• Home
  • Line#
  • Scopes#
  • Navigate#
  • Raw
  • Download
1 // UNSUPPORTED: z3
2 // RUN: %clang_analyze_cc1 -w -fcxx-exceptions -analyzer-checker=core -analyzer-checker=alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 64 -verify %s
3 // RUN: %clang_analyze_cc1 -w -analyzer-checker=core -analyzer-checker=cplusplus -fcxx-exceptions -analyzer-checker alpha.core.PointerArithm,alpha.core.CastToStruct -analyzer-max-loop 63 -verify %s
4 
5 // These tests used to hit an assertion in the bug report. Test case from http://llvm.org/PR24184.
6 typedef struct {
7   int cbData;
8   unsigned pbData;
9 } CRYPT_DATA_BLOB;
10 
11 typedef enum { DT_NONCE_FIXED } DATA_TYPE;
12 int a;
13 typedef int *vcreate_t(int *, DATA_TYPE, int, int);
fn1(unsigned,unsigned)14 void fn1(unsigned, unsigned) {
15   char b = 0;
16   for (; 1; a++, &b + a * 0)
17     ;
18 }
19 
20 vcreate_t fn2;
21 struct A {
22   CRYPT_DATA_BLOB value;
m_fn1A23   int m_fn1() {
24     int c;
25     value.pbData == 0;
26     fn1(0, 0);
27   }
28 };
29 struct B {
30   A IkeHashAlg;
31   A IkeGType;
32   A NoncePhase1_r;
33 };
34 class C {
35   int m_fn2(B *);
36   void m_fn3(B *, int, int, int);
37 };
m_fn2(B * p1)38 int C::m_fn2(B *p1) {
39   int *d;
40   int e = p1->IkeHashAlg.m_fn1();
41   unsigned f = p1->IkeGType.m_fn1(), h;
42   int g;
43   d = fn2(0, DT_NONCE_FIXED, (char)0, p1->NoncePhase1_r.value.cbData);
44   h = 0 | 0;
45   m_fn3(p1, 0, 0, 0);
46 }
47 
48 // case 2:
49 typedef struct {
50   int cbData;
51   unsigned char *pbData;
52 } CRYPT_DATA_BLOB_1;
53 typedef unsigned uint32_t;
fn1_1(void * p1,const void * p2)54 void fn1_1(void *p1, const void *p2) { p1 != p2; }
55 
fn2_1(uint32_t * p1,unsigned char * p2,uint32_t p3)56 void fn2_1(uint32_t *p1, unsigned char *p2, uint32_t p3) {
57   unsigned i = 0;
58   for (0; i < p3; i++)
59     fn1_1(p1 + i, p2 + i * 0);
60 }
61 
62 struct A_1 {
63   CRYPT_DATA_BLOB_1 value;
m_fn1A_164   uint32_t m_fn1() {
65     uint32_t a;
66     if (value.pbData)
67       fn2_1(&a, value.pbData, value.cbData);
68     return 0;
69   }
70 };
71 struct {
72   A_1 HashAlgId;
73 } *b;
fn3()74 void fn3() {
75   uint32_t c, d;
76   d = b->HashAlgId.m_fn1();
77   d << 0 | 0 | 0;
78   c = 0;
79   0 | 1 << 0 | 0 && b;
80 }
81 
82 // case 3:
83 struct ST {
84   char c;
85 };
86 char *p;
87 int foo1(ST);
foo2()88 int foo2() {
89   ST *p1 = (ST *)(p);      // expected-warning{{Casting a non-structure type to a structure type and accessing a field can lead to memory access errors or data corruption}}
90   while (p1->c & 0x0F || p1->c & 0x07)
91     p1 = p1 + foo1(*p1);
92 }
93 
foo3(int * node)94 int foo3(int *node) {
95   int i = foo2();
96   if (i)
97     return foo2();
98 }
99