1 // RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 %s -verify
2 // RUN: %clang_cc1 -triple x86_64-apple-macosx10.14.0 %s -verify -DUSE_BUILTINS
3 // RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 %s -verify
4 // RUN: %clang_cc1 -xc++ -triple x86_64-apple-macosx10.14.0 %s -verify -DUSE_BUILTINS
5
6 typedef unsigned long size_t;
7
8 #ifdef __cplusplus
9 extern "C" {
10 #endif
11
12 extern int sprintf(char *str, const char *format, ...);
13
14 #if defined(USE_BUILTINS)
15 #define memcpy(x,y,z) __builtin_memcpy(x,y,z)
16 #else
17 void *memcpy(void *dst, const void *src, size_t c);
18 #endif
19
20 #ifdef __cplusplus
21 }
22 #endif
23
call_memcpy(void)24 void call_memcpy(void) {
25 char dst[10];
26 char src[20];
27 memcpy(dst, src, 20); // expected-warning {{memcpy' will always overflow; destination buffer has size 10, but size argument is 20}}
28
29 if (sizeof(dst) == sizeof(src))
30 memcpy(dst, src, 20); // no warning, unreachable
31 }
32
call_memcpy_type(void)33 void call_memcpy_type(void) {
34 struct pair {
35 int first;
36 int second;
37 };
38 struct pair p;
39 char buf[20];
40 memcpy(&p.first, buf, 20); // expected-warning {{memcpy' will always overflow; destination buffer has size 8, but size argument is 20}}
41 }
42
call_strncat(void)43 void call_strncat(void) {
44 char s1[10], s2[20];
45 __builtin_strncat(s2, s1, 20);
46 __builtin_strncat(s1, s2, 20); // expected-warning {{'strncat' size argument is too large; destination buffer has size 10, but size argument is 20}}
47 }
48
call_strncpy(void)49 void call_strncpy(void) {
50 char s1[10], s2[20];
51 __builtin_strncpy(s2, s1, 20);
52 __builtin_strncpy(s1, s2, 20); // expected-warning {{'strncpy' size argument is too large; destination buffer has size 10, but size argument is 20}}
53 }
54
call_stpncpy(void)55 void call_stpncpy(void) {
56 char s1[10], s2[20];
57 __builtin_stpncpy(s2, s1, 20);
58 __builtin_stpncpy(s1, s2, 20); // expected-warning {{'stpncpy' size argument is too large; destination buffer has size 10, but size argument is 20}}
59 }
60
call_strcpy(void)61 void call_strcpy(void) {
62 const char *const src = "abcd";
63 char dst[4];
64 __builtin_strcpy(dst, src); // expected-warning {{'strcpy' will always overflow; destination buffer has size 4, but the source string has length 5 (including NUL byte)}}
65 }
66
call_strcpy_nowarn(void)67 void call_strcpy_nowarn(void) {
68 const char *const src = "abcd";
69 char dst[5];
70 // We should not get a warning here.
71 __builtin_strcpy(dst, src);
72 }
73
call_memmove(void)74 void call_memmove(void) {
75 char s1[10], s2[20];
76 __builtin_memmove(s2, s1, 20);
77 __builtin_memmove(s1, s2, 20); // expected-warning {{'memmove' will always overflow; destination buffer has size 10, but size argument is 20}}
78 }
79
call_memset(void)80 void call_memset(void) {
81 char buf[10];
82 __builtin_memset(buf, 0xff, 10);
83 __builtin_memset(buf, 0xff, 11); // expected-warning {{'memset' will always overflow; destination buffer has size 10, but size argument is 11}}
84 }
85
call_snprintf(double d,int n)86 void call_snprintf(double d, int n) {
87 char buf[10];
88 __builtin_snprintf(buf, 10, "merp");
89 __builtin_snprintf(buf, 11, "merp"); // expected-warning {{'snprintf' size argument is too large; destination buffer has size 10, but size argument is 11}}
90 __builtin_snprintf(buf, 0, "merp");
91 __builtin_snprintf(buf, 3, "merp"); // expected-warning {{'snprintf' will always be truncated; specified size is 3, but format string expands to at least 5}}
92 __builtin_snprintf(buf, 4, "merp"); // expected-warning {{'snprintf' will always be truncated; specified size is 4, but format string expands to at least 5}}
93 __builtin_snprintf(buf, 5, "merp");
94 __builtin_snprintf(buf, 1, "%.1000g", d); // expected-warning {{'snprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
95 __builtin_snprintf(buf, 5, "%.1000g", d);
96 __builtin_snprintf(buf, 5, "%.1000G", d);
97 __builtin_snprintf(buf, 10, " %#08x", n);
98 __builtin_snprintf(buf, 2, "%#x", n);
99 __builtin_snprintf(buf, 2, "%#X", n);
100 __builtin_snprintf(buf, 2, "%#o", n);
101 __builtin_snprintf(buf, 1, "%#x", n); // expected-warning {{'snprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
102 __builtin_snprintf(buf, 1, "%#X", n); // expected-warning {{'snprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
103 __builtin_snprintf(buf, 1, "%#o", n); // expected-warning {{'snprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
