1 // RUN: %clang_cc1 -analyze -analyzer-checker=unix.Malloc,core,alpha.core.CallAndMessageUnInitRefArg -analyzer-output=text -verify %s
2 
3 // Passing uninitialized const data to function
4 #include "Inputs/system-header-simulator.h"
5 
6 typedef __typeof(sizeof(int)) size_t;
7 void *malloc(size_t);
8 void *valloc(size_t);
9 void free(void *);
10 
11 
doStuff3(const int y)12 void doStuff3(const int y){}
doStuff2(int g)13 void doStuff2(int g){}
doStuff_pointerToConstInt(const int * u)14 void doStuff_pointerToConstInt(const int *u){};
doStuff_arrayOfConstInt(const int a[])15 void doStuff_arrayOfConstInt(const int a[]){};
16 
doStuff_constPointerToConstInt(int const * const u)17 void doStuff_constPointerToConstInt              (int const * const u){};
doStuff_constPointerToConstPointerToConstInt(int const * const * const u)18 void doStuff_constPointerToConstPointerToConstInt(int const * const * const u){};
doStuff_pointerToConstPointerToConstInt(int const * const * u)19 void doStuff_pointerToConstPointerToConstInt(int const * const * u){};
doStuff_pointerToPointerToConstInt(int const ** u)20 void doStuff_pointerToPointerToConstInt       (int const **u){};
doStuff_constStaticSizedArray(const int a[static10])21 void doStuff_constStaticSizedArray(const int a[static 10]) {}
doStuff_variadic(const int * u,...)22 void doStuff_variadic(const int *u, ...){};
23 
f_1(void)24 void f_1(void) {
25   int t;
26   int* tp = &t;        // expected-note {{'tp' initialized here}}
27   doStuff_pointerToConstInt(tp);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
28                        // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
29 }
30 
f_1_1(void)31 void f_1_1(void) {
32   int t;
33   int* tp1 = &t;
34   int* tp2 = tp1;        // expected-note {{'tp2' initialized here}}
35   doStuff_pointerToConstInt(tp2);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
36                        // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
37 }
38 
39 
f_2_sub(int * p)40 int *f_2_sub(int *p) {
41   return p;
42 }
43 
f_2(void)44 void f_2(void) {
45   int t;
46   int* p = f_2_sub(&t);
47   int* tp = p; // expected-note {{'tp' initialized here}}
48   doStuff_pointerToConstInt(tp); // expected-warning {{Function call argument is a pointer to uninitialized value}}
49                       // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
50 }
51 
52 int z;
f_3(void)53 void f_3(void) {
54       doStuff_pointerToConstInt(&z);  // no warning
55 }
56 
f_4(void)57 void f_4(void) {
58       int x=5;
59       doStuff_pointerToConstInt(&x);  // no warning
60 }
61 
f_5(void)62 void f_5(void) {
63   int ta[5];
64   int* tp = ta;        // expected-note {{'tp' initialized here}}
65   doStuff_pointerToConstInt(tp);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
66                        // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
67 }
68 
f_5_1(void)69 void f_5_1(void) {
70   int ta[5];        // expected-note {{'ta' initialized here}}
71   doStuff_pointerToConstInt(ta);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
72                        // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
73 }
74 
f_6(void)75 void f_6(void) {
76   int ta[5] = {1,2,3,4,5};
77   int* tp = ta;
78   doStuff_pointerToConstInt(tp); // no-warning
79 }
80 
f_6_1(void)81 void f_6_1(void) {
82   int ta[5] = {1,2,3,4,5};
83   doStuff_pointerToConstInt(ta); // no-warning
84 }
85 
f_7(void)86 void f_7(void) {
87       int z;        // expected-note {{'z' declared without an initial value}}
88       int y=z;      // expected-warning {{Assigned value is garbage or undefined}}
89                     // expected-note@-1 {{Assigned value is garbage or undefined}}
90       doStuff3(y);
91 }
92 
f_8(void)93 void f_8(void) {
94       int g;       // expected-note {{'g' declared without an initial value}}
95       doStuff2(g); // expected-warning {{Function call argument is an uninitialized value}}
96                    // expected-note@-1 {{Function call argument is an uninitialized value}}
97 }
98 
f_9(void)99 void f_9(void) {
100   int  a[6];
101   int const *ptau = a;             // expected-note {{'ptau' initialized here}}
102   doStuff_arrayOfConstInt(ptau);    // expected-warning {{Function call argument is a pointer to uninitialized value}}
