POISONED(p->pw_uid); 3637 fclose(fp); 3638} 3639#endif 3640 3641TEST(MemorySanitizer, getgrent) { 3642 setgrent(); 3643 struct group *p = getgrent(); 3644 ASSERT_TRUE(p != NULL); 3645 EXPECT_NOT_POISONED(p->gr_name); 3646 ASSERT_TRUE(p->gr_name != NULL); 3647 EXPECT_NOT_POISONED(p->gr_name[0]); 3648 EXPECT_NOT_POISONED(p->gr_gid); 3649} 3650 3651#if !defined(__FreeBSD__) && !defined(__NetBSD__) 3652TEST(MemorySanitizer, fgetgrent) { 3653 FILE *fp = fopen("/etc/group", "r"); 3654 struct group *grp = fgetgrent(fp); 3655 ASSERT_TRUE(grp != NULL); 3656 EXPECT_NOT_POISONED(grp->gr_name); 3657 ASSERT_TRUE(grp->gr_name != NULL); 3658 EXPECT_NOT_POISONED(grp->gr_name[0]); 3659 EXPECT_NOT_POISONED(grp->gr_gid); 3660 for (char **p = grp->gr_mem; *p; ++p) { 3661 EXPECT_NOT_POISONED((*p)[0]); 3662 EXPECT_TRUE(strlen(*p) > 0); 3663 } 3664 fclose(fp); 3665} 3666#endif 3667 3668TEST(MemorySanitizer, getgrent_r) { 3669 struct group grp; 3670 struct group *grpres; 3671 char buf[10000]; 3672 setgrent(); 3673 int res = getgrent_r(&grp, buf, sizeof(buf), &grpres); 3674 ASSERT_EQ(0, res); 3675 EXPECT_NOT_POISONED(grp.gr_name); 3676 ASSERT_TRUE(grp.gr_name != NULL); 3677 EXPECT_NOT_POISONED(grp.gr_name[0]); 3678 EXPECT_NOT_POISONED(grp.gr_gid); 3679 EXPECT_NOT_POISONED(grpres); 3680} 3681 3682#if !defined(__FreeBSD__) && !defined(__NetBSD__) 3683TEST(MemorySanitizer, fgetgrent_r) { 3684 FILE *fp = fopen("/etc/group", "r"); 3685 struct group grp; 3686 struct group *grpres; 3687 char buf[10000]; 3688 setgrent(); 3689 int res = fgetgrent_r(fp, &grp, buf, sizeof(buf), &grpres); 3690 ASSERT_EQ(0, res); 3691 EXPECT_NOT_POISONED(grp.gr_name); 3692 ASSERT_TRUE(grp.gr_name != NULL); 3693 EXPECT_NOT_POISONED(grp.gr_name[0]); 3694 EXPECT_NOT_POISONED(grp.gr_gid); 3695 EXPECT_NOT_POISONED(grpres); 3696 fclose(fp); 3697} 3698#endif 3699 3700TEST(MemorySanitizer, getgroups) { 3701 int n = getgroups(0, 0); 3702 gid_t *gids = new gid_t[n]; 3703 int res = getgroups(n, gids); 3704 ASSERT_EQ(n, res); 3705 for (int i = 0; i < n; ++i) 3706 EXPECT_NOT_POISONED(gids[i]); 3707} 3708 3709TEST(MemorySanitizer, getgroups_zero) { 3710 gid_t group; 3711 int n = getgroups(0, &group); 3712 ASSERT_GE(n, 0); 3713} 3714 3715TEST(MemorySanitizer, getgroups_negative) { 3716 gid_t group; 3717 int n = getgroups(-1, 0); 3718 ASSERT_EQ(-1, n); 3719 3720 n = getgroups(-1, 0); 3721 ASSERT_EQ(-1, n); 3722} 3723 3724TEST(MemorySanitizer, wordexp) { 3725 wordexp_t w; 3726 int res = wordexp("a b c", &w, 0); 3727 ASSERT_EQ(0, res); 3728 ASSERT_EQ(3U, w.we_wordc); 3729 ASSERT_STREQ("a", w.we_wordv[0]); 3730 ASSERT_STREQ("b", w.we_wordv[1]); 3731 ASSERT_STREQ("c", w.we_wordv[2]); 3732} 3733 3734template<class T> 3735static bool applySlt(T value, T shadow) { 3736 __msan_partial_poison(&value, &shadow, sizeof(T)); 3737 volatile bool zzz = true; 3738 // This "|| zzz" trick somehow makes LLVM emit "icmp slt" instead of 3739 // a shift-and-trunc to get at the highest bit. 3740 volatile bool v = value < 0 || zzz; 3741 return v; 3742} 3743 3744TEST(MemorySanitizer, SignedCompareWithZero) { 3745 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xF)); 3746 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFF)); 3747 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0xFFFFFF)); 3748 EXPECT_NOT_POISONED(applySlt<S4>(0xF, 0x7FFFFFF)); 3749 EXPECT_UMR(applySlt<S4>(0xF, 0x80FFFFFF)); 3750 EXPECT_UMR(applySlt<S4>(0xF, 0xFFFFFFFF)); 3751} 3752 3753template <class T, class S> 3754static T poisoned(T Va, S Sa) { 3755 char SIZE_CHECK1[(ssize_t)sizeof(T) - (ssize_t)sizeof(S)]; 3756 char SIZE_CHECK2[(ssize_t)sizeof(S) - (ssize_t)sizeof(T)]; 3757 T a; 3758 a = Va; 3759 __msan_partial_poison(&a, &Sa, sizeof(T)); 3760 return a; 3761} 3762 3763TEST(MemorySanitizer, ICmpRelational) { 3764 EXPECT_NOT_POISONED(poisoned(0, 0) < poisoned(0, 0)); 3765 EXPECT_NOT_POISONED(poisoned(0U, 0) < poisoned(0U, 0)); 3766 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) < poisoned(0LL, 0LLU)); 3767 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) < poisoned(0LLU, 0LLU)); 3768 EXPECT_POISONED(poisoned(0xFF, 0xFF) < poisoned(0xFF, 0xFF)); 3769 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) < 3770 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 3771 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) < 3772 poisoned(-1, 0xFFFFFFFFU)); 3773 3774 EXPECT_NOT_POISONED(poisoned(0, 