summaryrefslogtreecommitdiffstats
path: root/clang/test/Analysis/taint-generic.c
diff options
context:
space:
mode:
Diffstat (limited to 'clang/test/Analysis/taint-generic.c')
-rw-r--r--clang/test/Analysis/taint-generic.c37
1 files changed, 37 insertions, 0 deletions
diff --git a/clang/test/Analysis/taint-generic.c b/clang/test/Analysis/taint-generic.c
index 8e8226b0e86..8efed66dacb 100644
--- a/clang/test/Analysis/taint-generic.c
+++ b/clang/test/Analysis/taint-generic.c
@@ -169,6 +169,43 @@ void testSocket() {
sock = socket(AF_LOCAL, SOCK_STREAM, 0);
read(sock, buffer, 100);
execl(buffer, "filename", 0); // no-warning
+
+ sock = socket(AF_INET, SOCK_STREAM, 0);
+ // References to both buffer and &buffer as an argument should taint the argument
+ read(sock, &buffer, 100);
+ execl(buffer, "filename", 0); // expected-warning {{Untrusted data is passed to a system call}}
+}
+
+void testStruct() {
+ struct {
+ char buf[16];
+ int length;
+ } tainted;
+
+ char buffer[16];
+ int sock;
+
+ sock = socket(AF_INET, SOCK_STREAM, 0);
+ read(sock, &tainted, sizeof(tainted));
+ __builtin_memcpy(buffer, tainted.buf, tainted.length); // expected-warning {{Untrusted data is used to specify the buffer size}}
+}
+
+void testStructArray() {
+ struct {
+ char buf[16];
+ struct {
+ int length;
+ } st[1];
+ } tainted;
+
+ char buffer[16];
+ int sock;
+
+ sock = socket(AF_INET, SOCK_STREAM, 0);
+ read(sock, &tainted.buf[0], sizeof(tainted.buf));
+ read(sock, &tainted.st[0], sizeof(tainted.st));
+ // FIXME: tainted.st[0].length should be marked tainted
+ __builtin_memcpy(buffer, tainted.buf, tainted.st[0].length); // no-warning
}
int testDivByZero() {
OpenPOWER on IntegriCloud