null-deref-ps.c revision 0a41e5a03a2753e736dece6fc6847e6de2dedec1
1// RUN: clang -checker-simple -verify %s 2 3#include<stdint.h> 4#include <assert.h> 5 6void f1(int *p) { 7 if (p) *p = 1; 8 else *p = 0; // expected-warning{{ereference}} 9} 10 11struct foo_struct { 12 int x; 13}; 14 15int f2(struct foo_struct* p) { 16 17 if (p) 18 p->x = 1; 19 20 return p->x++; // expected-warning{{Dereference of null pointer.}} 21} 22 23int f3(char* x) { 24 25 int i = 2; 26 27 if (x) 28 return x[i - 1]; 29 30 return x[i+1]; // expected-warning{{Dereference of null pointer.}} 31} 32 33int f3_b(char* x) { 34 35 int i = 2; 36 37 if (x) 38 return x[i - 1]; 39 40 return x[i+1]++; // expected-warning{{Dereference of null pointer.}} 41} 42 43int f4(int *p) { 44 45 uintptr_t x = (uintptr_t) p; 46 47 if (x) 48 return 1; 49 50 int *q = (int*) x; 51 return *q; // expected-warning{{Dereference of null pointer.}} 52} 53 54int f5() { 55 56 char *s = "hello world"; 57 return s[0]; // no-warning 58} 59 60int bar(int* p, int q) __attribute__((nonnull)); 61 62int f6(int *p) { 63 return !p ? bar(p, 1) // expected-warning {{Null pointer passed as an argument to a 'nonnull' parameter}} 64 : bar(p, 0); // no-warning 65} 66 67int* qux(); 68 69int f7(int x) { 70 71 int* p = 0; 72 73 if (0 == x) 74 p = qux(); 75 76 if (0 == x) 77 *p = 1; // no-warning 78 79 return x; 80} 81 82int f8(int *p, int *q) { 83 if (!p) 84 if (p) 85 *p = 1; // no-warning 86 87 if (q) 88 if (!q) 89 *q = 1; // no-warning 90} 91 92int* qux(); 93 94int f9(unsigned len) { 95 assert (len != 0); 96 int *p = 0; 97 98 for (unsigned i = 0; i < len; ++i) 99 p = qux(i); 100 101 return *p++; // no-warning 102} 103 104int f9b(unsigned len) { 105 assert (len > 0); // note use of '>' 106 int *p = 0; 107 108 for (unsigned i = 0; i < len; ++i) 109 p = qux(i); 110 111 return *p++; // no-warning 112} 113 114