1cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar// RUN: %clangxx_asan -O0 -mllvm -asan-instrument-allocas %s -o %t 2cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar// RUN: not %run %t 2>&1 | FileCheck %s 3cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar// 4cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar 5cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar// This is reduced testcase based on Chromium code. 6cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar// See http://reviews.llvm.org/D6055?vs=on&id=15616&whitespace=ignore-all#toc. 7cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar 8cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar#include <stdint.h> 9cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar#include <assert.h> 10cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar 11cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainarint a = 7; 12cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainarint b; 13cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainarint c; 14cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainarint *p; 15cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar 16cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar__attribute__((noinline)) void fn3(int *first, int second) { 17cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar} 18cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar 19cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainarint main() { 20cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar int d = b && c; 21cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar int e[a]; // NOLINT 22cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar assert(!(reinterpret_cast<uintptr_t>(e) & 31L)); 23cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar int f; 24cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar if (d) 25cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar fn3(&f, sizeof 0 * (&c - e)); 26cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar e[a] = 0; 27cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar// CHECK: ERROR: AddressSanitizer: dynamic-stack-buffer-overflow on address [[ADDR:0x[0-9a-f]+]] 28cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar// CHECK: WRITE of size 4 at [[ADDR]] thread T0 29cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar return 0; 30cdce50bda3603770cc4ef80cbb613c78b8e47a17Pirama Arumuga Nainar} 31