Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / c478a1425c055e517169220ea1c1efd857e65f52 / . / test / Analysis / out-of-bounds.c
blob: 79a2ca06051cb76793fc37596da1389973161b1e [file] [log] [blame]
Ted Kremenekc478a142010-12-23 02:42:43 +0000[diff] [blame^]1// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify
2
3// Tests doing an out-of-bounds access after the end of an array using:
4// - constant integer index
5// - constant integer size for buffer
6void test1(int x) {
7 int buf[100];
8 buf[100] = 1; // expected-warning{{Out of bound memory access}}
9}
10
11void test1_ok(int x) {
12 int buf[100];
13 buf[99] = 1; // no-warning
14}
15
16// Tests doing an out-of-bounds access after the end of an array using:
17// - indirect pointer to buffer
18// - constant integer index
19// - constant integer size for buffer
20void test1_ptr(int x) {
21 int buf[100];
22 int *p = buf;
23 p[101] = 1; // expected-warning{{Out of bound memory access}}
24}
25
26void test1_ptr_ok(int x) {
27 int buf[100];
28 int *p = buf;
29 p[99] = 1; // expected-warning{{Out of bound memory access}}
30}
31
32// Tests doing an out-of-bounds access before the start of an array using:
33// - indirect pointer to buffer, manipulated using simple pointer arithmetic
34// - constant integer index
35// - constant integer size for buffer
36void test1_ptr_arith(int x) {
37 int buf[100];
38 int *p = buf;
39 p = p + 100;
40 p[0] = 1; // expected-warning{{Out of bound memory access}}
41}
42
43void test1_ptr_arith_ok(int x) {
44 int buf[100];
45 int *p = buf;
46 p = p + 99;
47 p[0] = 1; // no-warning
48}
49
50void test1_ptr_arith_bad(int x) {
51 int buf[100];
52 int *p = buf;
53 p = p + 99;
54 p[1] = 1; // expected-warning{{Out of bound memory access}}
55}
56
57void test1_ptr_arith_ok2(int x) {
58 int buf[100];
59 int *p = buf;
60 p = p + 100;
61 p[-1] = 1; // no-warning
62}
63
64// Tests doing an out-of-bounds access before the start of an array using:
65// - constant integer index
66// - constant integer size for buffer
67void test2(int x) {
68 int buf[100];
69 buf[-1] = 1; // expected-warning{{Out of bound memory access}}
70}
71
72// Tests doing an out-of-bounds access before the start of an array using:
73// - indirect pointer to buffer
74// - constant integer index
75// - constant integer size for buffer
76void test2_ptr(int x) {
77 int buf[100];
78 int *p = buf;
79 p[-1] = 1; // expected-warning{{Out of bound memory access}}
80}
81
82// Tests doing an out-of-bounds access before the start of an array using:
83// - indirect pointer to buffer, manipulated using simple pointer arithmetic
84// - constant integer index
85// - constant integer size for buffer
86void test2_ptr_arith(int x) {
87 int buf[100];
88 int *p = buf;
89 --p;
90 p[0] = 1; // expected-warning{{Out of bound memory access}}
91}
92
93// Tests doing an out-of-bounds access before the start of a multi-dimensional
94// array using:
95// - constant integer indices
96// - constant integer sizes for the array
97void test2_multi(int x) {
98 int buf[100][100];
99 buf[0][-1] = 1; // expected-warning{{Out of bound memory access}}
100}
101
102// Tests doing an out-of-bounds access before the start of a multi-dimensional
103// array using:
104// - constant integer indices
105// - constant integer sizes for the array
106void test2_multi_b(int x) {
107 int buf[100][100];
108 buf[-1][0] = 1; // expected-warning{{Out of bound memory access}}
109}
110
111void test2_multi_ok(int x) {
112 int buf[100][100];
113 buf[0][0] = 1; // no-warning
114}
115
116// *** FIXME ***
117// We don't get a warning here yet because our symbolic constraint solving
118// doesn't handle: (symbol * constant) < constant
119void test3(int x) {
120 int buf[100];
121 if (x < 0)
122 buf[x] = 1;
123}
124
125// *** FIXME ***
126// We don't get a warning here yet because our symbolic constraint solving
127// doesn't handle: (symbol * constant) < constant
128void test4(int x) {
129 int buf[100];
130 if (x > 99)
131 buf[x] = 1;
132}