taint-generic.c revision 6fcd932dfd6835f70cc00d6f7c6789793f6d7b66
1// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.security.taint,experimental.security.ArrayBoundV2 -verify %s 2 3int scanf(const char *restrict format, ...); 4int getchar(void); 5 6#define BUFSIZE 10 7 8int Buffer[BUFSIZE]; 9void bufferScanfDirect(void) 10{ 11 int n; 12 scanf("%d", &n); 13 Buffer[n] = 1; // expected-warning {{Out of bound memory access }} 14} 15 16void bufferScanfArithmetic1(int x) { 17 int n; 18 scanf("%d", &n); 19 int m = (n - 3); 20 Buffer[m] = 1; // expected-warning {{Out of bound memory access }} 21} 22 23void bufferScanfArithmetic2(int x) { 24 int n; 25 scanf("%d", &n); 26 int m = 100 / (n + 3) * x; 27 Buffer[m] = 1; // expected-warning {{Out of bound memory access }} 28} 29 30void bufferScanfAssignment(int x) { 31 int n; 32 scanf("%d", &n); 33 int m; 34 if (x > 0) { 35 m = n; 36 Buffer[m] = 1; // expected-warning {{Out of bound memory access }} 37 } 38} 39 40void scanfArg() { 41 int t; 42 scanf("%d", t); // expected-warning {{Pointer argument is expected}} \ 43 // expected-warning {{conversion specifies type 'int *' but the argument has type 'int'}} 44} 45 46void bufferGetchar(int x) { 47 int m = getchar(); 48 Buffer[m] = 1; //expected-warning {{Out of bound memory access }} 49} 50