[analyzer] Add checks for common anti-patterns in strncat.

(Since this is syntax only, might be a good candidate for turning into a
compiler warning.)

llvm-svn: 149407

1 files changed, 13 insertions, 0 deletions

diff --git a/clang/test/Analysis/cstring-syntax.c b/clang/test/Analysis/cstring-syntax.c
new file mode 100644
index 00000000000..b6e898bcc82
--- /dev/null
+++ b/clang/test/Analysis/cstring-syntax.c
@@ -0,0 +1,13 @@
+// RUN: %clang_cc1 -analyze -analyzer-checker=experimental.unix.cstring.BadSizeArg -analyzer-store=region -Wno-strlcpy-strlcat-size -Wno-sizeof-array-argument -Wno-sizeof-pointer-memaccess -verify %s
+
+typedef __SIZE_TYPE__ size_t;
+char  *strncat(char *, const char *, size_t);
+size_t strlen (const char *s);
+
+void testStrncat(const char *src) {
+  char dest[10];
+  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // expected-warning {{Potential buffer overflow. Replace with 'sizeof(dest) - strlen(dest) - 1' or use a safer 'strlcat' API}}
+  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning {{Potential buffer overflow. Replace with}}
+  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning {{Potential buffer overflow. Replace with}}
+  strncat(dest, src, sizeof(src)); // expected-warning {{Potential buffer overflow. Replace with}}
+}