From 17f7bdddd11a2dc5b4be248f756e14b1ebfe207b Mon Sep 17 00:00:00 2001 From: Ted Kremenek Date: Wed, 3 Aug 2011 20:17:43 +0000 Subject: [analyzer] Introduce MallocOverflowSecurityChecker, a simple flow-sensitive checker that may be useful for security auditing. This checker is currently too noisy to be on by default. git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@136804 91177308-0d34-0410-b5e6-96231b3b80d8 --- test/Analysis/malloc-overflow.c | 114 ++++++++++++++++++++++++++++++++++++++++ 1 file changed, 114 insertions(+) create mode 100644 test/Analysis/malloc-overflow.c (limited to 'test/Analysis/malloc-overflow.c') diff --git a/test/Analysis/malloc-overflow.c b/test/Analysis/malloc-overflow.c new file mode 100644 index 0000000000..91bdc874f7 --- /dev/null +++ b/test/Analysis/malloc-overflow.c @@ -0,0 +1,114 @@ +// RUN: %clang_cc1 -triple x86_64-apple-macosx10.7.0 -analyze -analyzer-checker=security.experimental.MallocOverflow -verify %s + +typedef __typeof__(sizeof(int)) size_t; +extern void * malloc(size_t); + +void * f1(int n) +{ + return malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} +} + +void * f2(int n) +{ + return malloc(sizeof(int) * n); // // expected-warning {{the computation of the size of the memory allocation may overflow}} +} + +void * f3() +{ + return malloc(4 * sizeof(int)); // no-warning +} + +struct s4 +{ + int n; +}; + +void * f4(struct s4 *s) +{ + return malloc(s->n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} +} + +void * f5(struct s4 *s) +{ + struct s4 s2 = *s; + return malloc(s2.n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} +} + +void * f6(int n) +{ + return malloc((n + 1) * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} +} + +#include +extern void * malloc (size_t); + +void * f7(int n) +{ + if (n > 10) + return NULL; + return malloc(n * sizeof(int)); // no-warning +} + +void * f8(int n) +{ + if (n < 10) + return malloc(n * sizeof(int)); // no-warning + else + return NULL; +} + +void * f9(int n) +{ + int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} + for (int i = 0; i < n; i++) + x[i] = i; + return x; +} + +void * f10(int n) +{ + int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} + int i = 0; + while (i < n) + x[i++] = 0; + return x; +} + +void * f11(int n) +{ + int * x = malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} + int i = 0; + do { + x[i++] = 0; + } while (i < n); + return x; +} + +void * f12(int n) +{ + n = (n > 10 ? 10 : n); + int * x = malloc(n * sizeof(int)); // no-warning + for (int i = 0; i < n; i++) + x[i] = i; + return x; +} + +struct s13 +{ + int n; +}; + +void * f13(struct s13 *s) +{ + if (s->n > 10) + return NULL; + return malloc(s->n * sizeof(int)); // no warning +} + +void * f14(int n) +{ + if (n < 0) + return NULL; + return malloc(n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}} +} + -- cgit v1.2.3-18-g5258