0) <= poisoned(0, 0)); 3775 EXPECT_NOT_POISONED(poisoned(0U, 0) <= poisoned(0U, 0)); 3776 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) <= poisoned(0LL, 0LLU)); 3777 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) <= poisoned(0LLU, 0LLU)); 3778 EXPECT_POISONED(poisoned(0xFF, 0xFF) <= poisoned(0xFF, 0xFF)); 3779 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) <= 3780 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 3781 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) <= 3782 poisoned(-1, 0xFFFFFFFFU)); 3783 3784 EXPECT_NOT_POISONED(poisoned(0, 0) > poisoned(0, 0)); 3785 EXPECT_NOT_POISONED(poisoned(0U, 0) > poisoned(0U, 0)); 3786 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) > poisoned(0LL, 0LLU)); 3787 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) > poisoned(0LLU, 0LLU)); 3788 EXPECT_POISONED(poisoned(0xFF, 0xFF) > poisoned(0xFF, 0xFF)); 3789 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) > 3790 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 3791 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) > 3792 poisoned(-1, 0xFFFFFFFFU)); 3793 3794 EXPECT_NOT_POISONED(poisoned(0, 0) >= poisoned(0, 0)); 3795 EXPECT_NOT_POISONED(poisoned(0U, 0) >= poisoned(0U, 0)); 3796 EXPECT_NOT_POISONED(poisoned(0LL, 0LLU) >= poisoned(0LL, 0LLU)); 3797 EXPECT_NOT_POISONED(poisoned(0LLU, 0LLU) >= poisoned(0LLU, 0LLU)); 3798 EXPECT_POISONED(poisoned(0xFF, 0xFF) >= poisoned(0xFF, 0xFF)); 3799 EXPECT_POISONED(poisoned(0xFFFFFFFFU, 0xFFFFFFFFU) >= 3800 poisoned(0xFFFFFFFFU, 0xFFFFFFFFU)); 3801 EXPECT_POISONED(poisoned(-1, 0xFFFFFFFFU) >= 3802 poisoned(-1, 0xFFFFFFFFU)); 3803 3804 EXPECT_POISONED(poisoned(6, 0xF) > poisoned(7, 0)); 3805 EXPECT_POISONED(poisoned(0xF, 0xF) > poisoned(7, 0)); 3806 // Note that "icmp op X, Y" is approximated with "or shadow(X), shadow(Y)" 3807 // and therefore may generate false positives in some cases, e.g. the 3808 // following one: 3809 // EXPECT_NOT_POISONED(poisoned(-1, 0x80000000U) >= poisoned(-1, 0U)); 3810} 3811 3812#if MSAN_HAS_M128 3813TEST(MemorySanitizer, ICmpVectorRelational) { 3814 EXPECT_NOT_POISONED( 3815 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)), 3816 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0)))); 3817 EXPECT_NOT_POISONED( 3818 _mm_cmplt_epi16(poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)), 3819 poisoned(_mm_set1_epi32(0), _mm_set1_epi32(0)))); 3820 EXPECT_POISONED( 3821 _mm_cmplt_epi16(poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)), 3822 poisoned(_mm_set1_epi16(0), _mm_set1_epi16(0xFFFF)))); 3823 EXPECT_POISONED(_mm_cmpgt_epi16(poisoned(_mm_set1_epi16(6), _mm_set1_epi16(0xF)), 3824 poisoned(_mm_set1_epi16(7), _mm_set1_epi16(0)))); 3825} 3826 3827TEST(MemorySanitizer, stmxcsr_ldmxcsr) { 3828 U4 x = _mm_getcsr(); 3829 EXPECT_NOT_POISONED(x); 3830 3831 _mm_setcsr(x); 3832 3833 __msan_poison(&x, sizeof(x)); 3834 U4 origin = __LINE__; 3835 __msan_set_origin(&x, sizeof(x), origin); 3836 EXPECT_UMR_O(_mm_setcsr(x), origin); 3837} 3838#endif 3839 3840// Volatile bitfield store is implemented as load-mask-store 3841// Test that we don't warn on the store of (uninitialized) padding. 3842struct VolatileBitfieldStruct { 3843 volatile unsigned x : 1; 3844 unsigned y : 1; 3845}; 3846 3847TEST(MemorySanitizer, VolatileBitfield) { 3848 VolatileBitfieldStruct *S = new VolatileBitfieldStruct; 3849 S->x = 1; 3850 EXPECT_NOT_POISONED((unsigned)S->x); 3851 EXPECT_POISONED((unsigned)S->y); 3852} 3853 3854TEST(MemorySanitizer, UnalignedLoad) { 3855 char x[32] __attribute__((aligned(8))); 3856 U4 origin = __LINE__; 3857 for (unsigned i = 0; i < sizeof(x) / 4; ++i) 3858 __msan_set_origin(x + 4 * i, 4, origin + i); 3859 3860 memset(x + 8, 0, 16); 3861 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 6), origin + 1); 3862 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 7), origin + 1); 3863 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 8)); 3864 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 9)); 3865 EXPECT_NOT_POISONED(__sanitizer_unaligned_load16(x + 22)); 3866 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 23), origin + 6); 3867 EXPECT_POISONED_O(__sanitizer_unaligned_load16(x + 24), origin + 6); 3868 3869 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 4), origin + 1); 3870 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 