Gitiles
Code Review Sign In
gerrit-public.fairphone.software / fp2-dev / platform / external / clang / 141b90cd3d095b638045d9bc2a070af37d32e1e1 / . / test / Analysis / string.c
blob: fd836c471bd41cabc4d9043dd63f923a360475a5 [file] [log] [blame]
Ted Kremenekcdc3a892012-08-24 20:39:55 +0000[diff] [blame]1// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify %s
2// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify %s
3// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify %s
4// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=alpha.security.taint,core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -Wno-null-dereference -verify %s
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]5
6//===----------------------------------------------------------------------===
7// Declarations
8//===----------------------------------------------------------------------===
9
10// Some functions are so similar to each other that they follow the same code
11// path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is
12// defined, make sure to use the variants instead to make sure they are still
13// checked by the analyzer.
14
15// Some functions are implemented as builtins. These should be #defined as
16// BUILTIN(f), which will prepend "__builtin_" if USE_BUILTINS is defined.
17
Chris Lattnerfc8f0e12011-04-15 05:22:18 +0000[diff] [blame]18// Functions that have variants and are also available as builtins should be
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]19// declared carefully! See memcpy() for an example.
20
21#ifdef USE_BUILTINS
22# define BUILTIN(f) __builtin_ ## f
23#else /* USE_BUILTINS */
24# define BUILTIN(f) f
25#endif /* USE_BUILTINS */
26
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]27#define NULL 0
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]28typedef typeof(sizeof(int)) size_t;
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]29
30void clang_analyzer_eval(int);
31
Anna Zakse3d250e2011-12-11 18:43:40 +0000[diff] [blame]32int scanf(const char *restrict format, ...);
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]33
34//===----------------------------------------------------------------------===
35// strlen()
36//===----------------------------------------------------------------------===
37
38#define strlen BUILTIN(strlen)
39size_t strlen(const char *s);
40
41void strlen_constant0() {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]42 clang_analyzer_eval(strlen("123") == 3); // expected-warning{{TRUE}}
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]43}
44
45void strlen_constant1() {
46 const char *a = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]47 clang_analyzer_eval(strlen(a) == 3); // expected-warning{{TRUE}}
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]48}
49
50void strlen_constant2(char x) {
51 char a[] = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]52 clang_analyzer_eval(strlen(a) == 3); // expected-warning{{TRUE}}
53
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]54 a[0] = x;
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]55 clang_analyzer_eval(strlen(a) == 3); // expected-warning{{UNKNOWN}}
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]56}
57
58size_t strlen_null() {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]59 return strlen(0); // expected-warning{{Null pointer argument in call to string length function}}
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]60}
61
62size_t strlen_fn() {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]63 return strlen((char*)&strlen_fn); // expected-warning{{Argument to string length function is the address of the function 'strlen_fn', which is not a null-terminated string}}
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]64}
65
66size_t strlen_nonloc() {
67label:
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]68 return strlen((char*)&&label); // expected-warning{{Argument to string length function is the address of the label 'label', which is not a null-terminated string}}
Jordy Rose19c5dd12010-07-27 01:37:31 +0000[diff] [blame]69}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]70
71void strlen_subregion() {
Carl Norume224ba72011-03-07 22:57:45 +0000[diff] [blame]72 struct two_strings { char a[2], b[2]; };
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]73 extern void use_two_strings(struct two_strings *);
74
75 struct two_strings z;
76 use_two_strings(&z);
77
78 size_t a = strlen(z.a);
79 z.b[0] = 5;
80 size_t b = strlen(z.a);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]81 if (a == 0)
82 clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]83
84 use_two_strings(&z);
85
86 size_t c = strlen(z.a);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]87 if (a == 0)
88 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]89}
90
91extern void use_string(char *);
92void strlen_argument(char *x) {
93 size_t a = strlen(x);
94 size_t b = strlen(x);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]95 if (a == 0)
96 clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]97
98 use_string(x);
99
100 size_t c = strlen(x);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]101 if (a == 0)
102 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]103}
104
105extern char global_str[];
106void strlen_global() {
107 size_t a = strlen(global_str);
108 size_t b = strlen(global_str);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]109 if (a == 0) {
110 clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
111 // Make sure clang_analyzer_eval does not invalidate globals.
112 clang_analyzer_eval(strlen(global_str) == 0); // expected-warning{{TRUE}}
113 }
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]114
115 // Call a function with unknown effects, which should invalidate globals.
