1cdc3a89d5de90b2299c56f4a46c3de590c5184d1Ted Kremenek// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.security.taint,core,alpha.security.ArrayBoundV2 -Wno-format-security -verify %s 29b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks 39b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaksint scanf(const char *restrict format, ...); 49b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaksint getchar(void); 59b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks 61fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zakstypedef struct _FILE FILE; 71fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaksextern FILE *stdin; 81fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaksint fscanf(FILE *restrict stream, const char *restrict format, ...); 91fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaksint sprintf(char *str, const char *format, ...); 101fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaksvoid setproctitle(const char *fmt, ...); 111fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zakstypedef __typeof(sizeof(int)) size_t; 121fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks 131fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks// Define string functions. Use builtin for some of them. They all default to 141fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks// the processing in the taint checker. 151fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks#define strcpy(dest, src) \ 161fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks ((__builtin_object_size(dest, 0) != -1ULL) \ 171fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks ? __builtin___strcpy_chk (dest, src, __builtin_object_size(dest, 1)) \ 181fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks : __inline_strcpy_chk(dest, src)) 191fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks 201fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaksstatic char *__inline_strcpy_chk (char *dest, const char *src) { 211fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks return __builtin___strcpy_chk(dest, src, __builtin_object_size(dest, 1)); 221fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks} 231fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zakschar *stpcpy(char *restrict s1, const char *restrict s2); 241fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zakschar *strncpy( char * destination, const char * source, size_t num ); 259b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zakschar *strndup(const char *s, size_t n); 264e46221e38b7d434fbecb1cd56b259437206d246Anna Zakschar *strncat(char *restrict s1, const char *restrict s2, size_t n); 274e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks 284e46221e38b7d434fbecb1cd56b259437206d246Anna Zaksvoid *malloc(size_t); 294e46221e38b7d434fbecb1cd56b259437206d246Anna Zaksvoid *calloc(size_t nmemb, size_t size); 304e46221e38b7d434fbecb1cd56b259437206d246Anna Zaksvoid bcopy(void *s1, void *s2, size_t n); 311fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks 329b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks#define BUFSIZE 10 339b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks 349b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaksint Buffer[BUFSIZE]; 353881c6907e3a18dca7878e06ef915e64021156b0Anna Zaksvoid bufferScanfDirect(void) 369b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks{ 379b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks int n; 389b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks scanf("%d", &n); 399b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks Buffer[n] = 1; // expected-warning {{Out of bound memory access }} 409b0970f2c7fdc070b18e113f0bbd96e7f77b4f54Anna Zaks} 410d339d06f8721d14befd6311bd306ac485772188Anna Zaks 420d339d06f8721d14befd6311bd306ac485772188Anna Zaksvoid bufferScanfArithmetic1(int x) { 430d339d06f8721d14befd6311bd306ac485772188Anna Zaks int n; 440d339d06f8721d14befd6311bd306ac485772188Anna Zaks scanf("%d", &n); 450d339d06f8721d14befd6311bd306ac485772188Anna Zaks int m = (n - 3); 460d339d06f8721d14befd6311bd306ac485772188Anna Zaks Buffer[m] = 1; // expected-warning {{Out of bound memory access }} 470d339d06f8721d14befd6311bd306ac485772188Anna Zaks} 480d339d06f8721d14befd6311bd306ac485772188Anna Zaks 490d339d06f8721d14befd6311bd306ac485772188Anna Zaksvoid bufferScanfArithmetic2(int x) { 500d339d06f8721d14befd6311bd306ac485772188Anna Zaks int n; 510d339d06f8721d14befd6311bd306ac485772188Anna Zaks scanf("%d", &n); 5202019f7134e69e39e33c5a938183fd492410464cAnna Zaks int m = 100 - (n + 3) * x; 530d339d06f8721d14befd6311bd306ac485772188Anna Zaks Buffer[m] = 1; // expected-warning {{Out of bound memory access }} 540d339d06f8721d14befd6311bd306ac485772188Anna Zaks} 558f4caf5fec2de9b18f9c5fc69696d9f6cf66bcc5Anna Zaks 563881c6907e3a18dca7878e06ef915e64021156b0Anna Zaksvoid bufferScanfAssignment(int x) { 573881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks int n; 583881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks scanf("%d", &n); 593881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks int m; 603881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks if (x > 0) { 613881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks m = n; 623881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks Buffer[m] = 1; // expected-warning {{Out of bound memory access }} 633881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks } 643881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks} 653881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks 668f4caf5fec2de9b18f9c5fc69696d9f6cf66bcc5Anna Zaksvoid scanfArg() { 6702019f7134e69e39e33c5a938183fd492410464cAnna Zaks int t = 0; 68ce506ae231703a23ea95335cd4de19c60082f361Ted Kremenek scanf("%d", t); // expected-warning {{format specifies type 'int *' but the argument has type 'int'}} 698f4caf5fec2de9b18f9c5fc69696d9f6cf66bcc5Anna Zaks} 703881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks 713881c6907e3a18dca7878e06ef915e64021156b0Anna Zaksvoid bufferGetchar(int x) { 723881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks int m = getchar(); 733bfd6d701ee297bd062967e11400daae51b36eb2Anna Zaks Buffer[m] = 1; //expected-warning {{Out of bound memory access (index is tainted)}} 743881c6907e3a18dca7878e06ef915e64021156b0Anna Zaks} 759f03b62036a7abc0a227b17f4a49b9eefced9450Anna Zaks 761fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaksvoid testUncontrolledFormatString(char **p) { 779f03b62036a7abc0a227b17f4a49b9eefced9450Anna Zaks char s[80]; 789f03b62036a7abc0a227b17f4a49b9eefced9450Anna Zaks fscanf(stdin, "%s", s); 799f03b62036a7abc0a227b17f4a49b9eefced9450Anna Zaks char buf[128]; 809f03b62036a7abc0a227b17f4a49b9eefced9450Anna Zaks sprintf(buf,s); // expected-warning {{Uncontrolled Format String}} 819f03b62036a7abc0a227b17f4a49b9eefced9450Anna Zaks setproctitle(s, 3); // expected-warning {{Uncontrolled Format String}} 821fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks 831fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks // Test taint propagation through strcpy and family. 841fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks char scpy[80]; 851fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks strcpy(scpy, s); 861fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks sprintf(buf,scpy); // expected-warning {{Uncontrolled Format String}} 871fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks 88b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks stpcpy(*(++p), s); // this generates __inline. 89b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks setproctitle(*(p), 3); // expected-warning {{Uncontrolled Format String}} 90b71d1570417d81de7b064ad788bea690e2c89111Anna Zaks 911fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks char spcpy[80]; 921fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks stpcpy(spcpy, s); 931fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks setproctitle(spcpy, 3); // expected-warning {{Uncontrolled Format String}} 941fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks 959b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks char *spcpyret; 969b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks spcpyret = stpcpy(spcpy, s); 979b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks setproctitle(spcpyret, 3); // expected-warning {{Uncontrolled Format String}} 989b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks 991fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks char sncpy[80]; 1001fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks strncpy(sncpy, s, 20); 1011fb826a6fd893234f32b0b91bb92ea4d127788adAnna Zaks setproctitle(sncpy, 3); // expected-warning {{Uncontrolled Format String}} 1029b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks 1039b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks char *dup; 1049b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks dup = strndup(s, 20); 1059b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks setproctitle(dup, 3); // expected-warning {{Uncontrolled Format String}} 1069b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks 1079f03b62036a7abc0a227b17f4a49b9eefced9450Anna Zaks} 1088568ee743406ac4bb23c9768a0dffd627fdbc579Anna Zaks 1098568ee743406ac4bb23c9768a0dffd627fdbc579Anna Zaksint system(const char *command); 1108568ee743406ac4bb23c9768a0dffd627fdbc579Anna Zaksvoid testTaintSystemCall() { 1118568ee743406ac4bb23c9768a0dffd627fdbc579Anna Zaks char buffer[156]; 1128568ee743406ac4bb23c9768a0dffd627fdbc579Anna Zaks char addr[128]; 1138568ee743406ac4bb23c9768a0dffd627fdbc579Anna Zaks scanf("%s", addr); 1145fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks system(addr); // expected-warning {{Untrusted data is passed to a system call}} 1159b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks 1169b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks // Test that spintf transfers taint. 