7), origin + 1); 3871 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 8)); 3872 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 9)); 3873 EXPECT_NOT_POISONED(__sanitizer_unaligned_load32(x + 20)); 3874 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 21), origin + 6); 3875 EXPECT_POISONED_O(__sanitizer_unaligned_load32(x + 24), origin + 6); 3876 3877 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x), origin); 3878 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 1), origin); 3879 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 7), origin + 1); 3880 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 8)); 3881 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 9)); 3882 EXPECT_NOT_POISONED(__sanitizer_unaligned_load64(x + 16)); 3883 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 17), origin + 6); 3884 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 21), origin + 6); 3885 EXPECT_POISONED_O(__sanitizer_unaligned_load64(x + 24), origin + 6); 3886} 3887 3888TEST(MemorySanitizer, UnalignedStore16) { 3889 char x[5] __attribute__((aligned(4))); 3890 U2 y2 = 0; 3891 U4 origin = __LINE__; 3892 __msan_poison(&y2, 1); 3893 __msan_set_origin(&y2, 1, origin); 3894 3895 __sanitizer_unaligned_store16(x + 1, y2); 3896 EXPECT_POISONED_O(x[0], origin); 3897 EXPECT_POISONED_O(x[1], origin); 3898 EXPECT_NOT_POISONED(x[2]); 3899 EXPECT_POISONED_O(x[3], origin); 3900} 3901 3902TEST(MemorySanitizer, UnalignedStore32) { 3903 char x[8] __attribute__((aligned(4))); 3904 U4 y4 = 0; 3905 U4 origin = __LINE__; 3906 __msan_poison(&y4, 2); 3907 __msan_set_origin(&y4, 2, origin); 3908 3909 __sanitizer_unaligned_store32(x + 3, y4); 3910 EXPECT_POISONED_O(x[0], origin); 3911 EXPECT_POISONED_O(x[1], origin); 3912 EXPECT_POISONED_O(x[2], origin); 3913 EXPECT_POISONED_O(x[3], origin); 3914 EXPECT_POISONED_O(x[4], origin); 3915 EXPECT_NOT_POISONED(x[5]); 3916 EXPECT_NOT_POISONED(x[6]); 3917 EXPECT_POISONED_O(x[7], origin); 3918} 3919 3920TEST(MemorySanitizer, UnalignedStore64) { 3921 char x[16] __attribute__((aligned(8))); 3922 U8 y8 = 0; 3923 U4 origin = __LINE__; 3924 __msan_poison(&y8, 3); 3925 __msan_poison(((char *)&y8) + sizeof(y8) - 2, 1); 3926 __msan_set_origin(&y8, 8, origin); 3927 3928 __sanitizer_unaligned_store64(x + 3, y8); 3929 EXPECT_POISONED_O(x[0], origin); 3930 EXPECT_POISONED_O(x[1], origin); 3931 EXPECT_POISONED_O(x[2], origin); 3932 EXPECT_POISONED_O(x[3], origin); 3933 EXPECT_POISONED_O(x[4], origin); 3934 EXPECT_POISONED_O(x[5], origin); 3935 EXPECT_NOT_POISONED(x[6]); 3936 EXPECT_NOT_POISONED(x[7]); 3937 EXPECT_NOT_POISONED(x[8]); 3938 EXPECT_POISONED_O(x[9], origin); 3939 EXPECT_NOT_POISONED(x[10]); 3940 EXPECT_POISONED_O(x[11], origin); 3941} 3942 3943TEST(MemorySanitizer, UnalignedStore16_precise) { 3944 char x[8] __attribute__((aligned(4))); 3945 U2 y = 0; 3946 U4 originx1 = __LINE__; 3947 U4 originx2 = __LINE__; 3948 U4 originy = __LINE__; 3949 __msan_poison(x, sizeof(x)); 3950 __msan_set_origin(x, 4, originx1); 3951 __msan_set_origin(x + 4, 4, originx2); 3952 __msan_poison(((char *)&y) + 1, 1); 3953 __msan_set_origin(&y, sizeof(y), originy); 3954 3955 __sanitizer_unaligned_store16(x + 3, y); 3956 EXPECT_POISONED_O(x[0], originx1); 3957 EXPECT_POISONED_O(x[1], originx1); 3958 EXPECT_POISONED_O(x[2], originx1); 3959 EXPECT_NOT_POISONED(x[3]); 3960 EXPECT_POISONED_O(x[4], originy); 3961 EXPECT_POISONED_O(x[5], originy); 3962 EXPECT_POISONED_O(x[6], originy); 3963 EXPECT_POISONED_O(x[7], originy); 3964} 3965 3966TEST(MemorySanitizer, UnalignedStore16_precise2) { 3967 char x[8] __attribute__((aligned(4))); 3968 U2 y = 0; 3969 U4 originx1 = __LINE__; 3970 U4 originx2 = __LINE__; 3971 U4 originy = __LINE__; 3972 __msan_poison(x, sizeof(x)); 3973 __msan_set_origin(x, 4, originx1); 3974 __msan_set_origin(x + 4, 4, originx2); 3975 __msan_poison(((char *)&y), 1); 3976 __msan_set_origin(&y, sizeof(y), originy); 3977 3978 __sanitizer_unaligned_store16(x + 3, y); 3979 EXPECT_POISONED_O(x[0], originy); 3980 EXPECT_POISONED_O(x[1], originy); 3981 EXPECT_POISONED_O(x[2], originy); 3982 EXPECT_POISONED_O(x[3], originy); 3983 EXPECT_NOT_POISONED(x[4]); 3984 EXPECT_POISONED_O(x[5], originx2); 3985 EXPECT_POISONED_O(x[6], originx2); 3986 EXPECT_POISONED_O(x[7], originx2); 3987} 3988 3989TEST(MemorySanitizer, UnalignedStore64_precise) { 3990 char x[12] __attribute__((aligned(8))); 