================ @@ -48,6 +49,45 @@ void myfoo(int *p); void myfooint(int p); char *fooRetPtr(void); +void t1(void) { + size_t size; + scanf("%zu", &size); + int *p = malloc(size); // expected-warning{{malloc is called with a tainted (potentially attacker controlled) value}} + free(p); +} + +void t2(void) { + size_t size; + scanf("%zu", &size); + int *p = calloc(size,2); // expected-warning{{calloc is called with a tainted (potentially attacker controlled) value}} + free(p); +} + +void t3(void) { + size_t size; + scanf("%zu", &size); + if (1024<size) + return; + int *p = malloc(size); // No warning expected as the the user input is bound + free(p); +} + +void t4(void) { + size_t size; + int *p = malloc(sizeof(int)); + scanf("%zu", &size); + p = (int*) realloc((void*) p, size); // // expected-warning{{realloc is called with a tainted (potentially attacker controlled) value}} + free(p); +} + +void t5(void) { + size_t size; + int *p = alloca(sizeof(int)); + scanf("%zu", &size); + p = (int*) alloca(size); // // expected-warning{{alloca is called with a tainted (potentially attacker controlled) value}} ---------------- steakhal wrote:
```suggestion p = (int*) alloca(size); // expected-warning{{alloca is called with a tainted (potentially attacker controlled) value}} ``` https://github.com/llvm/llvm-project/pull/92420 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits