llvm-for-llvmta/tools/clang/test/Analysis/security-syntax-checks-nsco...

// RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios11.0 -verify=available \
// RUN:     -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios10.0 -verify=notavailable \
// RUN:     -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
// RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.13 -verify=available \
// RUN:     -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
// RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.12 -verify=notavailable \
// RUN:     -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos4.0 -verify=available \
// RUN:     -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos3.0 -verify=notavailable \
// RUN:     -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos11.0 -verify=available \
// RUN:     -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s
// RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos10.0 -verify=notavailable \
// RUN:     -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s

// notavailable-no-diagnostics

typedef unsigned long NSUInteger;

@interface NSCoder
- (void)decodeValueOfObjCType:(const char *)type
                           at:(void *)data;
- (void)decodeValueOfObjCType:(const char *)type
                           at:(void *)data
                         size:(NSUInteger)size;
@end

void test(NSCoder *decoder) {
  // This would be a vulnerability on 64-bit platforms
  // but not on 32-bit platforms.
  NSUInteger x;
  [decoder decodeValueOfObjCType:"I" at:&x]; // available-warning{{Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method}}
  [decoder decodeValueOfObjCType:"I" at:&x size:sizeof(x)]; // no-warning
}
added clang 2022-04-25 13:02:35 +02:00			`// RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios11.0 -verify=available \`
			`// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s`
			`// RUN: %clang_analyze_cc1 -triple thumbv7-apple-ios10.0 -verify=notavailable \`
			`// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s`
			`// RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.13 -verify=available \`
			`// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s`
			`// RUN: %clang_analyze_cc1 -triple x86_64-apple-macos10.12 -verify=notavailable \`
			`// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s`
			`// RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos4.0 -verify=available \`
			`// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s`
			`// RUN: %clang_analyze_cc1 -triple thumbv7-apple-watchos3.0 -verify=notavailable \`
			`// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s`
			`// RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos11.0 -verify=available \`
			`// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s`
			`// RUN: %clang_analyze_cc1 -triple thumbv7-apple-tvos10.0 -verify=notavailable \`
			`// RUN: -analyzer-checker=security.insecureAPI.decodeValueOfObjCType %s`

			`// notavailable-no-diagnostics`

			`typedef unsigned long NSUInteger;`

			`@interface NSCoder`
			`- (void)decodeValueOfObjCType:(const char *)type`
			`at:(void *)data;`
			`- (void)decodeValueOfObjCType:(const char *)type`
			`at:(void *)data`
			`size:(NSUInteger)size;`
			`@end`

			`void test(NSCoder *decoder) {`
			`// This would be a vulnerability on 64-bit platforms`
			`// but not on 32-bit platforms.`
			`NSUInteger x;`
			`[decoder decodeValueOfObjCType:"I" at:&x]; // available-warning{{Deprecated method '-decodeValueOfObjCType:at:' is insecure as it can lead to potential buffer overflows. Use the safer '-decodeValueOfObjCType:at:size:' method}}`
			`[decoder decodeValueOfObjCType:"I" at:&x size:sizeof(x)]; // no-warning`
			`}`