116 use_string(0);
117
118 size_t c = strlen(global_str);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]119 if (a == 0)
120 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]121}
122
123void strlen_indirect(char *x) {
124 size_t a = strlen(x);
125 char *p = x;
126 char **p2 = &p;
127 size_t b = strlen(x);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]128 if (a == 0)
129 clang_analyzer_eval(b == 0); // expected-warning{{TRUE}}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]130
131 extern void use_string_ptr(char*const*);
132 use_string_ptr(p2);
133
134 size_t c = strlen(x);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]135 if (a == 0)
136 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]137}
138
Anna Zaks2cbe7912011-12-20 22:35:30 +0000[diff] [blame]139void strlen_indirect2(char *x) {
140 size_t a = strlen(x);
141 char *p = x;
142 char **p2 = &p;
143 extern void use_string_ptr2(char**);
144 use_string_ptr2(p2);
145
146 size_t c = strlen(x);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]147 if (a == 0)
148 clang_analyzer_eval(c == 0); // expected-warning{{UNKNOWN}}
Anna Zaks2cbe7912011-12-20 22:35:30 +0000[diff] [blame]149}
150
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]151void strlen_liveness(const char *x) {
152 if (strlen(x) < 5)
153 return;
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]154 clang_analyzer_eval(strlen(x) < 5); // expected-warning{{FALSE}}
Jordy Rosea5261542010-08-14 21:02:52 +0000[diff] [blame]155}
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]156
157//===----------------------------------------------------------------------===
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]158// strnlen()
159//===----------------------------------------------------------------------===
160
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]161size_t strnlen(const char *s, size_t maxlen);
162
163void strnlen_constant0() {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]164 clang_analyzer_eval(strnlen("123", 10) == 3); // expected-warning{{TRUE}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]165}
166
167void strnlen_constant1() {
168 const char *a = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]169 clang_analyzer_eval(strnlen(a, 10) == 3); // expected-warning{{TRUE}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]170}
171
172void strnlen_constant2(char x) {
173 char a[] = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]174 clang_analyzer_eval(strnlen(a, 10) == 3); // expected-warning{{TRUE}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]175 a[0] = x;
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]176 clang_analyzer_eval(strnlen(a, 10) == 3); // expected-warning{{UNKNOWN}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]177}
178
179void strnlen_constant4() {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]180 clang_analyzer_eval(strnlen("123456", 3) == 3); // expected-warning{{TRUE}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]181}
182
183void strnlen_constant5() {
184 const char *a = "123456";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]185 clang_analyzer_eval(strnlen(a, 3) == 3); // expected-warning{{TRUE}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]186}
187
188void strnlen_constant6(char x) {
189 char a[] = "123456";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]190 clang_analyzer_eval(strnlen(a, 3) == 3); // expected-warning{{TRUE}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]191 a[0] = x;
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]192 clang_analyzer_eval(strnlen(a, 3) == 3); // expected-warning{{UNKNOWN}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]193}
194
195size_t strnlen_null() {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]196 return strnlen(0, 3); // expected-warning{{Null pointer argument in call to string length function}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]197}
198
199size_t strnlen_fn() {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]200 return strnlen((char*)&strlen_fn, 3); // expected-warning{{Argument to string length function is the address of the function 'strlen_fn', which is not a null-terminated string}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]201}
202
203size_t strnlen_nonloc() {
204label:
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]205 return strnlen((char*)&&label, 3); // expected-warning{{Argument to string length function is the address of the label 'label', which is not a null-terminated string}}
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]206}
207
Jordy Rose793bff32011-06-14 01:15:31 +0000[diff] [blame]208void strnlen_zero() {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]209 clang_analyzer_eval(strnlen("abc", 0) == 0); // expected-warning{{TRUE}}
210 clang_analyzer_eval(strnlen(NULL, 0) == 0); // expected-warning{{TRUE}}
Jordy Rose793bff32011-06-14 01:15:31 +0000[diff] [blame]211}
212
213size_t strnlen_compound_literal() {
214 // This used to crash because we don't model the string lengths of
215 // compound literals.
216 return strnlen((char[]) { 'a', 'b', 0 }, 1);
217}
218
219size_t strnlen_unknown_limit(float f) {
220 // This used to crash because we don't model the integer values of floats.
221 return strnlen("abc", (int)f);
222}
223
224void strnlen_is_not_strlen(char *x) {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]225 clang_analyzer_eval(strnlen(x, 10) == strlen(x)); // expected-warning{{UNKNOWN}}
Jordy Rose793bff32011-06-14 01:15:31 +0000[diff] [blame]226}
227
228void strnlen_at_limit(char *x) {
229 size_t len = strnlen(x, 10);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]230 clang_analyzer_eval(len <= 10); // expected-warning{{TRUE}}
231 clang_analyzer_eval(len == 10); // expected-warning{{UNKNOWN}}
232 clang_analyzer_eval(len < 10); // expected-warning{{UNKNOWN}}
Jordy Rose793bff32011-06-14 01:15:31 +0000[diff] [blame]233}
234
235void strnlen_at_actual(size_t limit) {
236 size_t len = strnlen("abc", limit);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]237 clang_analyzer_eval(len <= 3); // expected-warning{{TRUE}}
238 // This is due to eager assertion in strnlen.
