Run DCE after a LoopFlatten test to reduce spurious output [nfc]
[llvm-project.git] / clang / test / Analysis / malloc-overflow.c
blob03fe15bccb62ee93f43efc3ec6cbc4c80f44211d
1 // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.MallocOverflow -verify %s
3 #define NULL ((void *) 0)
4 typedef __typeof__(sizeof(int)) size_t;
5 extern void * malloc(size_t);
7 void * f1(int n)
9 return malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
12 void * f2(int n)
14 return malloc(sizeof(int) * n); // // expected-warning {{the computation of the size of the memory allocation may overflow}}
17 void * f3(void)
19 return malloc(4 * sizeof(int)); // no-warning
22 struct s4
24 int n;
27 void * f4(struct s4 *s)
29 return malloc(s->n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
32 void * f5(struct s4 *s)
34 struct s4 s2 = *s;
35 return malloc(s2.n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
38 void * f6(int n)
40 return malloc((n + 1) * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
43 extern void * malloc (size_t);
45 void * f7(int n)
47 if (n > 10)
48 return NULL;
49 return malloc(n * sizeof(int)); // no-warning
52 void * f8(int n)
54 if (n < 10)
55 return malloc(n * sizeof(int)); // no-warning
56 else
57 return NULL;
60 void * f9(int n)
62 int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
63 for (int i = 0; i < n; i++)
64 x[i] = i;
65 return x;
68 void * f10(int n)
70 int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
71 int i = 0;
72 while (i < n)
73 x[i++] = 0;
74 return x;
77 void * f11(int n)
79 int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
80 int i = 0;
81 do {
82 x[i++] = 0;
83 } while (i < n);
84 return x;
87 void * f12(int n)
89 n = (n > 10 ? 10 : n);
90 int * x = malloc(n * sizeof(int)); // no-warning
91 for (int i = 0; i < n; i++)
92 x[i] = i;
93 return x;
96 struct s13
98 int n;
101 void * f13(struct s13 *s)
103 if (s->n > 10)
104 return NULL;
105 return malloc(s->n * sizeof(int)); // no-warning
108 void * f14(int n)
110 if (n < 0)
111 return NULL;
112 return malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
115 void *check_before_malloc(int n, int x) {
116 int *p = NULL;
117 if (n > 10)
118 return NULL;
119 if (x == 42)
120 p = malloc(n * sizeof(int)); // no-warning, the check precedes the allocation
122 // Do some other stuff, e.g. initialize the memory.
123 return p;
126 void *check_after_malloc(int n, int x) {
127 int *p = NULL;
128 if (x == 42)
129 p = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
131 // The check is after the allocation!
132 if (n > 10) {
133 // Do something conditionally.
135 return p;
138 #define GREATER_THAN(lhs, rhs) (lhs > rhs)
139 void *check_after_malloc_using_macros(int n, int x) {
140 int *p = NULL;
141 if (x == 42)
142 p = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
144 if (GREATER_THAN(n, 10))
145 return NULL;
147 // Do some other stuff, e.g. initialize the memory.
148 return p;
150 #undef GREATER_THAN