================
@@ -1,130 +0,0 @@
-// RUN: %clang_analyze_cc1 -Wno-array-bounds -verify %s \
-// RUN: -analyzer-checker=core \
-// RUN: -analyzer-checker=unix \
-// RUN: -analyzer-checker=security.ArrayBound \
-// RUN: -analyzer-config unix.DynamicMemoryModeling:Optimistic=true
-
-typedef __typeof(sizeof(int)) size_t;
-void *malloc(size_t);
-void *calloc(size_t, size_t);
-
-char f1(void) {
- char* s = "abcd";
- char c = s[4]; // no-warning
- return s[5] + c; // expected-warning{{Out of bound access to memory after}}
-}
-
-void f2(void) {
- int *p = malloc(12);
- p[3] = 4; // expected-warning{{Out of bound access to memory after}}
-}
-
-struct three_words {
- int c[3];
-};
-
-struct seven_words {
- int c[7];
-};
-
-void f3(void) {
- struct three_words a, *p;
- p = &a;
- p[0] = a; // no-warning
- p[1] = a; // expected-warning{{Out of bound access to memory after}}
-}
-
-void f4(void) {
- struct seven_words c;
- struct three_words a, *p = (struct three_words *)&c;
- p[0] = a; // no-warning
- p[1] = a; // no-warning
- p[2] = a; // should warn
- // FIXME: This is an overflow, but currently security.ArrayBound only checks
- // that the _beginning_ of the accessed element is within bounds.
-}
-
-void f5(void) {
- char *p = calloc(2,2);
- p[3] = '.'; // no-warning
- p[4] = '!'; // expected-warning{{Out of bound access}}
-}
-
-void f6(void) {
- char a[2];
- int *b = (int*)a;
- b[1] = 3; // expected-warning{{Out of bound access}}
-}
----------------
NagyDonat wrote:
Type casts are tested extensively within `out-of-bounds-diagnostics.c`, e.g.
the case
[intFromString](https://github.com/llvm/llvm-project/blob/72768d9bb8ad3e97a852270726f04d7167d9ef50/clang/test/Analysis/out-of-bounds-diagnostics.c#L262)
is very similar to this one.
https://github.com/llvm/llvm-project/pull/128508
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
