diff options
| author | dim <dim@FreeBSD.org> | 2013-04-08 18:45:10 +0000 |
|---|---|---|
| committer | dim <dim@FreeBSD.org> | 2013-04-08 18:45:10 +0000 |
| commit | c72c57c9e9b69944e3e009cd5e209634839581d3 (patch) | |
| tree | 4fc2f184c499d106f29a386c452b49e5197bf63d /test/Analysis/string.c | |
| parent | 5b20025c30d23d521e12c1f33ec8fa6b821952cd (diff) | |
| download | FreeBSD-src-c72c57c9e9b69944e3e009cd5e209634839581d3.zip FreeBSD-src-c72c57c9e9b69944e3e009cd5e209634839581d3.tar.gz | |
Vendor import of clang trunk r178860:
http://llvm.org/svn/llvm-project/cfe/trunk@178860
Diffstat (limited to 'test/Analysis/string.c')
| -rw-r--r-- | test/Analysis/string.c | 48 |
1 files changed, 31 insertions, 17 deletions
diff --git a/test/Analysis/string.c b/test/Analysis/string.c index fd836c4..74cf33c 100644 --- a/test/Analysis/string.c +++ b/test/Analysis/string.c @@ -279,12 +279,16 @@ void strcpy_fn_const(char *x) { strcpy(x, (const char*)&strcpy_fn); // expected-warning{{Argument to string copy function is the address of the function 'strcpy_fn', which is not a null-terminated string}} } +extern int globalInt; void strcpy_effects(char *x, char *y) { char a = x[0]; + if (globalInt != 42) + return; clang_analyzer_eval(strcpy(x, y) == x); // expected-warning{{TRUE}} clang_analyzer_eval(strlen(x) == strlen(y)); // expected-warning{{TRUE}} clang_analyzer_eval(a == x[0]); // expected-warning{{UNKNOWN}} + clang_analyzer_eval(globalInt == 42); // expected-warning{{TRUE}} } void strcpy_overflow(char *y) { @@ -410,12 +414,6 @@ void strcat_symbolic_dst_length(char *dst) { clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}} } -void strcat_symbolic_src_length(char *src) { - char dst[8] = "1234"; - strcat(dst, src); - clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{TRUE}} -} - void strcat_symbolic_dst_length_taint(char *dst) { scanf("%s", dst); // Taint data. strcat(dst, "1234"); @@ -521,17 +519,6 @@ void strncpy_exactly_matching_buffer(char *y) { clang_analyzer_eval(strlen(x) > 4); // expected-warning{{UNKNOWN}} } -void strncpy_exactly_matching_buffer2(char *y) { - if (strlen(y) >= 4) - return; - - char x[4]; - strncpy(x, y, 4); // no-warning - - // This time, we know that y fits in x anyway. - clang_analyzer_eval(strlen(x) <= 3); // expected-warning{{TRUE}} -} - void strncpy_zero(char *src) { char dst[] = "123"; strncpy(dst, src, 0); // no-warning @@ -1039,3 +1026,30 @@ void strncasecmp_diff_length_6() { void strncasecmp_embedded_null () { clang_analyzer_eval(strncasecmp("ab\0zz", "ab\0yy", 4) == 0); // expected-warning{{TRUE}} } + +//===----------------------------------------------------------------------=== +// FIXMEs +//===----------------------------------------------------------------------=== + +// The analyzer_eval call below should evaluate to true. We are being too +// aggressive in marking the (length of) src symbol dead. The length of dst +// depends on src. This could be explicitely specified in the checker or the +// logic for handling MetadataSymbol in SymbolManager needs to change. +void strcat_symbolic_src_length(char *src) { + char dst[8] = "1234"; + strcat(dst, src); + clang_analyzer_eval(strlen(dst) >= 4); // expected-warning{{UNKNOWN}} +} + +// The analyzer_eval call below should evaluate to true. Most likely the same +// issue as the test above. +void strncpy_exactly_matching_buffer2(char *y) { + if (strlen(y) >= 4) + return; + + char x[4]; + strncpy(x, y, 4); // no-warning + + // This time, we know that y fits in x anyway. + clang_analyzer_eval(strlen(x) <= 3); // expected-warning{{UNKNOWN}} +} |