239 if (limit == 0) {
240 clang_analyzer_eval(len == 0); // expected-warning{{TRUE}}
241 } else {
242 clang_analyzer_eval(len == 3); // expected-warning{{UNKNOWN}}
243 clang_analyzer_eval(len < 3); // expected-warning{{UNKNOWN}}
244 }
Ted Kremenekbe4242c2011-02-22 04:55:05 +0000[diff] [blame]245}
246
247//===----------------------------------------------------------------------===
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]248// strcpy()
249//===----------------------------------------------------------------------===
250
251#ifdef VARIANT
252
253#define __strcpy_chk BUILTIN(__strcpy_chk)
254char *__strcpy_chk(char *restrict s1, const char *restrict s2, size_t destlen);
255
256#define strcpy(a,b) __strcpy_chk(a,b,(size_t)-1)
257
258#else /* VARIANT */
259
260#define strcpy BUILTIN(strcpy)
261char *strcpy(char *restrict s1, const char *restrict s2);
262
263#endif /* VARIANT */
264
265
266void strcpy_null_dst(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]267 strcpy(NULL, x); // expected-warning{{Null pointer argument in call to string copy function}}
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]268}
269
270void strcpy_null_src(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]271 strcpy(x, NULL); // expected-warning{{Null pointer argument in call to string copy function}}
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]272}
273
274void strcpy_fn(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]275 strcpy(x, (char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}}
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]276}
277
Anna Zaksce8ef162012-01-13 00:56:48 +0000[diff] [blame]278void strcpy_fn_const(char *x) {
279 strcpy(x, (const char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}}
280}
281
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]282void strcpy_effects(char *x, char *y) {
283 char a = x[0];
284
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]285 clang_analyzer_eval(strcpy(x, y) == x); // expected-warning{{TRUE}}
286 clang_analyzer_eval(strlen(x) == strlen(y)); // expected-warning{{TRUE}}
287 clang_analyzer_eval(a == x[0]); // expected-warning{{UNKNOWN}}
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]288}
289
290void strcpy_overflow(char *y) {
291 char x[4];
292 if (strlen(y) == 4)
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]293 strcpy(x, y); // expected-warning{{String copy function overflows destination buffer}}
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]294}
295
296void strcpy_no_overflow(char *y) {
297 char x[4];
298 if (strlen(y) == 3)
299 strcpy(x, y); // no-warning
300}
301
302//===----------------------------------------------------------------------===
303// stpcpy()
304//===----------------------------------------------------------------------===
305
306#ifdef VARIANT
307
308#define __stpcpy_chk BUILTIN(__stpcpy_chk)
309char *__stpcpy_chk(char *restrict s1, const char *restrict s2, size_t destlen);
310
311#define stpcpy(a,b) __stpcpy_chk(a,b,(size_t)-1)
312
313#else /* VARIANT */
314
315#define stpcpy BUILTIN(stpcpy)
316char *stpcpy(char *restrict s1, const char *restrict s2);
317
318#endif /* VARIANT */
319
320
321void stpcpy_effect(char *x, char *y) {
322 char a = x[0];
323
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]324 clang_analyzer_eval(stpcpy(x, y) == &x[strlen(y)]); // expected-warning{{TRUE}}
325 clang_analyzer_eval(strlen(x) == strlen(y)); // expected-warning{{TRUE}}
326 clang_analyzer_eval(a == x[0]); // expected-warning{{UNKNOWN}}
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]327}
328
329void stpcpy_overflow(char *y) {
330 char x[4];
331 if (strlen(y) == 4)
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]332 stpcpy(x, y); // expected-warning{{String copy function overflows destination buffer}}
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]333}
334
335void stpcpy_no_overflow(char *y) {
336 char x[4];
337 if (strlen(y) == 3)
338 stpcpy(x, y); // no-warning
339}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]340
341//===----------------------------------------------------------------------===
342// strcat()
343//===----------------------------------------------------------------------===
344
345#ifdef VARIANT
346
347#define __strcat_chk BUILTIN(__strcat_chk)
348char *__strcat_chk(char *restrict s1, const char *restrict s2, size_t destlen);
349
350#define strcat(a,b) __strcat_chk(a,b,(size_t)-1)
351
352#else /* VARIANT */
353
354#define strcat BUILTIN(strcat)
355char *strcat(char *restrict s1, const char *restrict s2);
356
357#endif /* VARIANT */
358
359
360void strcat_null_dst(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]361 strcat(NULL, x); // expected-warning{{Null pointer argument in call to string copy function}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]362}
363
364void strcat_null_src(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]365 strcat(x, NULL); // expected-warning{{Null pointer argument in call to string copy function}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]366}
367
368void strcat_fn(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]369 strcat(x, (char*)&strcat_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcat_fn', which is not a null-terminated string}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]370}
371
372void strcat_effects(char *y) {
373 char x[8] = "123";
374 size_t orig_len = strlen(x);
375 char a = x[0];
376
377 if (strlen(y) != 4)
378 return;
379
