File: stackaddrleak.c

package info (click to toggle)
llvm-toolchain-21 1%3A21.1.0-1
  • links: PTS, VCS
  • area: main
  • in suites: sid
  • size: 2,235,796 kB
  • sloc: cpp: 7,617,614; ansic: 1,433,901; asm: 1,058,726; python: 252,096; f90: 94,671; objc: 70,753; lisp: 42,813; pascal: 18,401; sh: 10,032; ml: 5,111; perl: 4,720; awk: 3,523; makefile: 3,401; javascript: 2,272; xml: 892; fortran: 770
file content (92 lines) | stat: -rw-r--r-- 3,115 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
 
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify -std=c99 -Dbool=_Bool -Wno-bool-conversion %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify -x c++ -Wno-bool-conversion %s

typedef __INTPTR_TYPE__ intptr_t;
char const *p;

void f0(void) {
  char const str[] = "This will change";
  p = str;
} // expected-warning@-1{{Address of stack memory associated with local variable 'str' is still referred to by the global variable 'p' upon returning to the caller.  This will be a dangling reference}}

void f1(void) {
  char const str[] = "This will change";
  p = str; 
  p = 0; // no-warning
}

void f2(void) {
  p = (const char *) __builtin_alloca(12);
} // expected-warning@-1{{Address of stack memory allocated by call to alloca() on line 19 is still referred to by the global variable 'p' upon returning to the caller.  This will be a dangling reference}}

// PR 7383 - previously the stack address checker would crash on this example
//  because it would attempt to do a direct load from 'pr7383_list'. 
static int pr7383(__const char *__)
{
  return 0;
}
extern __const char *__const pr7383_list[];

// Test that we catch multiple returns via globals when analyzing a function.
void test_multi_return(void) {
  static int *a, *b;
  int x;
  a = &x;
  b = &x;
} // expected-warning@-1{{Address of stack memory associated with local variable 'x' is still referred to by the static variable 'a' upon returning}} expected-warning@-1{{Address of stack memory associated with local variable 'x' is still referred to by the static variable 'b' upon returning}}

intptr_t returnAsNonLoc(void) {
  int x;
  return (intptr_t)&x; // expected-warning{{Address of stack memory associated with local variable 'x' returned to caller}} expected-warning{{address of stack memory associated with local variable 'x' returned}}
}

bool returnAsBool(void) {
  int x;
  return &x; // no-warning
}

void assignAsNonLoc(void) {
  extern intptr_t ip;
  int x;
  ip = (intptr_t)&x;
} // expected-warning@-1{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'ip' upon returning}}

void assignAsBool(void) {
  extern bool b;
  int x;
  b = &x;
} // no-warning

int *f(int* p __attribute__((lifetimebound)));
int *g() {
  int i;
  return f(&i); // expected-warning {{address of stack memory associated with local variable 'i' returned}}
}

int *f_no_lifetime_bound(int *p);
int *g_no_lifetime_bound() {
  int i = 0;
  return f_no_lifetime_bound(&i); // no-warning
}

struct child_stack_context_s {
  int *p;
};

struct child_stack_context_s return_child_stack_context() {
  struct child_stack_context_s s;
  {
    int a = 1;
    s = (struct child_stack_context_s){ &a };
  }
  return s; // expected-warning {{Address of stack memory associated with local variable 'a' returned to caller}}
}

struct child_stack_context_s return_child_stack_context_field() {
  struct child_stack_context_s s;
  {
    int a = 1;
    s.p = &a;
  }
  return s; // expected-warning {{Address of stack memory associated with local variable 'a' returned to caller}}
}