103                                    // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
104 }
105 
f_10(void)106 void f_10(void) {
107   int  a[6];                     // expected-note {{'a' initialized here}}
108   doStuff_arrayOfConstInt(a);    // expected-warning {{Function call argument is a pointer to uninitialized value}}
109                                  // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
110 }
111 
f_11(void)112 void f_11(void) {
113   int t[10];                    //expected-note {{'t' initialized here}}
114   doStuff_constStaticSizedArray(t);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
115                                 // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
116 }
117 
f_12(void)118 void f_12(void) {
119   int t[10] = {0,1,2,3,4,5,6,7,8,9};
120   doStuff_constStaticSizedArray(t);  // no-warning
121 
122 }
123 
f_malloc_1(void)124 int f_malloc_1(void) {
125   int *ptr;
126 
127   ptr = (int *)malloc(sizeof(int)); // expected-note {{Value assigned to 'ptr'}}
128 
129   doStuff_pointerToConstInt(ptr); // expected-warning {{Function call argument is a pointer to uninitialized value}}
130                        // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
131   free(ptr);
132   return 0;
133 }
134 
f_malloc_2(void)135 int f_malloc_2(void) {
136   int *ptr;
137 
138   ptr = (int *)malloc(sizeof(int));
139   *ptr = 25;
140 
141   doStuff_pointerToConstInt(ptr); // no warning
142   free(ptr);
143   return 0;
144 }
145 
146 // uninit pointer, uninit val
f_variadic_unp_unv(void)147 void f_variadic_unp_unv(void) {
148   int t;
149   int v;
150   int* tp = &t;           // expected-note {{'tp' initialized here}}
151   doStuff_variadic(tp,v);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
152                           // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
153 }
154 // uninit pointer, init val
f_variadic_unp_inv(void)155 void f_variadic_unp_inv(void) {
156   int t;
157   int v = 3;
158   int* tp = &t;           // expected-note {{'tp' initialized here}}
159   doStuff_variadic(tp,v);  // expected-warning {{Function call argument is a pointer to uninitialized value}}
160                           // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
161 }
162 
163 // init pointer, uninit val
f_variadic_inp_unv(void)164 void f_variadic_inp_unv(void) {
165   int t=5;
166   int v;                  // expected-note {{'v' declared without an initial value}}
167   int* tp = &t;
168   doStuff_variadic(tp,v);// expected-warning {{Function call argument is an uninitialized value}}
169                           // expected-note@-1 {{Function call argument is an uninitialized value}}
170 }
171 
172 // init pointer, init val
f_variadic_inp_inv(void)173 void f_variadic_inp_inv(void) {
174   int t=5;
175   int v = 3;
176   int* tp = &t;
177   doStuff_variadic(tp,v); // no-warning
178 }
179 
180 // init pointer, init pointer
f_variadic_inp_inp(void)181 void f_variadic_inp_inp(void) {
182   int t=5;
183   int u=3;
184   int *vp = &u ;
185   int *tp = &t;
186   doStuff_variadic(tp,vp); // no-warning
187 }
188 
189 //uninit pointer, init pointer
f_variadic_unp_inp(void)190 void f_variadic_unp_inp(void) {
191   int t;
192   int u=3;
193   int *vp = &u ;
194   int *tp = &t;             // expected-note {{'tp' initialized here}}
195   doStuff_variadic(tp,vp); // expected-warning {{Function call argument is a pointer to uninitialized value}}
196                             // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
197 }
198 
199 //init pointer, uninit pointer
f_variadic_inp_unp(void)200 void f_variadic_inp_unp(void) {
201   int t=5;
202   int u;
203   int *vp = &u ;
204   int *tp = &t;
205   doStuff_variadic(tp,vp); // no-warning
206 }
207 
208 //uninit pointer, uninit pointer
f_variadic_unp_unp(void)209 void f_variadic_unp_unp(void) {
210   int t;
211   int u;
212   int *vp = &u ;
213   int *tp = &t;             // expected-note {{'tp' initialized here}}
214   doStuff_variadic(tp,vp); // expected-warning {{Function call argument is a pointer to uninitialized value}}
215                             // expected-note@-1 {{Function call argument is a pointer to uninitialized value}}
216 }
217