diff options
-rw-r--r-- | tests/cfi_test.cpp | 19 |
1 files changed, 15 insertions, 4 deletions
diff --git a/tests/cfi_test.cpp b/tests/cfi_test.cpp index b4522ec8b..e0ae3afc7 100644 --- a/tests/cfi_test.cpp +++ b/tests/cfi_test.cpp @@ -18,6 +18,8 @@ #include <gtest/gtest.h> #include <sys/stat.h> +#include <vector> + #include "BionicDeathTest.h" #include "gtest_globals.h" #include "utils.h" @@ -35,6 +37,14 @@ size_t __cfi_shadow_size(); static void f() {} +static void test_cfi_slowpath_with_alloc() { + std::vector<void*> allocs; + for (size_t i = 0; i < 1000; i++) { + allocs.push_back(malloc(4096)); + __cfi_slowpath(46, allocs.back()); + } +} + TEST(cfi_test, basic) { #if defined(__BIONIC__) void* handle; @@ -85,10 +95,11 @@ TEST(cfi_test, basic) { EXPECT_EQ(get_global_address(), get_last_address()); EXPECT_EQ(c, get_count()); - // CFI check for a heap address. This is always invalid and gets the process killed. - void* p = malloc(4096); - EXPECT_DEATH(__cfi_slowpath(46, p), ""); - free(p); + // CFI check for a heap address. + // It's possible that this allocation could wind up in the same CFI granule as + // an unchecked library, which means the below might not crash. To force a + // crash keep allocating up to a max until there is a crash. + EXPECT_DEATH(test_cfi_slowpath_with_alloc(), ""); // Check all the addresses. const size_t bss_size = 1024 * 1024; |