Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / clang / dd160f3ed50def10765ed823bf4ce2a56b2cd035 / . / test / Analysis / bstring.c
blob: 87c91613a5d559de16592425d0d609c41fa8fa85 [file] [log] [blame]
Anna Zaksbb2a6862012-02-20 21:10:37 +0000[diff] [blame]1// RUN: %clang_cc1 -analyze -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
2// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
3// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,unix.cstring,experimental.unix.cstring -analyzer-store=region -Wno-null-dereference -verify %s
4// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=core,unix.cstring.NullArg,experimental.unix.cstring.OutOfBounds,experimental.unix.cstring.BufferOverlap,experimental.unix.cstring.NotNullTerminated -analyzer-store=region -Wno-null-dereference -verify %s
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]5
6//===----------------------------------------------------------------------===
7// Declarations
8//===----------------------------------------------------------------------===
9
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]10// Some functions are so similar to each other that they follow the same code
Jordy Rosebc56d1f2010-07-07 08:15:01 +0000[diff] [blame]11// path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is
12// defined, make sure to use the variants instead to make sure they are still
13// checked by the analyzer.
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]14
15// Some functions are implemented as builtins. These should be #defined as
16// BUILTIN(f), which will prepend "__builtin_" if USE_BUILTINS is defined.
17
Chris Lattnerfc8f0e12011-04-15 05:22:18 +0000[diff] [blame]18// Functions that have variants and are also available as builtins should be
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]19// declared carefully! See memcpy() for an example.
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]20
21#ifdef USE_BUILTINS
22# define BUILTIN(f) __builtin_ ## f
23#else /* USE_BUILTINS */
24# define BUILTIN(f) f
25#endif /* USE_BUILTINS */
26
27typedef typeof(sizeof(int)) size_t;
28
29//===----------------------------------------------------------------------===
30// memcpy()
31//===----------------------------------------------------------------------===
32
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]33#ifdef VARIANT
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]34
35#define __memcpy_chk BUILTIN(__memcpy_chk)
36void *__memcpy_chk(void *restrict s1, const void *restrict s2, size_t n,
37 size_t destlen);
38
39#define memcpy(a,b,c) __memcpy_chk(a,b,c,(size_t)-1)
40
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]41#else /* VARIANT */
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]42
43#define memcpy BUILTIN(memcpy)
44void *memcpy(void *restrict s1, const void *restrict s2, size_t n);
45
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]46#endif /* VARIANT */
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]47
48
49void memcpy0 () {
50 char src[] = {1, 2, 3, 4};
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]51 char dst[4] = {0};
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]52
53 memcpy(dst, src, 4); // no-warning
54
55 if (memcpy(dst, src, 4) != dst) {
Tom Care7bce3a12010-07-27 23:30:21 +0000[diff] [blame]56 (void)*(char*)0; // no-warning
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]57 }
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]58
59 if (dst[0] != 0)
60 (void)*(char*)0; // expected-warning{{null}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]61}
62
63void memcpy1 () {
64 char src[] = {1, 2, 3, 4};
65 char dst[10];
66
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]67 memcpy(dst, src, 5); // expected-warning{{Memory copy function accesses out-of-bound array element}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]68}
69
70void memcpy2 () {
71 char src[] = {1, 2, 3, 4};
72 char dst[1];
73
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]74 memcpy(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]75}
76
77void memcpy3 () {
78 char src[] = {1, 2, 3, 4};
79 char dst[3];
80
81 memcpy(dst+1, src+2, 2); // no-warning
82}
83
84void memcpy4 () {
85 char src[] = {1, 2, 3, 4};
86 char dst[10];
87
