Home | History | Annotate | Download | only in Analysis 
      1 // RUN: %clang_cc1 -analyze -analyzer-checker=alpha.security.MallocOverflow -verify %s
      2 
      3 #define NULL ((void *) 0)
      4 typedef __typeof__(sizeof(int)) size_t;
      5 extern void * malloc(size_t);
      6 
      7 void * f1(int n)
      8 {
      9   return malloc(n * sizeof(int));  // expected-warning {{the computation of the size of the memory allocation may overflow}}
     10 }
     11 
     12 void * f2(int n)
     13 {
     14   return malloc(sizeof(int) * n); // // expected-warning {{the computation of the size of the memory allocation may overflow}}
     15 }
     16 
     17 void * f3()
     18 {
     19   return malloc(4 * sizeof(int));  // no-warning
     20 }
     21 
     22 struct s4
     23 {
     24   int n;
     25 };
     26 
     27 void * f4(struct s4 *s)
     28 {
     29   return malloc(s->n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
     30 }
     31 
     32 void * f5(struct s4 *s)
     33 {
     34   struct s4 s2 = *s;
     35   return malloc(s2.n * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
     36 }
     37 
     38 void * f6(int n)
     39 {
     40   return malloc((n + 1) * sizeof(int)); // expected-warning {{the computation of the size of the memory allocation may overflow}}
     41 }
     42 
     43 extern void * malloc (size_t);
     44 
     45 void * f7(int n)
     46 {
     47   if (n > 10)
     48     return NULL;
     49   return malloc(n * sizeof(int));  // no-warning
     50 }
     51 
     52 void * f8(int n)
     53 {
     54   if (n < 10)
     55     return malloc(n * sizeof(int));  // no-warning
     56   else
     57     return NULL;
     58 }
     59 
     60 void * f9(int n)
     61 {
     62   int * x = malloc(n * sizeof(int));  // expected-warning {{the computation of the size of the memory allocation may overflow}}
     63   for (int i = 0; i < n; i++)
     64     x[i] = i;
     65   return x;
     66 }
     67 
     68 void * f10(int n)
     69 {
     70   int * x = malloc(n * sizeof(int));  // expected-warning {{the computation of the size of the memory allocation may overflow}}
     71   int i = 0;
     72   while (i < n)
     73     x[i++] = 0;
     74   return x;
     75 }
     76 
     77 void * f11(int n)
     78 {
     79   int * x = malloc(n * sizeof(int));  // expected-warning {{the computation of the size of the memory allocation may overflow}}
     80   int i = 0;
     81   do {
     82     x[i++] = 0;
     83   } while (i < n);
     84   return x;
     85 }
     86 
     87 void * f12(int n)
     88 {
     89   n = (n > 10 ? 10 : n);
     90   int * x = malloc(n * sizeof(int));  // no-warning
     91   for (int i = 0; i < n; i++)
     92     x[i] = i;
     93   return x;
     94 }
     95 
     96 struct s13
     97 {
     98   int n;
     99 };
    100 
    101 void * f13(struct s13 *s)
    102 {
    103   if (s->n > 10)
    104     return NULL;
    105   return malloc(s->n * sizeof(int)); // no-warning
    106 }
    107 
    108 void * f14(int n)
    109 {
    110   if (n < 0)
    111     return NULL;
    112   return malloc(n * sizeof(int));  // expected-warning {{the computation of the size of the memory allocation may overflow}}
    113 }
    114