clang/test/Analysis/taint-checker-callback-order-has-definition.c

   1 // RUN: %clang_analyze_cc1 %s \
   2 // RUN:   -analyzer-checker=core,alpha.security.taint \
   3 // RUN:   -mllvm -debug-only=taint-checker \
   4 // RUN:   2>&1 | FileCheck %s
   5
   6 // REQUIRES: asserts
   7
   8 struct _IO_FILE;
   9 typedef struct _IO_FILE FILE;
  10 FILE *fopen(const char *fname, const char *mode);
  11
  12 void nested_call(void) {}
  13
  14 char *fgets(char *s, int n, FILE *fp) {
  15   nested_call();   // no-crash: we should not try adding taint to a non-existent argument.
  16   return (char *)0;
  17 }
  18
  19 void top(const char *fname, char *buf) {
  20   FILE *fp = fopen(fname, "r");
  21   // CHECK:      PreCall<fopen(fname, "r")> prepares tainting arg index: -1
  22   // CHECK-NEXT: PostCall<fopen(fname, "r")> actually wants to taint arg index: -1
  23
  24   if (!fp)
  25     return;
  26
  27   (void)fgets(buf, 42, fp); // Trigger taint propagation.
  28   // CHECK-NEXT: PreCall<fgets(buf, 42, fp)> prepares tainting arg index: -1
  29   // CHECK-NEXT: PreCall<fgets(buf, 42, fp)> prepares tainting arg index: 0
  30   // CHECK-NEXT: PreCall<fgets(buf, 42, fp)> prepares tainting arg index: 2
  31   //
  32   // CHECK-NEXT: PostCall<fgets(buf, 42, fp)> actually wants to taint arg index: -1
  33   // CHECK-NEXT: PostCall<fgets(buf, 42, fp)> actually wants to taint arg index: 0
  34   // CHECK-NEXT: PostCall<fgets(buf, 42, fp)> actually wants to taint arg index: 2
  35 }