From b3bfa8100b141fefa296442b448aee87f9995caf Mon Sep 17 00:00:00 2001 From: Sungkeun Cho Date: Thu, 8 Nov 2018 03:13:43 -0800 Subject: [PATCH] [inferbo] Add test Summary: There is a bug on the instantiation of function parameters. Reviewed By: mbouaziz Differential Revision: D12973691 fbshipit-source-id: ca7fbc4e6 --- .../codetoanalyze/cpp/bufferoverrun/class.cpp | 34 +++++++++++++++++++ .../cpp/bufferoverrun/issues.exp | 4 +++ 2 files changed, 38 insertions(+) diff --git a/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp b/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp index 8c42acee8..d9d1d2f3c 100644 --- a/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp +++ b/infer/tests/codetoanalyze/cpp/bufferoverrun/class.cpp @@ -290,3 +290,37 @@ void use_global_Bad() { int a[30]; a[S::x] = 0; } + +class my_class6 { + int* x; + + void dummy_function() {} + + void set_x_two_Good_FP() { + int arr[5]; + *x = 0; + dummy_function(); + arr[*x] = 0; + } + + void set_x_two_Bad() { + int arr[5]; + *x = 5; + dummy_function(); + arr[*x] = 0; + } + + void set_x_three() { *x = 3; } + + void call_set_x_three_Good_FP() { + int arr[5]; + set_x_three(); + arr[*x] = 0; + } + + void call_set_x_three_Bad() { + int arr[3]; + set_x_three(); + arr[*x] = 0; + } +}; diff --git a/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp b/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp index 25c6678e0..3533bb846 100644 --- a/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp +++ b/infer/tests/codetoanalyze/cpp/bufferoverrun/issues.exp @@ -12,6 +12,10 @@ codetoanalyze/cpp/bufferoverrun/class.cpp, flexible_array5_Bad, 2, BUFFER_OVERRU codetoanalyze/cpp/bufferoverrun/class.cpp, flexible_array_new_overload1_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 6] codetoanalyze/cpp/bufferoverrun/class.cpp, flexible_array_new_overload2_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 6] codetoanalyze/cpp/bufferoverrun/class.cpp, flexible_array_param_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Call,ArrayAccess: Offset: 3 Size: 3 by call to `flexible_array_param_access` ] +codetoanalyze/cpp/bufferoverrun/class.cpp, my_class6_call_set_x_three_Bad, 3, BUFFER_OVERRUN_L5, no_bucket, ERROR, [ArrayDeclaration,ArrayAccess: Offset: [-oo, +oo] Size: 3] +codetoanalyze/cpp/bufferoverrun/class.cpp, my_class6_call_set_x_three_Good_FP, 3, BUFFER_OVERRUN_L5, no_bucket, ERROR, [ArrayDeclaration,ArrayAccess: Offset: [-oo, +oo] Size: 5] +codetoanalyze/cpp/bufferoverrun/class.cpp, my_class6_set_x_two_Bad, 4, BUFFER_OVERRUN_L5, no_bucket, ERROR, [ArrayDeclaration,ArrayAccess: Offset: [-oo, +oo] Size: 5] +codetoanalyze/cpp/bufferoverrun/class.cpp, my_class6_set_x_two_Good_FP, 4, BUFFER_OVERRUN_L5, no_bucket, ERROR, [ArrayDeclaration,ArrayAccess: Offset: [-oo, +oo] Size: 5] codetoanalyze/cpp/bufferoverrun/class.cpp, my_class_access2_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Call,Assignment,Call,Parameter: n,Assignment,Return,ArrayAccess: Offset: 10 Size: 10] codetoanalyze/cpp/bufferoverrun/class.cpp, my_class_access_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Call,Call,Parameter: n,Assignment,ArrayAccess: Offset: 10 Size: 10] codetoanalyze/cpp/bufferoverrun/class.cpp, new_nothrow_Bad, 2, BUFFER_OVERRUN_L1, no_bucket, ERROR, [Offset: 10 Size: 5]