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]380 clang_analyzer_eval(strcat(x, y) == x); // expected-warning{{TRUE}}
381 clang_analyzer_eval((int)strlen(x) == (orig_len + strlen(y))); // expected-warning{{TRUE}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]382}
383
384void strcat_overflow_0(char *y) {
385 char x[4] = "12";
386 if (strlen(y) == 4)
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]387 strcat(x, y); // expected-warning{{String copy function overflows destination buffer}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]388}
389
390void strcat_overflow_1(char *y) {
391 char x[4] = "12";
392 if (strlen(y) == 3)
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]393 strcat(x, y); // expected-warning{{String copy function overflows destination buffer}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]394}
395
396void strcat_overflow_2(char *y) {
397 char x[4] = "12";
398 if (strlen(y) == 2)
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]399 strcat(x, y); // expected-warning{{String copy function overflows destination buffer}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]400}
401
402void strcat_no_overflow(char *y) {
403 char x[5] = "12";
404 if (strlen(y) == 2)
405 strcat(x, y); // no-warning
406}
407
Jordy Rosed5af0e12011-06-15 05:52:56 +0000[diff] [blame]408void strcat_symbolic_dst_length(char *dst) {
409 strcat(dst, "1234");
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]410 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
Jordy Rosed5af0e12011-06-15 05:52:56 +0000[diff] [blame]411}
412
413void strcat_symbolic_src_length(char *src) {
414 char dst[8] = "1234";
415 strcat(dst, src);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]416 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
Jordy Rosed5af0e12011-06-15 05:52:56 +0000[diff] [blame]417}
418
Anna Zakse3d250e2011-12-11 18:43:40 +0000[diff] [blame]419void strcat_symbolic_dst_length_taint(char *dst) {
420 scanf("%s", dst); // Taint data.
421 strcat(dst, "1234");
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]422 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
Anna Zakse3d250e2011-12-11 18:43:40 +0000[diff] [blame]423}
424
Jordy Rosed5af0e12011-06-15 05:52:56 +0000[diff] [blame]425void strcat_unknown_src_length(char *src, int offset) {
426 char dst[8] = "1234";
427 strcat(dst, &src[offset]);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]428 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
Jordy Rosed5af0e12011-06-15 05:52:56 +0000[diff] [blame]429}
430
431// There is no strcat_unknown_dst_length because if we can't get a symbolic
432// length for the "before" strlen, we won't be able to set one for "after".
433
434void strcat_too_big(char *dst, char *src) {
435 if (strlen(dst) != (((size_t)0) - 2))
436 return;
437 if (strlen(src) != 2)
438 return;
439 strcat(dst, src); // expected-warning{{This expression will create a string whose length is too big to be represented as a size_t}}
440}
441
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]442
443//===----------------------------------------------------------------------===
Jordy Rose5e5f1502011-06-20 03:49:16 +0000[diff] [blame]444// strncpy()
445//===----------------------------------------------------------------------===
446
447#ifdef VARIANT
448
449#define __strncpy_chk BUILTIN(__strncpy_chk)
450char *__strncpy_chk(char *restrict s1, const char *restrict s2, size_t n, size_t destlen);
451
452#define strncpy(a,b,n) __strncpy_chk(a,b,n,(size_t)-1)
453
454#else /* VARIANT */
455
456#define strncpy BUILTIN(strncpy)
457char *strncpy(char *restrict s1, const char *restrict s2, size_t n);
458
459#endif /* VARIANT */
460
461
462void strncpy_null_dst(char *x) {
463 strncpy(NULL, x, 5); // expected-warning{{Null pointer argument in call to string copy function}}
464}
465
466void strncpy_null_src(char *x) {
467 strncpy(x, NULL, 5); // expected-warning{{Null pointer argument in call to string copy function}}
468}
469
470void strncpy_fn(char *x) {
471 strncpy(x, (char*)&strcpy_fn, 5); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}}
472}
473
474void strncpy_effects(char *x, char *y) {
475 char a = x[0];
476
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]477 clang_analyzer_eval(strncpy(x, y, 5) == x); // expected-warning{{TRUE}}
478 clang_analyzer_eval(strlen(x) == strlen(y)); // expected-warning{{UNKNOWN}}
479 clang_analyzer_eval(a == x[0]); // expected-warning{{UNKNOWN}}
Jordy Rose5e5f1502011-06-20 03:49:16 +0000[diff] [blame]480}
481
482void strncpy_overflow(char *y) {
483 char x[4];
484 if (strlen(y) == 4)
485 strncpy(x, y, 5); // expected-warning{{Size argument is greater than the length of the destination buffer}}
486}
487
488void strncpy_no_overflow(char *y) {
489 char x[4];
490 if (strlen(y) == 3)
491 strncpy(x, y, 5); // expected-warning{{Size argument is greater than the length of the destination buffer}}
492}
493
494void strncpy_no_overflow2(char *y, int n) {
495 if (n <= 4)
496 return;
497
498 char x[4];
499 if (strlen(y) == 3)
500 strncpy(x, y, n); // expected-warning{{Size argument is greater than the length of the destination buffer}}
501}
502
503void strncpy_truncate(char *y) {
504 char x[4];
505 if (strlen(y) == 4)
506 strncpy(x, y, 3); // no-warning
507}
508
509void strncpy_no_truncate(char *y) {
510 char x[4];
511 if (strlen(y) == 3)
512 strncpy(x, y, 3); // no-warning
513}
514
515void strncpy_exactly_matching_buffer(char *y) {
516 char x[4];
517 strncpy(x, y, 4); // no-warning
518
519 // strncpy does not null-terminate, so we have no idea what the strlen is
520 // after this.
