| 1 | // RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.cstring.NullArg,alpha.unix.cstring,debug.ExprInspection -analyzer-store=region -verify %s |
|---|
| 2 | |
|---|
| 3 | #define NULL ((void *)0) |
|---|
| 4 | |
|---|
| 5 | typedef __typeof(sizeof(int)) size_t; |
|---|
| 6 | size_t strlcpy(char *dst, const char *src, size_t n); |
|---|
| 7 | size_t strlcat(char *dst, const char *src, size_t n); |
|---|
| 8 | void clang_analyzer_eval(int); |
|---|
| 9 | |
|---|
| 10 | void f1() { |
|---|
| 11 | char overlap[] = "123456789"; |
|---|
| 12 | strlcpy(overlap, overlap + 1, 3); // expected-warning{{Arguments must not be overlapping buffers}} |
|---|
| 13 | } |
|---|
| 14 | |
|---|
| 15 | void f2() { |
|---|
| 16 | char buf[5]; |
|---|
| 17 | strlcpy(buf, "abcd", sizeof(buf)); // expected-no-warning |
|---|
| 18 | strlcat(buf, "efgh", sizeof(buf)); // expected-warning{{Size argument is greater than the free space in the destination buffer}} |
|---|
| 19 | } |
|---|
| 20 | |
|---|
| 21 | void f3() { |
|---|
| 22 | char dst[2]; |
|---|
| 23 | const char *src = "abdef"; |
|---|
| 24 | strlcpy(dst, src, 5); // expected-warning{{Size argument is greater than the length of the destination buffer}} |
|---|
| 25 | } |
|---|
| 26 | |
|---|
| 27 | void f4() { |
|---|
| 28 | strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer argument in call to string copy function}} |
|---|
| 29 | } |
|---|
| 30 | |
|---|
| 31 | void f5() { |
|---|
| 32 | strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer argument in call to string copy function}} |
|---|
| 33 | } |
|---|
| 34 | |
|---|
| 35 | void f6() { |
|---|
| 36 | char buf[8]; |
|---|
| 37 | strlcpy(buf, "abc", 3); |
|---|
| 38 | size_t len = strlcat(buf, "defg", 4); |
|---|
| 39 | clang_analyzer_eval(len == 7); // expected-warning{{TRUE}} |
|---|
| 40 | } |
|---|
| 41 | |
|---|
| 42 | int f7() { |
|---|
| 43 | char buf[8]; |
|---|
| 44 | return strlcpy(buf, "1234567", 0); // no-crash |
|---|
| 45 | } |
|---|
| 46 | |
|---|