blob: c5a58f87f30582f35e839eadbbd3475a4ead0a64 [file] [log] [blame]
// RUN: %clang_scudo %s -o %t
// RUN: not %run %t malloc 2>&1 | FileCheck %s
// RUN: %env_scudo_opts=QuarantineSizeKb=64 not %run %t quarantine 2>&1 | FileCheck %s
// Tests that header corruption of an allocated or quarantined chunk is caught.
#include <assert.h>
#include <stdlib.h>
#include <string.h>
int main(int argc, char **argv)
{
ssize_t offset = sizeof(void *) == 8 ? 8 : 0;
assert(argc == 2);
if (!strcmp(argv[1], "malloc")) {
// Simulate a header corruption of an allocated chunk (1-bit)
void *p = malloc(1U << 4);
assert(p);
((char *)p)[-(offset + 1)] ^= 1;
free(p);
}
if (!strcmp(argv[1], "quarantine")) {
void *p = malloc(1U << 4);
assert(p);
free(p);
// Simulate a header corruption of a quarantined chunk
((char *)p)[-(offset + 2)] ^= 1;
// Trigger the quarantine recycle
for (int i = 0; i < 0x100; i++) {
p = malloc(1U << 8);
free(p);
}
}
return 0;
}
// CHECK: ERROR: corrupted chunk header at address