taint-tester.c revision aace9ef279be3dadd53b481aee568bd7701178b4
1// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.security.taint,debug.TaintTest -verify %s 2 3int scanf(const char *restrict format, ...); 4int getchar(void); 5 6#define BUFSIZE 10 7int Buffer[BUFSIZE]; 8 9void bufferScanfAssignment(int x) { 10 int n; 11 int *addr = &Buffer[0]; 12 scanf("%d", &n); 13 addr += n;// expected-warning {{tainted}} 14 *addr = n; // expected-warning 2 {{tainted}} 15 16 double tdiv = n / 30; // expected-warning 3 {{tainted}} 17 char *loc_cast = (char *) n; // expected-warning {{tainted}} 18 char tinc = tdiv++; // expected-warning {{tainted}} 19 int tincdec = (char)tinc--; // expected-warning 2 {{tainted}} 20 int tprtarithmetic1 = *(addr+1); 21 22 23} 24