1 // FIXME: https://code.google.com/p/address-sanitizer/issues/detail?id=316 2 // XFAIL: android 3 4 // RUN: rm -rf %t-dir 5 // RUN: mkdir -p %t-dir 6 // 7 // RUN: %clangxx_asan -O0 %s -DTEMP_DIR='"'"%t-dir"'"' -o %t && %run %t 2>&1 | FileCheck %s 8 // RUN: %clangxx_asan -O1 %s -DTEMP_DIR='"'"%t-dir"'"' -o %t && %run %t 2>&1 | FileCheck %s 9 // RUN: %clangxx_asan -O2 %s -DTEMP_DIR='"'"%t-dir"'"' -o %t && %run %t 2>&1 | FileCheck %s 10 // RUN: %clangxx_asan -O3 %s -DTEMP_DIR='"'"%t-dir"'"' -o %t && %run %t 2>&1 | FileCheck %s 11 // 12 // RUN: %clangxx_asan -O0 %s -D_FILE_OFFSET_BITS=64 -DTEMP_DIR='"'"%t-dir"'"' -o %t && %run %t 2>&1 | FileCheck %s 13 // RUN: %clangxx_asan -O1 %s -D_FILE_OFFSET_BITS=64 -DTEMP_DIR='"'"%t-dir"'"' -o %t && %run %t 2>&1 | FileCheck %s 14 // RUN: %clangxx_asan -O2 %s -D_FILE_OFFSET_BITS=64 -DTEMP_DIR='"'"%t-dir"'"' -o %t && %run %t 2>&1 | FileCheck %s 15 // RUN: %clangxx_asan -O3 %s -D_FILE_OFFSET_BITS=64 -DTEMP_DIR='"'"%t-dir"'"' -o %t && %run %t 2>&1 | FileCheck %s 16 17 #include <dirent.h> 18 #include <memory.h> 19 #include <stdio.h> 20 #include <stdlib.h> 21 #include <unistd.h> 22 23 24 int main() { 25 // Ensure the readdir_r interceptor doesn't erroneously mark the entire dirent 26 // as written when the end of the directory pointer is reached. 27 fputs("test1: reading the " TEMP_DIR " directory...\n", stderr); 28 DIR *d = opendir(TEMP_DIR); 29 struct dirent *result = (struct dirent *)(0xfeedbeef); 30 // We assume the temp dir for this test doesn't have crazy long file names. 31 char entry_buffer[4096]; 32 memset(entry_buffer, 0xab, sizeof(entry_buffer)); 33 unsigned count = 0; 34 do { 35 // Stamp the entry struct to try to trick the interceptor. 36 ((struct dirent *)entry_buffer)->d_reclen = 9999; 37 if (readdir_r(d, (struct dirent *)entry_buffer, &result) != 0) 38 abort(); 39 ++count; 40 } while (result != NULL); 41 fprintf(stderr, "read %d entries\n", count); 42 closedir(d); 43 // CHECK: test1: reading the {{.*}} directory... 44 // CHECK-NOT: stack-buffer-overflow 45 // CHECK: read {{.*}} entries 46 47 // Ensure the readdir64_r interceptor doesn't have the bug either. 48 fputs("test2: reading the " TEMP_DIR " directory...\n", stderr); 49 d = opendir(TEMP_DIR); 50 struct dirent64 *result64; 51 memset(entry_buffer, 0xab, sizeof(entry_buffer)); 52 count = 0; 53 do { 54 // Stamp the entry struct to try to trick the interceptor. 55 ((struct dirent64 *)entry_buffer)->d_reclen = 9999; 56 if (readdir64_r(d, (struct dirent64 *)entry_buffer, &result64) != 0) 57 abort(); 58 ++count; 59 } while (result64 != NULL); 60 fprintf(stderr, "read %d entries\n", count); 61 closedir(d); 62 // CHECK: test2: reading the {{.*}} directory... 63 // CHECK-NOT: stack-buffer-overflow 64 // CHECK: read {{.*}} entries 65 } 66