Merge "Snap for 6896322 from 3144bf7b69a4124108f29017bc0a0ca6ffe46788 to android10-tests-release" into android10-tests-releaseandroid-vts-10.0_r9android-vts-10.0_r8android-vts-10.0_r7android-vts-10.0_r6android-vts-10.0_r12android-vts-10.0_r11android-vts-10.0_r10android-cts-10.0_r9android-cts-10.0_r8android-cts-10.0_r7android-cts-10.0_r6android-cts-10.0_r12android-cts-10.0_r11android-cts-10.0_r10

1 files changed, 15 insertions, 4 deletions

diff --git a/tests/cfi_test.cpp b/tests/cfi_test.cpp
index b4522ec8b..e0ae3afc7 100644
--- a/tests/cfi_test.cpp
+++ b/tests/cfi_test.cpp
@@ -18,6 +18,8 @@
 #include <gtest/gtest.h>
 #include <sys/stat.h>
 
+#include <vector>
+
 #include "BionicDeathTest.h"
 #include "gtest_globals.h"
 #include "utils.h"
@@ -35,6 +37,14 @@ size_t __cfi_shadow_size();
 
 static void f() {}
 
+static void test_cfi_slowpath_with_alloc() {
+  std::vector<void*> allocs;
+  for (size_t i = 0; i < 1000; i++) {
+    allocs.push_back(malloc(4096));
+    __cfi_slowpath(46, allocs.back());
+  }
+}
+
 TEST(cfi_test, basic) {
 #if defined(__BIONIC__)
   void* handle;
@@ -85,10 +95,11 @@ TEST(cfi_test, basic) {
   EXPECT_EQ(get_global_address(), get_last_address());
   EXPECT_EQ(c, get_count());
 
-  // CFI check for a heap address. This is always invalid and gets the process killed.
-  void* p = malloc(4096);
-  EXPECT_DEATH(__cfi_slowpath(46, p), "");
-  free(p);
+  // CFI check for a heap address.
+  // It's possible that this allocation could wind up in the same CFI granule as
+  // an unchecked library, which means the below might not crash. To force a
+  // crash keep allocating up to a max until there is a crash.
+  EXPECT_DEATH(test_cfi_slowpath_with_alloc(), "");
 
   // Check all the addresses.
   const size_t bss_size = 1024 * 1024;