out-of-bounds.c revision c478a1425c055e517169220ea1c1efd857e65f52
1// RUN: %clang_cc1 -analyze -analyzer-check-objc-mem -analyzer-check-buffer-overflows -verify 2 3// Tests doing an out-of-bounds access after the end of an array using: 4// - constant integer index 5// - constant integer size for buffer 6void test1(int x) { 7 int buf[100]; 8 buf[100] = 1; // expected-warning{{Out of bound memory access}} 9} 10 11void test1_ok(int x) { 12 int buf[100]; 13 buf[99] = 1; // no-warning 14} 15 16// Tests doing an out-of-bounds access after the end of an array using: 17// - indirect pointer to buffer 18// - constant integer index 19// - constant integer size for buffer 20void test1_ptr(int x) { 21 int buf[100]; 22 int *p = buf; 23 p[101] = 1; // expected-warning{{Out of bound memory access}} 24} 25 26void test1_ptr_ok(int x) { 27 int buf[100]; 28 int *p = buf; 29 p[99] = 1; // expected-warning{{Out of bound memory access}} 30} 31 32// Tests doing an out-of-bounds access before the start of an array using: 33// - indirect pointer to buffer, manipulated using simple pointer arithmetic 34// - constant integer index 35// - constant integer size for buffer 36void test1_ptr_arith(int x) { 37 int buf[100]; 38 int *p = buf; 39 p = p + 100; 40 p[0] = 1; // expected-warning{{Out of bound memory access}} 41} 42 43void test1_ptr_arith_ok(int x) { 44 int buf[100]; 45 int *p = buf; 46 p = p + 99; 47 p[0] = 1; // no-warning 48} 49 50void test1_ptr_arith_bad(int x) { 51 int buf[100]; 52 int *p = buf; 53 p = p + 99; 54 p[1] = 1; // expected-warning{{Out of bound memory access}} 55} 56 57void test1_ptr_arith_ok2(int x) { 58 int buf[100]; 59 int *p = buf; 60 p = p + 100; 61 p[-1] = 1; // no-warning 62} 63 64// Tests doing an out-of-bounds access before the start of an array using: 65// - constant integer index 66// - constant integer size for buffer 67void test2(int x) { 68 int buf[100]; 69 buf[-1] = 1; // expected-warning{{Out of bound memory access}} 70} 71 72// Tests doing an out-of-bounds access before the start of an array using: 73// - indirect pointer to buffer 74// - constant integer index 75// - constant integer size for buffer 76void test2_ptr(int x) { 77 int buf[100]; 78 int *p = buf; 79 p[-1] = 1; // expected-warning{{Out of bound memory access}} 80} 81 82// Tests doing an out-of-bounds access before the start of an array using: 83// - indirect pointer to buffer, manipulated using simple pointer arithmetic 84// - constant integer index 85// - constant integer size for buffer 86void test2_ptr_arith(int x) { 87 int buf[100]; 88 int *p = buf; 89 --p; 90 p[0] = 1; // expected-warning{{Out of bound memory access}} 91} 92 93// Tests doing an out-of-bounds access before the start of a multi-dimensional 94// array using: 95// - constant integer indices 96// - constant integer sizes for the array 97void test2_multi(int x) { 98 int buf[100][100]; 99 buf[0][-1] = 1; // expected-warning{{Out of bound memory access}} 100} 101 102// Tests doing an out-of-bounds access before the start of a multi-dimensional 103// array using: 104// - constant integer indices 105// - constant integer sizes for the array 106void test2_multi_b(int x) { 107 int buf[100][100]; 108 buf[-1][0] = 1; // expected-warning{{Out of bound memory access}} 109} 110 111void test2_multi_ok(int x) { 112 int buf[100][100]; 113 buf[0][0] = 1; // no-warning 114} 115 116// *** FIXME *** 117// We don't get a warning here yet because our symbolic constraint solving 118// doesn't handle: (symbol * constant) < constant 119void test3(int x) { 120 int buf[100]; 121 if (x < 0) 122 buf[x] = 1; 123} 124 125// *** FIXME *** 126// We don't get a warning here yet because our symbolic constraint solving 127// doesn't handle: (symbol * constant) < constant 128void test4(int x) { 129 int buf[100]; 130 if (x > 99) 131 buf[x] = 1; 132} 133