null-deref-ps-region.c source code [clang_source_code/test/Analysis/null-deref-ps-region.c]

1	// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core,unix,alpha.unix -std=gnu99 -analyzer-store=region -verify %s
2
3	#include "Inputs/system-header-simulator.h"
4
5	typedef __typeof(sizeof(int)) size_t;
6	void memset(void __s, int __c, size_t __n);
7	void *malloc(size_t __size);
8	void free(void *__ptr);
9
10	// The store for 'a[1]' should not be removed mistakenly. SymbolicRegions may
11	// also be live roots.
12	void f14(int *a) {
13	int i;
14	a[1] = 1;
15	i = a[1];
16	if (i != 1) {
17	int *p = 0;
18	i = *p; // no-warning
19	}
20	}
21
22	void foo() {
23	int *x = malloc(sizeof(int));
24	memset(x, 0, sizeof(int));
25	int n = 1 / *x; // expected-warning {{Division by zero}}
26	free(x);
27	}
28
29	void bar() {
30	int *x = malloc(sizeof(int));
31	memset(x, 0, 1);
32	int n = 1 / *x; // no-warning
33	free(x);
34	}
35
36	void testConcreteNull() {
37	int *x = 0;
38	memset(x, 0, 1); // expected-warning {{Null pointer argument in call to memory set function}}
39	}
40
41	void testStackArray() {
42	char buf[13];
43	memset(buf, 0, 1); // no-warning
44	}
45
46	void testHeapSymbol() {
47	char buf = (char )malloc(13);
48	memset(buf, 0, 1); // no-warning
49	free(buf);
50	}
51
52	void testStackArrayOutOfBound() {
53	char buf[1];
54	memset(buf, 0, 1024); // expected-warning {{Memory set function accesses out-of-bound array element}} expected-warning {{'memset' will always overflow; destination buffer has size 1, but size argument is 1024}}
55	}
56
57	void testHeapSymbolOutOfBound() {
58	char buf = (char )malloc(1);
59	memset(buf, 0, 1024); // expected-warning {{Memory set function accesses out-of-bound array element}}
60	free(buf);
61	}
62
63	void testStackArraySameSize() {
64	char buf[1];
65	memset(buf, 0, sizeof(buf)); // no-warning
66	}
67
68	void testHeapSymbolSameSize() {
69	char buf = (char )malloc(1);
70	memset(buf, 0, 1); // no-warning
71	free(buf);
72	}
73

Clang Project