| 1 | // UNSUPPORTED: z3 |
|---|
| 2 | // RUN: %clang_analyze_cc1 -w -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 64 -verify %s |
|---|
| 3 | // RUN: %clang_analyze_cc1 -w -analyzer-checker=core -analyzer-checker=cplusplus -fcxx-exceptions -analyzer-checker alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 63 -verify %s |
|---|
| 4 | |
|---|
| 5 | // These tests used to hit an assertion in the bug report. Test case from http://llvm.org/PR24184. |
|---|
| 6 | typedef struct { |
|---|
| 7 | int cbData; |
|---|
| 8 | unsigned pbData; |
|---|
| 9 | } CRYPT_DATA_BLOB; |
|---|
| 10 | |
|---|
| 11 | typedef enum { DT_NONCE_FIXED } DATA_TYPE; |
|---|
| 12 | int a; |
|---|
| 13 | typedef int *vcreate_t(int *, DATA_TYPE, int, int); |
|---|
| 14 | void fn1(unsigned, unsigned) { |
|---|
| 15 | char b = 0; |
|---|
| 16 | for (; 1; a++, &b + a * 0) |
|---|
| 17 | ; |
|---|
| 18 | } |
|---|
| 19 | |
|---|
| 20 | vcreate_t fn2; |
|---|
| 21 | struct A { |
|---|
| 22 | CRYPT_DATA_BLOB value; |
|---|
| 23 | int m_fn1() { |
|---|
| 24 | int c; |
|---|
| 25 | value.pbData == 0; |
|---|
| 26 | fn1(0, 0); |
|---|
| 27 | } |
|---|
| 28 | }; |
|---|
| 29 | struct B { |
|---|
| 30 | A IkeHashAlg; |
|---|
| 31 | A IkeGType; |
|---|
| 32 | A NoncePhase1_r; |
|---|
| 33 | }; |
|---|
| 34 | class C { |
|---|
| 35 | int m_fn2(B *); |
|---|
| 36 | void m_fn3(B *, int, int, int); |
|---|
| 37 | }; |
|---|
| 38 | int C::m_fn2(B *p1) { |
|---|
| 39 | int *d; |
|---|
| 40 | int e = p1->IkeHashAlg.m_fn1(); |
|---|
| 41 | unsigned f = p1->IkeGType.m_fn1(), h; |
|---|
| 42 | int g; |
|---|
| 43 | d = fn2(0, DT_NONCE_FIXED, (char)0, p1->NoncePhase1_r.value.cbData); |
|---|
| 44 | h = 0 | 0; |
|---|
| 45 | m_fn3(p1, 0, 0, 0); |
|---|
| 46 | } |
|---|
| 47 | |
|---|
| 48 | // case 2: |
|---|
| 49 | typedef struct { |
|---|
| 50 | int cbData; |
|---|
| 51 | unsigned char *pbData; |
|---|
| 52 | } CRYPT_DATA_BLOB_1; |
|---|
| 53 | typedef unsigned uint32_t; |
|---|
| 54 | void fn1_1(void *p1, const void *p2) { p1 != p2; } |
|---|
| 55 | |
|---|
| 56 | void fn2_1(uint32_t *p1, unsigned char *p2, uint32_t p3) { |
|---|
| 57 | unsigned i = 0; |
|---|
| 58 | for (0; i < p3; i++) |
|---|
| 59 | fn1_1(p1 + i, p2 + i * 0); |
|---|
| 60 | } |
|---|
| 61 | |
|---|
| 62 | struct A_1 { |
|---|
| 63 | CRYPT_DATA_BLOB_1 value; |
|---|
| 64 | uint32_t m_fn1() { |
|---|
| 65 | uint32_t a; |
|---|
| 66 | if (value.pbData) |
|---|
| 67 | fn2_1(&a, value.pbData, value.cbData); |
|---|
| 68 | return 0; |
|---|
| 69 | } |
|---|
| 70 | }; |
|---|
| 71 | struct { |
|---|
| 72 | A_1 HashAlgId; |
|---|
| 73 | } *b; |
|---|
| 74 | void fn3() { |
|---|
| 75 | uint32_t c, d; |
|---|
| 76 | d = b->HashAlgId.m_fn1(); |
|---|
| 77 | d << 0 | 0 | 0; |
|---|
| 78 | c = 0; |
|---|
| 79 | 0 | 1 << 0 | 0 && b; |
|---|
| 80 | } |
|---|
| 81 | |
|---|
| 82 | // case 3: |
|---|
| 83 | struct ST { |
|---|
| 84 | char c; |
|---|
| 85 | }; |
|---|
| 86 | char *p; |
|---|
| 87 | int foo1(ST); |
|---|
| 88 | int foo2() { |
|---|
| 89 | ST *p1 = (ST *)(p); // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}} |
|---|
| 90 | while (p1->c & 0x0F || p1->c & 0x07) |
|---|
| 91 | p1 = p1 + foo1(*p1); |
|---|
| 92 | } |
|---|
| 93 | |
|---|
| 94 | int foo3(int *node) { |
|---|
| 95 | int i = foo2(); |
|---|
| 96 | if (i) |
|---|
| 97 | return foo2(); |
|---|
| 98 | } |
|---|
| 99 | |
|---|