Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / e9c876044b7fe9560128a41d511426c014bf5d3f / . / test / Analysis / taint-generic.c
blob: a23d20f79f01cff279a41817f513b83ead799f86 [file] [log] [blame]
Anna Zaks9f03b622012-01-07 02:33:10 +0000[diff] [blame]1// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.security.taint,experimental.security.ArrayBoundV2 -Wno-format-security -verify %s
Anna Zaks9b0970f2011-11-16 19:58:17 +0000[diff] [blame]2
3int scanf(const char *restrict format, ...);
4int getchar(void);
5
6#define BUFSIZE 10
7
8int Buffer[BUFSIZE];
Anna Zaks3881c692011-11-28 20:43:40 +0000[diff] [blame]9void bufferScanfDirect(void)
Anna Zaks9b0970f2011-11-16 19:58:17 +0000[diff] [blame]10{
11 int n;
12 scanf("%d", &n);
13 Buffer[n] = 1; // expected-warning {{Out of bound memory access }}
14}
Anna Zaks0d339d02011-11-17 23:07:28 +0000[diff] [blame]15
16void bufferScanfArithmetic1(int x) {
17 int n;
18 scanf("%d", &n);
19 int m = (n - 3);
20 Buffer[m] = 1; // expected-warning {{Out of bound memory access }}
21}
22
23void bufferScanfArithmetic2(int x) {
24 int n;
25 scanf("%d", &n);
Anna Zaks3881c692011-11-28 20:43:40 +0000[diff] [blame]26 int m = 100 / (n + 3) * x;
Anna Zaks0d339d02011-11-17 23:07:28 +0000[diff] [blame]27 Buffer[m] = 1; // expected-warning {{Out of bound memory access }}
28}
Anna Zaks8f4caf52011-11-18 02:26:36 +0000[diff] [blame]29
Anna Zaks3881c692011-11-28 20:43:40 +0000[diff] [blame]30void bufferScanfAssignment(int x) {
31 int n;
32 scanf("%d", &n);
33 int m;
34 if (x > 0) {
35 m = n;
36 Buffer[m] = 1; // expected-warning {{Out of bound memory access }}
37 }
38}
39
Anna Zaks8f4caf52011-11-18 02:26:36 +0000[diff] [blame]40void scanfArg() {
41 int t;
Anna Zakse3d250e2011-12-11 18:43:40 +0000[diff] [blame]42 scanf("%d", t); // expected-warning {{conversion specifies type 'int *' but the argument has type 'int'}}
Anna Zaks8f4caf52011-11-18 02:26:36 +0000[diff] [blame]43}
Anna Zaks3881c692011-11-28 20:43:40 +0000[diff] [blame]44
45void bufferGetchar(int x) {
46 int m = getchar();
47 Buffer[m] = 1; //expected-warning {{Out of bound memory access }}
48}
Anna Zaks9f03b622012-01-07 02:33:10 +0000[diff] [blame]49
50typedef struct _FILE FILE;
51extern FILE *stdin;
52int fscanf(FILE *restrict stream, const char *restrict format, ...);
53int sprintf(char *str, const char *format, ...);
54void setproctitle(const char *fmt, ...);
55
56void testUncontrolledFormatString() {
57 char s[80];
58 fscanf(stdin, "%s", s);
59 char buf[128];
60 sprintf(buf,s); // expected-warning {{Uncontrolled Format String}}
61 setproctitle(s, 3); // expected-warning {{Uncontrolled Format String}}
62}