| 1 | // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.MallocOverflow -verify %s |
|---|
| 2 | |
|---|
| 3 | #define NULL ((void *) 0) |
|---|
| 4 | typedef __typeof__(sizeof(int)) size_t; |
|---|
| 5 | extern void * malloc(size_t); |
|---|
| 6 | |
|---|
| 7 | void * f1(int n) |
|---|
| 8 | { |
|---|
| 9 | return malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 10 | } |
|---|
| 11 | |
|---|
| 12 | void * f2(int n) |
|---|
| 13 | { |
|---|
| 14 | return malloc(sizeof(int) * n); // // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 15 | } |
|---|
| 16 | |
|---|
| 17 | void * f3() |
|---|
| 18 | { |
|---|
| 19 | return malloc(4 * sizeof(int)); // no-warning |
|---|
| 20 | } |
|---|
| 21 | |
|---|
| 22 | struct s4 |
|---|
| 23 | { |
|---|
| 24 | int n; |
|---|
| 25 | }; |
|---|
| 26 | |
|---|
| 27 | void * f4(struct s4 *s) |
|---|
| 28 | { |
|---|
| 29 | return malloc(s->n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 30 | } |
|---|
| 31 | |
|---|
| 32 | void * f5(struct s4 *s) |
|---|
| 33 | { |
|---|
| 34 | struct s4 s2 = *s; |
|---|
| 35 | return malloc(s2.n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 36 | } |
|---|
| 37 | |
|---|
| 38 | void * f6(int n) |
|---|
| 39 | { |
|---|
| 40 | return malloc((n + 1) * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 41 | } |
|---|
| 42 | |
|---|
| 43 | extern void * malloc (size_t); |
|---|
| 44 | |
|---|
| 45 | void * f7(int n) |
|---|
| 46 | { |
|---|
| 47 | if (n > 10) |
|---|
| 48 | return NULL; |
|---|
| 49 | return malloc(n * sizeof(int)); // no-warning |
|---|
| 50 | } |
|---|
| 51 | |
|---|
| 52 | void * f8(int n) |
|---|
| 53 | { |
|---|
| 54 | if (n < 10) |
|---|
| 55 | return malloc(n * sizeof(int)); // no-warning |
|---|
| 56 | else |
|---|
| 57 | return NULL; |
|---|
| 58 | } |
|---|
| 59 | |
|---|
| 60 | void * f9(int n) |
|---|
| 61 | { |
|---|
| 62 | int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 63 | for (int i = 0; i < n; i++) |
|---|
| 64 | x[i] = i; |
|---|
| 65 | return x; |
|---|
| 66 | } |
|---|
| 67 | |
|---|
| 68 | void * f10(int n) |
|---|
| 69 | { |
|---|
| 70 | int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 71 | int i = 0; |
|---|
| 72 | while (i < n) |
|---|
| 73 | x[i++] = 0; |
|---|
| 74 | return x; |
|---|
| 75 | } |
|---|
| 76 | |
|---|
| 77 | void * f11(int n) |
|---|
| 78 | { |
|---|
| 79 | int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 80 | int i = 0; |
|---|
| 81 | do { |
|---|
| 82 | x[i++] = 0; |
|---|
| 83 | } while (i < n); |
|---|
| 84 | return x; |
|---|
| 85 | } |
|---|
| 86 | |
|---|
| 87 | void * f12(int n) |
|---|
| 88 | { |
|---|
| 89 | n = (n > 10 ? 10 : n); |
|---|
| 90 | int * x = malloc(n * sizeof(int)); // no-warning |
|---|
| 91 | for (int i = 0; i < n; i++) |
|---|
| 92 | x[i] = i; |
|---|
| 93 | return x; |
|---|
| 94 | } |
|---|
| 95 | |
|---|
| 96 | struct s13 |
|---|
| 97 | { |
|---|
| 98 | int n; |
|---|
| 99 | }; |
|---|
| 100 | |
|---|
| 101 | void * f13(struct s13 *s) |
|---|
| 102 | { |
|---|
| 103 | if (s->n > 10) |
|---|
| 104 | return NULL; |
|---|
| 105 | return malloc(s->n * sizeof(int)); // no-warning |
|---|
| 106 | } |
|---|
| 107 | |
|---|
| 108 | void * f14(int n) |
|---|
| 109 | { |
|---|
| 110 | if (n < 0) |
|---|
| 111 | return NULL; |
|---|
| 112 | return malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} |
|---|
| 113 | } |
|---|
| 114 | |
|---|