head 1.1; branch 1.1.1; access; symbols netbsd-11-0-RC4:1.1.1.3 netbsd-11-0-RC3:1.1.1.3 netbsd-11-0-RC2:1.1.1.3 netbsd-11-0-RC1:1.1.1.3 perseant-exfatfs-base-20250801:1.1.1.3 netbsd-11:1.1.1.3.0.10 netbsd-11-base:1.1.1.3 netbsd-10-1-RELEASE:1.1.1.3 perseant-exfatfs-base-20240630:1.1.1.3 perseant-exfatfs:1.1.1.3.0.8 perseant-exfatfs-base:1.1.1.3 netbsd-8-3-RELEASE:1.1.1.1 netbsd-9-4-RELEASE:1.1.1.2 netbsd-10-0-RELEASE:1.1.1.3 netbsd-10-0-RC6:1.1.1.3 netbsd-10-0-RC5:1.1.1.3 netbsd-10-0-RC4:1.1.1.3 netbsd-10-0-RC3:1.1.1.3 netbsd-10-0-RC2:1.1.1.3 netbsd-10-0-RC1:1.1.1.3 netbsd-10:1.1.1.3.0.6 netbsd-10-base:1.1.1.3 netbsd-9-3-RELEASE:1.1.1.2 cjep_sun2x:1.1.1.3.0.4 cjep_sun2x-base:1.1.1.3 cjep_staticlib_x-base1:1.1.1.3 netbsd-9-2-RELEASE:1.1.1.2 cjep_staticlib_x:1.1.1.3.0.2 cjep_staticlib_x-base:1.1.1.3 netbsd-9-1-RELEASE:1.1.1.2 phil-wifi-20200421:1.1.1.3 phil-wifi-20200411:1.1.1.3 phil-wifi-20200406:1.1.1.3 netbsd-8-2-RELEASE:1.1.1.1 netbsd-9-0-RELEASE:1.1.1.2 netbsd-9-0-RC2:1.1.1.2 netbsd-9-0-RC1:1.1.1.2 netbsd-9:1.1.1.2.0.6 netbsd-9-base:1.1.1.2 phil-wifi-20190609:1.1.1.2 netbsd-8-1-RELEASE:1.1.1.1 netbsd-8-1-RC1:1.1.1.1 pgoyette-compat-merge-20190127:1.1.1.2 pgoyette-compat-20190127:1.1.1.2 pgoyette-compat-20190118:1.1.1.2 pgoyette-compat-1226:1.1.1.2 pgoyette-compat-1126:1.1.1.2 pgoyette-compat-1020:1.1.1.2 pgoyette-compat-0930:1.1.1.2 pgoyette-compat-0906:1.1.1.2 pgoyette-compat-0728:1.1.1.2 clang-337282:1.1.1.2 netbsd-8-0-RELEASE:1.1.1.1 phil-wifi:1.1.1.2.0.4 phil-wifi-base:1.1.1.2 pgoyette-compat-0625:1.1.1.2 netbsd-8-0-RC2:1.1.1.1 pgoyette-compat-0521:1.1.1.2 pgoyette-compat-0502:1.1.1.2 pgoyette-compat-0422:1.1.1.2 netbsd-8-0-RC1:1.1.1.1 pgoyette-compat-0415:1.1.1.2 pgoyette-compat-0407:1.1.1.2 pgoyette-compat-0330:1.1.1.2 pgoyette-compat-0322:1.1.1.2 pgoyette-compat-0315:1.1.1.2 pgoyette-compat:1.1.1.2.0.2 pgoyette-compat-base:1.1.1.2 clang-319952:1.1.1.2 matt-nb8-mediatek:1.1.1.1.0.12 matt-nb8-mediatek-base:1.1.1.1 clang-309604:1.1.1.2 perseant-stdc-iso10646:1.1.1.1.0.10 perseant-stdc-iso10646-base:1.1.1.1 netbsd-8:1.1.1.1.0.8 netbsd-8-base:1.1.1.1 prg-localcount2-base3:1.1.1.1 prg-localcount2-base2:1.1.1.1 prg-localcount2-base1:1.1.1.1 prg-localcount2:1.1.1.1.0.6 prg-localcount2-base:1.1.1.1 pgoyette-localcount-20170426:1.1.1.1 bouyer-socketcan-base1:1.1.1.1 pgoyette-localcount:1.1.1.1.0.4 pgoyette-localcount-20170320:1.1.1.1 clang-294123:1.1.1.1 bouyer-socketcan:1.1.1.1.0.2 bouyer-socketcan-base:1.1.1.1 clang-291444:1.1.1.1 LLVM:1.1.1; locks; strict; comment @// @; 1.1 date 2017.01.11.10.37.23; author joerg; state Exp; branches 1.1.1.1; next ; commitid CNnUNfII1jgNmxBz; 1.1.1.1 date 2017.01.11.10.37.23; author joerg; state Exp; branches 1.1.1.1.4.1; next 1.1.1.2; commitid CNnUNfII1jgNmxBz; 1.1.1.2 date 2017.08.01.19.34.40; author joerg; state Exp; branches 1.1.1.2.4.1; next 1.1.1.3; commitid pMuDy65V0VicSx1A; 1.1.1.3 date 2019.11.13.22.19.39; author joerg; state dead; branches; next ; commitid QD8YATxuNG34YJKB; 1.1.1.1.4.1 date 2017.01.11.10.37.23; author pgoyette; state dead; branches; next 1.1.1.1.4.2; commitid jjw7cAwgyKq7RfKz; 1.1.1.1.4.2 date 2017.03.20.06.52.48; author pgoyette; state Exp; branches; next ; commitid jjw7cAwgyKq7RfKz; 1.1.1.2.4.1 date 2020.04.13.07.46.50; author martin; state dead; branches; next ; commitid X01YhRUPVUDaec4C; desc @@ 1.1 log @Initial revision @ text @// RUN: %clang_cc1 -std=c++11 -Wno-array-bounds -analyze -analyzer-checker=unix,core,alpha.security.ArrayBoundV2 -verify %s // Tests doing an out-of-bounds access after the end of an array using: // - constant integer index // - constant integer size for buffer void test1(int x) { int *buf = new int[100]; buf[100] = 1; // expected-warning{{Out of bound memory access}} } void test1_ok(int x) { int *buf = new int[100]; buf[99] = 1; // no-warning } // Tests doing an out-of-bounds access after the end of an array using: // - indirect pointer to buffer // - constant integer index // - constant integer size for buffer void test1_ptr(int x) { int *buf = new int[100]; int *p = buf; p[101] = 1; // expected-warning{{Out of bound memory