================
@@ -1,130 +0,0 @@
-// RUN: %clang_analyze_cc1 -Wno-array-bounds -verify %s \
-// RUN: -analyzer-checker=core \
-// RUN: -analyzer-checker=unix \
-// RUN: -analyzer-checker=security.ArrayBound \
-// RUN: -analyzer-config unix.DynamicMemoryModeling:Optimistic=true
-
-typedef __typeof(sizeof(int)) size_t;
-void *malloc(size_t);
-void *calloc(size_t, size_t);
-
-char f1(void) {
- char* s = "abcd";
- char c = s[4]; // no-warning
- return s[5] + c; // expected-warning{{Out of bound access to memory after}}
-}
-
-void f2(void) {
- int *p = malloc(12);
- p[3] = 4; // expected-warning{{Out of bound access to memory after}}
-}
-
-struct three_words {
- int c[3];
-};
-
-struct seven_words {
- int c[7];
-};
-
-void f3(void) {
- struct three_words a, *p;
- p = &a;
- p[0] = a; // no-warning
- p[1] = a; // expected-warning{{Out of bound access to memory after}}
-}
-
-void f4(void) {
- struct seven_words c;
- struct three_words a, *p = (struct three_words *)&c;
- p[0] = a; // no-warning
- p[1] = a; // no-warning
- p[2] = a; // should warn
- // FIXME: This is an overflow, but currently security.ArrayBound only checks
- // that the _beginning_ of the accessed element is within bounds.
-}
-
-void f5(void) {
- char *p = calloc(2,2);
- p[3] = '.'; // no-warning
- p[4] = '!'; // expected-warning{{Out of bound access}}
-}
-
-void f6(void) {
- char a[2];
- int *b = (int*)a;
- b[1] = 3; // expected-warning{{Out of bound access}}
-}
-
-void f7(void) {
- struct three_words a;
- a.c[3] = 1; // expected-warning{{Out of bound access}}
-}
-
-void vla(int a) {
- if (a == 5) {
- int x[a];
- x[4] = 4; // no-warning
- x[5] = 5; // expected-warning{{Out of bound access}}
- }
-}
-
-void alloca_region(int a) {
- if (a == 5) {
- char *x = __builtin_alloca(a);
- x[4] = 4; // no-warning
- x[5] = 5; // expected-warning{{Out of bound access}}
- }
-}
-
-int symbolic_index(int a) {
- int x[2] = {1, 2};
- if (a == 2) {
- return x[a]; // expected-warning{{Out of bound access}}
- }
- return 0;
-}
-
-int symbolic_index2(int a) {
- int x[2] = {1, 2};
- if (a < 0) {
- return x[a]; // expected-warning{{Out of bound access}}
- }
- return 0;
-}
----------------
NagyDonat wrote:
Symbolic indices are tested in very many testcases, including e.g.
[symbolicIndex](https://github.com/llvm/llvm-project/blob/72768d9bb8ad3e97a852270726f04d7167d9ef50/clang/test/Analysis/out-of-bounds-diagnostics.c#L373)
in `out-of-bounds-diagnostics.c`.
https://github.com/llvm/llvm-project/pull/128508
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