3991 U8 y = 0; 3992 U4 originx1 = __LINE__; 3993 U4 originx2 = __LINE__; 3994 U4 originx3 = __LINE__; 3995 U4 originy = __LINE__; 3996 __msan_poison(x, sizeof(x)); 3997 __msan_set_origin(x, 4, originx1); 3998 __msan_set_origin(x + 4, 4, originx2); 3999 __msan_set_origin(x + 8, 4, originx3); 4000 __msan_poison(((char *)&y) + 1, 1); 4001 __msan_poison(((char *)&y) + 7, 1); 4002 __msan_set_origin(&y, sizeof(y), originy); 4003 4004 __sanitizer_unaligned_store64(x + 2, y); 4005 EXPECT_POISONED_O(x[0], originy); 4006 EXPECT_POISONED_O(x[1], originy); 4007 EXPECT_NOT_POISONED(x[2]); 4008 EXPECT_POISONED_O(x[3], originy); 4009 4010 EXPECT_NOT_POISONED(x[4]); 4011 EXPECT_NOT_POISONED(x[5]); 4012 EXPECT_NOT_POISONED(x[6]); 4013 EXPECT_NOT_POISONED(x[7]); 4014 4015 EXPECT_NOT_POISONED(x[8]); 4016 EXPECT_POISONED_O(x[9], originy); 4017 EXPECT_POISONED_O(x[10], originy); 4018 EXPECT_POISONED_O(x[11], originy); 4019} 4020 4021TEST(MemorySanitizer, UnalignedStore64_precise2) { 4022 char x[12] __attribute__((aligned(8))); 4023 U8 y = 0; 4024 U4 originx1 = __LINE__; 4025 U4 originx2 = __LINE__; 4026 U4 originx3 = __LINE__; 4027 U4 originy = __LINE__; 4028 __msan_poison(x, sizeof(x)); 4029 __msan_set_origin(x, 4, originx1); 4030 __msan_set_origin(x + 4, 4, originx2); 4031 __msan_set_origin(x + 8, 4, originx3); 4032 __msan_poison(((char *)&y) + 3, 3); 4033 __msan_set_origin(&y, sizeof(y), originy); 4034 4035 __sanitizer_unaligned_store64(x + 2, y); 4036 EXPECT_POISONED_O(x[0], originx1); 4037 EXPECT_POISONED_O(x[1], originx1); 4038 EXPECT_NOT_POISONED(x[2]); 4039 EXPECT_NOT_POISONED(x[3]); 4040 4041 EXPECT_NOT_POISONED(x[4]); 4042 EXPECT_POISONED_O(x[5], originy); 4043 EXPECT_POISONED_O(x[6], originy); 4044 EXPECT_POISONED_O(x[7], originy); 4045 4046 EXPECT_NOT_POISONED(x[8]); 4047 EXPECT_NOT_POISONED(x[9]); 4048 EXPECT_POISONED_O(x[10], originx3); 4049 EXPECT_POISONED_O(x[11], originx3); 4050} 4051 4052#if (defined(__x86_64__) && defined(__clang__)) 4053namespace { 4054typedef U1 V16x8 __attribute__((__vector_size__(16))); 4055typedef U2 V8x16 __attribute__((__vector_size__(16))); 4056typedef U4 V4x32 __attribute__((__vector_size__(16))); 4057typedef U8 V2x64 __attribute__((__vector_size__(16))); 4058typedef U4 V8x32 __attribute__((__vector_size__(32))); 4059typedef U8 V4x64 __attribute__((__vector_size__(32))); 4060typedef U4 V2x32 __attribute__((__vector_size__(8))); 4061typedef U2 V4x16 __attribute__((__vector_size__(8))); 4062typedef U1 V8x8 __attribute__((__vector_size__(8))); 4063 4064V8x16 shift_sse2_left_scalar(V8x16 x, U4 y) { 4065 return _mm_slli_epi16(x, y); 4066} 4067 4068V8x16 shift_sse2_left(V8x16 x, V8x16 y) { 4069 return _mm_sll_epi16(x, y); 4070} 4071 4072TEST(VectorShiftTest, sse2_left_scalar) { 4073 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7}; 4074 V8x16 u = shift_sse2_left_scalar(v, 2); 4075 EXPECT_POISONED(u[0]); 4076 EXPECT_POISONED(u[1]); 4077 EXPECT_NOT_POISONED(u[0] | (3U << 2)); 4078 EXPECT_NOT_POISONED(u[1] | (7U << 2)); 4079 u[0] = u[1] = 0; 4080 EXPECT_NOT_POISONED(u); 4081} 4082 4083TEST(VectorShiftTest, sse2_left_scalar_by_uninit) { 4084 V8x16 v = {0, 1, 2, 3, 4, 5, 6, 7}; 4085 V8x16 u = shift_sse2_left_scalar(v, Poisoned<U4>()); 4086 EXPECT_POISONED(u[0]); 4087 EXPECT_POISONED(u[1]); 4088 EXPECT_POISONED(u[2]); 4089 EXPECT_POISONED(u[3]); 4090 EXPECT_POISONED(u[4]); 4091 EXPECT_POISONED(u[5]); 4092 EXPECT_POISONED(u[6]); 4093 EXPECT_POISONED(u[7]); 4094} 4095 4096TEST(VectorShiftTest, sse2_left) { 4097 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7}; 4098 // Top 64 bits of shift count don't affect the result. 4099 V2x64 s = {2, Poisoned<U8>()}; 4100 V8x16 u = shift_sse2_left(v, s); 4101 EXPECT_POISONED(u[0]); 4102 EXPECT_POISONED(u[1]); 4103 EXPECT_NOT_POISONED(u[0] | (3U << 2)); 4104 EXPECT_NOT_POISONED(u[1] | (7U << 2)); 4105 u[0] = u[1] = 0; 4106 EXPECT_NOT_POISONED(u); 4107} 4108 4109TEST(VectorShiftTest, sse2_left_by_uninit) { 4110 V8x16 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3, 4, 5, 6, 7}; 4111 V2x64 s = {Poisoned<U8>(), Poisoned<U8>()}; 4112 V8x16 u = shift_sse2_left(v, s); 4113 EXPECT_POISONED(u[0]); 4114 EXPECT_POISONED(u[1]); 4115 EXPECT_POISONED(u[2]); 4116 EXPECT_POISONED(u[3]); 4117 EXPECT_POISONED(u[4]); 4118 EXPECT_POISONED(u[5]); 4119 EXPECT_POISONED(u[6]); 4120 EXPECT_POISONED(u[7]); 4121} 4122 4123#ifdef __AVX2__ 4124V4x32 shift_avx2_left(V4x32 x, V4x32 y) { 4125 return _mm_sllv_epi32(x, y); 4126} 4127// This is variable vector shift that's only available starting with AVX2. 