140 lines
5.0 KiB
Rust
140 lines
5.0 KiB
Rust
//@ normalize-stderr-test: "\d+ bytes" -> "$$BYTES bytes"
|
|
#![feature(const_ptr_sub_ptr)]
|
|
#![feature(core_intrinsics)]
|
|
|
|
use std::intrinsics::{ptr_offset_from, ptr_offset_from_unsigned};
|
|
use std::ptr;
|
|
|
|
#[repr(C)]
|
|
struct Struct {
|
|
data: u8,
|
|
field: u8,
|
|
}
|
|
|
|
pub const DIFFERENT_ALLOC: usize = {
|
|
let uninit = std::mem::MaybeUninit::<Struct>::uninit();
|
|
let base_ptr: *const Struct = &uninit as *const _ as *const Struct;
|
|
let uninit2 = std::mem::MaybeUninit::<Struct>::uninit();
|
|
let field_ptr: *const Struct = &uninit2 as *const _ as *const Struct;
|
|
let offset = unsafe { ptr_offset_from(field_ptr, base_ptr) }; //~ERROR evaluation of constant value failed
|
|
//~| pointers into different allocations
|
|
offset as usize
|
|
};
|
|
|
|
pub const NOT_PTR: usize = {
|
|
unsafe { (42 as *const u8).offset_from(&5u8) as usize }
|
|
};
|
|
|
|
pub const NOT_MULTIPLE_OF_SIZE: isize = {
|
|
let data = [5u8, 6, 7];
|
|
let base_ptr = data.as_ptr();
|
|
let field_ptr = &data[1] as *const u8 as *const u16;
|
|
unsafe { ptr_offset_from(field_ptr, base_ptr as *const u16) } //~ERROR evaluation of constant value failed
|
|
//~| 1_isize cannot be divided by 2_isize without remainder
|
|
};
|
|
|
|
pub const DIFFERENT_INT: isize = { // offset_from with two different integers: like DIFFERENT_ALLOC
|
|
let ptr1 = 8 as *const u8;
|
|
let ptr2 = 16 as *const u8;
|
|
unsafe { ptr_offset_from(ptr2, ptr1) } //~ERROR evaluation of constant value failed
|
|
//~| dangling pointer
|
|
};
|
|
|
|
const OUT_OF_BOUNDS_1: isize = {
|
|
let start_ptr = &4 as *const _ as *const u8;
|
|
let length = 10;
|
|
let end_ptr = (start_ptr).wrapping_add(length);
|
|
// First ptr is out of bounds
|
|
unsafe { ptr_offset_from(end_ptr, start_ptr) } //~ERROR evaluation of constant value failed
|
|
//~| expected a pointer to 10 bytes of memory
|
|
};
|
|
|
|
const OUT_OF_BOUNDS_2: isize = {
|
|
let start_ptr = &4 as *const _ as *const u8;
|
|
let length = 10;
|
|
let end_ptr = (start_ptr).wrapping_add(length);
|
|
// Second ptr is out of bounds
|
|
unsafe { ptr_offset_from(start_ptr, end_ptr) } //~ERROR evaluation of constant value failed
|
|
//~| expected a pointer to the end of 10 bytes of memory
|
|
};
|
|
|
|
pub const DIFFERENT_ALLOC_UNSIGNED: usize = {
|
|
let uninit = std::mem::MaybeUninit::<Struct>::uninit();
|
|
let base_ptr: *const Struct = &uninit as *const _ as *const Struct;
|
|
let uninit2 = std::mem::MaybeUninit::<Struct>::uninit();
|
|
let field_ptr: *const Struct = &uninit2 as *const _ as *const Struct;
|
|
unsafe { ptr_offset_from_unsigned(field_ptr, base_ptr) } //~ERROR evaluation of constant value failed
|
|
//~| pointers into different allocations
|
|
};
|
|
|
|
pub const TOO_FAR_APART1: isize = {
|
|
let ptr1 = &0u8 as *const u8;
|
|
let ptr2 = ptr1.wrapping_add(isize::MAX as usize + 42);
|
|
unsafe { ptr_offset_from(ptr2, ptr1) } //~ERROR evaluation of constant value failed
|
|
//~| too far ahead
|
|
};
|
|
pub const TOO_FAR_APART2: isize = {
|
|
let ptr1 = &0u8 as *const u8;
|
|
let ptr2 = ptr1.wrapping_add(isize::MAX as usize + 42);
|
|
unsafe { ptr_offset_from(ptr1, ptr2) } //~ERROR evaluation of constant value failed
|
|
//~| too far before
|
|
};
|
|
pub const TOO_FAR_APART3: isize = {
|
|
let ptr1 = &0u8 as *const u8;
|
|
let ptr2 = ptr1.wrapping_offset(isize::MIN);
|
|
// The result of this would be `isize::MIN`, which *does* fit in an `isize`, but its
|
|
// absolute value does not. (Also anyway there cannot be an allocation of that size.)
|
|
unsafe { ptr_offset_from(ptr1, ptr2) } //~ERROR evaluation of constant value failed
|
|
//~| too far before
|
|
};
|
|
|
|
const WRONG_ORDER_UNSIGNED: usize = {
|
|
let a = ['a', 'b', 'c'];
|
|
let p = a.as_ptr();
|
|
unsafe { ptr_offset_from_unsigned(p, p.add(2) ) } //~ERROR evaluation of constant value failed
|
|
//~| first pointer has smaller offset than second: 0 < 8
|
|
};
|
|
pub const TOO_FAR_APART_UNSIGNED: usize = {
|
|
let ptr1 = &0u8 as *const u8;
|
|
let ptr2 = ptr1.wrapping_add(isize::MAX as usize + 42);
|
|
// This would fit into a `usize` but we still don't allow it.
|
|
unsafe { ptr_offset_from_unsigned(ptr2, ptr1) } //~ERROR evaluation of constant value failed
|
|
//~| too far ahead
|
|
};
|
|
|
|
// These do NOT complain that pointers are too far apart; they pass that check (to then fail the
|
|
// next one).
|
|
pub const OFFSET_VERY_FAR1: isize = {
|
|
let ptr1 = ptr::null::<u8>();
|
|
let ptr2 = ptr1.wrapping_offset(isize::MAX);
|
|
unsafe { ptr2.offset_from(ptr1) }
|
|
//~^ inside
|
|
};
|
|
pub const OFFSET_VERY_FAR2: isize = {
|
|
let ptr1 = ptr::null::<u8>();
|
|
let ptr2 = ptr1.wrapping_offset(isize::MAX);
|
|
unsafe { ptr1.offset_from(ptr2.wrapping_offset(1)) }
|
|
//~^ inside
|
|
};
|
|
|
|
// If the pointers are the same, OOB/null/UAF is fine.
|
|
pub const OFFSET_FROM_NULL_SAME: isize = {
|
|
let ptr = 0 as *const u8;
|
|
unsafe { ptr_offset_from(ptr, ptr) }
|
|
};
|
|
const OUT_OF_BOUNDS_SAME: isize = {
|
|
let start_ptr = &4 as *const _ as *const u8;
|
|
let length = 10;
|
|
let end_ptr = (start_ptr).wrapping_add(length);
|
|
unsafe { ptr_offset_from(end_ptr, end_ptr) }
|
|
};
|
|
const UAF_SAME: isize = {
|
|
let uaf_ptr = {
|
|
let x = 0;
|
|
&x as *const i32
|
|
};
|
|
unsafe { ptr_offset_from(uaf_ptr, uaf_ptr) }
|
|
};
|
|
|
|
fn main() {}
|