string.c revision 57300760964904cc022a175643342f29f46b7e6b
1// RUN: %clang_cc1 -analyze -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s 2// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s 3// RUN: %clang_cc1 -analyze -DVARIANT -analyzer-checker=core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s 4// RUN: %clang_cc1 -analyze -DUSE_BUILTINS -DVARIANT -analyzer-checker=experimental.security.taint,core,experimental.unix.cstring,experimental.deadcode.UnreachableCode -analyzer-store=region -Wno-null-dereference -verify %s 5 6//===----------------------------------------------------------------------=== 7// Declarations 8//===----------------------------------------------------------------------=== 9 10// Some functions are so similar to each other that they follow the same code 11// path, such as memcpy and __memcpy_chk, or memcmp and bcmp. If VARIANT is 12// defined, make sure to use the variants instead to make sure they are still 13// checked by the analyzer. 14 15// Some functions are implemented as builtins. These should be #defined as 16// BUILTIN(f), which will prepend "__builtin_" if USE_BUILTINS is defined. 17 18// Functions that have variants and are also available as builtins should be 19// declared carefully! See memcpy() for an example. 20 21#ifdef USE_BUILTINS 22# define BUILTIN(f) __builtin_ ## f 23#else /* USE_BUILTINS */ 24# define BUILTIN(f) f 25#endif /* USE_BUILTINS */ 26 27#define NULL 0 28typedef typeof(sizeof(int)) size_t; 29int scanf(const char *restrict format, ...); 30 31//===----------------------------------------------------------------------=== 32// strlen() 33//===----------------------------------------------------------------------=== 34 35#define strlen BUILTIN(strlen) 36size_t strlen(const char *s); 37 38void strlen_constant0() { 39 if (strlen("123") != 3) 40 (void)*(char*)0; // no-warning 41} 42 43void strlen_constant1() { 44 const char *a = "123"; 45 if (strlen(a) != 3) 46 (void)*(char*)0; // no-warning 47} 48 49void strlen_constant2(char x) { 50 char a[] = "123"; 51 if (strlen(a) != 3) 52 (void)*(char*)0; // no-warning 53 a[0] = x; 54 if (strlen(a) != 3) 55 (void)*(char*)0; // expected-warning{{null}} 56} 57 58size_t strlen_null() { 59 return strlen(0); // expected-warning{{Null pointer argument in call to string length function}} 60} 61 62size_t strlen_fn() { 63 return strlen((char*)&strlen_fn); // expected-warning{{Argument to string length function is the address of the function 'strlen_fn', which is not a null-terminated string}} 64} 65 66size_t strlen_nonloc() { 67label: 68 return strlen((char*)&&label); // expected-warning{{Argument to string length function is the address of the label 'label', which is not a null-terminated string}} 69} 70 71void strlen_subregion() { 72 struct two_strings { char a[2], b[2]; }; 73 extern void use_two_strings(struct two_strings *); 74 75 struct two_strings z; 76 use_two_strings(&z); 77 78 size_t a = strlen(z.a); 79 z.b[0] = 5; 80 size_t b = strlen(z.a); 81 if (a == 0 && b != 0) 82 (void)*(char*)0; // expected-warning{{never executed}} 83 84 use_two_strings(&z); 85 86 size_t c = strlen(z.a); 87 if (a == 0 && c != 0) 88 (void)*(char*)0; // expected-warning{{null}} 89} 90 91extern void use_string(char *); 92void strlen_argument(char *x) { 93 size_t a = strlen(x); 94 size_t b = strlen(x); 95 if (a == 0 && b != 0) 96 (void)*(char*)0; // expected-warning{{never executed}} 97 98 use_string(x); 99 100 size_t c = strlen(x); 101 if (a == 0 && c != 0) 102 (void)*(char*)0; // expected-warning{{null}} 103} 104 105extern char global_str[]; 106void strlen_global() { 107 size_t a = strlen(global_str); 108 size_t b = strlen(global_str); 109 if (a == 0 && b != 0) 110 (void)*(char*)0; // expected-warning{{never executed}} 111 112 // Call a function with unknown effects, which should invalidate globals. 