diff options
| author | Peter Collingbourne <pcc@google.com> | 2021-05-13 02:53:23 +0000 |
|---|---|---|
| committer | Gerrit Code Review <noreply-gerritcodereview@google.com> | 2021-05-13 02:53:23 +0000 |
| commit | fc7852b7411d25ce5c7440f6be80a194affedc5f (patch) | |
| tree | 87605cd91eb0e82bcc870e5589e2a73671ecfdab | |
| parent | fcd105d5ddffaf6b17330dac46723932f5724f3e (diff) | |
| parent | dc47634ec45ca14a2ccdb3779dfa0cd83d199a78 (diff) | |
Merge "Test that out-of-bounds UAF is not detected with MTE."
| -rw-r--r-- | debuggerd/debuggerd_test.cpp | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp index eb3738e66..5b0411119 100644 --- a/debuggerd/debuggerd_test.cpp +++ b/debuggerd/debuggerd_test.cpp @@ -514,6 +514,38 @@ TEST_P(SizeParamCrasherTest, mte_uaf) { #endif } +TEST_P(SizeParamCrasherTest, mte_oob_uaf) { +#if defined(__aarch64__) + if (!mte_supported()) { + GTEST_SKIP() << "Requires MTE"; + } + + int intercept_result; + unique_fd output_fd; + StartProcess([&]() { + SetTagCheckingLevelSync(); + volatile int* p = (volatile int*)malloc(GetParam()); + free((void *)p); + p[-1] = 42; + }); + + StartIntercept(&output_fd); + FinishCrasher(); + AssertDeath(SIGSEGV); + FinishIntercept(&intercept_result); + + ASSERT_EQ(1, intercept_result) << "tombstoned reported failure"; + + std::string result; + ConsumeFd(std::move(output_fd), &result); + + ASSERT_MATCH(result, R"(signal 11 \(SIGSEGV\))"); + ASSERT_NOT_MATCH(result, R"(Cause: \[MTE\]: Use After Free, 4 bytes left)"); +#else + GTEST_SKIP() << "Requires aarch64"; +#endif +} + TEST_P(SizeParamCrasherTest, mte_overflow) { #if defined(__aarch64__) if (!mte_supported()) { |