1// RUN: %clang_cc1 -w -analyze -analyzer-eagerly-assume -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 64 -verify %s 2// RUN: %clang_cc1 -w -analyze -analyzer-checker=core -analyzer-checker=cplusplus -fcxx-exceptions -analyzer-checker alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 63 -verify %s 3 4// These tests used to hit an assertion in the bug report. Test case from http://llvm.org/PR24184. 5typedef struct { 6 int cbData; 7 unsigned pbData; 8} CRYPT_DATA_BLOB; 9 10typedef enum { DT_NONCE_FIXED } DATA_TYPE; 11int a; 12typedef int *vcreate_t(int *, DATA_TYPE, int, int); 13void fn1(unsigned, unsigned) { 14 char b = 0; 15 for (; 1; a++, &b + a * 0) 16 ; 17} 18 19vcreate_t fn2; 20struct A { 21 CRYPT_DATA_BLOB value; 22 int m_fn1() { 23 int c; 24 value.pbData == 0; 25 fn1(0, 0); 26 } 27}; 28struct B { 29 A IkeHashAlg; 30 A IkeGType; 31 A NoncePhase1_r; 32}; 33class C { 34 int m_fn2(B *); 35 void m_fn3(B *, int, int, int); 36}; 37int C::m_fn2(B *p1) { 38 int *d; 39 int e = p1->IkeHashAlg.m_fn1(); 40 unsigned f = p1->IkeGType.m_fn1(), h; 41 int g; 42 d = fn2(0, DT_NONCE_FIXED, (char)0, p1->NoncePhase1_r.value.cbData); 43 h = 0 | 0; 44 m_fn3(p1, 0, 0, 0); 45} 46 47// case 2: 48typedef struct { 49 int cbData; 50 unsigned char *pbData; 51} CRYPT_DATA_BLOB_1; 52typedef unsigned uint32_t; 53void fn1_1(void *p1, const void *p2) { p1 != p2; } 54 55void fn2_1(uint32_t *p1, unsigned char *p2, uint32_t p3) { 56 unsigned i = 0; 57 for (0; i < p3; i++) 58 fn1_1(p1 + i, p2 + i * 0); 59} 60 61struct A_1 { 62 CRYPT_DATA_BLOB_1 value; 63 uint32_t m_fn1() { 64 uint32_t a; 65 if (value.pbData) 66 fn2_1(&a, value.pbData, value.cbData); 67 return 0; 68 } 69}; 70struct { 71 A_1 HashAlgId; 72} *b; 73void fn3() { 74 uint32_t c, d; 75 d = b->HashAlgId.m_fn1(); 76 d << 0 | 0 | 0; 77 c = 0; 78 0 | 1 << 0 | 0 && b; 79} 80 81// case 3: 82struct ST { 83 char c; 84}; 85char *p; 86int foo1(ST); 87int foo2() { 88 ST *p1 = (ST *)(p); // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}} 89 while (p1->c & 0x0F || p1->c & 0x07) 90 p1 = p1 + foo1(*p1); 91} 92 93int foo3(int *node) { 94 int i = foo2(); 95 if (i) 96 return foo2(); 97} 98