68 lines · c
1// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\2// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \3// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument4// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\5// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \6// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\7// RUN: -triple armv7-a15-linux8// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\9// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \10// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\11// RUN: -triple aarch64_be-none-linux-gnu12// RUN: %clang_analyze_cc1 -analyzer-checker=unix.cstring.BadSizeArg -verify %s\13// RUN: -Wno-strncat-size -Wno-sizeof-pointer-memaccess \14// RUN: -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument\15// RUN: -triple i386-apple-darwin1016 17typedef __SIZE_TYPE__ size_t;18char *strncat(char *, const char *, size_t);19size_t strlen (const char *s);20size_t strlcpy(char *, const char *, size_t);21size_t strlcat(char *, const char *, size_t);22 23void testStrncat(const char *src) {24 char dest[10];25 strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // expected-warning {{Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API}}26 strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning {{Potential buffer overflow. Replace with}}27 strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning {{Potential buffer overflow. Replace with}}28 strncat(dest, src, sizeof(src)); // expected-warning {{Potential buffer overflow. Replace with}}29 // Should not crash when sizeof has a type argument.30 strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(char));31}32 33void testStrlcpy(const char *src) {34 char dest[10];35 size_t destlen = sizeof(dest);36 size_t srclen = sizeof(src);37 size_t badlen = 20;38 size_t ulen;39 strlcpy(dest, src, sizeof(dest));40 strlcpy(dest, src, destlen);41 strlcpy(dest, src, 10);42 strlcpy(dest, src, 20); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}43 strlcpy(dest, src, badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}44 strlcpy(dest, src, ulen);45 strlcpy(dest + 5, src, 5);46 strlcpy(dest + 5, src, 10); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}}47 strlcpy(dest, "aaaaaaaaaaaaaaa", 10); // no-warning48}49 50void testStrlcat(const char *src) {51 char dest[10];52 size_t badlen = 20;53 size_t ulen;54 strlcpy(dest, "aaaaa", sizeof("aaaaa") - 1);55 strlcat(dest, "bbbb", (sizeof("bbbb") - 1) - sizeof(dest) - 1);56 strlcpy(dest, "012345678", sizeof(dest));57 strlcat(dest, "910", sizeof(dest));58 strlcpy(dest, "0123456789", sizeof(dest));59 strlcpy(dest, "0123456789", sizeof(dest));60 strlcat(dest, "0123456789", badlen / 2);61 strlcat(dest, "0123456789", badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(dest) or lower}}62 strlcat(dest, "0123456789", badlen - strlen(dest) - 1);63 strlcat(dest, src, ulen);64 strlcpy(dest, src, 5);65 strlcat(dest + 5, src, badlen); // expected-warning {{The third argument allows to potentially copy more bytes than it should. Replace with the value sizeof(<destination buffer>) or lower}}66 strlcat(dest, "aaaaaaaaaaaaaaa", 10); // no-warning67}68