| blob | 23aa95bedccdca0a3af5bd774f1d649bf61877d9 |
1 // RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios11.0 -verify=available \
2 // RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
3 // RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios10.0 -verify=notavailable \
4 // RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
5 // RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.13 -verify=available \
6 // RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
7 // RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.12 -verify=notavailable \
8 // RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
9 // RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos4.0 -verify=available \
10 // RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
11 // RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos3.0 -verify=notavailable \
12 // RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
13 // RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos11.0 -verify=available \
14 // RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
15 // RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos10.0 -verify=notavailable \
16 // RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
18 // notavailable-no-diagnostics
20 typedef unsigned long NSUInteger;
22 @interface NSCoder
23 - (void)decodeValueOfObjCType:(const char *)type
24 at:(void *)data;
25 - (void)decodeValueOfObjCType:(const char *)type
26 at:(void *)data
27 size:(NSUInteger)size;
28 @end
30 void test(NSCoder *decoder) {
31 // This would be a vulnerability on 64-bit platforms
32 // but not on 32-bit platforms.
33 NSUInteger x;
34 [decoder decodeValueOfObjCType:"I" at:&x]; // available-warning{{Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method}}
35 [decoder decodeValueOfObjCType:"I" at:&x size:sizeof(x)]; // no-warning
36 }