blob: 95175996e8274ed2d1885609d0d4d40b180ce445 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
|
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify -std=c99 -Dbool=_Bool -Wno-bool-conversion %s
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix.Malloc -verify -x c++ -Wno-bool-conversion %s
typedef __INTPTR_TYPE__ intptr_t;
char const *p;
void f0(void) {
char const str[] = "This will change";
p = str;
} // expected-warning@-1{{Address of stack memory associated with local variable 'str' is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}}
void f1(void) {
char const str[] = "This will change";
p = str;
p = 0; // no-warning
}
void f2(void) {
p = (const char *) __builtin_alloca(12);
} // expected-warning@-1{{Address of stack memory allocated by call to alloca() on line 19 is still referred to by the global variable 'p' upon returning to the caller. This will be a dangling reference}}
// PR 7383 - previously the stack address checker would crash on this example
// because it would attempt to do a direct load from 'pr7383_list'.
static int pr7383(__const char *__)
{
return 0;
}
extern __const char *__const pr7383_list[];
// Test that we catch multiple returns via globals when analyzing a function.
void test_multi_return(void) {
static int *a, *b;
int x;
a = &x;
b = &x;
} // expected-warning@-1{{Address of stack memory associated with local variable 'x' is still referred to by the static variable 'a' upon returning}} expected-warning@-1{{Address of stack memory associated with local variable 'x' is still referred to by the static variable 'b' upon returning}}
intptr_t returnAsNonLoc(void) {
int x;
return (intptr_t)&x; // expected-warning{{Address of stack memory associated with local variable 'x' returned to caller}} expected-warning{{address of stack memory associated with local variable 'x' returned}}
}
bool returnAsBool(void) {
int x;
return &x; // no-warning
}
void assignAsNonLoc(void) {
extern intptr_t ip;
int x;
ip = (intptr_t)&x;
} // expected-warning@-1{{Address of stack memory associated with local variable 'x' is still referred to by the global variable 'ip' upon returning}}
void assignAsBool(void) {
extern bool b;
int x;
b = &x;
} // no-warning
int *f(int* p __attribute__((lifetimebound)));
int *g() {
int i;
return f(&i); // expected-warning {{address of stack memory associated with local variable 'i' returned}}
}
int *f_no_lifetime_bound(int *p);
int *g_no_lifetime_bound() {
int i = 0;
return f_no_lifetime_bound(&i); // no-warning
}
struct child_stack_context_s {
int *p;
};
struct child_stack_context_s return_child_stack_context() {
struct child_stack_context_s s;
{
int a = 1;
s = (struct child_stack_context_s){ &a };
}
return s; // expected-warning {{Address of stack memory associated with local variable 'a' returned to caller}}
}
struct child_stack_context_s return_child_stack_context_field() {
struct child_stack_context_s s;
{
int a = 1;
s.p = &a;
}
return s; // expected-warning {{Address of stack memory associated with local variable 'a' returned to caller}}
}
|
