Home | History | Annotate | Download | only in Analysis 
      1 // RUN: %clang_cc1 -triple x86_64-apple-darwin10 -analyze -disable-free -analyzer-eagerly-assume -analyzer-checker=core,deadcode,experimental.security.taint,debug.TaintTest -verify %s
      2 
      3 // Note, we do need to include headers here, since the analyzer checks if the function declaration is located in a system header.
      4 #include "system-header-simulator.h"
      5 
      6 // Test that system header does not invalidate the internal global.
      7 int size_rdar9373039 = 1;
      8 int rdar9373039() {
      9   int x;
     10   int j = 0;
     11 
     12   for (int i = 0 ; i < size_rdar9373039 ; ++i)
     13     x = 1;
     14 
     15   // strlen doesn't invalidate the value of 'size_rdar9373039'.
     16   int extra = (2 + strlen ("Clang") + ((4 - ((unsigned int) (2 + strlen ("Clang")) % 4)) % 4)) + (2 + strlen ("1.0") + ((4 - ((unsigned int) (2 + strlen ("1.0")) % 4)) % 4));
     17 
     18   for (int i = 0 ; i < size_rdar9373039 ; ++i)
     19     j += x; // no-warning
     20 
     21   return j;
     22 }
     23 
     24 // Test stdin does not get invalidated by a system call nor by an internal call.
     25 void foo();
     26 int stdinTest() {
     27   int i = 0;
     28   fscanf(stdin, "%d", &i);
     29   foo();
     30   int m = i; // expected-warning + {{tainted}}
     31   fscanf(stdin, "%d", &i);
     32   int j = i; // expected-warning + {{tainted}}
     33   return m + j; // expected-warning + {{tainted}}
     34 }
     35 
     36 // Test errno gets invalidated by a system call.
     37 int testErrnoSystem() {
     38   int i;
     39   int *p = 0;
     40   fscanf(stdin, "%d", &i);
     41   if (errno == 0) {
     42     fscanf(stdin, "%d", &i); // errno gets invalidated here.
     43     return 5 / errno; // no-warning
     44   }
     45   return 0;
     46 }
     47 
     48 // Test that errno gets invalidated by internal calls.
     49 int testErrnoInternal() {
     50   int i;
     51   int *p = 0;
     52   fscanf(stdin, "%d", &i);
     53   if (errno == 0) {
     54     foo(); // errno gets invalidated here.
     55     return 5 / errno; // no-warning
     56   }
     57   return 0;
     58 }
     59 
     60 // Test that const integer does not get invalidated.
     61 const int x = 0;
     62 int constIntGlob() {
     63   const int *m = &x;
     64     foo();
     65   return 3 / *m; // expected-warning {{Division by zero}}
     66 }
     67 
     68 extern const int x;
     69 int constIntGlobExtern() {
     70   if (x == 0) {
     71     foo();
     72     return 5 / x; // expected-warning {{Division by zero}}
     73   }
     74   return 0;
     75 }
     76