pghs975uc
/
infer_clone
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd9fb7b3004'
${ noResults }
infer_clone/infer/tests/codetoanalyze/c/bufferoverrun/models.c

148 lines
2.2 KiB
Raw Normal View History Unescape

[inferbo] Models for exit, fgetc Summary: - model `exit` as `Bottom` - model `fgetc` as returning `[-1; 255]` rather than `[-1; +oo]` - reduced the number of model functions for simple models Reviewed By: KihongHeo Differential Revision: D5137485 fbshipit-source-id: 943eeeb
8 years ago
/*
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
* Copyright (c) 2017-present, Facebook, Inc.
[inferbo] Models for exit, fgetc Summary: - model `exit` as `Bottom` - model `fgetc` as returning `[-1; 255]` rather than `[-1; +oo]` - reduced the number of model functions for simple models Reviewed By: KihongHeo Differential Revision: D5137485 fbshipit-source-id: 943eeeb
8 years ago
*
Change license to MIT Summary: Change the license of the source code from BSD + PATENTS to MIT. Change `checkCopyright` to reflect the new license and learn some new file types. Generated with: ``` git grep BSD | xargs -n 1 ./scripts/checkCopyright -i ``` Reviewed By: jeremydubreil, mbouaziz, jberdine Differential Revision: D8071249 fbshipit-source-id: 97ca23a
7 years ago
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
[inferbo] Models for exit, fgetc Summary: - model `exit` as `Bottom` - model `fgetc` as returning `[-1; 255]` rather than `[-1; +oo]` - reduced the number of model functions for simple models Reviewed By: KihongHeo Differential Revision: D5137485 fbshipit-source-id: 943eeeb
8 years ago
*/
#include <stdio.h>
#include <stdlib.h>
[inferbo] Add warnings and errors for unreachable code Summary: Warnings for conditions always true/false Errors for other unreachable statements (should help debugging inferbo) Reviewed By: sblackshear Differential Revision: D5047883 fbshipit-source-id: 65a78ca
8 years ago
void exit_bo_good_unreachable_bad() {
[inferbo] Models for exit, fgetc Summary: - model `exit` as `Bottom` - model `fgetc` as returning `[-1; 255]` rather than `[-1; +oo]` - reduced the number of model functions for simple models Reviewed By: KihongHeo Differential Revision: D5137485 fbshipit-source-id: 943eeeb
8 years ago
int arr[1];
exit(1);
[inferbo] Add warnings and errors for unreachable code Summary: Warnings for conditions always true/false Errors for other unreachable statements (should help debugging inferbo) Reviewed By: sblackshear Differential Revision: D5047883 fbshipit-source-id: 65a78ca
8 years ago
// unreachable so no buffer overrun
[inferbo] Models for exit, fgetc Summary: - model `exit` as `Bottom` - model `fgetc` as returning `[-1; 255]` rather than `[-1; +oo]` - reduced the number of model functions for simple models Reviewed By: KihongHeo Differential Revision: D5137485 fbshipit-source-id: 943eeeb
8 years ago
arr[42] = 42;
}
void fgetc_m1_bad(FILE* f) {
int arr[10000];
int c = fgetc(f);
arr[c] = 42;
}
void fgetc_255_bad(FILE* f) {
int arr[255];
int c = fgetc(f);
if (c >= 0) {
arr[c] = 42;
}
}
void fgetc_256_good(FILE* f) {
int arr[256];
int c = fgetc(f);
if (c >= 0) {
arr[c] = 42;
}
}
[inferbo] Replace buckets with issue types Reviewed By: skcho Differential Revision: D5975948 fbshipit-source-id: 92a7188
7 years ago
void fgetc_256_bad(FILE* f) {
int arr[256];
int c = fgetc(f);
arr[c + 1] = 42;
}
[inferbo] Models for exit, fgetc Summary: - model `exit` as `Bottom` - model `fgetc` as returning `[-1; 255]` rather than `[-1; +oo]` - reduced the number of model functions for simple models Reviewed By: KihongHeo Differential Revision: D5137485 fbshipit-source-id: 943eeeb
8 years ago
void fgetc_257_good(FILE* f) {
int arr[257];
int c = fgetc(f);
arr[c + 1] = 42;
}
Added model for memcpy C function to inferBO Reviewed By: mbouaziz Differential Revision: D9768893 fbshipit-source-id: b0e2ed894
6 years ago
void memcpy_bad1() {
int arr1[10];
int arr2[20];
memcpy(arr1, arr2, 44);
}
void memcpy_bad2() {
int arr1[10];
int arr2[20];
memcpy(arr2, arr1, 44);
}
void memcpy_bad3() {
int arr1[10];
int arr2[20];
memcpy(arr1, arr2, -1);
}
void memcpy_bad4() {
int src[1];
int buff[1];
int* dst = &buff[0];
memcpy(dst, src, sizeof(dst));
}
void memcpy_good1() {
int arr1[10];
int arr2[20];
memcpy(arr2, arr1, 40);
}
void memcpy_good2() {
int arr1[10];
int arr2[20];
memcpy(arr2, arr1, 0);
}
void memcpy_good3() {
int arr1[10];
int arr2[20];
memcpy(arr2, arr1, 20);
}
void memcpy_good4() {
int src[3];
int dst[3];
memcpy(dst, src, sizeof(dst));
}
Wired up model for memmove which is identical to memcopy Reviewed By: skcho Differential Revision: D9810324 fbshipit-source-id: d06d411db
6 years ago
void memmove_bad1() {
int arr1[10];
int arr2[20];
memmove(arr1, arr2, 44);
}
void memmove_bad2() {
int arr1[10];
int arr2[20];
memmove(arr2, arr1, 44);
}
void memmove_bad3() {
int arr1[10];
int arr2[20];
memmove(arr1, arr2, -1);
}
void memmove_bad4() {
int src[1];
int buff[1];
int* dst = &buff[0];
memmove(dst, src, sizeof(dst));
}
void memmove_good1() {
int arr1[10];
int arr2[20];
memmove(arr2, arr1, 40);
}
void memmove_good2() {
int arr1[10];
int arr2[20];
memmove(arr2, arr1, 0);
}
void memmove_good3() {
int arr1[10];
int arr2[20];
memmove(arr2, arr1, 20);
}
void memmove_good4() {
int src[3];
int dst[3];
memmove(dst, src, sizeof(dst));
}