llvm-project/clang/test/Analysis/cstring-syntax.c

// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\
// RUN:                    -Wno-strncat-size -Wno-sizeof-pointer-memaccess     \
// RUN:                    -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument
// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\
// RUN:                    -Wno-strncat-size -Wno-sizeof-pointer-memaccess     \
// RUN:                    -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\
// RUN:                    -triple armv7-a15-linux
// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\
// RUN:                    -Wno-strncat-size -Wno-sizeof-pointer-memaccess     \
// RUN:                    -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\
// RUN:                    -triple aarch64_be-none-linux-gnu
// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\
// RUN:                    -Wno-strncat-size -Wno-sizeof-pointer-memaccess     \
// RUN:                    -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\
// RUN:                    -triple i386-apple-darwin10

typedef __SIZE_TYPE__ size_t;
char  *strncat(char *, const char *, size_t);
size_t strlen (const char *s);
size_t strlcpy(char *, const char *, size_t);
size_t strlcat(char *, const char *, size_t);

void testStrncat(const char *src) {
  char dest[10];
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // expected-warning {{Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API}}
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning {{Potential buffer overflow. Replace with}}
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning {{Potential buffer overflow. Replace with}}
  strncat(dest, src, sizeof(src)); // expected-warning {{Potential buffer overflow. Replace with}}
  // Should not crash when sizeof has a type argument.
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(char));
}

void testStrlcpy(const char *src) {
  char dest[10];
  size_t destlen = sizeof(dest);
  size_t srclen = sizeof(src);
  size_t badlen = 20;
  size_t ulen;
  strlcpy(dest, src, sizeof(dest));
  strlcpy(dest, src, destlen);
  strlcpy(dest, src, 10);
  strlcpy(dest, src, 20); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}
  strlcpy(dest, src, badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}
  strlcpy(dest, src, ulen);
  strlcpy(dest + 5, src, 5);
  strlcpy(dest + 5, src, 10); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}}
  strlcpy(dest, "aaaaaaaaaaaaaaa", 10); // no-warning
}

