Expand detected address sanitizer examples

StableCoder · StableCoder · commit 95693adb8aff · 2024-09-25T17:50:09.000-04:00
Instead of just the one example that detected the use-after-free, added
a number of new files to detect:
- double free
- out of bounds on global/heap/stack data
- use after free
- use after return
- use after scope

While compiler warnings have improved to detect some of these cases at
compile time, they all do still compile.

Apart from double-free, all of these programs also execute without
issue, highlighting the usefulness of address sanitizer runs.
diff --git a/example/all/CMakeLists.txt b/example/all/CMakeLists.txt
@@ -35,7 +35,8 @@ enable_testing()
 # Sanitizers
 include(sanitizers)
 
-set_sanitizer_options(address DEFAULT -fsanitize-address-use-after-scope)
+set_sanitizer_options(address DEFAULT -fsanitize-address-use-after-scope
+                      -fsanitize-address-use-after-return=runtime)
 set_sanitizer_options(leak DEFAULT)
 set_sanitizer_options(memory DEFAULT)
 set_sanitizer_options(memorywithorigins DEFAULT SANITIZER memory
@@ -65,9 +66,36 @@ target_code_coverage(lsanFail AUTO ALL)
 add_test(lsan lsanFail)
 
 # Fails with AddressSanitizer
-add_executable(asanFail ../src/asan_fail.cpp)
-target_code_coverage(asanFail AUTO ALL)
-add_test(asan asanFail)
+if(EXAMPLE_USE_SANITIZER STREQUAL "address")
+  # double-free now has solid detection without sanitizers too
+  add_executable(asan_double_free ../src/asan/double_free.c)
+  target_code_coverage(asan_double_free AUTO ALL)
+  add_test(asan_double_free asan_double_free)
+endif()
+
+add_executable(asan_out_of_bounds_global ../src/asan/out_of_bounds_global.c)
+target_code_coverage(asan_out_of_bounds_global AUTO ALL)
+add_test(asan_out_of_bounds_global asan_out_of_bounds_global)
+
+add_executable(asan_out_of_bounds_heap ../src/asan/out_of_bounds_heap.c)
+target_code_coverage(asan_out_of_bounds_heap AUTO ALL)
+add_test(asan_out_of_bounds_heap asan_out_of_bounds_heap)
+
+add_executable(asan_out_of_bounds_stack ../src/asan/out_of_bounds_stack.c)
+target_code_coverage(asan_out_of_bounds_stack AUTO ALL)
+add_test(asan_out_of_bounds_stack asan_out_of_bounds_stack)
+
+add_executable(asan_use_after_free ../src/asan/use_after_free.c)
+target_code_coverage(asan_use_after_free AUTO ALL)
+add_test(asan_use_after_free asan_use_after_free)
+
+add_executable(asan_use_after_return ../src/asan/use_after_return.c)
+target_code_coverage(asan_use_after_return AUTO ALL)
+add_test(asan_use_after_return asan_use_after_return)
+
+add_executable(asan_use_after_scope ../src/asan/use_after_scope.c)
+target_code_coverage(asan_use_after_scope AUTO ALL)
+add_test(asan_use_after_scope asan_use_after_scope)
 
 # Fails with MemorySanitizer
 add_executable(msanFail ../src/msan_fail.cpp)
diff --git a/example/src/asan/double_free.c b/example/src/asan/double_free.c
@@ -0,0 +1,9 @@
+// this is an example of a double-free error
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+    int *array = (int *)malloc(sizeof(int));
+    free(array);
+    free(array); // failure point
+    return 0;
+}
diff --git a/example/src/asan/out_of_bounds_global.c b/example/src/asan/out_of_bounds_global.c
@@ -0,0 +1,9 @@
+// this is an example of an out-of-bounds error with global data
+#include <stdio.h>
+
+int array[1];
+
+int main(int argc, char **argv) {
+    printf("val: %i\n", array[1]); // failure point
+    return 0;
+}
diff --git a/example/src/asan/out_of_bounds_heap.c b/example/src/asan/out_of_bounds_heap.c
@@ -0,0 +1,10 @@
+// this is an example of an out-of-bounds error with heap data
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+    int *array = malloc(sizeof(int));
+    printf("val: %i\n", array[1]); // failure point
+    free(array);
+    return 0;
+}
diff --git a/example/src/asan/out_of_bounds_stack.c b/example/src/asan/out_of_bounds_stack.c
@@ -0,0 +1,8 @@
+// this is an example of an out-of-bounds error with stack data
+#include <stdio.h>
+
+int main(int argc, char **argv) {
+    int array[1];
+    printf("val: %i\n", array[1]); // failure point
+    return 0;
+}
diff --git a/example/src/asan/use_after_free.c b/example/src/asan/use_after_free.c
@@ -0,0 +1,10 @@
+// this is an example of a use-after-free error
+#include <stdio.h>
+#include <stdlib.h>
+
+int main(int argc, char **argv) {
+    int *array = malloc(sizeof(int));
+    free(array);
+    printf("val: %i\n", *array); // failure point
+    return 0;
+}
diff --git a/example/src/asan/use_after_return.c b/example/src/asan/use_after_return.c
@@ -0,0 +1,15 @@
+// this is an example of a use-after-return error
+#include <stdio.h>
+
+int *array;
+
+void setPointerWithEscapedData() {
+    int internalArray[1];
+    array = internalArray;
+}
+
+int main(int argc, char **argv) {
+    setPointerWithEscapedData();
+    printf("val: %i\n", array[0]); // failure point
+    return 0;
+}
diff --git a/example/src/asan/use_after_scope.c b/example/src/asan/use_after_scope.c
@@ -0,0 +1,12 @@
+// this is an example of a use-after-scope error
+#include <stdio.h>
+
+int main(int argc, char **argv) {
+    int *array;
+    {
+        int internalArray[1];
+        array = internalArray;
+    }
+    printf("val: %i\n", array[0]); // failure point
+    return 0;
+}
diff --git a/example/src/asan_fail.cpp b/example/src/asan_fail.cpp
