diff options
Diffstat (limited to 'clang/test/Analysis/taint-generic.c')
| -rw-r--r-- | clang/test/Analysis/taint-generic.c | 41 | 
1 files changed, 34 insertions, 7 deletions
| diff --git a/clang/test/Analysis/taint-generic.c b/clang/test/Analysis/taint-generic.c index a23d20f79f0..fd9884d3fa8 100644 --- a/clang/test/Analysis/taint-generic.c +++ b/clang/test/Analysis/taint-generic.c @@ -3,6 +3,26 @@  int scanf(const char *restrict format, ...);  int getchar(void); +typedef struct _FILE FILE; +extern FILE *stdin; +int fscanf(FILE *restrict stream, const char *restrict format, ...); +int sprintf(char *str, const char *format, ...); +void setproctitle(const char *fmt, ...); +typedef __typeof(sizeof(int)) size_t; + +// Define string functions. Use builtin for some of them. They all default to +// the processing in the taint checker. +#define strcpy(dest, src) \ +  ((__builtin_object_size(dest, 0) != -1ULL) \ +   ? __builtin___strcpy_chk (dest, src, __builtin_object_size(dest, 1)) \ +   : __inline_strcpy_chk(dest, src)) + +static char *__inline_strcpy_chk (char *dest, const char *src) { +  return __builtin___strcpy_chk(dest, src, __builtin_object_size(dest, 1)); +} +char *stpcpy(char *restrict s1, const char *restrict s2); +char *strncpy( char * destination, const char * source, size_t num ); +  #define BUFSIZE 10  int Buffer[BUFSIZE]; @@ -47,16 +67,23 @@ void bufferGetchar(int x) {    Buffer[m] = 1;  //expected-warning {{Out of bound memory access }}  } -typedef struct _FILE FILE; -extern FILE *stdin; -int fscanf(FILE *restrict stream, const char *restrict format, ...); -int sprintf(char *str, const char *format, ...); -void setproctitle(const char *fmt, ...); - -void testUncontrolledFormatString() { +void testUncontrolledFormatString(char **p) {    char s[80];    fscanf(stdin, "%s", s);    char buf[128];    sprintf(buf,s); // expected-warning {{Uncontrolled Format String}}    setproctitle(s, 3); // expected-warning {{Uncontrolled Format String}} + +  // Test taint propagation through strcpy and family. +  char scpy[80]; +  strcpy(scpy, s); +  sprintf(buf,scpy); // expected-warning {{Uncontrolled Format String}} + +  char spcpy[80]; +  stpcpy(spcpy, s); +  setproctitle(spcpy, 3); // expected-warning {{Uncontrolled Format String}} + +  char sncpy[80]; +  strncpy(sncpy, s, 20); +  setproctitle(sncpy, 3); // expected-warning {{Uncontrolled Format String}}  } | 

