llvm-project/clang/test/Analysis/cstring-syntax.c

// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s
// RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s
// RUN: %clang_analyze_cc1 -triple aarch64_be-none-linux-gnu -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s
// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s

typedef __SIZE_TYPE__ size_t;
char  *strncat(char *, const char *, size_t);
size_t strlen (const char *s);
size_t strlcpy(char *, const char *, size_t);

void testStrncat(const char *src) {
  char dest[10];
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // expected-warning {{Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API}}
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning {{Potential buffer overflow. Replace with}}
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning {{Potential buffer overflow. Replace with}}
  strncat(dest, src, sizeof(src)); // expected-warning {{Potential buffer overflow. Replace with}}
  // Should not crash when sizeof has a type argument.
  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(char));
}

void testStrlcpy(const char *src) {
  char dest[10];
  size_t destlen = sizeof(dest);
  size_t srclen = sizeof(src);
  size_t badlen = 20;
  size_t ulen;
  strlcpy(dest, src, sizeof(dest));
  strlcpy(dest, src, destlen);
  strlcpy(dest, src, 10);
  strlcpy(dest, src, 20); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}}
  strlcpy(dest, src, badlen); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}}
  strlcpy(dest, src, ulen);
  strlcpy(dest + 5, src, 5);
  strlcpy(dest + 5, src, 10); // expected-warning {{The third argument is larger than the size of the input buffer.}}
}
Reland 4: [analyzer] NFC: Update test infrastructure to support multiple constraint managers Summary: Replace calls to %clang/%clang_cc1 with %clang_analyze_cc1 when invoking static analyzer, and perform runtime substitution to select the appropriate constraint manager, per D28952. Reviewers: xazax.hun, NoQ, zaks.anna, dcoughlin Subscribers: mgorny, rgov, mikhail.ramalho, a.sidorin, cfe-commits Differential Revision: https://reviews.llvm.org/D30373 llvm-svn: 296895 2017-03-04 02:02:02 +08:00			`// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s`
[CStringSyntaxChecker] Fix build bot builds != x86 archs Reviewers: NoQ,george.karpenkov Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D49588 llvm-svn: 337611 2018-07-21 04:39:49 +08:00			`// RUN: %clang_analyze_cc1 -triple armv7-a15-linux -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s`
			`// RUN: %clang_analyze_cc1 -triple aarch64_be-none-linux-gnu -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s`
			`// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=unix.cstring.BadSizeArg -analyzer-store=region -Wno-strncat-size -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s`
[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407 2012-02-01 03:33:39 +08:00
			`typedef __SIZE_TYPE__ size_t;`
			`char strncat(char , const char *, size_t);`
			`size_t strlen (const char *s);`
[CStringSyntaxChecker] Check strlcpy sizeof syntax The last argument is expected to be the destination buffer size (or less). Detects if it points to destination buffer size directly or via a variable. Detects if it is an integral, try to detect if the destination buffer can receive the source length. Updating bsd-string.c unit tests as it make it fails now. Reviewers: george.karpenpov, NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D48884 llvm-svn: 337499 2018-07-20 05:50:03 +08:00			`size_t strlcpy(char , const char , size_t);`
[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407 2012-02-01 03:33:39 +08:00
			`void testStrncat(const char *src) {`
			`char dest[10];`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // expected-warning {{Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API}}`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning {{Potential buffer overflow. Replace with}}`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning {{Potential buffer overflow. Replace with}}`
			`strncat(dest, src, sizeof(src)); // expected-warning {{Potential buffer overflow. Replace with}}`
[analyzer] Fix an assertion fail in CStringSyntaxChecker. Differential Revision: https://reviews.llvm.org/D29384 llvm-svn: 293874 2017-02-02 16:20:54 +08:00			`// Should not crash when sizeof has a type argument.`
			`strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(char));`
[analyzer] Add checks for common anti-patterns in strncat. (Since this is syntax only, might be a good candidate for turning into a compiler warning.) llvm-svn: 149407 2012-02-01 03:33:39 +08:00			`}`
[CStringSyntaxChecker] Check strlcpy sizeof syntax The last argument is expected to be the destination buffer size (or less). Detects if it points to destination buffer size directly or via a variable. Detects if it is an integral, try to detect if the destination buffer can receive the source length. Updating bsd-string.c unit tests as it make it fails now. Reviewers: george.karpenpov, NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D48884 llvm-svn: 337499 2018-07-20 05:50:03 +08:00
			`void testStrlcpy(const char *src) {`
			`char dest[10];`
			`size_t destlen = sizeof(dest);`
			`size_t srclen = sizeof(src);`
			`size_t badlen = 20;`
			`size_t ulen;`
			`strlcpy(dest, src, sizeof(dest));`
			`strlcpy(dest, src, destlen);`
			`strlcpy(dest, src, 10);`
			strlcpy(dest, src, 20); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}}
			strlcpy(dest, src, badlen); // expected-warning {{The third argument is larger than the size of the input buffer. Replace with the value 'sizeof(dest)` or lower}}
			`strlcpy(dest, src, ulen);`
[CStringSyntaxChecker] Fix build bot builds != x86 archs Reviewers: NoQ,george.karpenkov Reviewed By: NoQ Differential Revision: https://reviews.llvm.org/D49588 llvm-svn: 337611 2018-07-21 04:39:49 +08:00			`strlcpy(dest + 5, src, 5);`
[CStringSyntaxChecker] Improvements of strlcpy check Adding an additional check whenwe offset fro the buffer base address. Reviewers: george.karpenkov,NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D49633 llvm-svn: 337721 2018-07-24 02:26:38 +08:00			`strlcpy(dest + 5, src, 10); // expected-warning {{The third argument is larger than the size of the input buffer.}}`
[CStringSyntaxChecker] Check strlcpy sizeof syntax The last argument is expected to be the destination buffer size (or less). Detects if it points to destination buffer size directly or via a variable. Detects if it is an integral, try to detect if the destination buffer can receive the source length. Updating bsd-string.c unit tests as it make it fails now. Reviewers: george.karpenpov, NoQ Reviewed By: george.karpenkov Differential Revision: https://reviews.llvm.org/D48884 llvm-svn: 337499 2018-07-20 05:50:03 +08:00			`}`