1179b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks sprintf(buffer, "/bin/mail %s < /tmp/email", addr); 1185fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks system(buffer); // expected-warning {{Untrusted data is passed to a system call}} 1199b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks} 1204e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks 1219b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaksvoid testTaintSystemCall2() { 1229b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks // Test that snpintf transfers taint. 1239b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks char buffern[156]; 1249b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks char addr[128]; 1259b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks scanf("%s", addr); 1269b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks __builtin_snprintf(buffern, 10, "/bin/mail %s < /tmp/email", addr); 1275fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks system(buffern); // expected-warning {{Untrusted data is passed to a system call}} 1289b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks} 1294e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks 1309b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaksvoid testTaintSystemCall3() { 1319b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks char buffern2[156]; 1329b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks int numt; 1339b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks char addr[128]; 1349b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks scanf("%s %d", addr, &numt); 1359b0c749a20d0f7d0e63441d76baa15def3f37fdbAnna Zaks __builtin_snprintf(buffern2, numt, "/bin/mail %s < /tmp/email", "abcd"); 1365fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks system(buffern2); // expected-warning {{Untrusted data is passed to a system call}} 1378568ee743406ac4bb23c9768a0dffd627fdbc579Anna Zaks} 1384e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks 1394e46221e38b7d434fbecb1cd56b259437206d246Anna Zaksvoid testTaintedBufferSize() { 1404e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks size_t ts; 1414e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks scanf("%zd", &ts); 1424e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks 1435fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks int *buf1 = (int*)malloc(ts*sizeof(int)); // expected-warning {{Untrusted data is used to specify the buffer size}} 1445fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks char *dst = (char*)calloc(ts, sizeof(char)); //expected-warning {{Untrusted data is used to specify the buffer size}} 1455fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks bcopy(buf1, dst, ts); // expected-warning {{Untrusted data is used to specify the buffer size}} 1465fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks __builtin_memcpy(dst, buf1, (ts + 4)*sizeof(char)); // expected-warning {{Untrusted data is used to specify the buffer size}} 1474e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks 1484e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks // If both buffers are trusted, do not issue a warning. 1495fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks char *dst2 = (char*)malloc(ts*sizeof(char)); // expected-warning {{Untrusted data is used to specify the buffer size}} 1504e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks strncat(dst2, dst, ts); // no-warning 1512bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks} 1524e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks 1532bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks#define AF_UNIX 1 /* local to host (pipes) */ 1542bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks#define AF_INET 2 /* internetwork: UDP, TCP, etc. */ 1552bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks#define AF_LOCAL AF_UNIX /* backward compatibility */ 1562bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks#define SOCK_STREAM 1 1572bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaksint socket(int, int, int); 1582bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zakssize_t read(int, void *, size_t); 1592bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaksint execl(const char *, const char *, ...); 1602bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks 1612bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaksvoid testSocket() { 1622bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks int sock; 1632bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks char buffer[100]; 1642bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks 1652bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks sock = socket(AF_INET, SOCK_STREAM, 0); 1662bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks read(sock, buffer, 100); 1675fdadf4b643dd2f7a467244946dc1587b2f9ed1fAnna Zaks execl(buffer, "filename", 