diff options
| author | Artem Dergachev <artem.dergachev@gmail.com> | 2018-03-30 19:27:42 +0000 |
|---|---|---|
| committer | Artem Dergachev <artem.dergachev@gmail.com> | 2018-03-30 19:27:42 +0000 |
| commit | 95f9a68b1f8fa4d9a93b8eb5abc5c5c9bc58ee5b (patch) | |
| tree | 8efbecd374834a29c231fab1f3209e5832ccf226 /clang/test/Analysis/null-deref-path-notes.c | |
| parent | 6a5cd5e1cad601bfe3785654f6bbdfe81844bc07 (diff) | |
| download | bcm5719-llvm-95f9a68b1f8fa4d9a93b8eb5abc5c5c9bc58ee5b.tar.gz bcm5719-llvm-95f9a68b1f8fa4d9a93b8eb5abc5c5c9bc58ee5b.zip | |
[analyzer] Track null or undef values through pointer arithmetic.
Pointer arithmetic on null or undefined pointers results in null or undefined
pointers. This is obvious for undefined pointers; for null pointers it follows
from our incorrect-but-somehow-working approach that declares that 0 (Loc)
doesn't necessarily represent a pointer of numeric address value 0, but instead
it represents any pointer that will cause a valid "null pointer dereference"
issue when dereferenced.
For now we've been seeing through pointer arithmetic at the original dereference
expression, i.e. in bugreporter::getDerefExpr(), but not during further
investigation of the value's origins in bugreporter::trackNullOrUndefValue().
The patch fixes it.
Differential Revision: https://reviews.llvm.org/D45071
llvm-svn: 328896
Diffstat (limited to 'clang/test/Analysis/null-deref-path-notes.c')
| -rw-r--r-- | clang/test/Analysis/null-deref-path-notes.c | 45 |
1 files changed, 44 insertions, 1 deletions
diff --git a/clang/test/Analysis/null-deref-path-notes.c b/clang/test/Analysis/null-deref-path-notes.c index a1477a6226a..3fd559df294 100644 --- a/clang/test/Analysis/null-deref-path-notes.c +++ b/clang/test/Analysis/null-deref-path-notes.c @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -w -x c -analyzer-checker=core -analyzer-output=text -verify %s +// RUN: %clang_analyze_cc1 -w -x c -analyzer-checker=core,unix -analyzer-output=text -verify %s // Avoid the crash when finding the expression for tracking the origins // of the null pointer for path notes. @@ -7,3 +7,46 @@ void pr34373() { (a + 0)[0]; // expected-warning{{Array access results in a null pointer dereference}} // expected-note@-1{{Array access results in a null pointer dereference}} } + +typedef __typeof(sizeof(int)) size_t; +void *memcpy(void *dest, const void *src, unsigned long count); + +void f1(char *source) { + char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}} + memcpy(destination + 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} + // expected-note@-1{{Null pointer argument in call to memory copy function}} +} + +void f2(char *source) { + char *destination = 0; // expected-note{{'destination' initialized to a null pointer value}} + memcpy(destination - 0, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} + // expected-note@-1{{Null pointer argument in call to memory copy function}} +} + +void f3(char *source) { + char *destination = 0; // FIXME: There should be a note here as well. + destination = destination + 0; // expected-note{{Null pointer value stored to 'destination'}} + memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} + // expected-note@-1{{Null pointer argument in call to memory copy function}} +} + +void f4(char *source) { + char *destination = 0; // FIXME: There should be a note here as well. + destination = destination - 0; // expected-note{{Null pointer value stored to 'destination'}} + memcpy(destination, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} + // expected-note@-1{{Null pointer argument in call to memory copy function}} +} + +void f5(char *source) { + char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}} + char *destination2 = destination1 + 0; // expected-note{{'destination2' initialized to a null pointer value}} + memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} + // expected-note@-1{{Null pointer argument in call to memory copy function}} +} + +void f6(char *source) { + char *destination1 = 0; // expected-note{{'destination1' initialized to a null pointer value}} + char *destination2 = destination1 - 0; // expected-note{{'destination2' initialized to a null pointer value}} + memcpy(destination2, source, 10); // expected-warning{{Null pointer argument in call to memory copy function}} + // expected-note@-1{{Null pointer argument in call to memory copy function}} +} |
