1 // RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc,core,alpha.core.CallAndMessageUnInitRefArg -analyzer-output=text -verify %s 2 3 // Passing uninitialized const data to function 4 #include "Inputs/system-header-simulator.h" 5 6 typedef __typeof(sizeof(int)) size_t; 7 void *malloc(size_t); 8 void *valloc(size_t); 9 void free(void *); 10 11 12 void doStuff3(const int y){} 13 void doStuff2(int g){} 14 void doStuff_pointerToConstInt(const int *u){}; 15 void doStuff_arrayOfConstInt(const int a[]){}; 16 17 void doStuff_constPointerToConstInt (int const * const u){}; 18 void doStuff_constPointerToConstPointerToConstInt(int const * const * const u){}; 19 void doStuff_pointerToConstPointerToConstInt(int const * const * u){}; 20 void doStuff_pointerToPointerToConstInt (int const **u){}; 21 void doStuff_constStaticSizedArray(const int a[static 10]) {} 22 void doStuff_variadic(const int *u, ...){}; 23 24 void f_1(void) { 25 int t; 26 int* tp = &t; // expected-note {{'tp' initialized here}} 27 doStuff_pointerToConstInt(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}} 28 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 29 } 30 31 void f_1_1(void) { 32 int t; 33 int* tp1 = &t; 34 int* tp2 = tp1; // expected-note {{'tp2' initialized here}} 35 doStuff_pointerToConstInt(tp2); // expected-warning {{Function call argument is a pointer to uninitialized value}} 36 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 37 } 38 39 40 int *f_2_sub(int *p) { 41 return p; 42 } 43 44 void f_2(void) { 45 int t; 46 int* p = f_2_sub(&t); 47 int* tp = p; // expected-note {{'tp' initialized here}} 48 doStuff_pointerToConstInt(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}} 49 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 50 } 51 52 int z; 53 void f_3(void) { 54 doStuff_pointerToConstInt(&z); // no warning 55 } 56 57 void f_4(void) { 58 int x=5; 59 doStuff_pointerToConstInt(&x); // no warning 60 } 61 62 void f_5(void) { 63 int ta[5]; 64 int* tp = ta; // expected-note {{'tp' initialized here}} 65 doStuff_pointerToConstInt(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}} 66 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 67 } 68 69 void f_5_1(void) { 70 int ta[5]; // expected-note {{'ta' initialized here}} 71 doStuff_pointerToConstInt(ta); // expected-warning {{Function call argument is a pointer to uninitialized value}} 72 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 73 } 74 75 void f_6(void) { 76 int ta[5] = {1,2,3,4,5}; 77 int* tp = ta; 78 doStuff_pointerToConstInt(tp); // no-warning 79 } 80 81 void f_6_1(void) { 82 int ta[5] = {1,2,3,4,5}; 83 doStuff_pointerToConstInt(ta); // no-warning 84 } 85 86 void f_7(void) { 87 int z; // expected-note {{'z' declared without an initial value}} 88 int y=z; // expected-warning {{Assigned value is garbage or undefined}} 89 // expected-note@-1 {{Assigned value is garbage or undefined}} 90 doStuff3(y); 91 } 92 93 void f_8(void) { 94 int g; // expected-note {{'g' declared without an initial value}} 95 doStuff2(g); // expected-warning {{Function call argument is an uninitialized value}} 96 // expected-note@-1 {{Function call argument is an uninitialized value}} 97 } 98 99 void f_9(void) { 100 int a[6]; 101 int const *ptau = a; // expected-note {{'ptau' initialized here}} 102 doStuff_arrayOfConstInt(ptau); // expected-warning {{Function call argument is a pointer to uninitialized value}} 103 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 104 } 105 106 void f_10(void) { 107 int a[6]; // expected-note {{'a' initialized here}} 108 doStuff_arrayOfConstInt(a); // expected-warning {{Function call argument is a pointer to uninitialized value}} 109 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 110 } 111 112 void f_11(void) { 113 int t[10]; //expected-note {{'t' initialized here}} 114 doStuff_constStaticSizedArray(t); // expected-warning {{Function call argument is a pointer to uninitialized value}} 115 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 116 } 117 118 void f_12(void) { 119 int t[10] = {0,1,2,3,4,5,6,7,8,9}; 120 doStuff_constStaticSizedArray(t); // no-warning 121 122 } 123 124 int f_malloc_1(void) { 125 int *ptr; 126 127 ptr = (int *)malloc(sizeof(int)); // expected-note {{Value assigned to 'ptr'}} 128 129 doStuff_pointerToConstInt(ptr); // expected-warning {{Function call argument is a pointer to uninitialized value}} 130 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 131 free(ptr); 132 return 0; 133 } 134 135 int f_malloc_2(void) { 136 int *ptr; 137 138 ptr = (int *)malloc(sizeof(int)); 139 *ptr = 25; 140 141 doStuff_pointerToConstInt(ptr); // no warning 142 free(ptr); 143 return 0; 144 } 145 146 // uninit pointer, uninit val 147 void f_variadic_unp_unv(void) { 148 int t; 149 int v; 150 int* tp = &t; // expected-note {{'tp' initialized here}} 151 doStuff_variadic(tp,v); // expected-warning {{Function call argument is a pointer to uninitialized value}} 152 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 153 } 154 // uninit pointer, init val 155 void f_variadic_unp_inv(void) { 156 int t; 157 int v = 3; 158 int* tp = &t; // expected-note {{'tp' initialized here}} 159 doStuff_variadic(tp,v); // expected-warning {{Function call argument is a pointer to uninitialized value}} 160 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 161 } 162 163 // init pointer, uninit val 164 void f_variadic_inp_unv(void) { 165 int t=5; 166 int v; // expected-note {{'v' declared without an initial value}} 167 int* tp = &t; 168 doStuff_variadic(tp,v);// expected-warning {{Function call argument is an uninitialized value}} 169 // expected-note@-1 {{Function call argument is an uninitialized value}} 170 } 171 172 // init pointer, init val 173 void f_variadic_inp_inv(void) { 174 int t=5; 175 int v = 3; 176 int* tp = &t; 177 doStuff_variadic(tp,v); // no-warning 178 } 179 180 // init pointer, init pointer 181 void f_variadic_inp_inp(void) { 182 int t=5; 183 int u=3; 184 int *vp = &u ; 185 int *tp = &t; 186 doStuff_variadic(tp,vp); // no-warning 187 } 188 189 //uninit pointer, init pointer 190 void f_variadic_unp_inp(void) { 191 int t; 192 int u=3; 193 int *vp = &u ; 194 int *tp = &t; // expected-note {{'tp' initialized here}} 195 doStuff_variadic(tp,vp); // expected-warning {{Function call argument is a pointer to uninitialized value}} 196 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 197 } 198 199 //init pointer, uninit pointer 200 void f_variadic_inp_unp(void) { 201 int t=5; 202 int u; 203 int *vp = &u ; 204 int *tp = &t; 205 doStuff_variadic(tp,vp); // no-warning 206 } 207 208 //uninit pointer, uninit pointer 209 void f_variadic_unp_unp(void) { 210 int t; 211 int u; 212 int *vp = &u ; 213 int *tp = &t; // expected-note {{'tp' initialized here}} 214 doStuff_variadic(tp,vp); // expected-warning {{Function call argument is a pointer to uninitialized value}} 215 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}} 216 } 217
