1// RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios11.0 -verify=available \ 2// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s 3// RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios10.0 -verify=notavailable \ 4// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s 5// RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.13 -verify=available \ 6// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s 7// RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.12 -verify=notavailable \ 8// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s 9// RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos4.0 -verify=available \ 10// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s 11// RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos3.0 -verify=notavailable \ 12// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s 13// RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos11.0 -verify=available \ 14// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s 15// RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos10.0 -verify=notavailable \ 16// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s 17 18// notavailable-no-diagnostics 19 20typedef unsigned long NSUInteger; 21 22@interface NSCoder 23- (void)decodeValueOfObjCType:(const char *)type 24 at:(void *)data; 25- (void)decodeValueOfObjCType:(const char *)type 26 at:(void *)data 27 size:(NSUInteger)size; 28@end 29 30void test(NSCoder *decoder) { 31 // This would be a vulnerability on 64-bit platforms 32 // but not on 32-bit platforms. 33 NSUInteger x; 34 [decoder decodeValueOfObjCType:"I" at:&x]; // available-warning{{Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method}} 35 [decoder decodeValueOfObjCType:"I" at:&x size:sizeof(x)]; // no-warning 36} 37