Add a test for slab canaries

test/simple-memory-corruption/Makefile

@@ -46,7 +46,8 @@ EXECUTABLES := \
     malloc_object_size_offset \
     invalid_malloc_object_size_small \
     invalid_malloc_object_size_small_quarantine \
-    impossibly_large_malloc
+    impossibly_large_malloc \
+    canary_leak
 
 all: $(EXECUTABLES)
 

test/simple-memory-corruption/canary_leak.c

@@ -0,0 +1,24 @@
+#include <stdlib.h>
+#include <string.h>
+
+#include "../test_util.h"
+
+#define CANARY_SIZE 8
+
+// Check that the slab canary can't be leaked with a C-string function.
+OPTNONE int main(void) {
+    char leaked_str_canary[CANARY_SIZE] = {0};
+    char leaked_canary[CANARY_SIZE] = {0};
+    char *p = malloc(8);
+    if (!p) {
+        return 1;
+    }
+    strncpy(leaked_str_canary, p + 8, CANARY_SIZE);
+    memcpy(leaked_canary, p + 8, CANARY_SIZE);
+    if (!memcmp(leaked_canary, leaked_str_canary, CANARY_SIZE)) {
+        free(p);
+        return 1;
+    }
+    free(p);
+    return 0;
+}

test/simple-memory-corruption/test_smc.py

@@ -211,6 +211,11 @@ class TestSimpleMemoryCorruption(unittest.TestCase):
             "impossibly_large_malloc")
         self.assertEqual(returncode, 0)
 
+    def test_canary_leak(self):
+        _stdout, stderr, returncode = self.run_test(
+            "canary_leak")
+        self.assertEqual(returncode, 0)
+
 
 
 if __name__ == '__main__':