caio/clang-p2996
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dda73336ad22bd0b5ecda17040c50fb10fcbe5fb
clang-p2996/clang/test/Analysis/bstring_UninitRead.c
Shivam bd1917c88a [analyzer] Done some changes to detect Uninitialized read by the char array manipulation functions 
Few weeks back I was experimenting with reading the uninitialized values from src , which is actually a bug but the CSA seems to give up at that point . I was curious about that and I pinged @steakhal on the discord and according to him this seems to be a genuine issue and needs to be fix. So I goes with fixing this bug and thanks to @steakhal who help me creating this patch. This feature seems to break some tests but this was the genuine problem and the broken tests also needs to fix in certain manner. I add a test but yeah we need more tests,I'll try to add more tests.Thanks

Reviewed By: steakhal, NoQ

Differential Revision: https://reviews.llvm.org/D120489
2022-03-03 23:21:26 +05:30

60 lines
1.9 KiB
C
Raw Blame History

// RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core,alpha.unix.cstring
// This file is generally for the alpha.unix.cstring.UninitializedRead Checker, the reason for putting it into
// the separate file because the checker is break the some existing test cases in bstring.c file , so we don't
// wanna mess up with some existing test case so it's better to create separate file for it, this file also include
// the broken test for the reference in future about the broken tests.
typedef typeof(sizeof(int)) size_t;
void clang_analyzer_eval(int);
void *memcpy(void *restrict s1, const void *restrict s2, size_t n);
void top(char *dst) {
char buf[10];
memcpy(dst, buf, 10); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
(void)buf;
}
//===----------------------------------------------------------------------===
// mempcpy()
//===----------------------------------------------------------------------===
void *mempcpy(void *restrict s1, const void *restrict s2, size_t n);
void mempcpy14() {
int src[] = {1, 2, 3, 4};
int dst[5] = {0};
int *p;
p = mempcpy(dst, src, 4 * sizeof(int)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
// FIXME: This behaviour is actually surprising and needs to be fixed,
// mempcpy seems to consider the very last byte of the src buffer uninitialized
// and returning undef unfortunately. It should have returned unknown or a conjured value instead.
clang_analyzer_eval(p == &dst[4]); // no-warning (above is fatal)
}
struct st {
int i;
int j;
};
void mempcpy15() {
struct st s1 = {0};
struct st s2;
struct st *p1;
struct st *p2;
p1 = (&s2) + 1;
p2 = mempcpy(&s2, &s1, sizeof(struct st)); // expected-warning{{Bytes string function accesses uninitialized/garbage values}}
// FIXME: It seems same as mempcpy14() case.
clang_analyzer_eval(p1 == p2); // no-warning (above is fatal)
}
Reference in New Issue View Git Blame Copy Permalink