out-of-bounds-new.cpp
4.21 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
// RUN: %clang_analyze_cc1 -std=c++11 -Wno-array-bounds -analyzer-checker=unix,core,alpha.security.ArrayBoundV2 -verify %s
// Tests doing an out-of-bounds access after the end of an array using:
// - constant integer index
// - constant integer size for buffer
void test1(int x) {
int *buf = new int[100];
buf[100] = 1; // expected-warning{{Out of bound memory access}}
}
void test1_ok(int x) {
int *buf = new int[100];
buf[99] = 1; // no-warning
}
// Tests doing an out-of-bounds access after the end of an array using:
// - indirect pointer to buffer
// - constant integer index
// - constant integer size for buffer
void test1_ptr(int x) {
int *buf = new int[100];
int *p = buf;
p[101] = 1; // expected-warning{{Out of bound memory access}}
}
void test1_ptr_ok(int x) {
int *buf = new int[100];
int *p = buf;
p[99] = 1; // no-warning
}
// Tests doing an out-of-bounds access before the start of an array using:
// - indirect pointer to buffer, manipulated using simple pointer arithmetic
// - constant integer index
// - constant integer size for buffer
void test1_ptr_arith(int x) {
int *buf = new int[100];
int *p = buf;
p = p + 100;
p[0] = 1; // expected-warning{{Out of bound memory access}}
}
void test1_ptr_arith_ok(int x) {
int *buf = new int[100];
int *p = buf;
p = p + 99;
p[0] = 1; // no-warning
}
void test1_ptr_arith_bad(int x) {
int *buf = new int[100];
int *p = buf;
p = p + 99;
p[1] = 1; // expected-warning{{Out of bound memory access}}
}
void test1_ptr_arith_ok2(int x) {
int *buf = new int[100];
int *p = buf;
p = p + 99;
p[-1] = 1; // no-warning
}
// Tests doing an out-of-bounds access before the start of an array using:
// - constant integer index
// - constant integer size for buffer
void test2(int x) {
int *buf = new int[100];
buf[-1] = 1; // expected-warning{{Out of bound memory access}}
}
// Tests doing an out-of-bounds access before the start of an array using:
// - indirect pointer to buffer
// - constant integer index
// - constant integer size for buffer
void test2_ptr(int x) {
int *buf = new int[100];
int *p = buf;
p[-1] = 1; // expected-warning{{Out of bound memory access}}
}
// Tests doing an out-of-bounds access before the start of an array using:
// - indirect pointer to buffer, manipulated using simple pointer arithmetic
// - constant integer index
// - constant integer size for buffer
void test2_ptr_arith(int x) {
int *buf = new int[100];
int *p = buf;
--p;
p[0] = 1; // expected-warning {{Out of bound memory access (accessed memory precedes memory block)}}
}
// Tests under-indexing
// of a multi-dimensional array
void test2_multi(int x) {
auto buf = new int[100][100];
buf[0][-1] = 1; // expected-warning{{Out of bound memory access}}
}
// Tests under-indexing
// of a multi-dimensional array
void test2_multi_b(int x) {
auto buf = new int[100][100];
buf[-1][0] = 1; // expected-warning{{Out of bound memory access}}
}
// Tests over-indexing
// of a multi-dimensional array
void test2_multi_c(int x) {
auto buf = new int[100][100];
buf[100][0] = 1; // expected-warning{{Out of bound memory access}}
}
// Tests over-indexing
// of a multi-dimensional array
void test2_multi_2(int x) {
auto buf = new int[100][100];
buf[99][100] = 1; // expected-warning{{Out of bound memory access}}
}
// Tests normal access of
// a multi-dimensional array
void test2_multi_ok(int x) {
auto buf = new int[100][100];
buf[0][0] = 1; // no-warning
}
// Tests over-indexing using different types
// array
void test_diff_types(int x) {
int *buf = new int[10]; //10*sizeof(int) Bytes allocated
char *cptr = (char *)buf;
cptr[sizeof(int) * 9] = 1; // no-warning
cptr[sizeof(int) * 10] = 1; // expected-warning{{Out of bound memory access}}
}
// Tests over-indexing
//if the allocated area is non-array
void test_non_array(int x) {
int *ip = new int;
ip[0] = 1; // no-warning
ip[1] = 2; // expected-warning{{Out of bound memory access}}
}
//Tests over-indexing
//if the allocated area size is a runtime parameter
void test_dynamic_size(int s) {
int *buf = new int[s];
buf[0] = 1; // no-warning
}
//Tests complex arithmetic
//in new expression
void test_dynamic_size2(unsigned m,unsigned n){
unsigned *U = nullptr;
U = new unsigned[m + n + 1];
}