113 use_string(0); 114 115 size_t c = strlen(global_str); 116 if (a == 0 && c != 0) 117 (void)*(char*)0; // expected-warning{{null}} 118} 119 120void strlen_indirect(char *x) { 121 size_t a = strlen(x); 122 char *p = x; 123 char **p2 = &p; 124 size_t b = strlen(x); 125 if (a == 0 && b != 0) 126 (void)*(char*)0; // expected-warning{{never executed}} 127 128 extern void use_string_ptr(char*const*); 129 use_string_ptr(p2); 130 131 size_t c = strlen(x); 132 if (a == 0 && c != 0) 133 (void)*(char*)0; // expected-warning{{null}} 134} 135 136void strlen_indirect2(char *x) { 137 size_t a = strlen(x); 138 char *p = x; 139 char **p2 = &p; 140 extern void use_string_ptr2(char**); 141 use_string_ptr2(p2); 142 143 size_t c = strlen(x); 144 if (a == 0 && c != 0) 145 (void)*(char*)0; // expected-warning{{null}} 146} 147 148void strlen_liveness(const char *x) { 149 if (strlen(x) < 5) 150 return; 151 if (strlen(x) < 5) 152 (void)*(char*)0; // no-warning 153} 154 155//===----------------------------------------------------------------------=== 156// strnlen() 157//===----------------------------------------------------------------------=== 158 159size_t strnlen(const char *s, size_t maxlen); 160 161void strnlen_constant0() { 162 if (strnlen("123", 10) != 3) 163 (void)*(char*)0; // expected-warning{{never executed}} 164} 165 166void strnlen_constant1() { 167 const char *a = "123"; 168 if (strnlen(a, 10) != 3) 169 (void)*(char*)0; // expected-warning{{never executed}} 170} 171 172void strnlen_constant2(char x) { 173 char a[] = "123"; 174 if (strnlen(a, 10) != 3) 175 (void)*(char*)0; // expected-warning{{never executed}} 176 a[0] = x; 177 if (strnlen(a, 10) != 3) 178 (void)*(char*)0; // expected-warning{{null}} 179} 180 181void strnlen_constant4() { 182 if (strnlen("123456", 3) != 3) 183 (void)*(char*)0; // expected-warning{{never executed}} 184} 185 186void strnlen_constant5() { 187 const char *a = "123456"; 188 if (strnlen(a, 3) != 3) 189 (void)*(char*)0; // expected-warning{{never executed}} 190} 191 192void strnlen_constant6(char x) { 193 char a[] = "123456"; 194 if (strnlen(a, 3) != 3) 195 (void)*(char*)0; // expected-warning{{never executed}} 196 a[0] = x; 197 if (strnlen(a, 3) != 3) 198 (void)*(char*)0; // expected-warning{{null}} 199} 200 201size_t strnlen_null() { 202 return strnlen(0, 3); // expected-warning{{Null pointer argument in call to string length function}} 203} 204 205size_t strnlen_fn() { 206 return strnlen((char*)&strlen_fn, 3); // expected-warning{{Argument to string length function is the address of the function 'strlen_fn', which is not a null-terminated string}} 207} 208 209size_t strnlen_nonloc() { 210label: 211 return strnlen((char*)&&label, 3); // expected-warning{{Argument to string length function is the address of the label 'label', which is not a null-terminated string}} 212} 213 214void strnlen_zero() { 215 if (strnlen("abc", 0) != 0) 216 (void)*(char*)0; // expected-warning{{never executed}} 217 if (strnlen(NULL, 0) != 0) // no-warning 218 (void)*(char*)0; // no-warning 219} 220 221size_t strnlen_compound_literal() { 222 // This used to crash because we don't model the string lengths of 223 // compound literals. 224 return strnlen((char[]) { 'a', 'b', 0 }, 1); 225} 226 227size_t strnlen_unknown_limit(float f) { 228 // This used to crash because we don't model the integer values of floats. 