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]521 clang_analyzer_eval(strlen(x) > 4); // expected-warning{{UNKNOWN}}
Jordy Rose5e5f1502011-06-20 03:49:16 +0000[diff] [blame]522}
523
524void strncpy_exactly_matching_buffer2(char *y) {
525 if (strlen(y) >= 4)
526 return;
527
528 char x[4];
529 strncpy(x, y, 4); // no-warning
530
531 // This time, we know that y fits in x anyway.
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]532 clang_analyzer_eval(strlen(x) <= 3); // expected-warning{{TRUE}}
Jordy Rose5e5f1502011-06-20 03:49:16 +0000[diff] [blame]533}
534
Jordy Rose6e4244e2012-05-14 17:58:35 +0000[diff] [blame]535void strncpy_zero(char *src) {
536 char dst[] = "123";
537 strncpy(dst, src, 0); // no-warning
538}
539
540void strncpy_empty() {
541 char dst[] = "123";
542 char src[] = "";
543 strncpy(dst, src, 4); // no-warning
544}
545
Jordy Rose5e5f1502011-06-20 03:49:16 +0000[diff] [blame]546//===----------------------------------------------------------------------===
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]547// strncat()
548//===----------------------------------------------------------------------===
549
550#ifdef VARIANT
551
552#define __strncat_chk BUILTIN(__strncat_chk)
553char *__strncat_chk(char *restrict s1, const char *restrict s2, size_t n, size_t destlen);
554
555#define strncat(a,b,c) __strncat_chk(a,b,c, (size_t)-1)
556
557#else /* VARIANT */
558
559#define strncat BUILTIN(strncat)
560char *strncat(char *restrict s1, const char *restrict s2, size_t n);
561
562#endif /* VARIANT */
563
564
565void strncat_null_dst(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]566 strncat(NULL, x, 4); // expected-warning{{Null pointer argument in call to string copy function}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]567}
568
569void strncat_null_src(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]570 strncat(x, NULL, 4); // expected-warning{{Null pointer argument in call to string copy function}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]571}
572
573void strncat_fn(char *x) {
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]574 strncat(x, (char*)&strncat_fn, 4); // expected-warning{{Argument to string copy function is the address of the function 'strncat_fn', which is not a null-terminated string}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]575}
576
577void strncat_effects(char *y) {
578 char x[8] = "123";
579 size_t orig_len = strlen(x);
580 char a = x[0];
581
582 if (strlen(y) != 4)
583 return;
584
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]585 clang_analyzer_eval(strncat(x, y, strlen(y)) == x); // expected-warning{{TRUE}}
586 clang_analyzer_eval(strlen(x) == (orig_len + strlen(y))); // expected-warning{{TRUE}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]587}
588
589void strncat_overflow_0(char *y) {
590 char x[4] = "12";
591 if (strlen(y) == 4)
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]592 strncat(x, y, strlen(y)); // expected-warning{{Size argument is greater than the free space in the destination buffer}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]593}
594
595void strncat_overflow_1(char *y) {
596 char x[4] = "12";
597 if (strlen(y) == 3)
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]598 strncat(x, y, strlen(y)); // expected-warning{{Size argument is greater than the free space in the destination buffer}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]599}
600
601void strncat_overflow_2(char *y) {
602 char x[4] = "12";
603 if (strlen(y) == 2)
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]604 strncat(x, y, strlen(y)); // expected-warning{{Size argument is greater than the free space in the destination buffer}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]605}
606
607void strncat_overflow_3(char *y) {
608 char x[4] = "12";
609 if (strlen(y) == 4)
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]610 strncat(x, y, 2); // expected-warning{{Size argument is greater than the free space in the destination buffer}}
Lenny Maiorani067bbd02011-04-09 15:12:58 +0000[diff] [blame]611}
612void strncat_no_overflow_1(char *y) {
613 char x[5] = "12";
614 if (strlen(y) == 2)
615 strncat(x, y, strlen(y)); // no-warning
616}
617
618void strncat_no_overflow_2(char *y) {
619 char x[4] = "12";
620 if (strlen(y) == 4)
621 strncat(x, y, 1); // no-warning
622}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]623
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]624void strncat_symbolic_dst_length(char *dst) {
625 strncat(dst, "1234", 5);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]626 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]627}
628
629void strncat_symbolic_src_length(char *src) {
630 char dst[8] = "1234";
631 strncat(dst, src, 3);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]632 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]633
634 char dst2[8] = "1234";
635 strncat(dst2, src, 4); // expected-warning{{Size argument is greater than the free space in the destination buffer}}
636}
637
638void strncat_unknown_src_length(char *src, int offset) {
639 char dst[8] = "1234";
640 strncat(dst, &src[offset], 3);
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]641 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]642
643 char dst2[8] = "1234";
644 strncat(dst2, &src[offset], 4); // expected-warning{{Size argument is greater than the free space in the destination buffer}}
645}
646
647// There is no strncat_unknown_dst_length because if we can't get a symbolic
648// length for the "before" strlen, we won't be able to set one for "after".