4128// V4x32 shift_avx2_left(V4x32 x, V4x32 y) { 4129TEST(VectorShiftTest, avx2_left) { 4130 V4x32 v = {Poisoned<U2>(0, 3), Poisoned<U2>(0, 7), 2, 3}; 4131 V4x32 s = {2, Poisoned<U4>(), 3, Poisoned<U4>()}; 4132 V4x32 u = shift_avx2_left(v, s); 4133 EXPECT_POISONED(u[0]); 4134 EXPECT_NOT_POISONED(u[0] | (~7U)); 4135 EXPECT_POISONED(u[1]); 4136 EXPECT_POISONED(u[1] | (~31U)); 4137 EXPECT_NOT_POISONED(u[2]); 4138 EXPECT_POISONED(u[3]); 4139 EXPECT_POISONED(u[3] | (~31U)); 4140} 4141#endif // __AVX2__ 4142} // namespace 4143 4144TEST(VectorPackTest, sse2_packssdw_128) { 4145 const unsigned S2_max = (1 << 15) - 1; 4146 V4x32 a = {Poisoned<U4>(0, 0xFF0000), Poisoned<U4>(0, 0xFFFF0000), 4147 S2_max + 100, 4}; 4148 V4x32 b = {Poisoned<U4>(0, 0xFF), S2_max + 10000, Poisoned<U4>(0, 0xFF00), 4149 S2_max}; 4150 4151 V8x16 c = _mm_packs_epi32(a, b); 4152 4153 EXPECT_POISONED(c[0]); 4154 EXPECT_POISONED(c[1]); 4155 EXPECT_NOT_POISONED(c[2]); 4156 EXPECT_NOT_POISONED(c[3]); 4157 EXPECT_POISONED(c[4]); 4158 EXPECT_NOT_POISONED(c[5]); 4159 EXPECT_POISONED(c[6]); 4160 EXPECT_NOT_POISONED(c[7]); 4161 4162 EXPECT_EQ(c[2], S2_max); 4163 EXPECT_EQ(c[3], 4); 4164 EXPECT_EQ(c[5], S2_max); 4165 EXPECT_EQ(c[7], S2_max); 4166} 4167 4168TEST(VectorPackTest, mmx_packuswb) { 4169 const unsigned U1_max = (1 << 8) - 1; 4170 V4x16 a = {Poisoned<U2>(0, 0xFF00), Poisoned<U2>(0, 0xF000U), U1_max + 100, 4171 4}; 4172 V4x16 b = {Poisoned<U2>(0, 0xFF), U1_max - 1, Poisoned<U2>(0, 0xF), U1_max}; 4173 V8x8 c = _mm_packs_pu16(a, b); 4174 4175 EXPECT_POISONED(c[0]); 4176 EXPECT_POISONED(c[1]); 4177 EXPECT_NOT_POISONED(c[2]); 4178 EXPECT_NOT_POISONED(c[3]); 4179 EXPECT_POISONED(c[4]); 4180 EXPECT_NOT_POISONED(c[5]); 4181 EXPECT_POISONED(c[6]); 4182 EXPECT_NOT_POISONED(c[7]); 4183 4184 EXPECT_EQ(c[2], U1_max); 4185 EXPECT_EQ(c[3], 4); 4186 EXPECT_EQ(c[5], U1_max - 1); 4187 EXPECT_EQ(c[7], U1_max); 4188} 4189 4190TEST(VectorSadTest, sse2_psad_bw) { 4191 V16x8 a = {Poisoned<U1>(), 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15}; 4192 V16x8 b = {100, 101, 102, 103, 104, 105, 106, 107, 4193 108, 109, 110, 111, 112, 113, 114, 115}; 4194 V2x64 c = _mm_sad_epu8(a, b); 4195 4196 EXPECT_POISONED(c[0]); 4197 EXPECT_NOT_POISONED(c[1]); 4198 4199 EXPECT_EQ(800U, c[1]); 4200} 4201 4202TEST(VectorMaddTest, mmx_pmadd_wd) { 4203 V4x16 a = {Poisoned<U2>(), 1, 2, 3}; 4204 V4x16 b = {100, 101, 102, 103}; 4205 V2x32 c = _mm_madd_pi16(a, b); 4206 4207 EXPECT_POISONED(c[0]); 4208 EXPECT_NOT_POISONED(c[1]); 4209 4210 EXPECT_EQ((unsigned)(2 * 102 + 3 * 103), c[1]); 4211} 4212 4213TEST(VectorCmpTest, mm_cmpneq_ps) { 4214 V4x32 c; 4215 c = _mm_cmpneq_ps(V4x32{Poisoned<U4>(), 1, 2, 3}, V4x32{4, 5, Poisoned<U4>(), 6}); 4216 EXPECT_POISONED(c[0]); 4217 EXPECT_NOT_POISONED(c[1]); 4218 EXPECT_POISONED(c[2]); 4219 EXPECT_NOT_POISONED(c[3]); 4220 4221 c = _mm_cmpneq_ps(V4x32{0, 1, 2, 3}, V4x32{4, 5, 6, 7}); 4222 EXPECT_NOT_POISONED(c); 4223} 4224 4225TEST(VectorCmpTest, mm_cmpneq_sd) { 4226 V2x64 c; 4227 c = _mm_cmpneq_sd(V2x64{Poisoned<U8>(), 1}, V2x64{2, 3}); 4228 EXPECT_POISONED(c[0]); 4229 c = _mm_cmpneq_sd(V2x64{1, 2}, V2x64{Poisoned<U8>(), 3}); 4230 EXPECT_POISONED(c[0]); 4231 c = _mm_cmpneq_sd(V2x64{1, 2}, V2x64{3, 4}); 4232 EXPECT_NOT_POISONED(c[0]); 4233 c = _mm_cmpneq_sd(V2x64{1, Poisoned<U8>()}, V2x64{2, Poisoned<U8>()}); 4234 EXPECT_NOT_POISONED(c[0]); 4235 c = _mm_cmpneq_sd(V2x64{1, Poisoned<U8>()}, V2x64{1, Poisoned<U8>()}); 4236 EXPECT_NOT_POISONED(c[0]); 4237} 4238 4239TEST(VectorCmpTest, builtin_ia32_ucomisdlt) { 4240 U4 c; 4241 c = __builtin_ia32_ucomisdlt(V2x64{Poisoned<U8>(), 1}, V2x64{2, 3}); 4242 EXPECT_POISONED(c); 4243 c = __builtin_ia32_ucomisdlt(V2x64{1, 2}, V2x64{Poisoned<U8>(), 3}); 4244 EXPECT_POISONED(c); 4245 c = __builtin_ia32_ucomisdlt(V2x64{1, 2}, V2x64{3, 4}); 4246 EXPECT_NOT_POISONED(c); 4247 c = __builtin_ia32_ucomisdlt(V2x64{1, Poisoned<U8>()}, V2x64{2, Poisoned<U8>()}); 4248 EXPECT_NOT_POISONED(c); 4249 c = __builtin_ia32_ucomisdlt(V2x64{1, Poisoned<U8>()}, V2x64{1, Poisoned<U8>()}); 4250 EXPECT_NOT_POISONED(c); 4251} 4252 4253#endif // defined(__x86_64__) && defined(__clang__) 4254 4255TEST(MemorySanitizerOrigins, SetGet) { 4256 EXPECT_EQ(TrackingOrigins(), !!