1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
| // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -analyzer-checker=core,alpha.security.ArrayBoundV2 -Wno-implicit-function-declaration -verify %s
// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=core,alpha.security.ArrayBoundV2 -Wno-implicit-function-declaration -DM32 -verify %s
// expected-no-diagnostics
#define UINT_MAX (~0u)
#ifdef M32
#define X86_ARRAY_SIZE (UINT_MAX/2 + 4)
void testIndexTooBig() {
char arr[X86_ARRAY_SIZE];
char *ptr = arr + UINT_MAX/2;
ptr += 2; // index shouldn't overflow
*ptr = 42; // no-warning
}
#else // 64-bit tests
#define ARRAY_SIZE 0x100000000
void testIndexOverflow64() {
char arr[ARRAY_SIZE];
char *ptr = arr + UINT_MAX/2;
ptr += 2; // don't overflow 64-bit index
*ptr = 42; // no-warning
}
#define ULONG_MAX (~0ul)
#define BIG_INDEX (ULONG_MAX/16)
void testIndexTooBig64() {
char arr[ULONG_MAX/8-1];
char *ptr = arr + BIG_INDEX;
ptr += 2; // don't overflow 64-bit index
*ptr = 42; // no-warning
}
#define SIZE 4294967296
static unsigned size;
static void * addr;
static unsigned buf[SIZE];
void testOutOfBounds() {
// Not out of bounds.
buf[SIZE-1] = 1; // no-warning
}
void testOutOfBoundsCopy1() {
memcpy(buf, addr, size); // no-warning
}
void testOutOfBoundsCopy2() {
memcpy(addr, buf, size); // no-warning
}
#endif
|