104 }
105
call_vsnprintf(void)106 void call_vsnprintf(void) {
107 char buf[10];
108 __builtin_va_list list;
109 __builtin_vsnprintf(buf, 10, "merp", list);
110 __builtin_vsnprintf(buf, 11, "merp", list); // expected-warning {{'vsnprintf' size argument is too large; destination buffer has size 10, but size argument is 11}}
111 __builtin_vsnprintf(buf, 0, "merp", list);
112 __builtin_vsnprintf(buf, 3, "merp", list); // expected-warning {{'vsnprintf' will always be truncated; specified size is 3, but format string expands to at least 5}}
113 __builtin_vsnprintf(buf, 4, "merp", list); // expected-warning {{'vsnprintf' will always be truncated; specified size is 4, but format string expands to at least 5}}
114 __builtin_vsnprintf(buf, 5, "merp", list);
115 __builtin_vsnprintf(buf, 1, "%.1000g", list); // expected-warning {{'vsnprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
116 __builtin_vsnprintf(buf, 5, "%.1000g", list);
117 __builtin_vsnprintf(buf, 5, "%.1000G", list);
118 __builtin_vsnprintf(buf, 10, " %#08x", list);
119 __builtin_vsnprintf(buf, 2, "%#x", list);
120 __builtin_vsnprintf(buf, 2, "%#X", list);
121 __builtin_vsnprintf(buf, 2, "%#o", list);
122 __builtin_vsnprintf(buf, 1, "%#x", list); // expected-warning {{'vsnprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
123 __builtin_vsnprintf(buf, 1, "%#X", list); // expected-warning {{'vsnprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
124 __builtin_vsnprintf(buf, 1, "%#o", list); // expected-warning {{'vsnprintf' will always be truncated; specified size is 1, but format string expands to at least 2}}
125 }
126
call_sprintf_chk(char * buf)127 void call_sprintf_chk(char *buf) {
128 __builtin___sprintf_chk(buf, 1, 6, "hell\n");
129 __builtin___sprintf_chk(buf, 1, 5, "hell\n"); // expected-warning {{'sprintf' will always overflow; destination buffer has size 5, but format string expands to at least 6}}
130 __builtin___sprintf_chk(buf, 1, 6, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}}
131 __builtin___sprintf_chk(buf, 1, 2, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}} \
132 // expected-warning {{'sprintf' will always overflow; destination buffer has size 2, but format string expands to at least 5}}
133 __builtin___sprintf_chk(buf, 1, 6, "hello");
134 __builtin___sprintf_chk(buf, 1, 5, "hello"); // expected-warning {{'sprintf' will always overflow; destination buffer has size 5, but format string expands to at least 6}}
135 __builtin___sprintf_chk(buf, 1, 2, "%c", '9');
136 __builtin___sprintf_chk(buf, 1, 1, "%c", '9'); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
137 __builtin___sprintf_chk(buf, 1, 2, "%d", 9);
138 __builtin___sprintf_chk(buf, 1, 1, "%d", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
139 __builtin___sprintf_chk(buf, 1, 2, "%i", 9);
140 __builtin___sprintf_chk(buf, 1, 1, "%i", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
141 __builtin___sprintf_chk(buf, 1, 2, "%o", 9);
142 __builtin___sprintf_chk(buf, 1, 1, "%o", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
143 __builtin___sprintf_chk(buf, 1, 2, "%u", 9);
144 __builtin___sprintf_chk(buf, 1, 1, "%u", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
145 __builtin___sprintf_chk(buf, 1, 2, "%x", 9);
146 __builtin___sprintf_chk(buf, 1, 1, "%x", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
147 __builtin___sprintf_chk(buf, 1, 2, "%X", 9);
148 __builtin___sprintf_chk(buf, 1, 1, "%X", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
149 __builtin___sprintf_chk(buf, 1, 2, "%hhd", (char)9);
150 __builtin___sprintf_chk(buf, 1, 1, "%hhd", (char)9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
151 __builtin___sprintf_chk(buf, 1, 2, "%hd", (short)9);
152 __builtin___sprintf_chk(buf, 1, 1, "%hd", (short)9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
153 __builtin___sprintf_chk(buf, 1, 2, "%ld", 9l);
154 __builtin___sprintf_chk(buf, 1, 1, "%ld", 9l); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
155 __builtin___sprintf_chk(buf, 1, 2, "%lld", 9ll);
156 __builtin___sprintf_chk(buf, 1, 1, "%lld", 9ll); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
157 __builtin___sprintf_chk(buf, 1, 2, "%%");
158 __builtin___sprintf_chk(buf, 1, 1, "%%"); // expected-warning {{'sprintf' will always overflow; destination buffer has size 1, but format string expands to at least 2}}
