xref: /aosp_15_r20/external/clang/test/Analysis/outofbound.c (revision 67e74705e28f6214e480b399dd47ea732279e315) 
1*67e74705SXin Li // RUN: %clang_cc1 -Wno-array-bounds -analyze -analyzer-checker=core,unix,alpha.security.ArrayBound -analyzer-store=region -verify -analyzer-config unix:Optimistic=true %s
2*67e74705SXin Li 
3*67e74705SXin Li typedef __typeof(sizeof(int)) size_t;
4*67e74705SXin Li void *malloc(size_t);
5*67e74705SXin Li void *calloc(size_t, size_t);
6*67e74705SXin Li 
f1()7*67e74705SXin Li char f1() {
8*67e74705SXin Li   char* s = "abcd";
9*67e74705SXin Li   char c = s[4]; // no-warning
10*67e74705SXin Li   return s[5] + c; // expected-warning{{Access out-of-bound array element (buffer overflow)}}
11*67e74705SXin Li }
12*67e74705SXin Li 
f2()13*67e74705SXin Li void f2() {
14*67e74705SXin Li   int *p = malloc(12);
15*67e74705SXin Li   p[3] = 4; // expected-warning{{Access out-of-bound array element (buffer overflow)}}
16*67e74705SXin Li }
17*67e74705SXin Li 
18*67e74705SXin Li struct three_words {
19*67e74705SXin Li   int c[3];
20*67e74705SXin Li };
21*67e74705SXin Li 
22*67e74705SXin Li struct seven_words {
23*67e74705SXin Li   int c[7];
24*67e74705SXin Li };
25*67e74705SXin Li 
f3()26*67e74705SXin Li void f3() {
27*67e74705SXin Li   struct three_words a, *p;
28*67e74705SXin Li   p = &a;
29*67e74705SXin Li   p[0] = a; // no-warning
30*67e74705SXin Li   p[1] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}}
31*67e74705SXin Li }
32*67e74705SXin Li 
f4()33*67e74705SXin Li void f4() {
34*67e74705SXin Li   struct seven_words c;
35*67e74705SXin Li   struct three_words a, *p = (struct three_words *)&c;
36*67e74705SXin Li   p[0] = a; // no-warning
37*67e74705SXin Li   p[1] = a; // no-warning
38*67e74705SXin Li   p[2] = a; // expected-warning{{Access out-of-bound array element (buffer overflow)}}
39*67e74705SXin Li }
40*67e74705SXin Li 
f5()41*67e74705SXin Li void f5() {
42*67e74705SXin Li   char *p = calloc(2,2);
43*67e74705SXin Li   p[3] = '.'; // no-warning
44*67e74705SXin Li   p[4] = '!'; // expected-warning{{out-of-bound}}
45*67e74705SXin Li }
46*67e74705SXin Li 
f6()47*67e74705SXin Li void f6() {
48*67e74705SXin Li   char a[2];
49*67e74705SXin Li   int *b = (int*)a;
50*67e74705SXin Li   b[1] = 3; // expected-warning{{out-of-bound}}
51*67e74705SXin Li }
52*67e74705SXin Li 
f7()53*67e74705SXin Li void f7() {
54*67e74705SXin Li   struct three_words a;
55*67e74705SXin Li   a.c[3] = 1; // expected-warning{{out-of-bound}}
56*67e74705SXin Li }
57*67e74705SXin Li 
vla(int a)58*67e74705SXin Li void vla(int a) {
59*67e74705SXin Li   if (a == 5) {
60*67e74705SXin Li     int x[a];
61*67e74705SXin Li     x[4] = 4; // no-warning
62*67e74705SXin Li     x[5] = 5; // expected-warning{{out-of-bound}}
63*67e74705SXin Li   }
64*67e74705SXin Li }
65*67e74705SXin Li 
alloca_region(int a)66*67e74705SXin Li void alloca_region(int a) {
67*67e74705SXin Li   if (a == 5) {
68*67e74705SXin Li     char *x = __builtin_alloca(a);
69*67e74705SXin Li     x[4] = 4; // no-warning
70*67e74705SXin Li     x[5] = 5; // expected-warning{{out-of-bound}}
71*67e74705SXin Li   }
72*67e74705SXin Li }
73*67e74705SXin Li 
symbolic_index(int a)74*67e74705SXin Li int symbolic_index(int a) {
75*67e74705SXin Li   int x[2] = {1, 2};
76*67e74705SXin Li   if (a == 2) {
77*67e74705SXin Li     return x[a]; // expected-warning{{out-of-bound}}
78*67e74705SXin Li   }
79*67e74705SXin Li   return 0;
80*67e74705SXin Li }
81*67e74705SXin Li 
symbolic_index2(int a)82*67e74705SXin Li int symbolic_index2(int a) {
83*67e74705SXin Li   int x[2] = {1, 2};
84*67e74705SXin Li   if (a < 0) {
85*67e74705SXin Li     return x[a]; // expected-warning{{out-of-bound}}
86*67e74705SXin Li   }
87*67e74705SXin Li   return 0;
88*67e74705SXin Li }
89*67e74705SXin Li 
overflow_binary_search(double in)90*67e74705SXin Li int overflow_binary_search(double in) {
91*67e74705SXin Li   int eee = 16;
92*67e74705SXin Li   if (in < 1e-8 || in > 1e23) {
93*67e74705SXin Li     return 0;
94*67e74705SXin Li   } else {
95*67e74705SXin Li     static const double ins[] = {1e-8, 1e-7, 1e-6, 1e-5, 1e-4, 1e-3, 1e-2, 1e-1,
96*67e74705SXin Li                                  1e0, 1e1, 1e2, 1e3, 1e4, 1e5, 1e6, 1e7,
97*67e74705SXin Li                                  1e8, 1e9, 1e10, 1e11, 1e12, 1e13, 1e14, 1e15,
98*67e74705SXin Li                                  1e16, 1e17, 1e18, 1e19, 1e20, 1e21, 1e22};
99*67e74705SXin Li     if (in < ins[eee]) {
100*67e74705SXin Li       eee -= 8;
101*67e74705SXin Li     } else {
102*67e74705SXin Li       eee += 8;
103*67e74705SXin Li     }
104*67e74705SXin Li     if (in < ins[eee]) {
105*67e74705SXin Li       eee -= 4;
106*67e74705SXin Li     } else {
107*67e74705SXin Li       eee += 4;
108*67e74705SXin Li     }
109*67e74705SXin Li     if (in < ins[eee]) {
110*67e74705SXin Li       eee -= 2;
111*67e74705SXin Li     } else {
112*67e74705SXin Li       eee += 2;
113*67e74705SXin Li     }
114*67e74705SXin Li     if (in < ins[eee]) {
115*67e74705SXin Li       eee -= 1;
116*67e74705SXin Li     } else {
117*67e74705SXin Li       eee += 1;
118*67e74705SXin Li     }
119*67e74705SXin Li     if (in < ins[eee]) { // expected-warning {{Access out-of-bound array element (buffer overflow)}}
120*67e74705SXin Li       eee -= 1;
121*67e74705SXin Li     }
122*67e74705SXin Li   }
123*67e74705SXin Li   return eee;
124*67e74705SXin Li }
125