1 // RUN: %clang_analyze_cc1 %s -verify \
2 // RUN: -analyzer-checker=security.insecureAPI
3 // RUN: %clang_analyze_cc1 %s -verify -std=gnu11 \
4 // RUN: -analyzer-checker=security.insecureAPI
5 // RUN: %clang_analyze_cc1 %s -verify -std=gnu99 \
6 // RUN: -analyzer-checker=security.insecureAPI
7
8 #include "Inputs/system-header-simulator.h"
9
10 extern FILE *fp;
11 extern char buf[128];
12
builtin_function_call_crash_fixes(char * c)13 void builtin_function_call_crash_fixes(char *c) {
14 __builtin_strncpy(c, "", 6);
15 __builtin_memset(c, '\0', (0));
16 __builtin_memcpy(c, c, 0);
17 __builtin_sprintf(buf, "%s", c);
18 __builtin_fprintf(fp, "%s", c);
19
20 #if __STDC_VERSION__ > 199901
21 // expected-warning@-7{{Call to function 'strncpy' is insecure as it does not provide security checks introduced in the C11 standard.}}
22 // expected-warning@-7{{Call to function 'memset' is insecure as it does not provide security checks introduced in the C11 standard.}}
23 // expected-warning@-7{{Call to function 'memcpy' is insecure as it does not provide security checks introduced in the C11 standard.}}
24 // expected-warning@-7{{Call to function 'sprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard.}}
25 // expected-warning@-7{{Call to function 'fprintf' is insecure as it does not provide bounding of the memory buffer or security checks introduced in the C11 standard.}}
26 #else
27 // expected-no-diagnostics
28 #endif
29 }
30