tests/type_confusion: add dav1d_{alloc,free} instead of IA2_SHARED_DATA

This lets us not have to explain `IA2_SHARED_DATA`
and better showcases how an untrusted compartment
could exploit completely opaque types from another compartment.

Author: kkysen

tests/type_confusion/dav1d.c

@@ -8,6 +8,15 @@ RUN: cat dav1d_call_gates_1.ld | FileCheck --check-prefix=LINKARGS %s
 #define IA2_COMPARTMENT 2
 #include <ia2_compartment_init.inc>
 
+/// Allocate memory in dav1d's compartment 2.
+void* dav1d_alloc(const size_t size) {
+  return malloc(size);
+}
+
+void dav1d_free(void* const memory) {
+  free(memory);
+}
+
 IA2_CONSTRUCTOR // Registers that ptr `this` has type `Dav1dContext` now.
 int dav1d_open(Dav1dContext *const this, const Dav1dSettings *const s) {
   // Initialize `this`; implementation omitted.

tests/type_confusion/include/dav1d.h

@@ -14,6 +14,10 @@ typedef struct {
   ptrdiff_t stride[2];
 } Dav1dPicture;
 
+void* dav1d_alloc(size_t size);
+
+void dav1d_free(void* memory);
+
 int dav1d_open(Dav1dContext *this, const Dav1dSettings *s);
 
 void dav1d_close(Dav1dContext *this);

tests/type_confusion/main.c

@@ -14,41 +14,78 @@ INIT_RUNTIME(2);
 #define IA2_COMPARTMENT 1
 #include <ia2_compartment_init.inc>
 
-Dav1dContext c IA2_SHARED_DATA;
-Dav1dSettings settings IA2_SHARED_DATA;
-Dav1dPicture pic IA2_SHARED_DATA;
-Dav1dContext c2 IA2_SHARED_DATA;
-
 Test(type_confusion, normal) {
-  dav1d_open(&c, &settings);
-  dav1d_get_picture(&c, &pic);
-  dav1d_close(&c);
+  Dav1dContext *c = dav1d_alloc(sizeof(Dav1dContext));
+  Dav1dSettings *settings = dav1d_alloc(sizeof(Dav1dSettings));
+  Dav1dPicture *pic = dav1d_alloc(sizeof(Dav1dPicture));
+
+  dav1d_open(c, settings);
+  dav1d_get_picture(c, pic);
+  dav1d_close(c);
+
+  dav1d_free(pic);
+  dav1d_free(settings);
+  dav1d_free(c);
 }
 
 Test(type_confusion, uninitialized, .signal = SIGABRT) {
-  dav1d_open(&c, &settings);
+  Dav1dContext *c = dav1d_alloc(sizeof(Dav1dContext));
+  Dav1dContext *c2 = dav1d_alloc(sizeof(Dav1dContext));
+  Dav1dSettings *settings = dav1d_alloc(sizeof(Dav1dSettings));
+  Dav1dPicture *pic = dav1d_alloc(sizeof(Dav1dPicture));
+
+  dav1d_open(c, settings);
   // Try to use another `Dav1dContext` that hasn't been constructed/opened yet.
-  dav1d_get_picture(&c2, &pic);
-  dav1d_close(&c);
+  dav1d_get_picture(c2, pic); // Will `SIGABRT`.
+  dav1d_close(c);
+
+  dav1d_free(pic);
+  dav1d_free(settings);
+  dav1d_free(c2);
+  dav1d_free(c);
 }
 
 Test(type_confusion, wrong_type, .signal = SIGABRT) {
-  dav1d_open(&c, &settings);
+  Dav1dContext *c = dav1d_alloc(sizeof(Dav1dContext));
+  Dav1dSettings *settings = dav1d_alloc(sizeof(Dav1dSettings));
+  Dav1dPicture *pic = dav1d_alloc(sizeof(Dav1dPicture));
+
+  dav1d_open(c, settings);
   // Try to use another type (`Dav1dPicture`) instead.
-  dav1d_get_picture((Dav1dContext *)&pic, &pic);
-  dav1d_close(&c);
+  dav1d_get_picture((Dav1dContext *)pic, pic); // Will `SIGABRT`.
+  dav1d_close(c);
+
+  dav1d_free(pic);
+  dav1d_free(settings);
+  dav1d_free(c);
 }
 
 Test(type_confusion, null, .signal = SIGABRT) {
-  dav1d_open(&c, &settings);
+  Dav1dContext *c = dav1d_alloc(sizeof(Dav1dContext));
+  Dav1dSettings *settings = dav1d_alloc(sizeof(Dav1dSettings));
+  Dav1dPicture *pic = dav1d_alloc(sizeof(Dav1dPicture));
+
+  dav1d_open(c, settings);
   // Try to `NULL`.
-  dav1d_get_picture(NULL, &pic);
-  dav1d_close(&c);
+  dav1d_get_picture(NULL, pic); // Will `SIGABRT`.
+  dav1d_close(c);
+
+  dav1d_free(pic);
+  dav1d_free(settings);
+  dav1d_free(c);
 }
 
 Test(type_confusion, use_after_free, .signal = SIGABRT) {
-  dav1d_open(&c, &settings);
-  dav1d_close(&c);
+  Dav1dContext *c = dav1d_alloc(sizeof(Dav1dContext));
+  Dav1dSettings *settings = dav1d_alloc(sizeof(Dav1dSettings));
+  Dav1dPicture *pic = dav1d_alloc(sizeof(Dav1dPicture));
+
+  dav1d_open(c, settings);
+  dav1d_close(c);
   // Try to use an already destructed `Dav1dContext`.
-  dav1d_get_picture(&c, &pic);
+  dav1d_get_picture(c, pic); // Will `SIGABRT`.
+
+  dav1d_free(pic);
+  dav1d_free(settings);
+  dav1d_free(c);
 }