reference, declarationdefinition
definition → references, declarations, derived classes, virtual overrides
reference to multiple definitions → definitions
unreferenced

    1
    2
    3
    4
    5
    6
    7
    8
    9
   10
   11
   12
   13
   14
   15
   16
   17
   18
   19
   20
   21
   22
   23
   24
   25
   26
   27
   28
   29
   30
   31
   32
   33
   34
   35
   36
   37
   38
   39
   40
   41
   42
   43
   44
   45
   46
   47
   48
   49
   50
   51
   52
   53
   54
   55
   56
   57
   58
   59
   60
   61
   62
   63
   64
   65
   66
   67
   68
   69
   70
   71
   72
   73
   74
   75
   76
   77
   78
   79
   80
   81

// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.core.CastToStruct,core -verify %s

struct AB {
  int A;
  int B;
};

struct ABC {
  int A;
  int B;
  int C;
};

struct Base {
  Base() : A(0), B(0) {}
  virtual ~Base() {}

  int A;
  int B;
};

struct Derived : public Base {
  Derived() : Base(), C(0) {}
  int C;
};

void structToStruct(struct AB *P) {
  struct AB Ab;
  struct ABC *Abc;
  Abc = (struct ABC *)&Ab; // expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
  Abc = (struct ABC *)P; // No warning; It is not known what data P points at.
  Abc = (struct ABC *)&*P;

  // Don't warn when the cast is not widening.
  P = (struct AB *)&Ab; // struct AB * => struct AB *
  struct ABC Abc2;
  P = (struct AB *)&Abc2; // struct ABC * => struct AB *

  // True negatives when casting from Base to Derived.
  Derived D1, *D2;
  Base &B1 = D1;
  D2 = (Derived *)&B1;
  D2 = dynamic_cast<Derived *>(&B1);
  D2 = static_cast<Derived *>(&B1);

  // True positives when casting from Base to Derived.
  Base B2;
  D2 = (Derived *)&B2;// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
  D2 = dynamic_cast<Derived *>(&B2);// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}
  D2 = static_cast<Derived *>(&B2);// expected-warning {{Casting data to a larger structure type and accessing a field can lead to memory access errors or data corruption}}

  // False negatives, cast from Base to Derived. With path sensitive analysis
  // these false negatives could be fixed.
  Base *B3 = &B2;
  D2 = (Derived *)B3;
  D2 = dynamic_cast<Derived *>(B3);
  D2 = static_cast<Derived *>(B3);
}

void intToStruct(int *P) {
  struct ABC *Abc;
  Abc = (struct ABC *)P; // expected-warning {{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}}

  // Cast from void *.
  void *VP = P;
  Abc = (struct ABC *)VP;
}

// https://llvm.org/bugs/show_bug.cgi?id=31173
void dontCrash1(struct AB X) {
  struct UndefS *S = (struct UndefS *)&X;
}

struct S;
struct T {
  struct S *P;
};
extern struct S Var1, Var2;
void dontCrash2() {
  ((struct T *) &Var1)->P = &Var2;
}