From b2e03b173493cbc75b2861f04dad4d3357236c6e Mon Sep 17 00:00:00 2001 From: Mehdi Bouaziz Date: Wed, 31 May 2017 02:53:29 -0700 Subject: [PATCH] [inferbo] New test for call by ptr/ref Reviewed By: jvillard Differential Revision: D5139433 fbshipit-source-id: 11713d4 --- .../c/bufferoverrun/function_call.c | 18 +++++++++++++ .../codetoanalyze/c/bufferoverrun/issues.exp | 1 + .../cpp/bufferoverrun/function_call.cpp | 26 +++++++++++++++++++ .../cpp/bufferoverrun/issues.exp | 1 + 4 files changed, 46 insertions(+) create mode 100644 infer/tests/codetoanalyze/cpp/bufferoverrun/function_call.cpp diff --git a/infer/tests/codetoanalyze/c/bufferoverrun/function_call.c b/infer/tests/codetoanalyze/c/bufferoverrun/function_call.c index fe4d92d47..466d586da 100644 --- a/infer/tests/codetoanalyze/c/bufferoverrun/function_call.c +++ b/infer/tests/codetoanalyze/c/bufferoverrun/function_call.c @@ -24,3 +24,21 @@ void function_call() { char* p = malloc(10); arr_access(arr, p, 20); } + +void ptr_set_to_zero(int* x) { + *x = 0; +} + +void call_by_ptr_good_FP() { + int arr[10]; + int i = 99; + ptr_set_to_zero(&i); + arr[i] = 123; +} + +void call_by_ptr_bad_FN() { + int arr[10]; + int i = 5; + ptr_set_to_zero(&i); + arr[i - 1] = 123; +} diff --git a/infer/tests/codetoanalyze/c/bufferoverrun/issues.exp b/infer/tests/codetoanalyze/c/bufferoverrun/issues.exp index 902540e50..1a886422f 100644 --- a/infer/tests/codetoanalyze/c/bufferoverrun/issues.exp +++ b/infer/tests/codetoanalyze/c/bufferoverrun/issues.exp @@ -3,6 +3,7 @@ codetoanalyze/c/bufferoverrun/break_continue_return.c, break_continue_return, 16 codetoanalyze/c/bufferoverrun/do_while.c, do_while, 2, BUFFER_OVERRUN, [Offset: [0, +oo] Size: [10, 10] @ codetoanalyze/c/bufferoverrun/do_while.c:18:5 by call `do_while_sub()` ] codetoanalyze/c/bufferoverrun/do_while.c, do_while, 3, BUFFER_OVERRUN, [Offset: [0, +oo] Size: [10, 10] @ codetoanalyze/c/bufferoverrun/do_while.c:18:5 by call `do_while_sub()` ] codetoanalyze/c/bufferoverrun/for_loop.c, for_loop, 10, BUFFER_OVERRUN, [Offset: [0, 9] Size: [5, 10] @ codetoanalyze/c/bufferoverrun/for_loop.c:38:5] +codetoanalyze/c/bufferoverrun/function_call.c, call_by_ptr_good_FP, 4, BUFFER_OVERRUN, [Offset: [99, 99] Size: [10, 10] @ codetoanalyze/c/bufferoverrun/function_call.c:36:3] codetoanalyze/c/bufferoverrun/function_call.c, function_call, 4, BUFFER_OVERRUN, [Offset: [20, 20] Size: [10, 10] @ codetoanalyze/c/bufferoverrun/function_call.c:18:3 by call `arr_access()` ] codetoanalyze/c/bufferoverrun/function_call.c, function_call, 4, BUFFER_OVERRUN, [Offset: [100, 100] Size: [10, 10] @ codetoanalyze/c/bufferoverrun/function_call.c:17:3 by call `arr_access()` ] codetoanalyze/c/bufferoverrun/global.c, compare_global_variable_bad, 3, BUFFER_OVERRUN, [Offset: [10, 10] Size: [10, 10] @ codetoanalyze/c/bufferoverrun/global.c:14:5] diff --git a/infer/tests/codetoanalyze/cpp/bufferoverrun/function_call.cpp b/infer/tests/codetoanalyze/cpp/bufferoverrun/function_call.cpp new file mode 100644 index 000000000..9bf80bfbc --- /dev/null +++ b/infer/tests/codetoanalyze/cpp/bufferoverrun/function_call.cpp @@ -0,0 +1,26 @@ +/* + * Copyright (c) 2017 - present Facebook, Inc. + * All rights reserved. + * + * This source code is licensed under the BSD style license found in the + * LICENSE file in the root directory of this source tree. An additional grant + * of patent rights can be found in the PATENTS file in the same directory. + */ + +void ref_set_to_zero(int& x) { + x = 0; +} + +void call_by_ref_good_FP() { + int arr[10]; + int i = 99; + ref_set_to_zero(i); + arr[i] = 123; +} + +void call_by_ref_bad_FN() { + int arr[10]; + int i = 5; + ref_set_to_zero(i); + arr[i - 1] = 123; +} diff --git a/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp b/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp index 3c487eafe..98ec2f151 100644 --- a/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp +++ b/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp @@ -1,3 +1,4 @@ +codetoanalyze/cpp/bufferoverrun/function_call.cpp, call_by_ref_good_FP, 4, BUFFER_OVERRUN, [Offset: [99, 99] Size: [10, 10] @ codetoanalyze/cpp/bufferoverrun/function_call.cpp:18:3] codetoanalyze/cpp/bufferoverrun/simple_vector.cpp, instantiate_my_vector_oob_Ok, 3, BUFFER_OVERRUN, [Offset: [-oo, +oo] Size: [0, +oo] @ codetoanalyze/cpp/bufferoverrun/simple_vector.cpp:21:23 by call `my_vector_oob_Bad()` ] codetoanalyze/cpp/bufferoverrun/simple_vector.cpp, my_vector_oob_Bad, 2, BUFFER_OVERRUN, [Offset: [s$6, s$7] Size: [s$6, s$7] @ codetoanalyze/cpp/bufferoverrun/simple_vector.cpp:21:23 by call `int_vector_access_at()` ] codetoanalyze/cpp/bufferoverrun/trivial.cpp, trivial, 2, BUFFER_OVERRUN, [Offset: [10, 10] Size: [10, 10] @ codetoanalyze/cpp/bufferoverrun/trivial.cpp:15:3]