649
650void strncat_symbolic_limit(unsigned limit) {
651 char dst[6] = "1234";
652 char src[] = "567";
653 strncat(dst, src, limit); // no-warning
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]654
655 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
656 clang_analyzer_eval(strlen(dst) == 4); // expected-warning{{UNKNOWN}}
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]657}
658
659void strncat_unknown_limit(float limit) {
660 char dst[6] = "1234";
661 char src[] = "567";
662 strncat(dst, src, (size_t)limit); // no-warning
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]663
664 clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}}
665 clang_analyzer_eval(strlen(dst) == 4); // expected-warning{{UNKNOWN}}
Jordy Rose8912aae2011-06-20 21:55:40 +0000[diff] [blame]666}
667
668void strncat_too_big(char *dst, char *src) {
669 if (strlen(dst) != (((size_t)0) - 2))
670 return;
671 if (strlen(src) != 2)
672 return;
673 strncat(dst, src, 2); // expected-warning{{This expression will create a string whose length is too big to be represented as a size_t}}
674}
675
Jordy Rose6e4244e2012-05-14 17:58:35 +0000[diff] [blame]676void strncat_zero(char *src) {
677 char dst[] = "123";
678 strncat(dst, src, 0); // no-warning
679}
680
681void strncat_empty() {
682 char dst[8] = "123";
683 char src[] = "";
684 strncat(dst, src, 4); // no-warning
685}
686
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]687//===----------------------------------------------------------------------===
688// strcmp()
689//===----------------------------------------------------------------------===
690
691#define strcmp BUILTIN(strcmp)
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]692int strcmp(const char * s1, const char * s2);
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]693
694void strcmp_constant0() {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]695 clang_analyzer_eval(strcmp("123", "123") == 0); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]696}
697
698void strcmp_constant_and_var_0() {
699 char *x = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]700 clang_analyzer_eval(strcmp(x, "123") == 0); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]701}
702
703void strcmp_constant_and_var_1() {
704 char *x = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]705 clang_analyzer_eval(strcmp("123", x) == 0); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]706}
707
708void strcmp_0() {
709 char *x = "123";
710 char *y = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]711 clang_analyzer_eval(strcmp(x, y) == 0); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]712}
713
714void strcmp_1() {
715 char *x = "234";
716 char *y = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]717 clang_analyzer_eval(strcmp(x, y) == 1); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]718}
719
720void strcmp_2() {
721 char *x = "123";
722 char *y = "234";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]723 clang_analyzer_eval(strcmp(x, y) == -1); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]724}
725
726void strcmp_null_0() {
727 char *x = NULL;
728 char *y = "123";
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]729 strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]730}
731
732void strcmp_null_1() {
733 char *x = "123";
734 char *y = NULL;
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]735 strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]736}
737
738void strcmp_diff_length_0() {
739 char *x = "12345";
740 char *y = "234";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]741 clang_analyzer_eval(strcmp(x, y) == -1); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]742}
743
744void strcmp_diff_length_1() {
745 char *x = "123";
746 char *y = "23456";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]747 clang_analyzer_eval(strcmp(x, y) == -1); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]748}
749
750void strcmp_diff_length_2() {
751 char *x = "12345";
752 char *y = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]753 clang_analyzer_eval(strcmp(x, y) == 1); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]754}
755
756void strcmp_diff_length_3() {
757 char *x = "123";
758 char *y = "12345";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]759 clang_analyzer_eval(strcmp(x, y) == -1); // expected-warning{{TRUE}}
Lenny Maiorani318dd922011-04-12 17:08:43 +0000[diff] [blame]760}
761
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]762void strcmp_embedded_null () {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]763 clang_analyzer_eval(strcmp("\0z", "\0y") == 0); // expected-warning{{TRUE}}
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]764}
765
766void strcmp_unknown_arg (char *unknown) {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]767 clang_analyzer_eval(strcmp(unknown, unknown) == 0); // expected-warning{{TRUE}}
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]768}
769
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]770//===----------------------------------------------------------------------===
771// strncmp()
772//===----------------------------------------------------------------------===
773
774#define strncmp BUILTIN(strncmp)
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]775int strncmp(const char *s1, const char *s2, size_t n);
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]776
777void strncmp_constant0() {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]778 clang_analyzer_eval(strncmp("123", "123", 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]779}
780
781void strncmp_constant_and_var_0() {