229 return strnlen("abc", (int)f); 230} 231 232void strnlen_is_not_strlen(char *x) { 233 if (strnlen(x, 10) != strlen(x)) 234 (void)*(char*)0; // expected-warning{{null}} 235} 236 237void strnlen_at_limit(char *x) { 238 size_t len = strnlen(x, 10); 239 if (len > 10) 240 (void)*(char*)0; // expected-warning{{never executed}} 241 if (len == 10) 242 (void)*(char*)0; // expected-warning{{null}} 243} 244 245void strnlen_less_than_limit(char *x) { 246 size_t len = strnlen(x, 10); 247 if (len > 10) 248 (void)*(char*)0; // expected-warning{{never executed}} 249 if (len < 10) 250 (void)*(char*)0; // expected-warning{{null}} 251} 252 253void strnlen_at_actual(size_t limit) { 254 size_t len = strnlen("abc", limit); 255 if (len > 3) 256 (void)*(char*)0; // expected-warning{{never executed}} 257 if (len == 3) 258 (void)*(char*)0; // expected-warning{{null}} 259} 260 261void strnlen_less_than_actual(size_t limit) { 262 size_t len = strnlen("abc", limit); 263 if (len > 3) 264 (void)*(char*)0; // expected-warning{{never executed}} 265 if (len < 3) 266 (void)*(char*)0; // expected-warning{{null}} 267} 268 269//===----------------------------------------------------------------------=== 270// strcpy() 271//===----------------------------------------------------------------------=== 272 273#ifdef VARIANT 274 275#define __strcpy_chk BUILTIN(__strcpy_chk) 276char *__strcpy_chk(char *restrict s1, const char *restrict s2, size_t destlen); 277 278#define strcpy(a,b) __strcpy_chk(a,b,(size_t)-1) 279 280#else /* VARIANT */ 281 282#define strcpy BUILTIN(strcpy) 283char *strcpy(char *restrict s1, const char *restrict s2); 284 285#endif /* VARIANT */ 286 287 288void strcpy_null_dst(char *x) { 289 strcpy(NULL, x); // expected-warning{{Null pointer argument in call to string copy function}} 290} 291 292void strcpy_null_src(char *x) { 293 strcpy(x, NULL); // expected-warning{{Null pointer argument in call to string copy function}} 294} 295 296void strcpy_fn(char *x) { 297 strcpy(x, (char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}} 298} 299 300void strcpy_fn_const(char *x) { 301 strcpy(x, (const char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}} 302} 303 304void strcpy_effects(char *x, char *y) { 305 char a = x[0]; 306 307 if (strcpy(x, y) != x) 308 (void)*(char*)0; // no-warning 309 310 if (strlen(x) != strlen(y)) 311 (void)*(char*)0; // no-warning 312 313 if (a != x[0]) 314 (void)*(char*)0; // expected-warning{{null}} 315} 316 317void strcpy_overflow(char *y) { 318 char x[4]; 319 if (strlen(y) == 4) 320 strcpy(x, y); // expected-warning{{String copy function overflows destination buffer}} 321} 322 323void strcpy_no_overflow(char *y) { 324 char x[4]; 325 if (strlen(y) == 3) 326 strcpy(x, y); // no-warning 327} 328 329//===----------------------------------------------------------------------=== 330// stpcpy() 331//===----------------------------------------------------------------------=== 332 333#ifdef VARIANT 334 335#define __stpcpy_chk BUILTIN(__stpcpy_chk) 336char *__stpcpy_chk(char *restrict s1, const char *restrict s2, size_t destlen); 337 338#define stpcpy(a,b) __stpcpy_chk(a,b,(size_t)-1) 339 340#else /* VARIANT */ 341 342#define stpcpy BUILTIN(stpcpy) 343char *stpcpy(char *restrict s1, const char *restrict s2); 344 345#endif /* VARIANT */ 346 347 348void stpcpy_effect(char *x, char *y) { 349 char a = x[0]; 350 351 if (stpcpy(x, y) != &x[strlen(y)]) 352 (void)*(char*)0; // no-warning 353 354 if (strlen(x) != strlen(y)) 355 (void)*(char*)0; // no-warning 356 357 if (a != x[0]) 358 (void)*(char*)0; // expected-warning{{null}} 359} 360 361void stpcpy_overflow(char *y) { 362 char x[4]; 363 if (strlen(y) == 4) 364 stpcpy(x, y); // expected-warning{{String copy function overflows destination buffer}} 365} 366 367void stpcpy_no_overflow(char *y) { 368 char x[4]; 369 if (strlen(y) == 3) 370 stpcpy(x, y); // no-warning 371} 372 373//===----------------------------------------------------------------------=== 374// strcat() 375//===----------------------------------------------------------------------=== 376 377#ifdef VARIANT 378 379#define __strcat_chk BUILTIN(__strcat_chk) 380char *__strcat_chk(char *restrict s1, const char *restrict s2, size_t destlen); 381 382#define strcat(a,b) __strcat_chk(a,b,(size_t)-1) 383 384#else /* VARIANT */ 385 386#define strcat BUILTIN(strcat) 387char *strcat(char *restrict s1, const char *restrict s2); 388 389#endif /* VARIANT */ 390 391 392void strcat_null_dst(char *x) { 393 strcat(NULL, x); // expected-warning{{Null pointer argument in call to string copy function}} 394} 395 396void strcat_null_src(char *x) { 397 strcat(x, NULL); // expected-warning{{Null pointer argument in call to string copy function}} 398} 399 400void strcat_fn(char *x) { 401 strcat(x, (char*)&strcat_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcat_fn', which is not a null-terminated string}} 402} 403 404void strcat_effects(char *y) { 405 char x[8] = "123"; 406 size_t orig_len = strlen(x); 407 char a = x[0]; 408 409 if (strlen(y) != 4) 410 return; 411 412 if (strcat(x, y) != x) 413 (void)*(char*)0; // no-warning 414 415 if ((int)strlen(x) != (orig_len + strlen(y))) 416 (void)*(char*)0; // no-warning 417} 418 419void strcat_overflow_0(char *y) { 420 char x[4] = "12"; 421 if (strlen(y) == 4) 422 strcat(x, y); // expected-warning{{String copy function overflows destination buffer}} 423} 424 425void strcat_overflow_1(char *y) { 426 char x[4] = "12"; 427 if (strlen(y) == 3) 428 strcat(x, y); // expected-warning{{String copy function overflows destination buffer}} 429} 430 431void strcat_overflow_2(char *y) { 432 char x[4] = "12"; 433 if (strlen(y) == 2) 434 strcat(x, y); // expected-warning{{String copy function overflows destination buffer}} 435} 436 437void strcat_no_overflow(char *y) { 438 char x[5] = "12"; 439 if (strlen(y) == 2) 440 strcat(x, y); // no-warning 441} 442 443void strcat_symbolic_dst_length(char *dst) { 444 strcat(dst, "1234"); 445 if (strlen(dst) < 4) 446 (void)*(char*)0; // no-warning 447} 448 449void strcat_symbolic_src_length(char *src) { 450 char dst[8] = "1234"; 451 strcat(dst, src); 452 if (strlen(dst) < 4) 453 (void)*(char*)0; // no-warning 454} 455 456void strcat_symbolic_dst_length_taint(char *dst) { 457 scanf("%s", dst); // Taint data. 458 strcat(dst, "1234"); 459 if (strlen(dst) < 4) 460 (void)*(char*)0; // no-warning 461} 462 463void strcat_unknown_src_length(char *src, int offset) { 464 char dst[8] = "1234"; 465 strcat(dst, &src[offset]); 466 if (strlen(dst) < 4) 467 (void)*(char*)0; // no-warning 468} 469 470// There is no strcat_unknown_dst_length because if we can't get a symbolic 471// length for the "before" strlen, we won't be able to set one for "after". 472 473void strcat_too_big(char *dst, char *src) { 474 if (strlen(dst) != (((size_t)0) - 2)) 475 return; 476 if (strlen(src) != 2) 477 return; 478 strcat(dst, src); // expected-warning{{This expression will create a string whose length is too big to be represented as a size_t}} 479} 480 481 482//===----------------------------------------------------------------------=== 483// strncpy() 484//===----------------------------------------------------------------------=== 485 486#ifdef VARIANT 487 488#define __strncpy_chk BUILTIN(__strncpy_chk) 489char *__strncpy_chk(char *restrict s1, const char *restrict s2, size_t n, size_t destlen); 490 491#define strncpy(a,b,n) __strncpy_chk(a,b,n,(size_t)-1) 492 493#else /* VARIANT */ 494 495#define strncpy BUILTIN(strncpy) 496char *strncpy(char *restrict s1, const char *restrict s2, size_t n); 497 498#endif /* VARIANT */ 499 500 501void strncpy_null_dst(char *x) { 502 strncpy(NULL, x, 5); // expected-warning{{Null pointer argument in call to string copy function}} 503} 504 505void strncpy_null_src(char *x) { 506 strncpy(x, NULL, 5); // expected-warning{{Null pointer argument in call to string copy function}} 507} 508 509void strncpy_fn(char *x) { 510 strncpy(x, (char*)&strcpy_fn, 5); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}} 511} 512 513void strncpy_effects(char *x, char *y) { 514 char a = x[0]; 515 516 if (strncpy(x, y, 5) != x) 517 (void)*(char*)0; // no-warning 518 519 if (strlen(x) != strlen(y)) 520 (void)*(char*)0; // expected-warning{{null}} 521 522 if (a != x[0]) 523 (void)*(char*)0; // expected-warning{{null}} 524} 525 526void strncpy_overflow(char *y) { 527 char