access}} } void test1_ptr_ok(int x) { int *buf = new int[100]; int *p = buf; p[99] = 1; // no-warning } // Tests doing an out-of-bounds access before the start of an array using: // - indirect pointer to buffer, manipulated using simple pointer arithmetic // - constant integer index // - constant integer size for buffer void test1_ptr_arith(int x) { int *buf = new int[100]; int *p = buf; p = p + 100; p[0] = 1; // expected-warning{{Out of bound memory access}} } void test1_ptr_arith_ok(int x) { int *buf = new int[100]; int *p = buf; p = p + 99; p[0] = 1; // no-warning } void test1_ptr_arith_bad(int x) { int *buf = new int[100]; int *p = buf; p = p + 99; p[1] = 1; // expected-warning{{Out of bound memory access}} } void test1_ptr_arith_ok2(int x) { int *buf = new int[100]; int *p = buf; p = p + 99; p[-1] = 1; // no-warning } // Tests doing an out-of-bounds access before the start of an array using: // - constant integer index // - constant integer size for buffer void test2(int x) { int *buf = new int[100]; buf[-1] = 1; // expected-warning{{Out of bound memory access}} } // Tests doing an out-of-bounds access before the start of an array using: // - indirect pointer to buffer // - constant integer index // - constant integer size for buffer void test2_ptr(int x) { int *buf = new int[100]; int *p = buf; p[-1] = 1; // expected-warning{{Out of bound memory access}} } // Tests doing an out-of-bounds access before the start of an array using: // - indirect pointer to buffer, manipulated using simple pointer arithmetic // - constant integer index // - constant integer size for buffer void test2_ptr_arith(int x) { int *buf = new int[100]; int *p = buf; --p; p[0] = 1; // expected-warning {{Out of bound memory access (accessed memory precedes memory block)}} } // Tests under-indexing // of a multi-dimensional array void test2_multi(int x) { auto buf = new int[100][100]; buf[0][-1] = 1; // expected-warning{{Out of bound memory access}} } // Tests under-indexing // of a multi-dimensional array void test2_multi_b(int x) { auto buf = new int[100][100]; buf[-1][0] = 1; // expected-warning{{Out of bound memory access}} } // Tests over-indexing // of a multi-dimensional array void test2_multi_c(int x) { auto buf = new int[100][100]; buf[100][0] = 1; // expected-warning{{Out of bound memory access}} } // Tests over-indexing // of a multi-dimensional array void test2_multi_2(int x) { auto buf = new int[100][100]; buf[99][100] = 1; // expected-warning{{Out of bound memory access}} } // Tests normal access of // a multi-dimensional array void test2_multi_ok(int x) { auto buf = new int[100][100]; buf[0][0] = 1; // no-warning } // Tests over-indexing using different types // array void test_diff_types(int x) { int *buf = new int[10]; //10*sizeof(int) Bytes allocated char *cptr = (char *)buf; cptr[sizeof(int) * 9] = 1; // no-warning cptr[sizeof(int) * 10] = 1; // expected-warning{{Out of bound memory access}} } // Tests over-indexing //if the allocated area is non-array void test_non_array(int x) { int *ip = new int; ip[0] = 1; // no-warning ip[1] = 2; // expected-warning{{Out of bound memory access}} } //Tests over-indexing //if the allocated area size is a runtime parameter void test_dynamic_size(int s) { int *buf = new int[s]; buf[0] = 1; // no-warning } //Tests complex arithmetic //in new expression void test_dynamic_size2(unsigned m,unsigned n){ unsigned *U = nullptr; U = new unsigned[m + n + 1]; } @ 1.1.1.1 log @Import Clang pre-4.0.0 r291444. @ text @@ 1.1.1.2 log @Import clang r309604 from branches/release_50 @ text @d1 1 a1 1 // RUN: %clang_analyze_cc1 -std=c++11 -Wno-array-bounds -analyzer-checker=unix,core,alpha.security.ArrayBoundV2 -verify %s @ 1.1.1.2.4.1 log @Mostly merge changes from HEAD upto 20200411 @ text @@ 1.1.1.3 log @Mark old LLVM instance as dead. @ text @@ 1.1.1.1.4.1 log @file out-of-bounds-new.cpp was added on branch pgoyette-localcount on 2017-03-20 06:52:48 +0000 @ text @d1 156 @ 1.1.1.1.4.2 log @Sync with HEAD @ text @a0 156 // RUN: %clang_cc1 -std=c++11 -Wno-array-bounds -analyze -analyzer-checker=unix,core,alpha.security.ArrayBoundV2 -verify %s // Tests doing an out-of-bounds access after the end of an array using: // - constant integer index // - constant integer size for buffer void test1(int x) { int *buf = new int[100]; buf[100] = 1; // expected-warning{{Out of bound memory access}} } void test1_ok(int x) { int *buf = new int[100]; buf[99] = 1; // no-warning } // Tests doing an out-of-bounds access after the end of an array using: // - indirect pointer to buffer // - constant integer index // - constant integer size for buffer void test1_ptr(int x) { int *buf = new int[100]; int *p = buf; p[101] = 1; // expected-warning{{Out of bound memory access}} } void test1_ptr_ok(int x) { int *buf = new int[100]; int *p = buf; p[99] = 1; // no-warning } // Tests doing an out-of-bounds access before the start of an array using: // - indirect pointer to buffer, manipulated using simple pointer arithmetic // - constant integer index // - constant integer size for buffer void test1_ptr_arith(int x) { int *buf = new int[100]; int *p = buf; p = p + 100; p[0] = 1; // expected-warning{{Out of bound memory access}} } void test1_ptr_arith_ok(int x) { int *buf = new int[100]; int *p = buf; p = p + 99; p[0] = 1; // no-warning } void test1_ptr_arith_bad(int x) { int *buf = new int[100]; int *p = buf; p = p + 99; p[1] = 1; // expected-warning{{Out of bound memory access}} } void test1_ptr_arith_ok2(int x) { int *buf = new int[100]; int *p = buf; p = p + 99; p[-1] = 1; // no-warning } // Tests doing an out-of-bounds access before the start of an array using: // - constant integer index // - constant integer size for buffer void test2(int x) { int *buf = new int[100]; buf[-1] = 1; // expected-warning{{Out of bound memory access}} } // Tests doing an out-of-bounds access before the start of an array using: // - indirect pointer to buffer // - constant integer index // - constant integer size for buffer void test2_ptr(int x) { int *buf = new int[100]; int *p = buf; p[-1] = 1; // expected-warning{{Out of bound memory access}} } // Tests doing an out-of-bounds access before the start of an array using: // - indirect pointer to buffer, manipulated using simple pointer arithmetic // - constant integer index // - constant integer size for buffer void test2_ptr_arith(int x) { int *buf = new int[100]; int *p = buf; --p; p[0] = 1; // expected-warning {{Out of bound memory access (accessed memory precedes memory block)}} } // Tests under-indexing // of a multi-dimensional array void test2_multi(int x) { auto buf = new int[100][100]; buf[0][-1] = 1; // expected-warning{{Out of bound memory access}} } // Tests under-indexing // of a multi-dimensional array void test2_multi_b(int x) { auto buf = new int[100][100]; buf[-1][0] = 1; // expected-warning{{Out of bound memory access}} } // Tests over-indexing // of a multi-dimensional array void test2_multi_c(int x) { auto buf = new int[100][100]; buf[100][0] = 1; // expected-warning{{Out of bound memory access}} } // Tests over-indexing // of a multi-dimensional array void test2_multi_2(int x) { auto buf = new int[100][100]; buf[99][100] = 1; // expected-warning{{Out of bound memory access}} } // Tests normal access of // a multi-dimensional array void test2_multi_ok(int x) { auto buf = new int[100][100]; buf[0][0] = 1; // no-warning } // Tests over-indexing using different types // array void test_diff_types(int x) { int *buf = new int[10]; //10*sizeof(int) Bytes allocated char *cptr = (char *)buf; cptr[sizeof(int) * 9] = 1; // no-warning cptr[sizeof(int) * 10] = 1; // expected-warning{{Out of bound memory access}} } // Tests over-indexing //if the allocated area is non-array void test_non_array(int x) { int *ip = new int; ip[0] = 1; // no-warning ip[1] = 2; // expected-warning{{Out of bound memory access}} } //Tests over-indexing //if the allocated area size is a runtime parameter void test_dynamic_size(int s) { int *buf = new int[s]; buf[0] = 1; // no-warning } //Tests complex arithmetic //in new expression void test_dynamic_size2(unsigned m,unsigned n){ unsigned *U = nullptr; U = new unsigned[m + n + 1]; } @