Skip to content

Commit cc260f9

Browse files
t-rasmudt-rasmud
committed
test case
1 parent dcae601 commit cc260f9

File tree

2 files changed

+52
-11
lines changed

2 files changed

+52
-11
lines changed

clang/lib/StaticAnalyzer/Checkers/ArrayBoundChecker.cpp

Lines changed: 0 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -478,17 +478,6 @@ static Messages getNonTaintMsgs(const ASTContext &ACtx,
478478
std::string(Buf)};
479479
}
480480

481-
static Messages getTaintMsgs(const MemSpaceRegion *Space,
482-
const SubRegion *Region, const char *OffsetName,
483-
bool AlsoMentionUnderflow) {
484-
std::string RegName = getRegionName(Space, Region);
485-
return {formatv("Potential out of bound access to {0} with tainted {1}",
486-
RegName, OffsetName),
487-
formatv("Access of {0} with a tainted {1} that may be {2}too large",
488-
RegName, OffsetName,
489-
AlsoMentionUnderflow ? "negative or " : "")};
490-
}
491-
492481
const NoteTag *StateUpdateReporter::createNoteTag(CheckerContext &C) const {
493482
// Don't create a note tag if we didn't assume anything:
494483
if (!AssumedNonNegative && !AssumedUpperBound)

clang/test/Analysis/ArrayBound/cplusplus-tainted-index.cpp

Lines changed: 52 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,52 @@
1+
// RUN: %clang_analyze_cc1 -std=c++11 -Wno-array-bounds -analyzer-checker=unix,core,security.ArrayBound -verify %s
2+
3+
// Test the interactions of `security.ArrayBound` with C++ features.
4+
5+
void test_tainted_index_local() {
6+
int arr[10];
7+
unsigned index = 10;
8+
arr[index] = 7;
9+
// expected-warning@-1{{Out of bound access to memory after the end of 'arr'}}
10+
}
11+
12+
void test_tainted_index_local_range() {
13+
int arr[10];
14+
for (unsigned index = 0; index < 11; index++)
15+
arr[index] = index;
16+
// expected-warning@-1{{Out of bound access to memory after the end of 'arr'}}
17+
}
18+
19+
void test_tainted_index1(unsigned index) {
20+
int arr[10];
21+
if (index < 12)
22+
arr[index] = index;
23+
// expected-warning@-1{{Out of bound access to memory after the end of 'arr'}}
24+
if (index == 12)
25+
arr[index] = index;
26+
// expected-warning@-1{{Out of bound access to memory after the end of 'arr'}}
27+
}
28+
29+
void test_tainted_index2(unsigned index) {
30+
int arr[10];
31+
if (index < 12)
32+
arr[index] = index;
33+
// expected-warning@-1{{Out of bound access to memory after the end of 'arr'}}
34+
}
35+
36+
unsigned strlen(const char *s);
37+
void strcpy(char *dst, char *src);
38+
void test_ex(int argc, char *argv[]) {
39+
char proc_name[16];
40+
unsigned offset = strlen(argv[0]);
41+
if (offset == 16) {
42+
strcpy(proc_name, argv[0]);
43+
proc_name[offset] = 'x';
44+
// expected-warning@-1{{Out of bound access to memory after the end of 'proc_name'}}
45+
}
46+
if (offset <= 16) {
47+
strcpy(proc_name, argv[0]);
48+
proc_name[offset] = argv[0][16];
49+
// expected-warning@-1{{Out of bound access to memory after the end of the region}}
50+
// expected-warning@-2{{Out of bound access to memory after the end of 'proc_name'}}
51+
}
52+
}

0 commit comments

Comments
 (0)