782 char *x = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]783 clang_analyzer_eval(strncmp(x, "123", 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]784}
785
786void strncmp_constant_and_var_1() {
787 char *x = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]788 clang_analyzer_eval(strncmp("123", x, 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]789}
790
791void strncmp_0() {
792 char *x = "123";
793 char *y = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]794 clang_analyzer_eval(strncmp(x, y, 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]795}
796
797void strncmp_1() {
798 char *x = "234";
799 char *y = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]800 clang_analyzer_eval(strncmp(x, y, 3) == 1); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]801}
802
803void strncmp_2() {
804 char *x = "123";
805 char *y = "234";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]806 clang_analyzer_eval(strncmp(x, y, 3) == -1); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]807}
808
809void strncmp_null_0() {
810 char *x = NULL;
811 char *y = "123";
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]812 strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]813}
814
815void strncmp_null_1() {
816 char *x = "123";
817 char *y = NULL;
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]818 strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]819}
820
821void strncmp_diff_length_0() {
822 char *x = "12345";
823 char *y = "234";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]824 clang_analyzer_eval(strncmp(x, y, 5) == -1); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]825}
826
827void strncmp_diff_length_1() {
828 char *x = "123";
829 char *y = "23456";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]830 clang_analyzer_eval(strncmp(x, y, 5) == -1); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]831}
832
833void strncmp_diff_length_2() {
834 char *x = "12345";
835 char *y = "123";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]836 clang_analyzer_eval(strncmp(x, y, 5) == 1); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]837}
838
839void strncmp_diff_length_3() {
840 char *x = "123";
841 char *y = "12345";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]842 clang_analyzer_eval(strncmp(x, y, 5) == -1); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]843}
844
845void strncmp_diff_length_4() {
846 char *x = "123";
847 char *y = "12345";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]848 clang_analyzer_eval(strncmp(x, y, 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]849}
850
851void strncmp_diff_length_5() {
852 char *x = "012";
853 char *y = "12345";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]854 clang_analyzer_eval(strncmp(x, y, 3) == -1); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]855}
856
857void strncmp_diff_length_6() {
858 char *x = "234";
859 char *y = "12345";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]860 clang_analyzer_eval(strncmp(x, y, 3) == 1); // expected-warning{{TRUE}}
Lenny Maiorani357f6ee2011-04-25 22:21:00 +0000[diff] [blame]861}
862
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]863void strncmp_embedded_null () {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]864 clang_analyzer_eval(strncmp("ab\0zz", "ab\0yy", 4) == 0); // expected-warning{{TRUE}}
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]865}
866
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]867//===----------------------------------------------------------------------===
868// strcasecmp()
869//===----------------------------------------------------------------------===
870
871#define strcasecmp BUILTIN(strcasecmp)
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]872int strcasecmp(const char *s1, const char *s2);
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]873
874void strcasecmp_constant0() {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]875 clang_analyzer_eval(strcasecmp("abc", "Abc") == 0); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]876}
877
878void strcasecmp_constant_and_var_0() {
879 char *x = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]880 clang_analyzer_eval(strcasecmp(x, "Abc") == 0); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]881}
882
883void strcasecmp_constant_and_var_1() {
884 char *x = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]885 clang_analyzer_eval(strcasecmp("Abc", x) == 0); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]886}
887
888void strcasecmp_0() {
889 char *x = "abc";
890 char *y = "Abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]891 clang_analyzer_eval(strcasecmp(x, y) == 0); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]892}
893
894void strcasecmp_1() {
895 char *x = "Bcd";
896 char *y = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]897 clang_analyzer_eval(strcasecmp(x, y) == 1); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]898}
899
900void strcasecmp_2() {
901 char *x = "abc";
902 char *y = "Bcd";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]903 clang_analyzer_eval(strcasecmp(x, y) == -1); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]904}
905
906void strcasecmp_null_0() {
907 char *x = NULL;
908 char *y = "123";
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]909 strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]910}
911
912void strcasecmp_null_1() {
913 char *x = "123";
914 char *y = NULL;
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]915 strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]916}
917
