diff options
| author | Erik Pilkington <erik.pilkington@gmail.com> | 2019-03-18 19:23:45 +0000 |
|---|---|---|
| committer | Erik Pilkington <erik.pilkington@gmail.com> | 2019-03-18 19:23:45 +0000 |
| commit | 25d062ee4f1b683ccfeefb177d289eac901851cc (patch) | |
| tree | c615a23ae85936a1088992c6024f524b8e270665 /test/Analysis | |
| parent | 2bc6178db36348e53054ce2f5b7816da1bae580e (diff) | |
[Sema] Add some compile time _FORTIFY_SOURCE diagnostics
These diagnose overflowing calls to subset of fortifiable functions. Some
functions, like sprintf or strcpy aren't supported right not, but we should
probably support these in the future. We previously supported this kind of
functionality with -Wbuiltin-memcpy-chk-size, but that diagnostic doesn't work
with _FORTIFY implementations that use wrapper functions. Also unlike that
diagnostic, we emit these warnings regardless of whether _FORTIFY_SOURCE is
actually enabled, which is nice for programs that don't enable the runtime
checks.
Why not just use diagnose_if, like Bionic does? We can get better diagnostics in
the compiler (i.e. mention the sizes), and we have the potential to diagnose
sprintf and strcpy which is impossible with diagnose_if (at least, in languages
that don't support C++14 constexpr). This approach also saves standard libraries
from having to add diagnose_if.
rdar://48006655
Differential revision: https://reviews.llvm.org/D58797
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@356397 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/Analysis')
| -rw-r--r-- | test/Analysis/bstring.c | 13 | ||||
| -rw-r--r-- | test/Analysis/null-deref-ps-region.c | 2 | ||||
| -rw-r--r-- | test/Analysis/pr22954.c | 4 | ||||
| -rw-r--r-- | test/Analysis/string.c | 10 |
4 files changed, 22 insertions, 7 deletions
diff --git a/test/Analysis/bstring.c b/test/Analysis/bstring.c index 0fb807dc55..f472a3e011 100644 --- a/test/Analysis/bstring.c +++ b/test/Analysis/bstring.c @@ -72,7 +72,10 @@ void memcpy2 () { char src[] = {1, 2, 3, 4}; char dst[1]; - memcpy(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}} + memcpy(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}} +#ifndef VARIANT + // expected-warning@-2{{memcpy' will always overflow; destination buffer has size 1, but size argument is 4}} +#endif } void memcpy3 () { @@ -94,6 +97,9 @@ void memcpy5() { char dst[3]; memcpy(dst+2, src+2, 2); // expected-warning{{Memory copy function overflows destination buffer}} +#ifndef VARIANT + // expected-warning@-2{{memcpy' will always overflow; destination buffer has size 1, but size argument is 2}} +#endif } void memcpy6() { @@ -351,7 +357,10 @@ void memmove2 () { char src[] = {1, 2, 3, 4}; char dst[1]; - memmove(dst, src, 4); // expected-warning{{overflow}} + memmove(dst, src, 4); // expected-warning{{Memory copy function overflows destination buffer}} +#ifndef VARIANT + // expected-warning@-2{{memmove' will always overflow; destination buffer has size 1, but size argument is 4}} +#endif } //===----------------------------------------------------------------------=== diff --git a/test/Analysis/null-deref-ps-region.c b/test/Analysis/null-deref-ps-region.c index f5e6956ff7..2bc338cd3f 100644 --- a/test/Analysis/null-deref-ps-region.c +++ b/test/Analysis/null-deref-ps-region.c @@ -51,7 +51,7 @@ void testHeapSymbol() { void testStackArrayOutOfBound() { char buf[1]; - memset(buf, 0, 1024); // expected-warning {{Memory set function accesses out-of-bound array element}} + memset(buf, 0, 1024); // expected-warning {{Memory set function accesses out-of-bound array element}} expected-warning {{'memset' will always overflow; destination buffer has size 1, but size argument is 1024}} } void testHeapSymbolOutOfBound() { diff --git a/test/Analysis/pr22954.c b/test/Analysis/pr22954.c index 6d5b04417a..e88acdc29d 100644 --- a/test/Analysis/pr22954.c +++ b/test/Analysis/pr22954.c @@ -303,7 +303,7 @@ int f18() { i18.j = 11; i18.s2 = strdup("hello"); char input[100] = {3}; - memcpy(i18.s1, input, 100); + memcpy(i18.s1, input, 100); // expected-warning {{'memcpy' will always overflow; destination buffer has size 24, but size argument is 100}} clang_analyzer_eval(i18.s1[0] == 1); // expected-warning{{UNKNOWN}}\ expected-warning{{Potential leak of memory pointed to by 'i18.s2'}} clang_analyzer_eval(i18.s1[1] == 2); // expected-warning{{UNKNOWN}} @@ -534,7 +534,7 @@ int f262() { struct aa a262 = {{1, 2, 3, 4}, 0}; a262.s2 = strdup("hello"); char input[] = {'a', 'b', 'c', 'd'}; - memcpy(a262.s1, input, -1); + memcpy(a262.s1, input, -1); // expected-warning{{'memcpy' will always overflow; destination buffer has size 16, but size argument is 18446744073709551615}} clang_analyzer_eval(a262.s1[0] == 1); // expected-warning{{UNKNOWN}}\ expected-warning{{Potential leak of memory pointed to by 'a262.s2'}} clang_analyzer_eval(a262.s1[1] == 1); // expected-warning{{UNKNOWN}} diff --git a/test/Analysis/string.c b/test/Analysis/string.c index 024e224a2b..4cb2e6c787 100644 --- a/test/Analysis/string.c +++ b/test/Analysis/string.c @@ -517,12 +517,18 @@ void strncpy_overflow(char *y) { char x[4]; if (strlen(y) == 4) strncpy(x, y, 5); // expected-warning{{Size argument is greater than the length of the destination buffer}} +#ifndef VARIANT + // expected-warning@-2{{size argument is too large; destination buffer has size 4, but size argument is 5}} +#endif } void strncpy_no_overflow(char *y) { char x[4]; if (strlen(y) == 3) strncpy(x, y, 5); // expected-warning{{Size argument is greater than the length of the destination buffer}} +#ifndef VARIANT + // expected-warning@-2{{size argument is too large; destination buffer has size 4, but size argument is 5}} +#endif } void strncpy_no_overflow2(char *y, int n) { @@ -1247,7 +1253,7 @@ void memset6_char_array_nonnull() { void memset8_char_array_nonnull() { char str[5] = "abcd"; clang_analyzer_eval(strlen(str) == 4); // expected-warning{{TRUE}} - memset(str, '0', 10); + memset(str, '0', 10); // expected-warning{{'memset' will always overflow; destination buffer has size 5, but size argument is 10}} clang_analyzer_eval(str[0] != '0'); // expected-warning{{UNKNOWN}} clang_analyzer_eval(strlen(str) >= 10); // expected-warning{{TRUE}} clang_analyzer_eval(strlen(str) < 10); // expected-warning{{FALSE}} @@ -1284,7 +1290,7 @@ void memset12_struct_field() { struct POD_memset pod; pod.num = 1; pod.c = '1'; - memset(&pod.c, 0, sizeof(struct POD_memset)); + memset(&pod.c, 0, sizeof(struct POD_memset)); // expected-warning {{'memset' will always overflow; destination buffer has size 4, but size argument is 8}} clang_analyzer_eval(pod.num == 0); // expected-warning{{UNKNOWN}} clang_analyzer_eval(pod.c == 0); // expected-warning{{UNKNOWN}} } |