1*7c3d14c8STreehugger Robot // RUN: %clang_scudo %s -o %t 2*7c3d14c8STreehugger Robot // RUN: not %run %t malloc 2>&1 | FileCheck %s 3*7c3d14c8STreehugger Robot // RUN: SCUDO_OPTIONS=QuarantineSizeMb=1 not %run %t quarantine 2>&1 | FileCheck %s 4*7c3d14c8STreehugger Robot 5*7c3d14c8STreehugger Robot // Tests that header corruption of an allocated or quarantined chunk is caught. 6*7c3d14c8STreehugger Robot 7*7c3d14c8STreehugger Robot #include <assert.h> 8*7c3d14c8STreehugger Robot #include <stdlib.h> 9*7c3d14c8STreehugger Robot #include <string.h> 10*7c3d14c8STreehugger Robot main(int argc,char ** argv)11*7c3d14c8STreehugger Robotint main(int argc, char **argv) 12*7c3d14c8STreehugger Robot { 13*7c3d14c8STreehugger Robot assert(argc == 2); 14*7c3d14c8STreehugger Robot if (!strcmp(argv[1], "malloc")) { 15*7c3d14c8STreehugger Robot // Simulate a header corruption of an allocated chunk (1-bit) 16*7c3d14c8STreehugger Robot void *p = malloc(1U << 4); 17*7c3d14c8STreehugger Robot if (!p) 18*7c3d14c8STreehugger Robot return 1; 19*7c3d14c8STreehugger Robot ((char *)p)[-1] ^= 1; 20*7c3d14c8STreehugger Robot free(p); 21*7c3d14c8STreehugger Robot } 22*7c3d14c8STreehugger Robot if (!strcmp(argv[1], "quarantine")) { 23*7c3d14c8STreehugger Robot void *p = malloc(1U << 4); 24*7c3d14c8STreehugger Robot if (!p) 25*7c3d14c8STreehugger Robot return 1; 26*7c3d14c8STreehugger Robot free(p); 27*7c3d14c8STreehugger Robot // Simulate a header corruption of a quarantined chunk 28*7c3d14c8STreehugger Robot ((char *)p)[-2] ^= 1; 29*7c3d14c8STreehugger Robot // Trigger the quarantine recycle 30*7c3d14c8STreehugger Robot for (int i = 0; i < 0x100; i++) { 31*7c3d14c8STreehugger Robot p = malloc(1U << 16); 32*7c3d14c8STreehugger Robot free(p); 33*7c3d14c8STreehugger Robot } 34*7c3d14c8STreehugger Robot } 35*7c3d14c8STreehugger Robot return 0; 36*7c3d14c8STreehugger Robot } 37*7c3d14c8STreehugger Robot 38*7c3d14c8STreehugger Robot // CHECK: ERROR: corrupted chunk header at address 39