| Ted Kremenek | 033a07e | 2011-08-03 23:14:55 +0000 | [diff] [blame^] | 1 | // RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-checker=core,experimental.unix,experimental.security.ArrayBound -analyzer-store=region -verify %s |
| Zhongxing Xu | 3ed04d3 | 2010-01-18 08:54:31 +0000 | [diff] [blame] | 2 | |
| 3 | typedef __typeof(sizeof(int)) size_t; |
| 4 | void *malloc(size_t); |
| Zhongxing Xu | a5ce966 | 2010-06-01 03:01:33 +0000 | [diff] [blame] | 5 | void *calloc(size_t, size_t); |
| Zhongxing Xu | 20f0178 | 2008-11-24 02:19:49 +0000 | [diff] [blame] | 6 | |
| 7 | char f1() { |
| 8 | char* s = "abcd"; |
| Ted Kremenek | f9e9684 | 2009-01-22 20:36:33 +0000 | [diff] [blame] | 9 | char c = s[4]; // no-warning |
| Zhongxing Xu | 58e689f | 2009-11-11 12:33:27 +0000 | [diff] [blame] | 10 | return s[5] + c; // expected-warning{{Access out-of-bound array element (buffer overflow)}} |
| Zhongxing Xu | 20f0178 | 2008-11-24 02:19:49 +0000 | [diff] [blame] | 11 | } |
| Zhongxing Xu | 3ed04d3 | 2010-01-18 08:54:31 +0000 | [diff] [blame] | 12 | |
| 13 | void f2() { |
| 14 | int *p = malloc(12); |
| 15 | p[3] = 4; // expected-warning{{Access out-of-bound array element (buffer overflow)}} |
| 16 | } |
| Zhongxing Xu | 9618b85 | 2010-04-01 08:20:27 +0000 | [diff] [blame] | 17 | |
| 18 | struct three_words { |
| 19 | int c[3]; |
| 20 | }; |
| 21 | |
| 22 | struct seven_words { |
| 23 | int c[7]; |
| 24 | }; |
| 25 | |
| 26 | void f3() { |
| 27 | struct three_words a, *p; |
| 28 | p = &a; |
| 29 | p[0] = a; // no-warning |
| 30 | p[1] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} |
| 31 | } |
| 32 | |
| 33 | void f4() { |
| 34 | struct seven_words c; |
| 35 | struct three_words a, *p = (struct three_words *)&c; |
| 36 | p[0] = a; // no-warning |
| 37 | p[1] = a; // no-warning |
| 38 | p[2] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} |
| 39 | } |
| Zhongxing Xu | a5ce966 | 2010-06-01 03:01:33 +0000 | [diff] [blame] | 40 | |
| 41 | void f5() { |
| 42 | char *p = calloc(2,2); |
| 43 | p[3] = '.'; // no-warning |
| 44 | p[4] = '!'; // expected-warning{{out-of-bound}} |
| 45 | } |
| Jordy Rose | 4d912b2 | 2010-06-25 23:23:04 +0000 | [diff] [blame] | 46 | |
| 47 | void f6() { |
| 48 | char a[2]; |
| 49 | int *b = (int*)a; |
| 50 | b[1] = 3; // expected-warning{{out-of-bound}} |
| 51 | } |
| Jordy Rose | 32f2656 | 2010-07-04 00:00:41 +0000 | [diff] [blame] | 52 | |
| 53 | void f7() { |
| 54 | struct three_words a; |
| 55 | a.c[3] = 1; // expected-warning{{out-of-bound}} |
| 56 | } |
| Jordy Rose | 52e04c5 | 2010-07-05 00:50:15 +0000 | [diff] [blame] | 57 | |
| 58 | void vla(int a) { |
| 59 | if (a == 5) { |
| 60 | int x[a]; |
| 61 | x[4] = 4; // no-warning |
| 62 | x[5] = 5; // expected-warning{{out-of-bound}} |
| 63 | } |
| 64 | } |
| Jordy Rose | b7e3aab | 2010-07-05 04:42:43 +0000 | [diff] [blame] | 65 | |
| 66 | void sizeof_vla(int a) { |
| 67 | if (a == 5) { |
| 68 | char x[a]; |
| 69 | int y[sizeof(x)]; |
| 70 | y[4] = 4; // no-warning |
| 71 | y[5] = 5; // expected-warning{{out-of-bound}} |
| 72 | } |
| 73 | } |
| Jordy Rose | 8556cc4 | 2010-08-14 20:46:10 +0000 | [diff] [blame] | 74 | |
| 75 | void alloca_region(int a) { |
| 76 | if (a == 5) { |
| 77 | char *x = __builtin_alloca(a); |
| 78 | x[4] = 4; // no-warning |
| 79 | x[5] = 5; // expected-warning{{out-of-bound}} |
| 80 | } |
| 81 | } |
| Jordy Rose | e701117 | 2010-08-16 01:15:17 +0000 | [diff] [blame] | 82 | |
| 83 | int symbolic_index(int a) { |
| 84 | int x[2] = {1, 2}; |
| 85 | if (a == 2) { |
| 86 | return x[a]; // expected-warning{{out-of-bound}} |
| 87 | } |
| 88 | return 0; |
| 89 | } |
| 90 | |
| 91 | int symbolic_index2(int a) { |
| 92 | int x[2] = {1, 2}; |
| 93 | if (a < 0) { |
| 94 | return x[a]; // expected-warning{{out-of-bound}} |
| 95 | } |
| 96 | return 0; |
| 97 | } |