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]88 memcpy(dst+2, src+2, 3); // expected-warning{{Memory copy function accesses out-of-bound array element}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]89}
90
91void memcpy5() {
92 char src[] = {1, 2, 3, 4};
93 char dst[3];
94
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]95 memcpy(dst+2, src+2, 2); // expected-warning{{Memory copy function overflows destination buffer}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]96}
97
98void memcpy6() {
99 int a[4] = {0};
100 memcpy(a, a, 8); // expected-warning{{overlapping}}
101}
102
103void memcpy7() {
104 int a[4] = {0};
105 memcpy(a+2, a+1, 8); // expected-warning{{overlapping}}
106}
107
108void memcpy8() {
109 int a[4] = {0};
110 memcpy(a+1, a+2, 8); // expected-warning{{overlapping}}
111}
112
113void memcpy9() {
114 int a[4] = {0};
115 memcpy(a+2, a+1, 4); // no-warning
116 memcpy(a+1, a+2, 4); // no-warning
117}
118
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]119void memcpy10() {
120 char a[4] = {0};
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]121 memcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]122}
123
124void memcpy11() {
125 char a[4] = {0};
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]126 memcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]127}
128
129void memcpy12() {
130 char a[4] = {0};
131 memcpy(0, a, 0); // no-warning
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]132}
133
134void memcpy13() {
135 char a[4] = {0};
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]136 memcpy(a, 0, 0); // no-warning
137}
138
Jordy Rose22d27172011-06-04 00:04:22 +0000[diff] [blame]139void memcpy_unknown_size (size_t n) {
140 char a[4], b[4] = {1};
141 if (memcpy(a, b, n) != a)
142 (void)*(char*)0; // no-warning
143}
144
145void memcpy_unknown_size_warn (size_t n) {
146 char a[4];
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]147 if (memcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to memory copy function}}
Jordy Rose22d27172011-06-04 00:04:22 +0000[diff] [blame]148 (void)*(char*)0; // no-warning
149}
150
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]151//===----------------------------------------------------------------------===
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]152// mempcpy()
153//===----------------------------------------------------------------------===
154
Jordy Rosebe460d82011-06-03 23:42:56 +0000[diff] [blame]155#ifdef VARIANT
156
157#define __mempcpy_chk BUILTIN(__mempcpy_chk)
158void *__mempcpy_chk(void *restrict s1, const void *restrict s2, size_t n,
159 size_t destlen);
160
161#define mempcpy(a,b,c) __mempcpy_chk(a,b,c,(size_t)-1)
162
163#else /* VARIANT */
164
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]165#define mempcpy BUILTIN(mempcpy)
166void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);
167
Jordy Rosebe460d82011-06-03 23:42:56 +0000[diff] [blame]168#endif /* VARIANT */
169
170
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]171void mempcpy0 () {
172 char src[] = {1, 2, 3, 4};
173 char dst[5] = {0};
174
175 mempcpy(dst, src, 4); // no-warning
176
177 if (mempcpy(dst, src, 4) != &dst[4]) {
178 (void)*(char*)0; // no-warning
179 }
180
181 if (dst[0] != 0)
182 (void)*(char*)0; // expected-warning{{null}}
183}
184
185void mempcpy1 () {
186 char src[] = {1, 2, 3, 4};
187 char dst[10];
188
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]189 mempcpy(dst, src, 5); // expected-warning{{Memory copy function accesses out-of-bound array element}}
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]190}
191
192void mempcpy2 () {
193 char src[] = {1, 2, 3, 4};
194 char dst[1];
195
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]196 mempcpy(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}}
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]197}
198
199void mempcpy3 () {
200 char src[] = {1, 2, 3, 4};
201 char dst[3];
202
203 mempcpy(dst+1, src+2, 2); // no-warning
204}
205
206void mempcpy4 () {
207 char src[] = {1, 2, 3, 4};
208 char dst[10];
209
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]210 mempcpy(dst+2, src+2, 3); // expected-warning{{Memory copy function accesses out-of-bound array element}}
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]211}
212
213void mempcpy5() {
