1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
|
// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.osx.KeychainAPI %s -verify
// Fake typedefs.
typedef unsigned int OSStatus;
typedef unsigned int SecKeychainAttributeList;
typedef unsigned int SecKeychainItemRef;
typedef unsigned int SecItemClass;
typedef unsigned int UInt32;
typedef unsigned int CFTypeRef;
typedef unsigned int UInt16;
typedef unsigned int SecProtocolType;
typedef unsigned int SecAuthenticationType;
enum {
noErr = 0,
GenericError = 1
};
// Functions that allocate data.
OSStatus SecKeychainItemCopyContent (
SecKeychainItemRef itemRef,
SecItemClass *itemClass,
SecKeychainAttributeList *attrList,
UInt32 *length,
void **outData
);
OSStatus SecKeychainFindGenericPassword (
CFTypeRef keychainOrArray,
UInt32 serviceNameLength,
const char *serviceName,
UInt32 accountNameLength,
const char *accountName,
UInt32 *passwordLength,
void **passwordData,
SecKeychainItemRef *itemRef
);
OSStatus SecKeychainFindInternetPassword (
CFTypeRef keychainOrArray,
UInt32 serverNameLength,
const char *serverName,
UInt32 securityDomainLength,
const char *securityDomain,
UInt32 accountNameLength,
const char *accountName,
UInt32 pathLength,
const char *path,
UInt16 port,
SecProtocolType protocol,
SecAuthenticationType authenticationType,
UInt32 *passwordLength,
void **passwordData,
SecKeychainItemRef *itemRef
);
// Function which frees data.
OSStatus SecKeychainItemFreeContent (
SecKeychainAttributeList *attrList,
void *data
);
void errRetVal() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
if (st == GenericError) // expected-warning{{Missing a call to SecKeychainItemFreeContent}}
SecKeychainItemFreeContent(ptr, outData);
}
// If null is passed in, the data is not allocated, so no need for the matching free.
void fooDoNotReportNull() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 *length = 0;
void **outData = 0;
SecKeychainItemCopyContent(2, ptr, ptr, 0, 0);
SecKeychainItemCopyContent(2, ptr, ptr, length, outData);
}// no-warning
void fooOnlyFree() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData = &length;
SecKeychainItemFreeContent(ptr, outData);// expected-warning{{Trying to free data which has not been allocated}}
}
// Do not warn if undefined value is passed to a function.
void fooOnlyFreeUndef() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
SecKeychainItemFreeContent(ptr, outData);
}// no-warning
// Do not warn if the address is a parameter in the enclosing function.
void fooOnlyFreeParam(void* X) {
SecKeychainItemFreeContent(X, X);
}// no-warning
// If we are returning the value, no not report.
void* returnContent() {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
return outData;
} // no-warning
int foo () {
unsigned int *ptr = 0;
OSStatus st = 0;
UInt32 length;
void *outData;
st = SecKeychainItemCopyContent(2, ptr, ptr, &length, &outData);
if (st == noErr)
SecKeychainItemFreeContent(ptr, outData);
return 0;
}// no-warning
|