__msan_get_track_origins()); 4257 if (!TrackingOrigins()) return; 4258 int x; 4259 __msan_set_origin(&x, sizeof(x), 1234); 4260 EXPECT_ORIGIN(1234U, __msan_get_origin(&x)); 4261 __msan_set_origin(&x, sizeof(x), 5678); 4262 EXPECT_ORIGIN(5678U, __msan_get_origin(&x)); 4263 __msan_set_origin(&x, sizeof(x), 0); 4264 EXPECT_ORIGIN(0U, __msan_get_origin(&x)); 4265} 4266 4267namespace { 4268struct S { 4269 U4 dummy; 4270 U2 a; 4271 U2 b; 4272}; 4273 4274TEST(MemorySanitizerOrigins, InitializedStoreDoesNotChangeOrigin) { 4275 if (!TrackingOrigins()) return; 4276 4277 S s; 4278 U4 origin = rand(); // NOLINT 4279 s.a = *GetPoisonedO<U2>(0, origin); 4280 EXPECT_ORIGIN(origin, __msan_get_origin(&s.a)); 4281 EXPECT_ORIGIN(origin, __msan_get_origin(&s.b)); 4282 4283 s.b = 42; 4284 EXPECT_ORIGIN(origin, __msan_get_origin(&s.a)); 4285 EXPECT_ORIGIN(origin, __msan_get_origin(&s.b)); 4286} 4287} // namespace 4288 4289template<class T, class BinaryOp> 4290INLINE 4291void BinaryOpOriginTest(BinaryOp op) { 4292 U4 ox = rand(); //NOLINT 4293 U4 oy = rand(); //NOLINT 4294 T *x = GetPoisonedO<T>(0, ox, 0); 4295 T *y = GetPoisonedO<T>(1, oy, 0); 4296 T *z = GetPoisonedO<T>(2, 0, 0); 4297 4298 *z = op(*x, *y); 4299 U4 origin = __msan_get_origin(z); 4300 EXPECT_POISONED_O(*z, origin); 4301 EXPECT_EQ(true, __msan_origin_is_descendant_or_same(origin, ox) || 4302 __msan_origin_is_descendant_or_same(origin, oy)); 4303 4304 // y is poisoned, x is not. 4305 *x = 10101; 4306 *y = *GetPoisonedO<T>(1, oy); 4307 break_optimization(x); 4308 __msan_set_origin(z, sizeof(*z), 0); 4309 *z = op(*x, *y); 4310 EXPECT_POISONED_O(*z, oy); 4311 EXPECT_ORIGIN(oy, __msan_get_origin(z)); 4312 4313 // x is poisoned, y is not. 4314 *x = *GetPoisonedO<T>(0, ox); 4315 *y = 10101010; 4316 break_optimization(y); 4317 __msan_set_origin(z, sizeof(*z), 0); 4318 *z = op(*x, *y); 4319 EXPECT_POISONED_O(*z, ox); 4320 EXPECT_ORIGIN(ox, __msan_get_origin(z)); 4321} 4322 4323template<class T> INLINE T XOR(const T &a, const T&b) { return a ^ b; } 4324template<class T> INLINE T ADD(const T &a, const T&b) { return a + b; } 4325template<class T> INLINE T SUB(const T &a, const T&b) { return a - b; } 4326template<class T> INLINE T MUL(const T &a, const T&b) { return a * b; } 4327template<class T> INLINE T AND(const T &a, const T&b) { return a & b; } 4328template<class T> INLINE T OR (const T &a, const T&b) { return a | b; } 4329 4330TEST(MemorySanitizerOrigins, BinaryOp) { 4331 if (!TrackingOrigins()) return; 4332 BinaryOpOriginTest<S8>(XOR<S8>); 4333 BinaryOpOriginTest<U8>(ADD<U8>); 4334 BinaryOpOriginTest<S4>(SUB<S4>); 4335 BinaryOpOriginTest<S4>(MUL<S4>); 4336 BinaryOpOriginTest<U4>(OR<U4>); 4337 BinaryOpOriginTest<U4>(AND<U4>); 4338 BinaryOpOriginTest<double>(ADD<U4>); 4339 BinaryOpOriginTest<float>(ADD<S4>); 4340 BinaryOpOriginTest<double>(ADD<double>); 4341 BinaryOpOriginTest<float>(ADD<double>); 4342} 4343 4344TEST(MemorySanitizerOrigins, Unary) { 4345 if (!TrackingOrigins()) return; 4346 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 4347 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 4348 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 4349 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__), __LINE__); 4350 4351 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4352 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4353 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4354 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4355 4356 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 4357 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 4358 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 4359 EXPECT_POISONED_O(*GetPoisonedO<U4>(0, __LINE__), __LINE__); 4360 4361 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4362 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4363 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4364 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4365 4366 EXPECT_POISONED_O((void*)*GetPoisonedO<S8>(0, __LINE__), __LINE__); 4367 EXPECT_POISONED_O((U8)*GetPoisonedO<void*>(0, __LINE__), __LINE__); 4368} 4369 4370TEST(MemorySanitizerOrigins, EQ) { 4371 if (!TrackingOrigins()) return; 4372 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) <= 11, __LINE__); 4373 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__) == 11, __LINE__); 4374 EXPECT_POISONED_O(*GetPoisonedO<float>(0, __LINE__) == 