214 char src[] = {1, 2, 3, 4};
215 char dst[3];
216
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]217 mempcpy(dst+2, src+2, 2); // expected-warning{{Memory copy function overflows destination buffer}}
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]218}
219
220void mempcpy6() {
221 int a[4] = {0};
222 mempcpy(a, a, 8); // expected-warning{{overlapping}}
223}
224
225void mempcpy7() {
226 int a[4] = {0};
227 mempcpy(a+2, a+1, 8); // expected-warning{{overlapping}}
228}
229
230void mempcpy8() {
231 int a[4] = {0};
232 mempcpy(a+1, a+2, 8); // expected-warning{{overlapping}}
233}
234
235void mempcpy9() {
236 int a[4] = {0};
237 mempcpy(a+2, a+1, 4); // no-warning
238 mempcpy(a+1, a+2, 4); // no-warning
239}
240
241void mempcpy10() {
242 char a[4] = {0};
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]243 mempcpy(0, a, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]244}
245
246void mempcpy11() {
247 char a[4] = {0};
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]248 mempcpy(a, 0, 4); // expected-warning{{Null pointer argument in call to memory copy function}}
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]249}
250
251void mempcpy12() {
252 char a[4] = {0};
253 mempcpy(0, a, 0); // no-warning
254}
255
256void mempcpy13() {
257 char a[4] = {0};
258 mempcpy(a, 0, 0); // no-warning
259}
260
Jordy Rose22d27172011-06-04 00:04:22 +0000[diff] [blame]261void mempcpy_unknown_size_warn (size_t n) {
262 char a[4];
Jordy Rose9e49d9f2011-06-20 02:06:40 +0000[diff] [blame]263 if (mempcpy(a, 0, n) != a) // expected-warning{{Null pointer argument in call to memory copy function}}
Jordy Rose22d27172011-06-04 00:04:22 +0000[diff] [blame]264 (void)*(char*)0; // no-warning
265}
266
Jordy Rose3f8bb2f2011-06-04 01:47:27 +0000[diff] [blame]267void mempcpy_unknownable_size (char *src, float n) {
268 char a[4];
269 // This used to crash because we don't model floats.
270 mempcpy(a, src, (size_t)n);
271}
272
Lenny Maioranib8b875b2011-03-31 21:36:53 +0000[diff] [blame]273//===----------------------------------------------------------------------===
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]274// memmove()
275//===----------------------------------------------------------------------===
276
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]277#ifdef VARIANT
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]278
279#define __memmove_chk BUILTIN(__memmove_chk)
280void *__memmove_chk(void *s1, const void *s2, size_t n, size_t destlen);
281
282#define memmove(a,b,c) __memmove_chk(a,b,c,(size_t)-1)
283
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]284#else /* VARIANT */
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]285
286#define memmove BUILTIN(memmove)
287void *memmove(void *s1, const void *s2, size_t n);
288
Jordy Rosea6b808c2010-07-07 07:48:06 +0000[diff] [blame]289#endif /* VARIANT */
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]290
291
292void memmove0 () {
293 char src[] = {1, 2, 3, 4};
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]294 char dst[4] = {0};
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]295
296 memmove(dst, src, 4); // no-warning
297
298 if (memmove(dst, src, 4) != dst) {
Tom Care7bce3a12010-07-27 23:30:21 +0000[diff] [blame]299 (void)*(char*)0; // no-warning
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]300 }
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]301
302 if (dst[0] != 0)
303 (void)*(char*)0; // expected-warning{{null}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]304}
305
306void memmove1 () {
307 char src[] = {1, 2, 3, 4};
308 char dst[10];
309
310 memmove(dst, src, 5); // expected-warning{{out-of-bound}}
311}
312
313void memmove2 () {
314 char src[] = {1, 2, 3, 4};
315 char dst[1];
316
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]317 memmove(dst, src, 4); // expected-warning{{overflow}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]318}
319
320//===----------------------------------------------------------------------===
Jordy Rosebc56d1f2010-07-07 08:15:01 +0000[diff] [blame]321// memcmp()
322//===----------------------------------------------------------------------===
323
324#ifdef VARIANT
325
326#define bcmp BUILTIN(bcmp)
327// __builtin_bcmp is not defined with const in Builtins.def.
