search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
[clang] Handle __declspec() attributes in using
[llvm-project.git] / clang / test / Analysis / malloc-overflow.c
blob03fe15bccb62ee93f43efc3ec6cbc4c80f44211d
1 // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.MallocOverflow -verify %s
2
3 #define NULL ((void *) 0)
4 typedef __typeof__(sizeof(int)) size_t;
5 extern void * malloc(size_t);
6
7 void * f1(int n)
8 {
9 return malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
10 }
11
12 void * f2(int n)
13 {
14 return malloc(sizeof(int) * n); // // expected-warning {{the computation of the size of the memory allocation may overflow}}
15 }
16
17 void * f3(void)
18 {
19 return malloc(4 * sizeof(int)); // no-warning
20 }
21
22 struct s4
23 {
24 int n;
25 };
26
27 void * f4(struct s4 *s)
28 {
29 return malloc(s->n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
30 }
31
32 void * f5(struct s4 *s)
33 {
34 struct s4 s2 = *s;
35 return malloc(s2.n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
36 }
37
38 void * f6(int n)
39 {
40 return malloc((n + 1) * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
41 }
42
43 extern void * malloc (size_t);
44
45 void * f7(int n)
46 {
47 if (n > 10)
48 return NULL;
49 return malloc(n * sizeof(int)); // no-warning
50 }
51
52 void * f8(int n)
53 {
54 if (n < 10)
55 return malloc(n * sizeof(int)); // no-warning
56 else
57 return NULL;
58 }
59
60 void * f9(int n)
61 {
62 int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
63 for (int i = 0; i < n; i++)
64 x[i] = i;
65 return x;
66 }
67
68 void * f10(int n)
69 {
70 int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
71 int i = 0;
72 while (i < n)
73 x[i++] = 0;
74 return x;
75 }
76
77 void * f11(int n)
78 {
79 int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
80 int i = 0;
81 do {
82 x[i++] = 0;
83 } while (i < n);
84 return x;
85 }
86
87 void * f12(int n)
88 {
89 n = (n > 10 ? 10 : n);
90 int * x = malloc(n * sizeof(int)); // no-warning
91 for (int i = 0; i < n; i++)
92 x[i] = i;
93 return x;
94 }
95
96 struct s13
97 {
98 int n;
99 };
100
101 void * f13(struct s13 *s)
102 {
103 if (s->n > 10)
104 return NULL;
105 return malloc(s->n * sizeof(int)); // no-warning
106 }
107
108 void * f14(int n)
109 {
110 if (n < 0)
111 return NULL;
112 return malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
113 }
114
115 void *check_before_malloc(int n, int x) {
116 int *p = NULL;
117 if (n > 10)
118 return NULL;
119 if (x == 42)
120 p = malloc(n * sizeof(int)); // no-warning, the check precedes the allocation
121
122 // Do some other stuff, e.g. initialize the memory.
123 return p;
124 }
125
126 void *check_after_malloc(int n, int x) {
127 int *p = NULL;
128 if (x == 42)
129 p = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
130
131 // The check is after the allocation!
132 if (n > 10) {
133 // Do something conditionally.
134 }
135 return p;
136 }
137
138 #define GREATER_THAN(lhs, rhs) (lhs > rhs)
139 void *check_after_malloc_using_macros(int n, int x) {
140 int *p = NULL;
141 if (x == 42)
142 p = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
143
144 if (GREATER_THAN(n, 10))
145 return NULL;
146
147 // Do some other stuff, e.g. initialize the memory.
148 return p;
149 }
150 #undef GREATER_THAN
LLVM monorepo