1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
|
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring,alpha.unix.cstring,debug.ExprInspection -verify %s
typedef decltype(sizeof(int)) size_t;
void clang_analyzer_eval(bool);
char *strncpy(char *dest, const char *src, size_t x);
constexpr int initB = 100;
struct Base {
int b;
Base(): b(initB) {}
};
// issue 143807
struct strncpyTestClass: public Base {
int *m_ptr;
char m_buff[1000];
void KnownLen(char *src) {
m_ptr = new int;
strncpy(m_buff, src, sizeof(m_buff)); // known len but unknown src size
delete m_ptr; // no warning
}
void KnownSrcLen(size_t n) {
m_ptr = new int;
strncpy(m_buff, "xyz", n); // known src size but unknown len
delete m_ptr; // no warning
}
};
void strncpyTest(char *src, size_t n) {
strncpyTestClass rep;
rep.KnownLen(src);
rep.KnownSrcLen(n);
clang_analyzer_eval(rep.b == initB); // expected-warning{{TRUE}}
}
size_t strlcpy(char *dest, const char *src, size_t size);
struct strlcpyTestClass: public Base {
int *m_ptr;
char m_buff[1000];
void KnownLen(char *src) {
m_ptr = new int;
strlcpy(m_buff, src, sizeof(m_buff)); // known len but unknown src size
delete m_ptr; // no warning
}
void KnownSrcLen(size_t n) {
m_ptr = new int;
strlcpy(m_buff, "xyz", n); // known src size but unknown len
delete m_ptr; // no warning
}
};
void strlcpyTest(char *src, size_t n) {
strlcpyTestClass rep;
rep.KnownLen(src);
rep.KnownSrcLen(n);
clang_analyzer_eval(rep.b == initB); // expected-warning{{TRUE}}
}
char *strncat(char *s1, const char *s2, size_t n);
struct strncatTestClass: public Base {
int *m_ptr;
char m_buff[1000];
void KnownLen(char *src) {
m_ptr = new int;
strncat(m_buff, src, sizeof(m_buff) - 1); // known len but unknown src size
delete m_ptr; // no warning
}
void KnownSrcLen(size_t n) {
m_ptr = new int;
strncat(m_buff, "xyz", n); // known src size but unknown len
delete m_ptr; // no warning
}
};
void strncatTest(char *src, size_t n) {
strncatTestClass rep;
rep.KnownLen(src);
rep.KnownSrcLen(n);
clang_analyzer_eval(rep.b == initB); // expected-warning{{TRUE}}
}
struct strncatReportOutOfBoundTestClass {
int *m_ptr;
char m_buff[1000];
void KnownLen(char *src) {
m_ptr = new int;
// expected-warning@+1{{String concatenation function overflows the destination buffer}}
strncat(m_buff, src, sizeof(m_buff)); // known len but unknown src size
delete m_ptr; // no warning
}
};
void strncatReportOutOfBoundTest(char *src, size_t n) {
strncatReportOutOfBoundTestClass rep;
rep.KnownLen(src);
}
size_t strlcat(char *dst, const char *src, size_t size);
struct strlcatTestClass: public Base {
int *m_ptr;
char m_buff[1000];
void KnownLen(char *src) {
m_ptr = new int;
strlcat(m_buff, src, sizeof(m_buff)); // known len but unknown src size
delete m_ptr; // no warning
}
void KnownSrcLen(size_t n) {
m_ptr = new int;
strlcat(m_buff, "xyz", n); // known src size but unknown len
delete m_ptr; // no warning
}
};
void strlcatTest(char *src, size_t n) {
strlcatTestClass rep;
rep.KnownLen(src);
rep.KnownSrcLen(n);
clang_analyzer_eval(rep.b == initB); // expected-warning{{TRUE}}
}
|
