From 70aa21903445c9be02cadc041b89cea186bb5b46 Mon Sep 17 00:00:00 2001
From: Mitch Phillips <mitchp@google.com>
Date: Wed, 22 Feb 2023 11:31:36 -0800
Subject: [PATCH] [gwp-asan] fix tests under clang coverage, and extend
 invariants

1. Fixes this test under clang coverage, which is run under presubmit
   for TEST_MAPPING files. When we spawn under a minijail, and the
   process exited normally (which is the case for recoverable), clang
   coverage would use atexit handlers to dump some stuff using banned
   prctl's and other syscalls. Instead of allow-listing them all which
   sounds like a huge pain, call _exit() which skips those handlers.

2. Extends the invariant testing to make sure that recoverable GWP-ASan
   recovers both the first time, and a second time in a different slot.

Bug: N/A
Test: CLANG_COVERAGE=true NATIVE_COVERAGE_PATHS="*" atest debuggerd_test
Change-Id: I6059e21db4c2898b1c9777a00d2a54497d80ef79
---
 debuggerd/debuggerd_test.cpp | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/debuggerd/debuggerd_test.cpp b/debuggerd/debuggerd_test.cpp
index 895c111e3..4d60ddbf7 100644
--- a/debuggerd/debuggerd_test.cpp
+++ b/debuggerd/debuggerd_test.cpp
@@ -1680,6 +1680,24 @@ TEST_P(GwpAsanCrasherTest, DISABLED_run_gwp_asan_test) {
   if (params.free_before_access) free(static_cast<void*>(const_cast<char*>(p)));
   p[params.access_offset] = 42;
   if (!params.free_before_access) free(static_cast<void*>(const_cast<char*>(p)));
+
+  bool recoverable = std::get<1>(GetParam());
+  ASSERT_TRUE(recoverable);  // Non-recoverable should have crashed.
+
+  // As we're in recoverable mode, trigger another 2x use-after-frees (ensuring
+  // we end with at least one in a different slot), make sure the process still
+  // doesn't crash.
+  p = reinterpret_cast<char* volatile>(malloc(params.alloc_size));
+  char* volatile p2 = reinterpret_cast<char* volatile>(malloc(params.alloc_size));
+  free(static_cast<void*>(const_cast<char*>(p)));
+  free(static_cast<void*>(const_cast<char*>(p2)));
+  *p = 42;
+  *p2 = 42;
+
+  // Under clang coverage (which is a default TEST_MAPPING presubmit target), the
+  // recoverable+seccomp tests fail because the minijail prevents some atexit syscalls that clang
+  // coverage does. Thus, skip the atexit handlers.
+  _exit(0);
 }
 
 TEST_F(CrasherTest, fdsan_warning_abort_message) {