From f986380b14305f8fbe2a653530689337a86669a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Tue, 12 Mar 2019 09:10:19 +0100 Subject: [PATCH] Added test/testsuites folder My idea with this folder is to collect external suitable test cases so we can test Cppcheck on these. --- test/testsuites/clang/outofbound.c | 128 +++++++++++++++++++++++++++++ test/testsuites/clang/readme.txt | 3 + 2 files changed, 131 insertions(+) create mode 100644 test/testsuites/clang/outofbound.c create mode 100644 test/testsuites/clang/readme.txt diff --git a/test/testsuites/clang/outofbound.c b/test/testsuites/clang/outofbound.c new file mode 100644 index 000000000..60190b4bc --- /dev/null +++ b/test/testsuites/clang/outofbound.c @@ -0,0 +1,128 @@ +// RUN: %clang_analyze_cc1 -Wno-array-bounds -analyzer-store=region -verify %s \ +// RUN: -analyzer-checker=core \ +// RUN: -analyzer-checker=unix \ +// RUN: -analyzer-checker=alpha.security.ArrayBound \ +// RUN: -analyzer-config unix.DynamicMemoryModeling:Optimistic=true + +typedef __typeof(sizeof(int)) size_t; +void *malloc(size_t); +void *calloc(size_t, size_t); + +char f1() { + char* s = "abcd"; + char c = s[4]; // no-warning + return s[5] + c; // expected-warning{{Access out-of-bound array element (buffer overflow)}} +} + +void f2() { + int *p = malloc(12); + p[3] = 4; // expected-warning{{Access out-of-bound array element (buffer overflow)}} +} + +struct three_words { + int c[3]; +}; + +struct seven_words { + int c[7]; +}; + +void f3() { + struct three_words a, *p; + p = &a; + p[0] = a; // no-warning + p[1] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} +} + +void f4() { + struct seven_words c; + struct three_words a, *p = (struct three_words *)&c; + p[0] = a; // no-warning + p[1] = a; // no-warning + p[2] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}} +} + +void f5() { + char *p = calloc(2,2); + p[3] = '.'; // no-warning + p[4] = '!'; // expected-warning{{out-of-bound}} +} + +void f6() { + char a[2]; + int *b = (int*)a; + b[1] = 3; // expected-warning{{out-of-bound}} +} + +void f7() { + struct three_words a; + a.c[3] = 1; // expected-warning{{out-of-bound}} +} + +void vla(int a) { + if (a == 5) { + int x[a]; + x[4] = 4; // no-warning + x[5] = 5; // expected-warning{{out-of-bound}} + } +} + +void alloca_region(int a) { + if (a == 5) { + char *x = __builtin_alloca(a); + x[4] = 4; // no-warning + x[5] = 5; // expected-warning{{out-of-bound}} + } +} + +int symbolic_index(int a) { + int x[2] = {1, 2}; + if (a == 2) { + return x[a]; // expected-warning{{out-of-bound}} + } + return 0; +} + +int symbolic_index2(int a) { + int x[2] = {1, 2}; + if (a < 0) { + return x[a]; // expected-warning{{out-of-bound}} + } + return 0; +} + +int overflow_binary_search(double in) { + int eee = 16; + if (in < 1e-8 || in > 1e23) { + return 0; + } else { + static const double ins[] = {1e-8, 1e-7, 1e-6, 1e-5, 1e-4, 1e-3, 1e-2, 1e-1, + 1e0, 1e1, 1e2, 1e3, 1e4, 1e5, 1e6, 1e7, + 1e8, 1e9, 1e10, 1e11, 1e12, 1e13, 1e14, 1e15, + 1e16, 1e17, 1e18, 1e19, 1e20, 1e21, 1e22}; + if (in < ins[eee]) { + eee -= 8; + } else { + eee += 8; + } + if (in < ins[eee]) { + eee -= 4; + } else { + eee += 4; + } + if (in < ins[eee]) { + eee -= 2; + } else { + eee += 2; + } + if (in < ins[eee]) { + eee -= 1; + } else { + eee += 1; + } + if (in < ins[eee]) { // expected-warning {{Access out-of-bound array element (buffer overflow)}} + eee -= 1; + } + } + return eee; +} diff --git a/test/testsuites/clang/readme.txt b/test/testsuites/clang/readme.txt new file mode 100644 index 000000000..aac49ec20 --- /dev/null +++ b/test/testsuites/clang/readme.txt @@ -0,0 +1,3 @@ +arrayIndexOutOfBounds: +~/llvm/tools/clang/test/Analysis/outofbound.c +