taint-generic.c revision 8f4caf5fec2de9b18f9c5fc69696d9f6cf66bcc5
1// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.security.taint,experimental.security.ArrayBoundV2 -verify %s 2 3int scanf(const char *restrict format, ...); 4int getchar(void); 5 6#define BUFSIZE 10 7 8int Buffer[BUFSIZE]; 9void bufferFoo1(void) 10{ 11 int n; 12 scanf("%d", &n); 13 Buffer[n] = 1; // expected-warning {{Out of bound memory access }} 14} 15 16void bufferScanfArithmetic1(int x) { 17 int n; 18 scanf("%d", &n); 19 int m = (n - 3); 20 Buffer[m] = 1; // expected-warning {{Out of bound memory access }} 21} 22 23void bufferScanfArithmetic2(int x) { 24 int n; 25 scanf("%d", &n); 26 int m = (n + 3) * x; 27 Buffer[m] = 1; // expected-warning {{Out of bound memory access }} 28} 29 30void scanfArg() { 31 int t; 32 scanf("%d", t); // expected-warning {{Pointer argument is expected}} 33} 34