159 __builtin___sprintf_chk(buf, 1, 4, "%#x", 9);
160 __builtin___sprintf_chk(buf, 1, 3, "%#x", 9);
161 __builtin___sprintf_chk(buf, 1, 4, "%p", (void *)9);
162 __builtin___sprintf_chk(buf, 1, 3, "%p", (void *)9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 3, but format string expands to at least 4}}
163 __builtin___sprintf_chk(buf, 1, 3, "%+d", 9);
164 __builtin___sprintf_chk(buf, 1, 2, "%+d", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 2, but format string expands to at least 3}}
165 __builtin___sprintf_chk(buf, 1, 3, "% i", 9);
166 __builtin___sprintf_chk(buf, 1, 2, "% i", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 2, but format string expands to at least 3}}
167 __builtin___sprintf_chk(buf, 1, 6, "%5d", 9);
168 __builtin___sprintf_chk(buf, 1, 5, "%5d", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 5, but format string expands to at least 6}}
169 __builtin___sprintf_chk(buf, 1, 9, "%f", 9.f);
170 __builtin___sprintf_chk(buf, 1, 8, "%f", 9.f); // expected-warning {{'sprintf' will always overflow; destination buffer has size 8, but format string expands to at least 9}}
171 __builtin___sprintf_chk(buf, 1, 9, "%Lf", (long double)9.);
172 __builtin___sprintf_chk(buf, 1, 8, "%Lf", (long double)9.); // expected-warning {{'sprintf' will always overflow; destination buffer has size 8, but format string expands to at least 9}}
173 __builtin___sprintf_chk(buf, 1, 10, "%+f", 9.f);
174 __builtin___sprintf_chk(buf, 1, 9, "%+f", 9.f); // expected-warning {{'sprintf' will always overflow; destination buffer has size 9, but format string expands to at least 10}}
175 __builtin___sprintf_chk(buf, 1, 12, "%e", 9.f);
176 __builtin___sprintf_chk(buf, 1, 11, "%e", 9.f); // expected-warning {{'sprintf' will always overflow; destination buffer has size 11, but format string expands to at least 12}}
177 }
178
call_sprintf(void)179 void call_sprintf(void) {
180 char buf[6];
181 sprintf(buf, "hell\0 boy"); // expected-warning {{format string contains '\0' within the string body}}
182 sprintf(buf, "hello b\0y"); // expected-warning {{format string contains '\0' within the string body}} \
183 // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 8}}
184 sprintf(buf, "hello");
185 sprintf(buf, "hello!"); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
186 sprintf(buf, "1234%%");
187 sprintf(buf, "12345%%"); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
188 sprintf(buf, "1234%c", '9');
189 sprintf(buf, "12345%c", '9'); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
190 sprintf(buf, "1234%d", 9);
191 sprintf(buf, "12345%d", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
192 sprintf(buf, "1234%lld", 9ll);
193 sprintf(buf, "12345%lld", 9ll); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
194 sprintf(buf, "12%#x", 9);
195 sprintf(buf, "123%#x", 9);
196 sprintf(buf, "12%p", (void *)9);
197 sprintf(buf, "123%p", (void *)9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
198 sprintf(buf, "123%+d", 9);
199 sprintf(buf, "1234%+d", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
200 sprintf(buf, "123% i", 9);
201 sprintf(buf, "1234% i", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
202 sprintf(buf, "%5d", 9);
203 sprintf(buf, "1%5d", 9); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
204 sprintf(buf, "%.3f", 9.f);
205 sprintf(buf, "5%.3f", 9.f); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
206 sprintf(buf, "%+.2f", 9.f);
207 sprintf(buf, "%+.3f", 9.f); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 7}}
208 sprintf(buf, "%.0e", 9.f);
209 sprintf(buf, "5%.1e", 9.f); // expected-warning {{'sprintf' will always overflow; destination buffer has size 6, but format string expands to at least 8}}
210 }
211
212 #ifdef __cplusplus
213 template <class> struct S {
mfS214 void mf() const {
215 __builtin_memset(const_cast<char *>(mv), 0, 0);
216 }
217
218 char mv[10];
219 };
220
221 template <int A, int B>
call_memcpy_dep()222 void call_memcpy_dep() {
223 char bufferA[A];
224 char bufferB[B];
225 memcpy(bufferA, bufferB, 10); // expected-warning{{'memcpy' will always overflow; destination buffer has size 9, but size argument is 10}}
226 }
227
call_call_memcpy()228 void call_call_memcpy() {
229 call_memcpy_dep<10, 9>();
230 call_memcpy_dep<9, 10>(); // expected-note {{in instantiation of function template specialization 'call_memcpy_dep<9, 10>' requested here}}
231 }
232 #endif
233