1 // RUN: %clang_hwasan %s -o %t && not %env_hwasan_opts=verbose_threads=1 %run %t 2>&1 | FileCheck %s
2 // REQUIRES: stable-runtime
3
4 #include <pthread.h>
5 #include <stdlib.h>
6 #include <stdio.h>
7
8 #include <sanitizer/hwasan_interface.h>
9
10 #include "utils.h"
11
BoringThread(void * arg)12 void *BoringThread(void *arg) {
13 char * volatile x = (char*)malloc(10);
14 x[5] = 0;
15 free(x);
16 return NULL;
17 }
18
19 // CHECK: Creating : T0
20 // CHECK: Creating : T1
21 // CHECK: Destroying: T1
22 // CHECK: Creating : T1100
23 // CHECK: Destroying: T1100
24 // CHECK: Creating : T1101
25
UAFThread(void * arg)26 void *UAFThread(void *arg) {
27 char * volatile x = (char*)malloc(10);
28 untag_fprintf(stderr, "ZZZ %p\n", x);
29 free(x);
30 x[5] = 42;
31 // CHECK: ERROR: HWAddressSanitizer: tag-mismatch on address
32 // CHECK: WRITE of size 1
33 // CHECK: many-threads-uaf.c:[[@LINE-3]]
34 // CHECK: Thread: T1101
35 return NULL;
36 }
37
main()38 int main() {
39 __hwasan_enable_allocator_tagging();
40 pthread_t t;
41 for (int i = 0; i < 1100; i++) {
42 pthread_create(&t, NULL, BoringThread, NULL);
43 pthread_join(t, NULL);
44 }
45 pthread_create(&t, NULL, UAFThread, NULL);
46 pthread_join(t, NULL);
47 }
48