================
@@ -0,0 +1,51 @@
+// RUN: %clang_analyze_cc1 -std=c++11 -Wno-array-bounds -analyzer-config
unroll-loops=true -analyzer-config security.ArrayBound:AggressiveReport=true
-analyzer-checker=unix,core,security.ArrayBound -verify %s
+
+// Test the interactions of `security.ArrayBound` with C++ features.
+
+void test_tainted_index_local() {
+ int arr[10];
+ unsigned index = 10;
+ arr[index] = 7;
+ // expected-warning@-1{{Out of bound access to memory after the end of
'arr'}}
+}
+
+void test_tainted_index_local_range() {
+ int arr[10];
+ for (unsigned index = 0; index < 11; index++)
+ arr[index] = index;
+ // expected-warning@-1{{Out of bound access to memory after the end of
'arr'}}
+}
+
+void test_tainted_index1(unsigned index) {
+ int arr[10];
+ if (index < 12)
+ arr[index] = index;
+ // expected-warning@-1{{Potential out of bound access to 'arr' with tainted
offset}}
+ if (index == 12)
+ arr[index] = index;
+ // expected-warning@-1{{Out of bound access to memory after the end of
'arr'}}
+}
+
+void test_tainted_index2(unsigned index) {
+ int arr[10];
+ if (index < 12)
+ arr[index] = index;
+ // expected-warning@-1{{Potential out of bound access to 'arr' with tainted
offset}}
----------------
ziqingluo-90 wrote:
It'd be great to add some coverage of good cases. E.g., adding a case for `if
(0 <= index && index < 10)` here.
https://github.com/llvm/llvm-project/pull/161723
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
