forked from OSchip/llvm-project
37 lines
2.0 KiB
Mathematica
37 lines
2.0 KiB
Mathematica
|
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios11.0 -verify=available \
|
||
|
// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
|
||
|
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios10.0 -verify=notavailable \
|
||
|
// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
|
||
|
// RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.13 -verify=available \
|
||
|
// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
|
||
|
// RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.12 -verify=notavailable \
|
||
|
// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
|
||
|
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos4.0 -verify=available \
|
||
|
// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
|
||
|
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos3.0 -verify=notavailable \
|
||
|
// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
|
||
|
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos11.0 -verify=available \
|
||
|
// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
|
||
|
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos10.0 -verify=notavailable \
|
||
|
// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
|
||
|
|
||
|
// notavailable-no-diagnostics
|
||
|
|
||
|
typedef unsigned long NSUInteger;
|
||
|
|
||
|
@interface NSCoder
|
||
|
- (void)decodeValueOfObjCType:(const char *)type
|
||
|
at:(void *)data;
|
||
|
- (void)decodeValueOfObjCType:(const char *)type
|
||
|
at:(void *)data
|
||
|
size:(NSUInteger)size;
|
||
|
@end
|
||
|
|
||
|
void test(NSCoder *decoder) {
|
||
|
// This would be a vulnerability on 64-bit platforms
|
||
|
// but not on 32-bit platforms.
|
||
|
NSUInteger x;
|
||
|
[decoder decodeValueOfObjCType:"I" at:&x]; // available-warning{{Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method}}
|
||
|
[decoder decodeValueOfObjCType:"I" at:&x size:sizeof(x)]; // no-warning
|
||
|
}
|