xref: /llvm-project/clang/test/Analysis/string.cpp (revision 4dfa0216ba7849fde270f27e2358d4327fac988d) 
1 // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix,alpha.unix.cstring,debug.ExprInspection -verify %s
2 
3 // Test functions that are called "memcpy" but aren't the memcpy
4 // we're looking for. Unfortunately, this test cannot be put into
5 // a namespace. The out-of-class weird memcpy needs to be recognized
6 // as a normal C function for the test to make sense.
7 typedef __typeof(sizeof(int)) size_t;
8 void *memcpy(void *, const void *, size_t);
9 size_t strlen(const char *s);
10 
11 int sprintf(char *str, const char *format, ...);
12 int snprintf(char *str, size_t size, const char *format, ...);
13 
14 void clang_analyzer_warnIfReached();
15 
16 struct S {
17   static S s1, s2;
18 
19   // A weird overload within the class that accepts a structure reference
20   // instead of a pointer.
21   void memcpy(void *, const S &, size_t);
22   void test_in_class_weird_memcpy() {
23     memcpy(this, s2, 1); // no-crash
24   }
25 };
26 
27 // A similarly weird overload outside of the class.
28 void *memcpy(void *, const S &, size_t);
29 
30 void test_out_of_class_weird_memcpy() {
31   memcpy(&S::s1, S::s2, 1); // no-crash
32 }
33 
34 template<typename... Args>
35 void log(const char* fmt, const Args&... args) {
36   char buf[100] = {};
37   auto f = snprintf;
38   auto g = sprintf;
39   int n = 0;
40   n += f(buf, 99, fmt, args...); // no-crash: The CalleeDecl is a VarDecl, but it's okay.
41   n += g(buf, fmt, args...); // no-crash: Same.
42   (void)n;
43   clang_analyzer_warnIfReached(); // expected-warning {{REACHABLE}}
44 }
45 
46 void test_gh_74269_no_crash() {
47   log("%d", 1);
48 }
49 
50 struct TestNotNullTerm {
51   void test1() {
52     TestNotNullTerm * const &x = this;
53     strlen((char *)&x); // expected-warning{{Argument to string length function is not a null-terminated string}}
54   }
55 };
56 
57 void test_notcstring_tempobject() {
58   // FIXME: This warning from cstring.NotNullTerminated is a false positive.
59   // Handling of similar cases is not perfect in other cstring checkers.
60   // The fix would be a larger change in CStringChecker and affect multiple checkers.
61   strlen((char[]){'a', 0}); // expected-warning{{Argument to string length function is a C++ temp object of type char[2], which is not a null-terminated string}}
62 }
63