From cff1d6d4b5715d0f3d59c46fd11b2a3f8686888e Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 28 Dec 2021 12:27:28 +0100 Subject: [PATCH] Add a test to prove that hardened_malloc handles too-large-to-be-true allocations This pattern, used by https://github.com/kaist-hacking/HardsHeap, uncovered bugs in other memory allocators. --- test/simple-memory-corruption/Makefile | 3 ++- test/simple-memory-corruption/impossibly_large_malloc.c | 9 +++++++++ test/simple-memory-corruption/test_smc.py | 6 ++++++ 3 files changed, 17 insertions(+), 1 deletion(-) create mode 100644 test/simple-memory-corruption/impossibly_large_malloc.c diff --git a/test/simple-memory-corruption/Makefile b/test/simple-memory-corruption/Makefile index d217b48..2135f7e 100644 --- a/test/simple-memory-corruption/Makefile +++ b/test/simple-memory-corruption/Makefile @@ -45,7 +45,8 @@ EXECUTABLES := \ malloc_object_size \ malloc_object_size_offset \ invalid_malloc_object_size_small \ - invalid_malloc_object_size_small_quarantine + invalid_malloc_object_size_small_quarantine \ + impossibly_large_malloc all: $(EXECUTABLES) diff --git a/test/simple-memory-corruption/impossibly_large_malloc.c b/test/simple-memory-corruption/impossibly_large_malloc.c new file mode 100644 index 0000000..3341ea5 --- /dev/null +++ b/test/simple-memory-corruption/impossibly_large_malloc.c @@ -0,0 +1,9 @@ +#include +#include + +#include "../test_util.h" + +OPTNONE int main(void) { + char *p = malloc(-8); + return !(p == NULL); +} diff --git a/test/simple-memory-corruption/test_smc.py b/test/simple-memory-corruption/test_smc.py index 30e3269..f57690e 100644 --- a/test/simple-memory-corruption/test_smc.py +++ b/test/simple-memory-corruption/test_smc.py @@ -206,6 +206,12 @@ class TestSimpleMemoryCorruption(unittest.TestCase): self.assertEqual(stderr.decode( "utf-8"), "fatal allocator error: invalid malloc_object_size (quarantine)\n") + def test_impossibly_large_malloc(self): + _stdout, stderr, returncode = self.run_test( + "impossibly_large_malloc") + self.assertEqual(returncode, 0) + + if __name__ == '__main__': unittest.main()