xref: /aosp_15_r20/external/compiler-rt/test/asan/TestCases/Linux/recvfrom.cc (revision 7c3d14c8b49c529e04be81a3ce6f5cc23712e4c6) 
1*7c3d14c8STreehugger Robot // Test that ASan detects buffer overflow on read from socket via recvfrom.
2*7c3d14c8STreehugger Robot //
3*7c3d14c8STreehugger Robot // RUN: %clangxx_asan %s -DRECVFROM -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-RECVFROM
4*7c3d14c8STreehugger Robot // RUN: %clangxx_asan %s -DSENDTO -o %t && not %run %t 2>&1 | FileCheck %s --check-prefix=CHECK-SENDTO
5*7c3d14c8STreehugger Robot // RUN: %clangxx_asan %s -DSENDTO -o %t && %env_asan_opts=intercept_send=0 %run %t 2>&1
6*7c3d14c8STreehugger Robot //
7*7c3d14c8STreehugger Robot // UNSUPPORTED: android
8*7c3d14c8STreehugger Robot 
9*7c3d14c8STreehugger Robot #include <stdio.h>
10*7c3d14c8STreehugger Robot #include <unistd.h>
11*7c3d14c8STreehugger Robot #include <stdlib.h>
12*7c3d14c8STreehugger Robot #include <string.h>
13*7c3d14c8STreehugger Robot #include <netdb.h>
14*7c3d14c8STreehugger Robot #include <sys/types.h>
15*7c3d14c8STreehugger Robot #include <sys/socket.h>
16*7c3d14c8STreehugger Robot #include <pthread.h>
17*7c3d14c8STreehugger Robot 
18*7c3d14c8STreehugger Robot #define CHECK_ERROR(p, m)                                                      \
19*7c3d14c8STreehugger Robot   do {                                                                         \
20*7c3d14c8STreehugger Robot     if (p) {                                                                   \
21*7c3d14c8STreehugger Robot       fprintf(stderr, "ERROR " m "\n");                                        \
22*7c3d14c8STreehugger Robot       exit(1);                                                                 \
23*7c3d14c8STreehugger Robot     }                                                                          \
24*7c3d14c8STreehugger Robot   } while (0)
25*7c3d14c8STreehugger Robot 
26*7c3d14c8STreehugger Robot const int kBufSize = 10;
27*7c3d14c8STreehugger Robot int sockfd;
28*7c3d14c8STreehugger Robot 
client_thread_udp(void * data)29*7c3d14c8STreehugger Robot static void *client_thread_udp(void *data) {
30*7c3d14c8STreehugger Robot #ifdef SENDTO
31*7c3d14c8STreehugger Robot   const char buf[kBufSize / 2] = {0, };
32*7c3d14c8STreehugger Robot #else
33*7c3d14c8STreehugger Robot   const char buf[kBufSize] = {0, };
34*7c3d14c8STreehugger Robot #endif
35*7c3d14c8STreehugger Robot   struct sockaddr_in serveraddr;
36*7c3d14c8STreehugger Robot   socklen_t addrlen = sizeof(serveraddr);
37*7c3d14c8STreehugger Robot 
38*7c3d14c8STreehugger Robot   int succeeded = getsockname(sockfd, (struct sockaddr *)&serveraddr, &addrlen);
39*7c3d14c8STreehugger Robot   CHECK_ERROR(succeeded < 0, "in getsockname");
40*7c3d14c8STreehugger Robot 
41*7c3d14c8STreehugger Robot   succeeded = sendto(sockfd, buf, kBufSize, 0, (struct sockaddr *)&serveraddr,
42*7c3d14c8STreehugger Robot                      sizeof(serveraddr));
43*7c3d14c8STreehugger Robot   // CHECK-SENDTO: {{READ of size 10 at 0x.* thread T1}}
44*7c3d14c8STreehugger Robot   // CHECK-SENDTO: {{    #1 0x.* in client_thread_udp.*recvfrom.cc:}}[[@LINE-3]]
45*7c3d14c8STreehugger Robot   CHECK_ERROR(succeeded < 0, "in sending message");
46*7c3d14c8STreehugger Robot   return NULL;
47*7c3d14c8STreehugger Robot }
48*7c3d14c8STreehugger Robot 
main()49*7c3d14c8STreehugger Robot int main() {
50*7c3d14c8STreehugger Robot #ifdef RECVFROM
51*7c3d14c8STreehugger Robot   char buf[kBufSize / 2];
52*7c3d14c8STreehugger Robot #else
53*7c3d14c8STreehugger Robot   char buf[kBufSize];
54*7c3d14c8STreehugger Robot #endif
55*7c3d14c8STreehugger Robot   pthread_t client_thread;
56*7c3d14c8STreehugger Robot   struct sockaddr_in serveraddr;
57*7c3d14c8STreehugger Robot 
58*7c3d14c8STreehugger Robot   sockfd = socket(AF_INET, SOCK_DGRAM, 0);
59*7c3d14c8STreehugger Robot   CHECK_ERROR(sockfd < 0, "opening socket");
60*7c3d14c8STreehugger Robot 
61*7c3d14c8STreehugger Robot   memset(&serveraddr, 0, sizeof(serveraddr));
62*7c3d14c8STreehugger Robot   serveraddr.sin_family = AF_INET;
63*7c3d14c8STreehugger Robot   serveraddr.sin_addr.s_addr = htonl(INADDR_ANY);
64*7c3d14c8STreehugger Robot   serveraddr.sin_port = 0;
65*7c3d14c8STreehugger Robot 
66*7c3d14c8STreehugger Robot   int bound = bind(sockfd, (struct sockaddr *)&serveraddr, sizeof(serveraddr));
67*7c3d14c8STreehugger Robot   CHECK_ERROR(bound < 0, "on binding");
68*7c3d14c8STreehugger Robot 
69*7c3d14c8STreehugger Robot   int succeeded =
70*7c3d14c8STreehugger Robot       pthread_create(&client_thread, NULL, client_thread_udp, &serveraddr);
71*7c3d14c8STreehugger Robot   CHECK_ERROR(succeeded, "creating thread");
72*7c3d14c8STreehugger Robot 
73*7c3d14c8STreehugger Robot   recvfrom(sockfd, buf, kBufSize, 0, NULL, NULL); // BOOM
74*7c3d14c8STreehugger Robot   // CHECK-RECVFROM: {{WRITE of size 10 at 0x.* thread T0}}
75*7c3d14c8STreehugger Robot   // CHECK-RECVFROM: {{    #1 0x.* in main.*recvfrom.cc:}}[[@LINE-2]]
76*7c3d14c8STreehugger Robot   // CHECK-RECVFROM: {{Address 0x.* is located in stack of thread T0 at offset}}
77*7c3d14c8STreehugger Robot   // CHECK-RECVFROM-NEXT: in{{.*}}main{{.*}}recvfrom.cc
78*7c3d14c8STreehugger Robot   succeeded = pthread_join(client_thread, NULL);
79*7c3d14c8STreehugger Robot   CHECK_ERROR(succeeded, "joining thread");
80*7c3d14c8STreehugger Robot   return 0;
81*7c3d14c8STreehugger Robot }
82