0); // expected-warning {{Untrusted data is passed to a system call}} 1682bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks 1692bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks sock = socket(AF_LOCAL, SOCK_STREAM, 0); 1702bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks read(sock, buffer, 100); 1712bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks execl(buffer, "filename", 0); // no-warning 1724e46221e38b7d434fbecb1cd56b259437206d246Anna Zaks} 1732bf8fd84087231fd92dfdebe18895e01a6ae405cAnna Zaks 17402019f7134e69e39e33c5a938183fd492410464cAnna Zaksint testDivByZero() { 17502019f7134e69e39e33c5a938183fd492410464cAnna Zaks int x; 17602019f7134e69e39e33c5a938183fd492410464cAnna Zaks scanf("%d", &x); 17702019f7134e69e39e33c5a938183fd492410464cAnna Zaks return 5/x; // expected-warning {{Division by a tainted value, possibly zero}} 17802019f7134e69e39e33c5a938183fd492410464cAnna Zaks} 1793bfd6d701ee297bd062967e11400daae51b36eb2Anna Zaks 1803bfd6d701ee297bd062967e11400daae51b36eb2Anna Zaks// Zero-sized VLAs. 1813bfd6d701ee297bd062967e11400daae51b36eb2Anna Zaksvoid testTaintedVLASize() { 1823bfd6d701ee297bd062967e11400daae51b36eb2Anna Zaks int x; 1833bfd6d701ee297bd062967e11400daae51b36eb2Anna Zaks scanf("%d", &x); 1843bfd6d701ee297bd062967e11400daae51b36eb2Anna Zaks int vla[x]; // expected-warning{{Declared variable-length array (VLA) has tainted size}} 1853bfd6d701ee297bd062967e11400daae51b36eb2Anna Zaks} 186baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks 187baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks// This computation used to take a very long time. 188baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks#define longcmp(a,b,c) { \ 189baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks a -= c; a ^= c; c += b; b -= a; b ^= (a<<6) | (a >> (32-b)); a += c; c -= b; c ^= b; b += a; \ 190baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks a -= c; a ^= c; c += b; b -= a; b ^= a; a += c; c -= b; c ^= b; b += a; } 191baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks 192baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaksunsigned radar11369570_hanging(const unsigned char *arr, int l) { 193baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks unsigned a, b, c; 194baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks a = b = c = 0x9899e3 + l; 195baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks while (l >= 6) { 196baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks unsigned t; 197baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks scanf("%d", &t); 198baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks a += b; 199baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks a ^= a; 200baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks a += (arr[3] + ((unsigned) arr[2] << 8) + ((unsigned) arr[1] << 16) + ((unsigned) arr[0] << 24)); 201baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks longcmp(a, t, c); 202baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks l -= 12; 203baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks } 204baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks return 5/a; // expected-warning {{Division by a tainted value, possibly zero}} 205baeaa9ad120f60b1c5b6f1a84286b507dbe2b55dAnna Zaks} 206da3960347a5d563d6746cb363b25466282a09ce3Anna Zaks 207da3960347a5d563d6746cb363b25466282a09ce3Anna Zaks// Check that we do not assert of the following code. 208da3960347a5d563d6746cb363b25466282a09ce3Anna Zaksint SymSymExprWithDiffTypes(void* p) { 209da3960347a5d563d6746cb363b25466282a09ce3Anna Zaks int i; 210da3960347a5d563d6746cb363b25466282a09ce3Anna Zaks scanf("%d", &i); 211da3960347a5d563d6746cb363b25466282a09ce3Anna Zaks int j = (i % (int)(long)p); 212da3960347a5d563d6746cb363b25466282a09ce3Anna Zaks return 5/j; // expected-warning {{Division by a tainted value, possibly zero}} 213da3960347a5d563d6746cb363b25466282a09ce3Anna Zaks} 214da3960347a5d563d6746cb363b25466282a09ce3Anna Zaks 2158f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose 2168f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rosevoid constraintManagerShouldTreatAsOpaque(int rhs) { 2178f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose int i; 2188f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose scanf("%d", &i); 2198f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose // This comparison used to hit an assertion in the constraint manager, 2208f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose // which didn't handle NonLoc sym-sym comparisons. 2218f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose if (i < rhs) 2228f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose return; 2238f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose if (i < rhs) 2248f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose *(volatile int *) 0; // no-warning 2258f7bfb40b72f478d83b018a280f99c0386576ae3Jordan Rose} 226