diff --git a/test/simple-memory-corruption/.gitignore b/test/simple-memory-corruption/.gitignore index 491592c..7a9ba96 100644 --- a/test/simple-memory-corruption/.gitignore +++ b/test/simple-memory-corruption/.gitignore @@ -23,4 +23,7 @@ write_after_free_large_reuse write_after_free_small write_after_free_small_reuse write_zero_size +unaligned_malloc_usable_size_small +invalid_malloc_usable_size_small +invalid_malloc_usable_size_small_quarantine __pycache__/ diff --git a/test/simple-memory-corruption/Makefile b/test/simple-memory-corruption/Makefile index 2b7852c..2fa4daf 100644 --- a/test/simple-memory-corruption/Makefile +++ b/test/simple-memory-corruption/Makefile @@ -23,7 +23,10 @@ EXECUTABLES := \ eight_byte_overflow_small \ eight_byte_overflow_large \ string_overflow \ - delete_type_size_mismatch + delete_type_size_mismatch \ + unaligned_malloc_usable_size_small \ + invalid_malloc_usable_size_small \ + invalid_malloc_usable_size_small_quarantine all: $(EXECUTABLES) diff --git a/test/simple-memory-corruption/invalid_malloc_usable_size_small.c b/test/simple-memory-corruption/invalid_malloc_usable_size_small.c new file mode 100644 index 0000000..3a155b2 --- /dev/null +++ b/test/simple-memory-corruption/invalid_malloc_usable_size_small.c @@ -0,0 +1,12 @@ +#include + +__attribute__((optimize(0))) +int main(void) { + char *p = malloc(16); + if (!p) { + return 1; + } + char *q = p + 4096 * 4; + malloc_usable_size(q); + return 0; +} diff --git a/test/simple-memory-corruption/invalid_malloc_usable_size_small_quarantine.c b/test/simple-memory-corruption/invalid_malloc_usable_size_small_quarantine.c new file mode 100644 index 0000000..5a8f3ea --- /dev/null +++ b/test/simple-memory-corruption/invalid_malloc_usable_size_small_quarantine.c @@ -0,0 +1,12 @@ +#include + +__attribute__((optimize(0))) +int main(void) { + void *p = malloc(16); + if (!p) { + return 1; + } + free(p); + malloc_usable_size(p); + return 0; +} diff --git a/test/simple-memory-corruption/test_smc.py b/test/simple-memory-corruption/test_smc.py index 182dc6b..006bdfa 100644 --- a/test/simple-memory-corruption/test_smc.py +++ b/test/simple-memory-corruption/test_smc.py @@ -86,6 +86,20 @@ class TestSimpleMemoryCorruption(unittest.TestCase): self.assertEqual(stderr.decode("utf-8"), "fatal allocator error: invalid free\n") + def test_invalid_malloc_usable_size_small_quarantene(self): + _stdout, stderr, returncode = self.run_test( + "invalid_malloc_usable_size_small_quarantine") + self.assertEqual(returncode, -6) + self.assertEqual(stderr.decode( + "utf-8"), "fatal allocator error: invalid malloc_usable_size (quarantine)\n") + + def test_invalid_malloc_usable_size_small(self): + _stdout, stderr, returncode = self.run_test( + "invalid_malloc_usable_size_small") + self.assertEqual(returncode, -6) + self.assertEqual(stderr.decode( + "utf-8"), "fatal allocator error: invalid malloc_usable_size\n") + def test_read_after_free_large(self): _stdout, _stderr, returncode = self.run_test("read_after_free_large") self.assertEqual(returncode, -11) @@ -117,6 +131,13 @@ class TestSimpleMemoryCorruption(unittest.TestCase): self.assertEqual(stderr.decode("utf-8"), "fatal allocator error: invalid unaligned free\n") + def test_unaligned_malloc_usable_size_small(self): + _stdout, stderr, returncode = self.run_test( + "unaligned_malloc_usable_size_small") + self.assertEqual(returncode, -6) + self.assertEqual(stderr.decode("utf-8"), + "fatal allocator error: invalid unaligned malloc_usable_size\n") + def test_uninitialized_free(self): _stdout, stderr, returncode = self.run_test("uninitialized_free") self.assertEqual(returncode, -6) diff --git a/test/simple-memory-corruption/unaligned_malloc_usable_size_small.c b/test/simple-memory-corruption/unaligned_malloc_usable_size_small.c new file mode 100644 index 0000000..89397af --- /dev/null +++ b/test/simple-memory-corruption/unaligned_malloc_usable_size_small.c @@ -0,0 +1,11 @@ +#include + +__attribute__((optimize(0))) +int main(void) { + char *p = malloc(16); + if (!p) { + return 1; + } + malloc_usable_size(p + 1); + return 0; +}