15c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// RUN: %clang_cl_asan -O0 %p/dll_host.cc -Fe%t 25c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// RUN: %clang_cl_asan -LD -O0 %s -Fe%t.dll 35c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// RUN: not %run %t %t.dll 2>&1 | FileCheck %s 45c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 55c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)#include <malloc.h> 65c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) 75c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)extern "C" __declspec(dllexport) 85c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)int test_function() { 95c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) int *buffer = (int*)malloc(42); 105c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) free(buffer); 115c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) buffer[0] = 42; 125c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK: AddressSanitizer: heap-use-after-free on address [[ADDR:0x[0-9a-f]+]] 135c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK: WRITE of size 4 at [[ADDR]] thread T0 145c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-NEXT: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-3]] 155c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-NEXT: main {{.*}}dll_host 165c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// 175c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK: [[ADDR]] is located 0 bytes inside of 42-byte region 185c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-LABEL: freed by thread T0 here: 195c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-NEXT: free 205c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-NEXT: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-10]] 215c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-NEXT: main {{.*}}dll_host 225c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// 235c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-LABEL: previously allocated by thread T0 here: 245c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-NEXT: malloc 255c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-NEXT: test_function {{.*}}dll_malloc_uaf.cc:[[@LINE-16]] 265c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)// CHECK-NEXT: main {{.*}}dll_host 275c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles) return 0; 285c87bf8b86a7c82ef50fb7a89697d8e02e2553beTorne (Richard Coles)} 29e69819bd8e388ea4ad1636a19aa6b2eed4952191Ben Murdoch