Lines Matching +defs:buffer +defs:string

101 // Define string functions. Use builtin for some of them. They all default to
212   // special case that disables buffer overflow reports coming from the isXXXXX
262   char buffer[156];
268   sprintf(buffer, "/bin/mail %s < /tmp/email", addr);
269   system(buffer); // expected-warning {{Untrusted data is passed to a system call}}
278   // expected-warning@-1 {{'snprintf' will always be truncated; specified size is 10, but format string expands to at least 24}}
332   char buffer[100];
335   read(sock, buffer, 100);
336   execl(buffer, "filename", 0); // expected-warning {{Untrusted data is passed to a system call}}
339   read(sock, buffer, 100);
340   execl(buffer, "filename", 0); // no-warning
343   // References to both buffer and &buffer as an argument should taint the argument
344   read(sock, &buffer, 100);
345   execl(buffer, "filename", 0); // expected-warning {{Untrusted data is passed to a system call}}
354   char buffer[16];
393   char buffer[4];
398   __builtin_memcpy(buffer, tainted.y, tainted.x);
673 int fread(void *buffer, size_t size, size_t count, FILE *stream);
674 void testFread(const char *fname, int *buffer, size_t size, size_t count) {
676   size_t read = fread(buffer, size, count, f);
678   clang_analyzer_isTainted_int(*buffer); // expected-warning {{YES}}
747 int fnmatch(const char *pattern, const char *string, int flags);
749   char string[10];
750   scanf("%9s", string);
752   int result = fnmatch(pattern, string, flags);
1212   char buffer[1000];
1213   myScanf("%s", buffer); // makes buffer tainted
1214   system(buffer); // expected-warning {{Untrusted data is passed to a system call}}
1218   char buffer[1000];
1219   myScanf("%s", buffer); // makes buffer tainted
1220   sanitizeCmd(buffer); // removes taintedness
1221   system(buffer); // no-warning