null-deref-ps.c revision 3397e467f5f20fb0c54fc1a30f99c2559661938a
1// RUN: clang -std=gnu99 -checker-simple -verify %s 2// XFAIL 3 4#include<stdint.h> 5#include <assert.h> 6 7void f1(int *p) { 8 if (p) *p = 1; 9 else *p = 0; // expected-warning{{ereference}} 10} 11 12struct foo_struct { 13 int x; 14}; 15 16int f2(struct foo_struct* p) { 17 18 if (p) 19 p->x = 1; 20 21 return p->x++; // expected-warning{{Dereference of null pointer.}} 22} 23 24int f3(char* x) { 25 26 int i = 2; 27 28 if (x) 29 return x[i - 1]; 30 31 return x[i+1]; // expected-warning{{Dereference of null pointer.}} 32} 33 34int f3_b(char* x) { 35 36 int i = 2; 37 38 if (x) 39 return x[i - 1]; 40 41 return x[i+1]++; // expected-warning{{Dereference of null pointer.}} 42} 43 44int f4(int *p) { 45 46 uintptr_t x = (uintptr_t) p; 47 48 if (x) 49 return 1; 50 51 int *q = (int*) x; 52 return *q; // expected-warning{{Dereference of null pointer.}} 53} 54 55int f5() { 56 57 char *s = "hello world"; 58 return s[0]; // no-warning 59} 60 61int bar(int* p, int q) __attribute__((nonnull)); 62 63int f6(int *p) { 64 return !p ? bar(p, 1) // expected-warning {{Null pointer passed as an argument to a 'nonnull' parameter}} 65 : bar(p, 0); // no-warning 66} 67 68int* qux(); 69 70int f7(int x) { 71 72 int* p = 0; 73 74 if (0 == x) 75 p = qux(); 76 77 if (0 == x) 78 *p = 1; // no-warning 79 80 return x; 81} 82 83int f8(int *p, int *q) { 84 if (!p) 85 if (p) 86 *p = 1; // no-warning 87 88 if (q) 89 if (!q) 90 *q = 1; // no-warning 91} 92 93int* qux(); 94 95int f9(unsigned len) { 96 assert (len != 0); 97 int *p = 0; 98 unsigned i; 99 100 for (i = 0; i < len; ++i) 101 p = qux(i); 102 103 return *p++; // no-warning 104} 105 106int f9b(unsigned len) { 107 assert (len > 0); // note use of '>' 108 int *p = 0; 109 unsigned i; 110 111 for (i = 0; i < len; ++i) 112 p = qux(i); 113 114 return *p++; // no-warning 115} 116 117