x[4]; 528 if (strlen(y) == 4) 529 strncpy(x, y, 5); // expected-warning{{Size argument is greater than the length of the destination buffer}} 530} 531 532void strncpy_no_overflow(char *y) { 533 char x[4]; 534 if (strlen(y) == 3) 535 strncpy(x, y, 5); // expected-warning{{Size argument is greater than the length of the destination buffer}} 536} 537 538void strncpy_no_overflow2(char *y, int n) { 539 if (n <= 4) 540 return; 541 542 char x[4]; 543 if (strlen(y) == 3) 544 strncpy(x, y, n); // expected-warning{{Size argument is greater than the length of the destination buffer}} 545} 546 547void strncpy_truncate(char *y) { 548 char x[4]; 549 if (strlen(y) == 4) 550 strncpy(x, y, 3); // no-warning 551} 552 553void strncpy_no_truncate(char *y) { 554 char x[4]; 555 if (strlen(y) == 3) 556 strncpy(x, y, 3); // no-warning 557} 558 559void strncpy_exactly_matching_buffer(char *y) { 560 char x[4]; 561 strncpy(x, y, 4); // no-warning 562 563 // strncpy does not null-terminate, so we have no idea what the strlen is 564 // after this. 565 if (strlen(x) > 4) 566 (void)*(int*)0; // expected-warning{{null}} 567} 568 569void strncpy_exactly_matching_buffer2(char *y) { 570 if (strlen(y) >= 4) 571 return; 572 573 char x[4]; 574 strncpy(x, y, 4); // no-warning 575 576 // This time, we know that y fits in x anyway. 577 if (strlen(x) > 3) 578 (void)*(int*)0; // no-warning 579} 580 581//===----------------------------------------------------------------------=== 582// strncat() 583//===----------------------------------------------------------------------=== 584 585#ifdef VARIANT 586 587#define __strncat_chk BUILTIN(__strncat_chk) 588char *__strncat_chk(char *restrict s1, const char *restrict s2, size_t n, size_t destlen); 589 590#define strncat(a,b,c) __strncat_chk(a,b,c, (size_t)-1) 591 592#else /* VARIANT */ 593 594#define strncat BUILTIN(strncat) 595char *strncat(char *restrict s1, const char *restrict s2, size_t n); 596 597#endif /* VARIANT */ 598 599 600void strncat_null_dst(char *x) { 601 strncat(NULL, x, 4); // expected-warning{{Null pointer argument in call to string copy function}} 602} 603 604void strncat_null_src(char *x) { 605 strncat(x, NULL, 4); // expected-warning{{Null pointer argument in call to string copy function}} 606} 607 608void strncat_fn(char *x) { 609 strncat(x, (char*)&strncat_fn, 4); // expected-warning{{Argument to string copy function is the address of the function 'strncat_fn', which is not a null-terminated string}} 610} 611 612void strncat_effects(char *y) { 613 char x[8] = "123"; 614 size_t orig_len = strlen(x); 615 char a = x[0]; 616 617 if (strlen(y) != 4) 618 return; 619 620 if (strncat(x, y, strlen(y)) != x) 621 (void)*(char*)0; // no-warning 622 623 if (strlen(x) != orig_len + strlen(y)) 624 (void)*(char*)0; // no-warning 625} 626 627void strncat_overflow_0(char *y) { 628 char x[4] = "12"; 629 if (strlen(y) == 4) 630 strncat(x, y, strlen(y)); // expected-warning{{Size argument is greater than the free space in the destination buffer}} 631} 632 633void strncat_overflow_1(char *y) { 634 char x[4] = "12"; 635 if (strlen(y) == 3) 636 strncat(x, y, strlen(y)); // expected-warning{{Size argument is greater than the free space in the destination buffer}} 637} 638 639void strncat_overflow_2(char *y) { 640 char x[4] = "12"; 641 if (strlen(y) == 2) 642 strncat(x, y, strlen(y)); // expected-warning{{Size argument is greater than the free space in the destination buffer}} 643} 644 645void strncat_overflow_3(char *y) { 646 char x[4] = "12"; 647 if (strlen(y) == 4) 648 strncat(x, y, 2); // expected-warning{{Size argument is greater than the free space in the destination buffer}} 649} 650void strncat_no_overflow_1(char *y) { 651 char x[5] = "12"; 652 if (strlen(y) == 2) 653 strncat(x, y, strlen(y)); // no-warning 654} 655 656void strncat_no_overflow_2(char *y) { 657 char x[4] = "12"; 658 if (strlen(y) == 4) 659 strncat(x, y, 