Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / 1e4f68ce0bffd9a6b9a8fc56d1766177382788e3 / . / test / Analysis / taint-tester.c
blob: 23b5744f8c842fa3ec2bfe7032328d979efc755f [file] [log] [blame]
Anna Zaksa50b7ab2011-12-05 18:58:01 +0000[diff] [blame]1// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.security.taint,debug.TaintTest -verify %s
2
3int scanf(const char *restrict format, ...);
4int getchar(void);
5
6#define BUFSIZE 10
7int Buffer[BUFSIZE];
8
Anna Zaksdcf06fa2011-12-07 01:09:52 +0000[diff] [blame]9struct XYStruct {
10 int x;
11 float y;
12};
13
14void taintTracking(int x) {
Anna Zaksa50b7ab2011-12-05 18:58:01 +0000[diff] [blame]15 int n;
16 int *addr = &Buffer[0];
17 scanf("%d", &n);
Anna Zaksdcf06fa2011-12-07 01:09:52 +0000[diff] [blame]18 addr += n;// expected-warning 2 {{tainted}}
19 *addr = n; // expected-warning 3 {{tainted}}
Anna Zaksaace9ef2011-12-06 23:12:27 +0000[diff] [blame]20
21 double tdiv = n / 30; // expected-warning 3 {{tainted}}
22 char *loc_cast = (char *) n; // expected-warning {{tainted}}
23 char tinc = tdiv++; // expected-warning {{tainted}}
24 int tincdec = (char)tinc--; // expected-warning 2 {{tainted}}
Anna Zaksaace9ef2011-12-06 23:12:27 +0000[diff] [blame]25
Anna Zaksdcf06fa2011-12-07 01:09:52 +0000[diff] [blame]26 // Tainted ptr arithmetic/array element address.
27 int tprtarithmetic1 = *(addr+1); // expected-warning 2 {{tainted}}
Anna Zaksaace9ef2011-12-06 23:12:27 +0000[diff] [blame]28
Anna Zaksdcf06fa2011-12-07 01:09:52 +0000[diff] [blame]29 // Tainted struct address, casts.
30 struct XYStruct *xyPtr = 0;
31 scanf("%p", &xyPtr);
32 void *tXYStructPtr = xyPtr; // expected-warning 2 {{tainted}}
33 struct XYStruct *xyPtrCopy = tXYStructPtr; // expected-warning 2 {{tainted}}
Anna Zaksa50b7ab2011-12-05 18:58:01 +0000[diff] [blame]34}