1 // RUN: %clang_analyze_cc1 -w -Wno-int-conversion -verify %s \
2 // RUN: -analyzer-checker=core \
3 // RUN: -analyzer-checker=unix.cstring.NullArg \
4 // RUN: -analyzer-checker=alpha.unix.cstring \
5 // RUN: -analyzer-checker=debug.ExprInspection
7 #define NULL ((void *)0)
9 typedef __typeof(sizeof(int)) size_t;
10 size_t strlcpy(char *dst
, const char *src
, size_t n
);
11 size_t strlcat(char *dst
, const char *src
, size_t n
);
12 size_t strlen(const char *s
);
13 void clang_analyzer_eval(int);
16 char overlap
[] = "123456789";
17 strlcpy(overlap
, overlap
+ 1, 3); // expected-warning{{Arguments must not be overlapping buffers}}
23 len
= strlcpy(buf
, "abcd", sizeof(buf
)); // expected-no-warning
24 clang_analyzer_eval(len
== 4); // expected-warning{{TRUE}}
25 len
= strlcat(buf
, "efgh", sizeof(buf
)); // expected-no-warning
26 clang_analyzer_eval(len
== 8); // expected-warning{{TRUE}}
31 const char *src
= "abdef";
32 strlcpy(dst
, src
, 5); // expected-warning{{String copy function overflows the destination buffer}}
36 strlcpy(NULL
, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string copy function}}
40 strlcat(NULL
, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}}
45 strlcpy(buf
, "abc", 3);
46 size_t len
= strlcat(buf
, "defg", 4);
47 clang_analyzer_eval(len
== 7); // expected-warning{{TRUE}}
52 return strlcpy(buf
, "1234567", 0); // no-crash
60 len
= strlcpy(buf
,"123", sizeof(buf
));
61 clang_analyzer_eval(len
==3);// expected-warning{{TRUE}}
63 clang_analyzer_eval(len
==3);// expected-warning{{TRUE}}
65 // testing bounded strlcat
66 len
= strlcat(buf
,"456", sizeof(buf
));
67 clang_analyzer_eval(len
==6);// expected-warning{{TRUE}}
69 clang_analyzer_eval(len
==4);// expected-warning{{TRUE}}
71 // testing strlcat with size==0
72 len
= strlcat(buf
,"789", 0);
73 clang_analyzer_eval(len
==7);// expected-warning{{TRUE}}
75 clang_analyzer_eval(len
==4);// expected-warning{{TRUE}}
77 // testing strlcpy with size==0
78 len
= strlcpy(buf
,"123",0);
79 clang_analyzer_eval(len
==3);// expected-warning{{TRUE}}
81 clang_analyzer_eval(len
==4);// expected-warning{{TRUE}}
85 void f9(int unknown_size
, char* unknown_src
, char* unknown_dst
){
89 len
= strlcpy(buf
,"abba",sizeof(buf
));
91 clang_analyzer_eval(len
==4);// expected-warning{{TRUE}}
92 clang_analyzer_eval(strlen(buf
)==4);// expected-warning{{TRUE}}
95 len
= strlcat(buf
,"cd", unknown_size
);
96 clang_analyzer_eval(len
==6);// expected-warning{{TRUE}}
97 clang_analyzer_eval(strlen(buf
)>=4);// expected-warning{{TRUE}}
100 len
= strlcpy(unknown_dst
,"abbc",unknown_size
);
101 clang_analyzer_eval(len
==4);// expected-warning{{TRUE}}
102 clang_analyzer_eval(strlen(unknown_dst
));// expected-warning{{UNKNOWN}}
105 len
= strlcpy(buf
,unknown_src
, sizeof(buf
));
106 clang_analyzer_eval(len
);// expected-warning{{UNKNOWN}}
107 clang_analyzer_eval(strlen(buf
));// expected-warning{{UNKNOWN}}
109 //src, dst is unknown
110 len
= strlcpy(unknown_dst
, unknown_src
, unknown_size
);
111 clang_analyzer_eval(len
);// expected-warning{{UNKNOWN}}
112 clang_analyzer_eval(strlen(unknown_dst
));// expected-warning{{UNKNOWN}}
115 len
= strlcat(buf
+ 2, unknown_src
+ 1, sizeof(buf
));
116 // expected-warning@-1 {{String concatenation function overflows the destination buffer}}
123 len
= strlcpy(buf
,"abba",sizeof(buf
));
124 clang_analyzer_eval(len
==4);// expected-warning{{TRUE}}
125 strlcat(buf
, "efghi", 9);
126 // expected-warning@-1 {{String concatenation function overflows the destination buffer}}
132 strlcpy(a
, "world", sizeof(a
));
133 strlcpy(b
, "hello ", sizeof(b
));
134 strlcat(b
, a
, sizeof(b
)); // no-warning
138 void unknown_val_crash(void) {
139 // We're unable to evaluate the integer-to-pointer cast.
140 strlcat(&b
, a
, 0); // no-crash