1); // no-warning 660} 661 662void strncat_symbolic_dst_length(char *dst) { 663 strncat(dst, "1234", 5); 664 if (strlen(dst) < 4) 665 (void)*(char*)0; // no-warning 666} 667 668void strncat_symbolic_src_length(char *src) { 669 char dst[8] = "1234"; 670 strncat(dst, src, 3); 671 if (strlen(dst) < 4) 672 (void)*(char*)0; // no-warning 673 674 char dst2[8] = "1234"; 675 strncat(dst2, src, 4); // expected-warning{{Size argument is greater than the free space in the destination buffer}} 676} 677 678void strncat_unknown_src_length(char *src, int offset) { 679 char dst[8] = "1234"; 680 strncat(dst, &src[offset], 3); 681 if (strlen(dst) < 4) 682 (void)*(char*)0; // no-warning 683 684 char dst2[8] = "1234"; 685 strncat(dst2, &src[offset], 4); // expected-warning{{Size argument is greater than the free space in the destination buffer}} 686} 687 688// There is no strncat_unknown_dst_length because if we can't get a symbolic 689// length for the "before" strlen, we won't be able to set one for "after". 690 691void strncat_symbolic_limit(unsigned limit) { 692 char dst[6] = "1234"; 693 char src[] = "567"; 694 strncat(dst, src, limit); // no-warning 695 if (strlen(dst) < 4) 696 (void)*(char*)0; // no-warning 697 if (strlen(dst) == 4) 698 (void)*(char*)0; // expected-warning{{null}} 699} 700 701void strncat_unknown_limit(float limit) { 702 char dst[6] = "1234"; 703 char src[] = "567"; 704 strncat(dst, src, (size_t)limit); // no-warning 705 if (strlen(dst) < 4) 706 (void)*(char*)0; // no-warning 707 if (strlen(dst) == 4) 708 (void)*(char*)0; // expected-warning{{null}} 709} 710 711void strncat_too_big(char *dst, char *src) { 712 if (strlen(dst) != (((size_t)0) - 2)) 713 return; 714 if (strlen(src) != 2) 715 return; 716 strncat(dst, src, 2); // expected-warning{{This expression will create a string whose length is too big to be represented as a size_t}} 717} 718 719//===----------------------------------------------------------------------=== 720// strcmp() 721//===----------------------------------------------------------------------=== 722 723#define strcmp BUILTIN(strcmp) 724int strcmp(const char * s1, const char * s2); 725 726void strcmp_constant0() { 727 if (strcmp("123", "123") != 0) 728 (void)*(char*)0; // no-warning 729} 730 731void strcmp_constant_and_var_0() { 732 char *x = "123"; 733 if (strcmp(x, "123") != 0) 734 (void)*(char*)0; // no-warning 735} 736 737void strcmp_constant_and_var_1() { 738 char *x = "123"; 739 if (strcmp("123", x) != 0) 740 (void)*(char*)0; // no-warning 741} 742 743void strcmp_0() { 744 char *x = "123"; 745 char *y = "123"; 746 if (strcmp(x, y) != 0) 747 (void)*(char*)0; // no-warning 748} 749 750void strcmp_1() { 751 char *x = "234"; 752 char *y = "123"; 753 if (strcmp(x, y) != 1) 754 (void)*(char*)0; // no-warning 755} 756 757void strcmp_2() { 758 char *x = "123"; 759 char *y = "234"; 760 if (strcmp(x, y) != -1) 761 (void)*(char*)0; // no-warning 762} 763 764void strcmp_null_0() { 765 char *x = NULL; 766 char *y = "123"; 767 strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} 768} 769 770void strcmp_null_1() { 771 char *x = "123"; 772 char *y = NULL; 773 strcmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} 774} 775 776void strcmp_diff_length_0() { 777 char *x = "12345"; 778 char *y = "234"; 779 if (strcmp(x, y) != -1) 780 (void)*(char*)0; // no-warning 781} 782 783void strcmp_diff_length_1() { 784 char *x = "123"; 785 char *y = "23456"; 786 if (strcmp(x, y) != -1) 787 (void)*(char*)0; // no-warning 788} 789 790void strcmp_diff_length_2() { 791 char *x = "12345"; 792 char *y = "123"; 793 if (strcmp(x, y) != 1) 794 (void)*(char*)0; // no-warning 795} 796 797void strcmp_diff_length_3() { 798 char *x = "123"; 799 char *y = "12345"; 800 if (strcmp(x, y) != -1) 801 (void)*(char*)0; // no-warning 802} 803 804void strcmp_embedded_null () { 805 if (strcmp("\0z", "\0y") != 0) 806 (void)*(char*)0; // no-warning 