bsd-string.c
4.12 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
// RUN: %clang_analyze_cc1 -w -verify %s \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=unix.cstring.NullArg \
// RUN: -analyzer-checker=alpha.unix.cstring \
// RUN: -analyzer-checker=debug.ExprInspection
#define NULL ((void *)0)
typedef __typeof(sizeof(int)) size_t;
size_t strlcpy(char *dst, const char *src, size_t n);
size_t strlcat(char *dst, const char *src, size_t n);
size_t strlen(const char *s);
void clang_analyzer_eval(int);
void f1() {
char overlap[] = "123456789";
strlcpy(overlap, overlap + 1, 3); // expected-warning{{Arguments must not be overlapping buffers}}
}
void f2() {
char buf[5];
size_t len;
len = strlcpy(buf, "abcd", sizeof(buf)); // expected-no-warning
clang_analyzer_eval(len == 4); // expected-warning{{TRUE}}
len = strlcat(buf, "efgh", sizeof(buf)); // expected-no-warning
clang_analyzer_eval(len == 8); // expected-warning{{TRUE}}
}
void f3() {
char dst[2];
const char *src = "abdef";
strlcpy(dst, src, 5); // expected-warning{{String copy function overflows the destination buffer}}
}
void f4() {
strlcpy(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string copy function}}
}
void f5() {
strlcat(NULL, "abcdef", 6); // expected-warning{{Null pointer passed as 1st argument to string concatenation function}}
}
void f6() {
char buf[8];
strlcpy(buf, "abc", 3);
size_t len = strlcat(buf, "defg", 4);
clang_analyzer_eval(len == 7); // expected-warning{{TRUE}}
}
int f7() {
char buf[8];
return strlcpy(buf, "1234567", 0); // no-crash
}
void f8(){
char buf[5];
size_t len;
// basic strlcpy
len = strlcpy(buf,"123", sizeof(buf));
clang_analyzer_eval(len==3);// expected-warning{{TRUE}}
len = strlen(buf);
clang_analyzer_eval(len==3);// expected-warning{{TRUE}}
// testing bounded strlcat
len = strlcat(buf,"456", sizeof(buf));
clang_analyzer_eval(len==6);// expected-warning{{TRUE}}
len = strlen(buf);
clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
// testing strlcat with size==0
len = strlcat(buf,"789", 0);
clang_analyzer_eval(len==7);// expected-warning{{TRUE}}
len = strlen(buf);
clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
// testing strlcpy with size==0
len = strlcpy(buf,"123",0);
clang_analyzer_eval(len==3);// expected-warning{{TRUE}}
len = strlen(buf);
clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
}
void f9(int unknown_size, char* unknown_src, char* unknown_dst){
char buf[8];
size_t len;
len = strlcpy(buf,"abba",sizeof(buf));
clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
clang_analyzer_eval(strlen(buf)==4);// expected-warning{{TRUE}}
//size is unknown
len = strlcat(buf,"cd", unknown_size);
clang_analyzer_eval(len==6);// expected-warning{{TRUE}}
clang_analyzer_eval(strlen(buf)>=4);// expected-warning{{TRUE}}
//dst is unknown
len = strlcpy(unknown_dst,"abbc",unknown_size);
clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
clang_analyzer_eval(strlen(unknown_dst));// expected-warning{{UNKNOWN}}
//src is unknown
len = strlcpy(buf,unknown_src, sizeof(buf));
clang_analyzer_eval(len);// expected-warning{{UNKNOWN}}
clang_analyzer_eval(strlen(buf));// expected-warning{{UNKNOWN}}
//src, dst is unknown
len = strlcpy(unknown_dst, unknown_src, unknown_size);
clang_analyzer_eval(len);// expected-warning{{UNKNOWN}}
clang_analyzer_eval(strlen(unknown_dst));// expected-warning{{UNKNOWN}}
//size is unknown
len = strlcat(buf + 2, unknown_src + 1, sizeof(buf));
// expected-warning@-1 {{String concatenation function overflows the destination buffer}}
}
void f10(){
char buf[8];
size_t len;
len = strlcpy(buf,"abba",sizeof(buf));
clang_analyzer_eval(len==4);// expected-warning{{TRUE}}
strlcat(buf, "efghi", 9);
// expected-warning@-1 {{String concatenation function overflows the destination buffer}}
}
void f11() {
//test for Bug 41729
char a[256], b[256];
strlcpy(a, "world", sizeof(a));
strlcpy(b, "hello ", sizeof(b));
strlcat(b, a, sizeof(b)); // no-warning
}
int a, b;
void unknown_val_crash() {
// We're unable to evaluate the integer-to-pointer cast.
strlcat(&b, a, 0); // no-crash
}