clang/test/Analysis/taint-checker-callback-order-without-definition.c

   1 // RUN: %clang_analyze_cc1 %s \
   2 // RUN:   -analyzer-checker=core,alpha.security.taint \
   3 // RUN:   -mllvm -debug-only=taint-checker \
   4 // RUN:   2>&1 | FileCheck %s
   5
   6 // REQUIRES: asserts
   7
   8 struct _IO_FILE;
   9 typedef struct _IO_FILE FILE;
  10 FILE *fopen(const char *fname, const char *mode);
  11
  12 char *fgets(char *s, int n, FILE *fp); // no-definition
  13
  14 void top(const char *fname, char *buf) {
  15   FILE *fp = fopen(fname, "r"); // Introduce taint.
  16   // CHECK:      PreCall<fopen(fname, "r")> prepares tainting arg index: -1
  17   // CHECK-NEXT: PostCall<fopen(fname, "r")> actually wants to taint arg index: -1
  18
  19   if (!fp)
  20     return;
  21
  22   (void)fgets(buf, 42, fp); // Trigger taint propagation.
  23
  24   // CHECK-NEXT: PreCall<fgets(buf, 42, fp)> prepares tainting arg index: -1
  25   // CHECK-NEXT: PreCall<fgets(buf, 42, fp)> prepares tainting arg index: 0
  26   // CHECK-NEXT: PreCall<fgets(buf, 42, fp)> prepares tainting arg index: 2
  27   //
  28   // CHECK-NEXT: PostCall<fgets(buf, 42, fp)> actually wants to taint arg index: -1
  29   // CHECK-NEXT: PostCall<fgets(buf, 42, fp)> actually wants to taint arg index: 0
  30   // CHECK-NEXT: PostCall<fgets(buf, 42, fp)> actually wants to taint arg index: 2
  31 }