807} 808 809void strcmp_unknown_arg (char *unknown) { 810 if (strcmp(unknown, unknown) != 0) 811 (void)*(char*)0; // no-warning 812} 813 814//===----------------------------------------------------------------------=== 815// strncmp() 816//===----------------------------------------------------------------------=== 817 818#define strncmp BUILTIN(strncmp) 819int strncmp(const char *s1, const char *s2, size_t n); 820 821void strncmp_constant0() { 822 if (strncmp("123", "123", 3) != 0) 823 (void)*(char*)0; // no-warning 824} 825 826void strncmp_constant_and_var_0() { 827 char *x = "123"; 828 if (strncmp(x, "123", 3) != 0) 829 (void)*(char*)0; // no-warning 830} 831 832void strncmp_constant_and_var_1() { 833 char *x = "123"; 834 if (strncmp("123", x, 3) != 0) 835 (void)*(char*)0; // no-warning 836} 837 838void strncmp_0() { 839 char *x = "123"; 840 char *y = "123"; 841 if (strncmp(x, y, 3) != 0) 842 (void)*(char*)0; // no-warning 843} 844 845void strncmp_1() { 846 char *x = "234"; 847 char *y = "123"; 848 if (strncmp(x, y, 3) != 1) 849 (void)*(char*)0; // no-warning 850} 851 852void strncmp_2() { 853 char *x = "123"; 854 char *y = "234"; 855 if (strncmp(x, y, 3) != -1) 856 (void)*(char*)0; // no-warning 857} 858 859void strncmp_null_0() { 860 char *x = NULL; 861 char *y = "123"; 862 strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} 863} 864 865void strncmp_null_1() { 866 char *x = "123"; 867 char *y = NULL; 868 strncmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} 869} 870 871void strncmp_diff_length_0() { 872 char *x = "12345"; 873 char *y = "234"; 874 if (strncmp(x, y, 5) != -1) 875 (void)*(char*)0; // no-warning 876} 877 878void strncmp_diff_length_1() { 879 char *x = "123"; 880 char *y = "23456"; 881 if (strncmp(x, y, 5) != -1) 882 (void)*(char*)0; // no-warning 883} 884 885void strncmp_diff_length_2() { 886 char *x = "12345"; 887 char *y = "123"; 888 if (strncmp(x, y, 5) != 1) 889 (void)*(char*)0; // no-warning 890} 891 892void strncmp_diff_length_3() { 893 char *x = "123"; 894 char *y = "12345"; 895 if (strncmp(x, y, 5) != -1) 896 (void)*(char*)0; // no-warning 897} 898 899void strncmp_diff_length_4() { 900 char *x = "123"; 901 char *y = "12345"; 902 if (strncmp(x, y, 3) != 0) 903 (void)*(char*)0; // no-warning 904} 905 906void strncmp_diff_length_5() { 907 char *x = "012"; 908 char *y = "12345"; 909 if (strncmp(x, y, 3) != -1) 910 (void)*(char*)0; // no-warning 911} 912 913void strncmp_diff_length_6() { 914 char *x = "234"; 915 char *y = "12345"; 916 if (strncmp(x, y, 3) != 1) 917 (void)*(char*)0; // no-warning 918} 919 920void strncmp_embedded_null () { 921 if (strncmp("ab\0zz", "ab\0yy", 4) != 0) 922 (void)*(char*)0; // no-warning 923} 924 925//===----------------------------------------------------------------------=== 926// strcasecmp() 927//===----------------------------------------------------------------------=== 928 929#define strcasecmp BUILTIN(strcasecmp) 930int strcasecmp(const char *s1, const char *s2); 931 932void strcasecmp_constant0() { 933 if (strcasecmp("abc", "Abc") != 0) 934 (void)*(char*)0; // no-warning 935} 936 937void strcasecmp_constant_and_var_0() { 938 char *x = "abc"; 939 if (strcasecmp(x, "Abc") != 0) 940 (void)*(char*)0; // no-warning 941} 942 943void strcasecmp_constant_and_var_1() { 944 char *x = "abc"; 945 if (strcasecmp("Abc", x) != 0) 946 (void)*(char*)0; // no-warning 947} 948 949void strcasecmp_0() { 950 char *x = "abc"; 951 char *y = "Abc"; 952 if (strcasecmp(x, y) != 0) 953 (void)*(char*)0; // no-warning 954} 955 956void strcasecmp_1() { 957 char *x = "Bcd"; 958 char *y = "abc"; 959 if (strcasecmp(x, y) != 1) 960 (void)*(char*)0; // no-warning 961} 962 963void strcasecmp_2() { 964 char *x = "abc"; 965 char *y = "Bcd"; 966 if (strcasecmp(x, y) != -1) 967 (void)*(char*)0; // no-warning 968} 969 970void strcasecmp_null_0() { 971 char *x = NULL; 972 char *y = "123"; 973 strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} 974} 975 976void strcasecmp_null_1() { 977 char *x = "123"; 978 char *y = NULL; 979 strcasecmp(x, y); // expected-warning{{Null pointer argument in call to string comparison function}} 980} 981 982void strcasecmp_diff_length_0() { 983 char *x = "abcde"; 984 char *y = "aBd"; 985 if (strcasecmp(x, y) != -1) 986 (void)*(char*)0; // no-warning 987} 988 989void strcasecmp_diff_length_1() { 990 char *x = "abc"; 991 char *y = "aBdef"; 992 if (strcasecmp(x, y) != -1) 993 (void)*(char*)0; // no-warning 994} 995 996void strcasecmp_diff_length_2() { 997 char *x = "aBcDe"; 998 char *y = "abc"; 999 if (strcasecmp(x, y) != 1) 1000 (void)*(char*)0; // no-warning 1001} 1002 1003void strcasecmp_diff_length_3() { 1004 char *x = "aBc"; 1005 char *y = "abcde"; 1006 if (strcasecmp(x, y) != -1) 1007 (void)*(char*)0; // no-warning 1008} 1009 1010void strcasecmp_embedded_null () { 1011 if (strcasecmp("ab\0zz", "ab\0yy") != 0) 1012 (void)*(char*)0; // no-warning 1013} 1014 1015//===----------------------------------------------------------------------=== 1016// strncasecmp() 1017//===----------------------------------------------------------------------=== 1018 1019#define strncasecmp BUILTIN(strncasecmp) 1020int strncasecmp(const char *s1, const char *s2, size_t n); 1021 1022void strncasecmp_constant0() { 1023 if (strncasecmp("abc", "Abc", 3) != 0) 1024 (void)*(char*)0; // no-warning 1025} 1026 1027void strncasecmp_constant_and_var_0() { 1028 char *x = "abc"; 1029 if (strncasecmp(x, "Abc", 3) != 0) 1030 (void)*(char*)0; // no-warning 1031} 1032 1033void strncasecmp_constant_and_var_1() { 1034 char *x = "abc"; 1035 if (strncasecmp("Abc", x, 3) != 0) 1036 (void)*(char*)0; // no-warning 1037} 1038 1039void strncasecmp_0() { 1040 char *x = "abc"; 1041 char *y = "Abc"; 1042 if (strncasecmp(x, y, 3) != 0) 1043 (void)*(char*)0; // no-warning 1044} 1045 1046void strncasecmp_1() { 1047 char *x = "Bcd"; 1048 char *y = "abc"; 1049 if (strncasecmp(x, y, 3) != 1) 1050 (void)*(char*)0; // no-warning 1051} 1052 1053void strncasecmp_2() { 1054 char *x = "abc"; 1055 char *y = "Bcd"; 1056 if (strncasecmp(x, y, 3) != -1) 1057 (void)*(char*)0; // no-warning 1058} 1059 1060void strncasecmp_null_0() { 1061 char *x = NULL; 1062 char *y = "123"; 1063 strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} 1064} 1065 1066void strncasecmp_null_1() { 1067 char *x = "123"; 1068 char *y = NULL; 1069 strncasecmp(x, y, 3); // expected-warning{{Null pointer argument in call to string comparison function}} 1070} 1071 1072void strncasecmp_diff_length_0() { 1073 char *x = "abcde"; 1074 char *y = "aBd"; 1075 if (strncasecmp(x, y, 5) != -1) 1076 (void)*(char*)0; // no-warning 1077} 1078 1079void strncasecmp_diff_length_1() { 1080 char *x = "abc"; 1081 char *y = "aBdef"; 1082 if (strncasecmp(x, y, 5) != -1) 1083 (void)*(char*)0; // no-warning 1084} 1085 1086void strncasecmp_diff_length_2() { 1087 char *x = "aBcDe"; 1088 char *y = "abc"; 1089 if (strncasecmp(x, y, 5) != 1) 1090 (void)*(char*)0; // no-warning 1091} 1092 1093void strncasecmp_diff_length_3() { 1094 char *x = "aBc"; 1095 char *y = "abcde"; 1096 if (strncasecmp(x, y, 5) != -1) 1097 (void)*(char*)0; // no-warning 1098} 1099 1100void strncasecmp_diff_length_4() { 1101 char *x = "abcde"; 1102 char *y = "aBc"; 1103 if (strncasecmp(x, y, 3) != 0) 1104 (void)*(char*)0; // no-warning 1105} 1106 1107void strncasecmp_diff_length_5() { 1108 char *x = "abcde"; 1109 char *y = "aBd"; 1110 if (strncasecmp(x, y, 3) != -1) 1111 (void)*(char*)0; // no-warning 1112} 1113 1114void strncasecmp_diff_length_6() { 1115 char *x = "aBDe"; 1116 char *y = "abc"; 1117 if (strncasecmp(x, y, 3) != 1) 1118 (void)*(char*)0; // no-warning 1119} 1120 1121void strncasecmp_embedded_null () { 1122 if (strncasecmp("ab\0zz", "ab\0yy", 4) != 0) 1123 (void)*(char*)0; // no-warning 1124} 1125