Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / 15a467e9e8e9bee54c9d03305b4009e530c6ba4a / . / test / Analysis / out-of-bounds.c
blob: 598e1653763639bb23cd6603fbd2814804e65e99 [file] [log] [blame]
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]1// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify %s
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]2
3// Tests doing an out-of-bounds access after the end of an array using:
4// - constant integer index
5// - constant integer size for buffer
6void test1(int x) {
7 int buf[100];
8 buf[100] = 1; // expected-warning{{Out of bound memory access}}
9}
10
11void test1_ok(int x) {
12 int buf[100];
13 buf[99] = 1; // no-warning
14}
15
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]16const char test1_strings_underrun(int x) {
17 const char *mystr = "mary had a little lamb";
18 return mystr[-1]; // expected-warning{{Out of bound memory access}}
19}
20
21const char test1_strings_overrun(int x) {
22 const char *mystr = "mary had a little lamb";
23 return mystr[1000]; // expected-warning{{Out of bound memory access}}
24}
25
26const char test1_strings_ok(int x) {
27 const char *mystr = "mary had a little lamb";
28 return mystr[5]; // no-warning
29}
30
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]31// Tests doing an out-of-bounds access after the end of an array using:
32// - indirect pointer to buffer
33// - constant integer index
34// - constant integer size for buffer
35void test1_ptr(int x) {
36 int buf[100];
37 int *p = buf;
38 p[101] = 1; // expected-warning{{Out of bound memory access}}
39}
40
41void test1_ptr_ok(int x) {
42 int buf[100];
43 int *p = buf;
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]44 p[99] = 1; // no-warning
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]45}
46
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]47// ** FIXME ** Doesn't work yet because we don't support pointer arithmetic.
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]48// Tests doing an out-of-bounds access before the start of an array using:
49// - indirect pointer to buffer, manipulated using simple pointer arithmetic
50// - constant integer index
51// - constant integer size for buffer
52void test1_ptr_arith(int x) {
53 int buf[100];
54 int *p = buf;
55 p = p + 100;
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]56 p[0] = 1; // no-warning
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]57}
58
59void test1_ptr_arith_ok(int x) {
60 int buf[100];
61 int *p = buf;
62 p = p + 99;
63 p[0] = 1; // no-warning
64}
65
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]66// ** FIXME ** Doesn't work yet because we don't support pointer arithmetic.
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]67void test1_ptr_arith_bad(int x) {
68 int buf[100];
69 int *p = buf;
70 p = p + 99;
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]71 p[1] = 1; // no-warning
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]72}
73
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]74// ** FIXME ** we falsely emit a warning here because of our lack of
75// handling of pointer arithmetic.
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]76void test1_ptr_arith_ok2(int x) {
77 int buf[100];
78 int *p = buf;
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]79 p = p + 99;
80 p[-1] = 1; // expected-warning{{Out of bound}}
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]81}
82
83// Tests doing an out-of-bounds access before the start of an array using:
84// - constant integer index
85// - constant integer size for buffer
86void test2(int x) {
87 int buf[100];
88 buf[-1] = 1; // expected-warning{{Out of bound memory access}}
89}
90
91// Tests doing an out-of-bounds access before the start of an array using:
92// - indirect pointer to buffer
93// - constant integer index
94// - constant integer size for buffer
95void test2_ptr(int x) {
96 int buf[100];
97 int *p = buf;
98 p[-1] = 1; // expected-warning{{Out of bound memory access}}
99}
100
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]101// ** FIXME ** Doesn't work yet because we don't support pointer arithmetic.
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]102// Tests doing an out-of-bounds access before the start of an array using:
103// - indirect pointer to buffer, manipulated using simple pointer arithmetic
104// - constant integer index
105// - constant integer size for buffer
106void test2_ptr_arith(int x) {
107 int buf[100];
108 int *p = buf;
109 --p;
Ted Kremenek15a467e2010-12-23 02:42:49 +0000[diff] [blame^]110 p[0] = 1; // no-warning
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame]111}
112
113// Tests doing an out-of-bounds access before the start of a multi-dimensional
114// array using:
115// - constant integer indices
116// - constant integer sizes for the array
117void test2_multi(int x) {
118 int buf[100][100];
119 buf[0][-1] = 1; // expected-warning{{Out of bound memory access}}
120}
121
122// Tests doing an out-of-bounds access before the start of a multi-dimensional
123// array using:
124// - constant integer indices
125// - constant integer sizes for the array
126void test2_multi_b(int x) {
127 int buf[100][100];
128 buf[-1][0] = 1; // expected-warning{{Out of bound memory access}}
129}
130
131void test2_multi_ok(int x) {
132 int buf[100][100];
133 buf[0][0] = 1; // no-warning
134}
135
136// *** FIXME ***
137// We don't get a warning here yet because our symbolic constraint solving
138// doesn't handle: (symbol * constant) < constant
139void test3(int x) {
140 int buf[100];
141 if (x < 0)
142 buf[x] = 1;
143}
144
145// *** FIXME ***
146// We don't get a warning here yet because our symbolic constraint solving
147// doesn't handle: (symbol * constant) < constant
148void test4(int x) {
149 int buf[100];
150 if (x > 99)
151 buf[x] = 1;
152}