918void strcasecmp_diff_length_0() {
919 char *x = "abcde";
920 char *y = "aBd";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]921 clang_analyzer_eval(strcasecmp(x, y) == -1); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]922}
923
924void strcasecmp_diff_length_1() {
925 char *x = "abc";
926 char *y = "aBdef";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]927 clang_analyzer_eval(strcasecmp(x, y) == -1); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]928}
929
930void strcasecmp_diff_length_2() {
931 char *x = "aBcDe";
932 char *y = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]933 clang_analyzer_eval(strcasecmp(x, y) == 1); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]934}
935
936void strcasecmp_diff_length_3() {
937 char *x = "aBc";
938 char *y = "abcde";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]939 clang_analyzer_eval(strcasecmp(x, y) == -1); // expected-warning{{TRUE}}
Lenny Maioranibd1d16a2011-04-28 15:09:11 +0000[diff] [blame]940}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]941
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]942void strcasecmp_embedded_null () {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]943 clang_analyzer_eval(strcasecmp("ab\0zz", "ab\0yy") == 0); // expected-warning{{TRUE}}
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]944}
945
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]946//===----------------------------------------------------------------------===
947// strncasecmp()
948//===----------------------------------------------------------------------===
949
950#define strncasecmp BUILTIN(strncasecmp)
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]951int strncasecmp(const char *s1, const char *s2, size_t n);
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]952
953void strncasecmp_constant0() {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]954 clang_analyzer_eval(strncasecmp("abc", "Abc", 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]955}
956
957void strncasecmp_constant_and_var_0() {
958 char *x = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]959 clang_analyzer_eval(strncasecmp(x, "Abc", 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]960}
961
962void strncasecmp_constant_and_var_1() {
963 char *x = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]964 clang_analyzer_eval(strncasecmp("Abc", x, 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]965}
966
967void strncasecmp_0() {
968 char *x = "abc";
969 char *y = "Abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]970 clang_analyzer_eval(strncasecmp(x, y, 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]971}
972
973void strncasecmp_1() {
974 char *x = "Bcd";
975 char *y = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]976 clang_analyzer_eval(strncasecmp(x, y, 3) == 1); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]977}
978
979void strncasecmp_2() {
980 char *x = "abc";
981 char *y = "Bcd";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]982 clang_analyzer_eval(strncasecmp(x, y, 3) == -1); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]983}
984
985void strncasecmp_null_0() {
986 char *x = NULL;
987 char *y = "123";
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]988 strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]989}
990
991void strncasecmp_null_1() {
992 char *x = "123";
993 char *y = NULL;
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]994 strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]995}
996
997void strncasecmp_diff_length_0() {
998 char *x = "abcde";
999 char *y = "aBd";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]1000 clang_analyzer_eval(strncasecmp(x, y, 5) == -1); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]1001}
1002
1003void strncasecmp_diff_length_1() {
1004 char *x = "abc";
1005 char *y = "aBdef";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]1006 clang_analyzer_eval(strncasecmp(x, y, 5) == -1); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]1007}
1008
1009void strncasecmp_diff_length_2() {
1010 char *x = "aBcDe";
1011 char *y = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]1012 clang_analyzer_eval(strncasecmp(x, y, 5) == 1); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]1013}
1014
1015void strncasecmp_diff_length_3() {
1016 char *x = "aBc";
1017 char *y = "abcde";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]1018 clang_analyzer_eval(strncasecmp(x, y, 5) == -1); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]1019}
1020
1021void strncasecmp_diff_length_4() {
1022 char *x = "abcde";
1023 char *y = "aBc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]1024 clang_analyzer_eval(strncasecmp(x, y, 3) == 0); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]1025}
1026
1027void strncasecmp_diff_length_5() {
1028 char *x = "abcde";
1029 char *y = "aBd";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]1030 clang_analyzer_eval(strncasecmp(x, y, 3) == -1); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]1031}
1032
1033void strncasecmp_diff_length_6() {
1034 char *x = "aBDe";
1035 char *y = "abc";
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]1036 clang_analyzer_eval(strncasecmp(x, y, 3) == 1); // expected-warning{{TRUE}}
Lenny Maiorani454fd2d2011-05-02 19:05:49 +0000[diff] [blame]1037}
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]1038
1039void strncasecmp_embedded_null () {
Jordy Rose43d9f0d2012-05-16 16:01:10 +0000[diff] [blame]1040 clang_analyzer_eval(strncasecmp("ab\0zz", "ab\0yy", 4) == 0); // expected-warning{{TRUE}}
Jordy Roseadc42d42011-06-16 07:13:34 +0000[diff] [blame]1041}