outofbound.c revision 7d11c3f691674177bc7308c0fc6c82cb745bed0b
1// RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-checker=core,experimental.unix,experimental.security.ArrayBound -analyzer-store=region -verify %s 2 3typedef __typeof(sizeof(int)) size_t; 4void *malloc(size_t); 5void *calloc(size_t, size_t); 6 7char f1() { 8 char* s = "abcd"; 9 char c = s[4]; // no-warning 10 return s[5] + c; // expected-warning{{Access out-of-bound array element (buffer overflow)}} 11} 12 13void f2() { 14 int *p = malloc(12); 15 p[3] = 4; // expected-warning{{Access out-of-bound array element (buffer overflow)}} 16} 17 18struct three_words { 19 int c[3]; 20}; 21 22struct seven_words { 23 int c[7]; 24}; 25 26void f3() { 27 struct three_words a, *p; 28 p = &a; 29 p[0] = a; // no-warning 30 p[1] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} 31} 32 33void f4() { 34 struct seven_words c; 35 struct three_words a, *p = (struct three_words *)&c; 36 p[0] = a; // no-warning 37 p[1] = a; // no-warning 38 p[2] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} 39} 40 41void f5() { 42 char *p = calloc(2,2); 43 p[3] = '.'; // no-warning 44 p[4] = '!'; // expected-warning{{out-of-bound}} 45} 46 47void f6() { 48 char a[2]; 49 int *b = (int*)a; 50 b[1] = 3; // expected-warning{{out-of-bound}} 51} 52 53void f7() { 54 struct three_words a; 55 a.c[3] = 1; // expected-warning{{out-of-bound}} 56} 57 58void vla(int a) { 59 if (a == 5) { 60 int x[a]; 61 x[4] = 4; // no-warning 62 x[5] = 5; // expected-warning{{out-of-bound}} 63 } 64} 65 66void sizeof_vla(int a) { 67 if (a == 5) { 68 char x[a]; 69 int y[sizeof(x)]; 70 y[4] = 4; // no-warning 71 y[5] = 5; // expected-warning{{out-of-bound}} 72 } 73} 74 75void sizeof_vla_2(int a) { 76 if (a == 5) { 77 char x[a]; 78 int y[sizeof(x) / sizeof(char)]; 79 y[4] = 4; // no-warning 80 y[5] = 5; // expected-warning{{out-of-bound}} 81 } 82} 83 84void sizeof_vla_3(int a) { 85 if (a == 5) { 86 char x[a]; 87 int y[sizeof(*&*&*&x)]; 88 y[4] = 4; // no-warning 89 y[5] = 5; // expected-warning{{out-of-bound}} 90 } 91} 92 93void alloca_region(int a) { 94 if (a == 5) { 95 char *x = __builtin_alloca(a); 96 x[4] = 4; // no-warning 97 x[5] = 5; // expected-warning{{out-of-bound}} 98 } 99} 100 101int symbolic_index(int a) { 102 int x[2] = {1, 2}; 103 if (a == 2) { 104 return x[a]; // expected-warning{{out-of-bound}} 105 } 106 return 0; 107} 108 109int symbolic_index2(int a) { 110 int x[2] = {1, 2}; 111 if (a < 0) { 112 return x[a]; // expected-warning{{out-of-bound}} 113 } 114 return 0; 115} 116