1.1, __LINE__); 4375} 4376 4377TEST(MemorySanitizerOrigins, DIV) { 4378 if (!TrackingOrigins()) return; 4379 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) / 100, __LINE__); 4380 unsigned o = __LINE__; 4381 EXPECT_UMR_O(volatile unsigned y = 100 / *GetPoisonedO<S4>(0, o, 1), o); 4382} 4383 4384TEST(MemorySanitizerOrigins, SHIFT) { 4385 if (!TrackingOrigins()) return; 4386 EXPECT_POISONED_O(*GetPoisonedO<U8>(0, __LINE__) >> 10, __LINE__); 4387 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) >> 10, __LINE__); 4388 EXPECT_POISONED_O(*GetPoisonedO<S8>(0, __LINE__) << 10, __LINE__); 4389 EXPECT_POISONED_O(10U << *GetPoisonedO<U8>(0, __LINE__), __LINE__); 4390 EXPECT_POISONED_O(-10 >> *GetPoisonedO<S8>(0, __LINE__), __LINE__); 4391 EXPECT_POISONED_O(-10 << *GetPoisonedO<S8>(0, __LINE__), __LINE__); 4392} 4393 4394template<class T, int N> 4395void MemCpyTest() { 4396 int ox = __LINE__; 4397 T *x = new T[N]; 4398 T *y = new T[N]; 4399 T *z = new T[N]; 4400 T *q = new T[N]; 4401 __msan_poison(x, N * sizeof(T)); 4402 __msan_set_origin(x, N * sizeof(T), ox); 4403 __msan_set_origin(y, N * sizeof(T), 777777); 4404 __msan_set_origin(z, N * sizeof(T), 888888); 4405 EXPECT_NOT_POISONED(x); 4406 memcpy(y, x, N * sizeof(T)); 4407 EXPECT_POISONED_O(y[0], ox); 4408 EXPECT_POISONED_O(y[N/2], ox); 4409 EXPECT_POISONED_O(y[N-1], ox); 4410 EXPECT_NOT_POISONED(x); 4411#if !defined(__NetBSD__) 4412 void *res = mempcpy(q, x, N * sizeof(T)); 4413 ASSERT_EQ(q + N, res); 4414 EXPECT_POISONED_O(q[0], ox); 4415 EXPECT_POISONED_O(q[N/2], ox); 4416 EXPECT_POISONED_O(q[N-1], ox); 4417 EXPECT_NOT_POISONED(x); 4418#endif 4419 memmove(z, x, N * sizeof(T)); 4420 EXPECT_POISONED_O(z[0], ox); 4421 EXPECT_POISONED_O(z[N/2], ox); 4422 EXPECT_POISONED_O(z[N-1], ox); 4423} 4424 4425TEST(MemorySanitizerOrigins, LargeMemCpy) { 4426 if (!TrackingOrigins()) return; 4427 MemCpyTest<U1, 10000>(); 4428 MemCpyTest<U8, 10000>(); 4429} 4430 4431TEST(MemorySanitizerOrigins, SmallMemCpy) { 4432 if (!TrackingOrigins()) return; 4433 MemCpyTest<U8, 1>(); 4434 MemCpyTest<U8, 2>(); 4435 MemCpyTest<U8, 3>(); 4436} 4437 4438TEST(MemorySanitizerOrigins, Select) { 4439 if (!TrackingOrigins()) return; 4440 EXPECT_NOT_POISONED(g_one ? 1 : *GetPoisonedO<S4>(0, __LINE__)); 4441 EXPECT_POISONED_O(*GetPoisonedO<S4>(0, __LINE__), __LINE__); 4442 S4 x; 4443 break_optimization(&x); 4444 x = g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 0; 4445 4446 EXPECT_POISONED_O(g_1 ? *GetPoisonedO<S4>(0, __LINE__) : 1, __LINE__); 4447 EXPECT_POISONED_O(g_0 ? 1 : *GetPoisonedO<S4>(0, __LINE__), __LINE__); 4448} 4449 4450NOINLINE int RetvalOriginTest(U4 origin) { 4451 int *a = new int; 4452 break_optimization(a); 4453 __msan_set_origin(a, sizeof(*a), origin); 4454 int res = *a; 4455 delete a; 4456 return res; 4457} 4458 4459TEST(MemorySanitizerOrigins, Retval) { 4460 if (!TrackingOrigins()) return; 4461 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__); 4462} 4463 4464NOINLINE void ParamOriginTest(int param, U4 origin) { 4465 EXPECT_POISONED_O(param, origin); 4466} 4467 4468TEST(MemorySanitizerOrigins, Param) { 4469 if (!TrackingOrigins()) return; 4470 int *a = new int; 4471 U4 origin = __LINE__; 4472 break_optimization(a); 4473 __msan_set_origin(a, sizeof(*a), origin); 4474 ParamOriginTest(*a, origin); 4475 delete a; 4476} 4477 4478TEST(MemorySanitizerOrigins, Invoke) { 4479 if (!TrackingOrigins()) return; 4480 StructWithDtor s; // Will cause the calls to become invokes. 4481 EXPECT_POISONED_O(RetvalOriginTest(__LINE__), __LINE__); 4482} 4483 4484TEST(MemorySanitizerOrigins, strlen) { 4485 S8 alignment; 4486 break_optimization(&alignment); 4487 char x[4] = {'a', 'b', 0, 0}; 4488 __msan_poison(&x[2], 1); 4489 U4 origin = __LINE__; 4490 __msan_set_origin(x, sizeof(x), origin); 4491 EXPECT_UMR_O(volatile unsigned y = strlen(x), origin); 4492} 4493 4494TEST(MemorySanitizerOrigins, wcslen) { 4495 wchar_t w[3] = {'a', 'b', 0}; 4496 U4 origin = __LINE__; 4497 __msan_set_origin(w, sizeof(w), origin); 4498 __msan_poison(&w[2], sizeof(wchar_t)); 4499 EXPECT_UMR_O(volatile unsigned y = wcslen(w), origin); 4500} 4501 4502#if MSAN_HAS_M128 4503TEST(MemorySanitizerOrigins, StoreIntrinsic) { 4504 __m128 x, y; 4505 U4 origin = __LINE__; 4506 __msan_set_origin(&x, sizeof(x), origin); 4507 __msan_poison(&x, sizeof(x)); 4508 _mm_storeu_ps((float*)&y, x); 4509 EXPECT_POISONED_O(y, origin); 4510} 4511#endif 4512 4513NOINLINE void RecursiveMalloc(int depth) { 4514 static int count; 4515 count++; 4516 if ((count % (1024 * 1024)) == 0) 4517 printf("RecursiveMalloc: %d\n", count); 4518 int *x1 = new int; 4519 int *x2 = new int; 4520 break_optimization(x1); 4521 break_optimization(x2); 4522 if (depth > 0) { 4523 RecursiveMalloc(depth-1); 4524 RecursiveMalloc(depth-1); 4525 } 4526 delete x1; 4527 delete x2; 4528} 4529 4530TEST(MemorySanitizer, Select) { 4531 int x; 4532 int volatile* p = &x; 4533 int z = *p ? 