xref: /llvm-project/clang/test/Analysis/bsd-string.c (revision e06b5a2435f2e4d422dfcf099ba5e4b9b2573fa9) 
1 // RUN: %clang_analyze_cc1 -w -Wno-int-conversion -verify %s \
2 // RUN:   -analyzer-checker=core \
3 // RUN:   -analyzer-checker=unix.cstring.NullArg \
4 // RUN:   -analyzer-checker=alpha.unix.cstring \
5 // RUN:   -analyzer-checker=debug.ExprInspection
6 
7 #define NULL ((void *)0)
8 
9 typedef __typeof(sizeof(int)) size_t;
10 size_t strlcpy(char *restrict dst, const char *restrict src, size_t n);
11 size_t strlcat(char *restrict dst, const char *restrict src, size_t n);
12 size_t strlen(const char *s);
13 void clang_analyzer_eval(int);
14 
f1(void)15 void f1(void) {
16   char overlap[] = "123456789";
17   strlcpy(overlap, overlap + 1, 3); // expected-warning{{Arguments must not be overlapping buffers}}
18 }
19 
f2(void)20 void f2(void) {
21   char buf[5];
22   size_t len;
23   len = strlcpy(buf, "abcd", sizeof(buf)); // expected-no-warning
24   clang_analyzer_eval(len == 4); // expected-warning{{TRUE}}
25   len = strlcat(buf, "efgh", sizeof(buf)); // expected-no-warning
26   clang_analyzer_eval(len == 8); // expected-warning{{TRUE}}
27 }
28 
f3(void)29 void f3(void) {
30   char dst[2];
31   const char *src = "abdef";
32   strlcpy(dst, src, 5); // expected-warning{{String copy function overflows the destination buffer}}
33 }
34 
f4(void)35 void f4(void) {
36   strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string copy function}}
37 }
38 
f5(void)39 void f5(void) {
40   strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}}
41 }
42 
f6(void)43 void f6(void) {
44   char buf[8];
45   strlcpy(buf, "abc", 3);
46   size_t len = strlcat(buf, "defg", 4);
47   clang_analyzer_eval(len == 7); // expected-warning{{TRUE}}
48 }
49 
f7(void)50 int f7(void) {
51   char buf[8];
52   return strlcpy(buf, "1234567", 0); // no-crash
53 }
54 
f8(void)55 void f8(void){
56   char buf[5];
57   size_t len;
58 
59   // basic strlcpy
60   len = strlcpy(buf,"123", sizeof(buf));
61   clang_analyzer_eval(len==3);// expected-warning{{TRUE}}
62   len = strlen(buf);
63   clang_analyzer_eval(len==3);// expected-warning{{TRUE}}
64 
65   // testing bounded strlcat
66   len = strlcat(buf,"456", sizeof(buf));
67   clang_analyzer_eval(len==6);// expected-warning{{TRUE}}
68   len = strlen(buf);
69   clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
70 
71   // testing strlcat with size==0
72   len = strlcat(buf,"789", 0);
73   clang_analyzer_eval(len==7);// expected-warning{{TRUE}}
74   len = strlen(buf);
75   clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
76 
77   // testing strlcpy with size==0
78   len = strlcpy(buf,"123",0);
79   clang_analyzer_eval(len==3);// expected-warning{{TRUE}}
80   len = strlen(buf);
81   clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
82 
83 }
84 
f9(int unknown_size,char * unknown_src,char * unknown_dst)85 void f9(int unknown_size, char* unknown_src, char* unknown_dst){
86   char buf[8];
87   size_t len;
88 
89   len = strlcpy(buf,"abba",sizeof(buf));
90 
91   clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
92   clang_analyzer_eval(strlen(buf)==4);// expected-warning{{TRUE}}
93 
94   //size is unknown
95   len = strlcat(buf,"cd", unknown_size);
96   clang_analyzer_eval(len==6);// expected-warning{{TRUE}}
97   clang_analyzer_eval(strlen(buf)>=4);// expected-warning{{TRUE}}
98 
99   //dst is unknown
100   len = strlcpy(unknown_dst,"abbc",unknown_size);
101   clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
102   clang_analyzer_eval(strlen(unknown_dst));// expected-warning{{UNKNOWN}}
103 
104   //src is unknown
105   len = strlcpy(buf,unknown_src, sizeof(buf));
106   clang_analyzer_eval(len);// expected-warning{{UNKNOWN}}
107   clang_analyzer_eval(strlen(buf));// expected-warning{{UNKNOWN}}
108 
109   //src, dst is unknown
110   len = strlcpy(unknown_dst, unknown_src, unknown_size);
111   clang_analyzer_eval(len);// expected-warning{{UNKNOWN}}
112   clang_analyzer_eval(strlen(unknown_dst));// expected-warning{{UNKNOWN}}
113 
114   //size is unknown
115   len = strlcat(buf + 2, unknown_src + 1, sizeof(buf));
116   // expected-warning@-1 {{String concatenation function overflows the destination buffer}}
117 }
118 
f10(void)119 void f10(void){
120   char buf[8];
121   size_t len;
122 
123   len = strlcpy(buf,"abba",sizeof(buf));
124   clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
125   strlcat(buf, "efghi", 9);
126   // expected-warning@-1 {{String concatenation function overflows the destination buffer}}
127 }
128 
f11(void)129 void f11(void) {
130   //test for Bug 41729
131   char a[256], b[256];
132   strlcpy(a, "world", sizeof(a));
133   strlcpy(b, "hello ", sizeof(b));
134   strlcat(b, a, sizeof(b)); // no-warning
135 }
136 
137 int a, b;
unknown_val_crash(void)138 void unknown_val_crash(void) {
139   // We're unable to evaluate the integer-to-pointer cast.
140   strlcat(&b, a, 0); // no-crash
141 }
142