| 1 | // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.ReturnPtrRange -verify %s |
|---|
| 2 | |
|---|
| 3 | int arr[10]; |
|---|
| 4 | int *ptr; |
|---|
| 5 | |
|---|
| 6 | int conjure_index(); |
|---|
| 7 | |
|---|
| 8 | int *test_element_index_lifetime() { |
|---|
| 9 | do { |
|---|
| 10 | int x = conjure_index(); |
|---|
| 11 | ptr = arr + x; |
|---|
| 12 | if (x != 20) |
|---|
| 13 | return arr; // no-warning |
|---|
| 14 | } while (0); |
|---|
| 15 | return ptr; // expected-warning{{Returned pointer value points outside the original object (potential buffer overflow)}} |
|---|
| 16 | } |
|---|
| 17 | |
|---|
| 18 | int *test_element_index_lifetime_with_local_ptr() { |
|---|
| 19 | int *local_ptr; |
|---|
| 20 | do { |
|---|
| 21 | int x = conjure_index(); |
|---|
| 22 | local_ptr = arr + x; |
|---|
| 23 | if (x != 20) |
|---|
| 24 | return arr; // no-warning |
|---|
| 25 | } while (0); |
|---|
| 26 | return local_ptr; // expected-warning{{Returned pointer value points outside the original object (potential buffer overflow)}} |
|---|
| 27 | } |
|---|
| 28 | |
|---|