void testStrlcat(const char *src) {
  char dest[10];
  size_t badlen = 20;
  size_t ulen;
  strlcpy(dest, "aaaaa", sizeof("aaaaa") - 1);
  strlcat(dest, "bbbb", (sizeof("bbbb") - 1) - sizeof(dest) - 1);
  strlcpy(dest, "012345678", sizeof(dest));
  strlcat(dest, "910", sizeof(dest));
  strlcpy(dest, "0123456789", sizeof(dest));
  strlcpy(dest, "0123456789", sizeof(dest));
  strlcat(dest, "0123456789", badlen / 2);
  strlcat(dest, "0123456789", badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}
  strlcat(dest, "0123456789", badlen - strlen(dest) - 1);
  strlcat(dest, src, ulen);
  strlcpy(dest, src, 5);
  strlcat(dest + 5, src, badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}}
  strlcat(dest, "aaaaaaaaaaaaaaa", 10); // no-warning
}
[analyzer] Fix analyzer warnings on analyzer. Write tests for the actual crash that was found. Write comments and refactor code around 17 style bugs and suppress 3 false positives. Differential Revision: https://reviews.llvm.org/D66847 llvm-svn: 370246 2019-08-29 02:44:38 +08:00			`// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\`
			`// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \`
			`// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument`
			`// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\`
			`// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \`
			`// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\`
			`// RUN: -triple armv7-a15-linux`
			`// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\`
			`// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \`
			`// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\`
			`// RUN: -triple aarch64_be-none-linux-gnu`
			`// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\`
			`// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \`
			`// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\`
			`// RUN: -triple i386-apple-darwin10`
[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407 2012-02-01 03:33:39 +08:00
			`typedef __SIZE_TYPE__ size_t;`
			`char strncat(char , const char *, size_t);`
			`size_t strlen (const char *s);`
[CStringSyntaxChecker] Check strlcpy sizeof syntax The last argument is expected to be the destination buffer size (or less). Detects if it points to destination buffer size directly or via a variable. Detects if it is an integral, try to detect if the destination buffer can receive the source length. Updating bsd-string.c unit tests as it make it fails now. Reviewers: george.karpenpov, NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D48884 llvm-svn: 337499 2018-07-20 05:50:03 +08:00			`size_t strlcpy(char , const char , size_t);`
[CStringSyntaxChecker] Check strlcat sizeof check Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer. Advising the proper usual pattern. Reviewers: george.karpenkov, NoQ, MaskRay Reviewed By: MaskRay Differential Revision: https://reviews.llvm.org/D49722 llvm-svn: 342832 2018-09-23 16:30:17 +08:00			`size_t strlcat(char , const char , size_t);`
[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407 2012-02-01 03:33:39 +08:00
			`void testStrncat(const char *src) {`
			`char dest[10];`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // expected-warning {{Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API}}`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning {{Potential buffer overflow. Replace with}}`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning {{Potential buffer overflow. Replace with}}`
			`strncat(dest, src, sizeof(src)); // expected-warning {{Potential buffer overflow. Replace with}}`
[analyzer] Fix an assertion fail in CStringSyntaxChecker. Differential Revision: https://reviews.llvm.org/D29384 llvm-svn: 293874 2017-02-02 16:20:54 +08:00			`// Should not crash when sizeof has a type argument.`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(char));`
[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407 2012-02-01 03:33:39 +08:00			`}`
[CStringSyntaxChecker] Check strlcpy sizeof syntax The last argument is expected to be the destination buffer size (or less). Detects if it points to destination buffer size directly or via a variable. Detects if it is an integral, try to detect if the destination buffer can receive the source length. Updating bsd-string.c unit tests as it make it fails now. Reviewers: george.karpenpov, NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D48884 llvm-svn: 337499 2018-07-20 05:50:03 +08:00
			`void testStrlcpy(const char *src) {`
			`char dest[10];`
			`size_t destlen = sizeof(dest);`
			`size_t srclen = sizeof(src);`
			`size_t badlen = 20;`
			`size_t ulen;`
			`strlcpy(dest, src, sizeof(dest));`
			`strlcpy(dest, src, destlen);`
			`strlcpy(dest, src, 10);`
[CStringSyntaxChecker] Check strlcat sizeof check Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer. Advising the proper usual pattern. Reviewers: george.karpenkov, NoQ, MaskRay Reviewed By: MaskRay Differential Revision: https://reviews.llvm.org/D49722 llvm-svn: 342832 2018-09-23 16:30:17 +08:00			`strlcpy(dest, src, 20); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}`
			`strlcpy(dest, src, badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}`
[CStringSyntaxChecker] Check strlcpy sizeof syntax The last argument is expected to be the destination buffer size (or less). Detects if it points to destination buffer size directly or via a variable. Detects if it is an integral, try to detect if the destination buffer can receive the source length. Updating bsd-string.c unit tests as it make it fails now. Reviewers: george.karpenpov, NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D48884 llvm-svn: 337499 2018-07-20 05:50:03 +08:00			`strlcpy(dest, src, ulen);`
[CStringSyntaxChecker] Fix build bot builds != x86 archs Reviewers: NoQ,george.karpenkov Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D49588 llvm-svn: 337611 2018-07-21 04:39:49 +08:00			`strlcpy(dest + 5, src, 5);`
[CStringSyntaxChecker] Check strlcat sizeof check Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer. Advising the proper usual pattern. Reviewers: george.karpenkov, NoQ, MaskRay Reviewed By: MaskRay Differential Revision: https://reviews.llvm.org/D49722 llvm-svn: 342832 2018-09-23 16:30:17 +08:00			`strlcpy(dest + 5, src, 10); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}}`
[analyzer] CStringSyntaxChecks: Fix an off-by-one error in the strlcat() check. oth strlcat and strlcpy cut off their safe bound for the argument value at sizeof(destination). There's no need to subtract 1 in only one of these cases. Differential Revision: https://reviews.llvm.org/D57981 rdar://problem/47873212 llvm-svn: 353583 2019-02-09 07:59:52 +08:00			`strlcpy(dest, "aaaaaaaaaaaaaaa", 10); // no-warning`
[CStringSyntaxChecker] Check strlcat sizeof check Assuming strlcat is used with strlcpy we check as we can if the last argument does not equal os not larger than the buffer. Advising the proper usual pattern. Reviewers: george.karpenkov, NoQ, MaskRay Reviewed By: MaskRay Differential Revision: https://reviews.llvm.org/D49722 llvm-svn: 342832 2018-09-23 16:30:17 +08:00			`}`

			`void testStrlcat(const char *src) {`
			`char dest[10];`
			`size_t badlen = 20;`
			`size_t ulen;`
			`strlcpy(dest, "aaaaa", sizeof("aaaaa") - 1);`
			`strlcat(dest, "bbbb", (sizeof("bbbb") - 1) - sizeof(dest) - 1);`
			`strlcpy(dest, "012345678", sizeof(dest));`
			`strlcat(dest, "910", sizeof(dest));`
			`strlcpy(dest, "0123456789", sizeof(dest));`
			`strlcpy(dest, "0123456789", sizeof(dest));`
			`strlcat(dest, "0123456789", badlen / 2);`
			`strlcat(dest, "0123456789", badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}`
			`strlcat(dest, "0123456789", badlen - strlen(dest) - 1);`
			`strlcat(dest, src, ulen);`
			`strlcpy(dest, src, 5);`
			`strlcat(dest + 5, src, badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}}`
[analyzer] CStringSyntaxChecks: Fix an off-by-one error in the strlcat() check. oth strlcat and strlcpy cut off their safe bound for the argument value at sizeof(destination). There's no need to subtract 1 in only one of these cases. Differential Revision: https://reviews.llvm.org/D57981 rdar://problem/47873212 llvm-svn: 353583 2019-02-09 07:59:52 +08:00			`strlcat(dest, "aaaaaaaaaaaaaaa", 10); // no-warning`
[CStringSyntaxChecker] Check strlcpy sizeof syntax The last argument is expected to be the destination buffer size (or less). Detects if it points to destination buffer size directly or via a variable. Detects if it is an integral, try to detect if the destination buffer can receive the source length. Updating bsd-string.c unit tests as it make it fails now. Reviewers: george.karpenpov, NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D48884 llvm-svn: 337499 2018-07-20 05:50:03 +08:00			`}`