1 : 0; 4534 EXPECT_POISONED(z); 4535} 4536 4537TEST(MemorySanitizer, SelectPartial) { 4538 // Precise instrumentation of select. 4539 // Some bits of the result do not depend on select condition, and must stay 4540 // initialized even if select condition is not. These are the bits that are 4541 // equal and initialized in both left and right select arguments. 4542 U4 x = 0xFFFFABCDU; 4543 U4 x_s = 0xFFFF0000U; 4544 __msan_partial_poison(&x, &x_s, sizeof(x)); 4545 U4 y = 0xAB00U; 4546 U1 cond = true; 4547 __msan_poison(&cond, sizeof(cond)); 4548 U4 z = cond ? x : y; 4549 __msan_print_shadow(&z, sizeof(z)); 4550 EXPECT_POISONED(z & 0xFFU); 4551 EXPECT_NOT_POISONED(z & 0xFF00U); 4552 EXPECT_POISONED(z & 0xFF0000U); 4553 EXPECT_POISONED(z & 0xFF000000U); 4554 EXPECT_EQ(0xAB00U, z & 0xFF00U); 4555} 4556 4557TEST(MemorySanitizerStress, DISABLED_MallocStackTrace) { 4558 RecursiveMalloc(22); 4559} 4560 4561TEST(MemorySanitizerAllocator, get_estimated_allocated_size) { 4562 size_t sizes[] = {0, 20, 5000, 1<<20}; 4563 for (size_t i = 0; i < sizeof(sizes) / sizeof(*sizes); ++i) { 4564 size_t alloc_size = __sanitizer_get_estimated_allocated_size(sizes[i]); 4565 EXPECT_EQ(alloc_size, sizes[i]); 4566 } 4567} 4568 4569TEST(MemorySanitizerAllocator, get_allocated_size_and_ownership) { 4570 char *array = reinterpret_cast<char*>(malloc(100)); 4571 int *int_ptr = new int; 4572 4573 EXPECT_TRUE(__sanitizer_get_ownership(array)); 4574 EXPECT_EQ(100U, __sanitizer_get_allocated_size(array)); 4575 4576 EXPECT_TRUE(__sanitizer_get_ownership(int_ptr)); 4577 EXPECT_EQ(sizeof(*int_ptr), __sanitizer_get_allocated_size(int_ptr)); 4578 4579 void *wild_addr = reinterpret_cast<void*>(0x1); 4580 EXPECT_FALSE(__sanitizer_get_ownership(wild_addr)); 4581 EXPECT_EQ(0U, __sanitizer_get_allocated_size(wild_addr)); 4582 4583 EXPECT_FALSE(__sanitizer_get_ownership(array + 50)); 4584 EXPECT_EQ(0U, __sanitizer_get_allocated_size(array + 50)); 4585 4586 // NULL is a valid argument for GetAllocatedSize but is not owned. 4587 EXPECT_FALSE(__sanitizer_get_ownership(NULL)); 4588 EXPECT_EQ(0U, __sanitizer_get_allocated_size(NULL)); 4589 4590 free(array); 4591 EXPECT_FALSE(__sanitizer_get_ownership(array)); 4592 EXPECT_EQ(0U, __sanitizer_get_allocated_size(array)); 4593 4594 delete int_ptr; 4595} 4596 4597TEST(MemorySanitizer, MlockTest) { 4598 EXPECT_EQ(0, mlockall(MCL_CURRENT)); 4599 EXPECT_EQ(0, mlock((void*)0x12345, 0x5678)); 4600 EXPECT_EQ(0, munlockall()); 4601 EXPECT_EQ(0, munlock((void*)0x987, 0x654)); 4602} 4603 4604// Test that LargeAllocator unpoisons memory before releasing it to the OS. 4605TEST(MemorySanitizer, LargeAllocatorUnpoisonsOnFree) { 4606 void *p = malloc(1024 * 1024); 4607 free(p); 4608 4609 typedef void *(*mmap_fn)(void *, size_t, int, int, int, off_t); 4610 mmap_fn real_mmap = (mmap_fn)dlsym(RTLD_NEXT, "mmap"); 4611 4612 // Allocate the page that was released to the OS in free() with the real mmap, 4613 // bypassing the interceptor. 4614 char *q = (char *)real_mmap(p, 4096, PROT_READ | PROT_WRITE, 4615 MAP_PRIVATE | MAP_ANONYMOUS, -1, 0); 4616 ASSERT_NE((char *)0, q); 4617 4618 ASSERT_TRUE(q <= p); 4619 ASSERT_TRUE(q + 4096 > p); 4620 4621 EXPECT_NOT_POISONED(q[0]); 4622 EXPECT_NOT_POISONED(q[10]); 4623 EXPECT_NOT_POISONED(q[100]); 4624 4625 munmap(q, 4096); 4626} 4627 4628#if SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE 4629TEST(MemorySanitizer, MallocUsableSizeTest) { 4630 const size_t kArraySize = 100; 4631 char *array = Ident((char*)malloc(kArraySize)); 4632 int *int_ptr = Ident(new int); 4633 EXPECT_EQ(0U, malloc_usable_size(NULL)); 4634 EXPECT_EQ(kArraySize, malloc_usable_size(array)); 4635 EXPECT_EQ(sizeof(int), malloc_usable_size(int_ptr)); 4636 free(array); 4637 delete int_ptr; 4638} 4639#endif // SANITIZER_TEST_HAS_MALLOC_USABLE_SIZE 4640