328int bcmp(/*const*/ void *s1, /*const*/ void *s2, size_t n);
329#define memcmp bcmp
330
331#else /* VARIANT */
332
333#define memcmp BUILTIN(memcmp)
334int memcmp(const void *s1, const void *s2, size_t n);
335
336#endif /* VARIANT */
337
338
339void memcmp0 () {
340 char a[] = {1, 2, 3, 4};
341 char b[4] = { 0 };
342
343 memcmp(a, b, 4); // no-warning
344}
345
346void memcmp1 () {
347 char a[] = {1, 2, 3, 4};
348 char b[10] = { 0 };
349
350 memcmp(a, b, 5); // expected-warning{{out-of-bound}}
351}
352
353void memcmp2 () {
354 char a[] = {1, 2, 3, 4};
355 char b[1] = { 0 };
356
357 memcmp(a, b, 4); // expected-warning{{out-of-bound}}
358}
359
360void memcmp3 () {
361 char a[] = {1, 2, 3, 4};
362
363 if (memcmp(a, a, 4))
Tom Care7bce3a12010-07-27 23:30:21 +0000[diff] [blame]364 (void)*(char*)0; // no-warning
Jordy Rosebc56d1f2010-07-07 08:15:01 +0000[diff] [blame]365}
366
367void memcmp4 (char *input) {
368 char a[] = {1, 2, 3, 4};
369
370 if (memcmp(a, input, 4))
371 (void)*(char*)0; // expected-warning{{null}}
372}
373
374void memcmp5 (char *input) {
375 char a[] = {1, 2, 3, 4};
376
377 if (memcmp(a, 0, 0)) // no-warning
Tom Care7bce3a12010-07-27 23:30:21 +0000[diff] [blame]378 (void)*(char*)0; // no-warning
Jordy Rosebc56d1f2010-07-07 08:15:01 +0000[diff] [blame]379 if (memcmp(0, a, 0)) // no-warning
Tom Care7bce3a12010-07-27 23:30:21 +0000[diff] [blame]380 (void)*(char*)0; // no-warning
Jordy Rosebc56d1f2010-07-07 08:15:01 +0000[diff] [blame]381 if (memcmp(a, input, 0)) // no-warning
Tom Care7bce3a12010-07-27 23:30:21 +0000[diff] [blame]382 (void)*(char*)0; // no-warning
Jordy Rosebc56d1f2010-07-07 08:15:01 +0000[diff] [blame]383}
384
Jordy Rosed325ffb2010-07-08 23:57:29 +0000[diff] [blame]385void memcmp6 (char *a, char *b, size_t n) {
386 int result = memcmp(a, b, n);
387 if (result != 0)
388 return;
389 if (n == 0)
390 (void)*(char*)0; // expected-warning{{null}}
391}
392
Jordy Roseb6a40262010-08-05 23:11:30 +0000[diff] [blame]393int memcmp7 (char *a, size_t x, size_t y, size_t n) {
394 // We used to crash when either of the arguments was unknown.
395 return memcmp(a, &a[x*y], n) +
396 memcmp(&a[x*y], a, n);
397}
398
Jordy Rosebc56d1f2010-07-07 08:15:01 +0000[diff] [blame]399//===----------------------------------------------------------------------===
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]400// bcopy()
401//===----------------------------------------------------------------------===
402
403#define bcopy BUILTIN(bcopy)
404// __builtin_bcopy is not defined with const in Builtins.def.
405void bcopy(/*const*/ void *s1, void *s2, size_t n);
406
407
408void bcopy0 () {
409 char src[] = {1, 2, 3, 4};
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]410 char dst[4] = {0};
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]411
412 bcopy(src, dst, 4); // no-warning
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]413
414 if (dst[0] != 0)
415 (void)*(char*)0; // expected-warning{{null}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]416}
417
418void bcopy1 () {
419 char src[] = {1, 2, 3, 4};
420 char dst[10];
421
422 bcopy(src, dst, 5); // expected-warning{{out-of-bound}}
423}
424
425void bcopy2 () {
426 char src[] = {1, 2, 3, 4};
427 char dst[1];
428
Jordy Rosee64f3112010-08-16 07:51:42 +0000[diff] [blame]429 bcopy(src, dst, 4); // expected-warning{{overflow}}
Jordy Roseccbf7ee2010-07-06 23:11:01 +0000[diff] [blame]430}
Anna Zaksdd160f32012-05-03 18:21:28 +0000[diff] [blame^]431
432void *malloc(size_t);
433void free(void *);
434char radar_11125445_memcopythenlogfirstbyte(const char *input, size_t length) {
435 char *bytes = malloc(sizeof(char) * (length + 1));
436 memcpy(bytes, input, length);
437 char x = bytes[0]; // no warning
438 free(bytes);
439 return x;
440}