1 // RUN: %clang_analyze_cc1 -verify -analyzer-checker=core,alpha.security.ArrayBound -analyzer-store=region %s
2 
3 struct tea_cheese { unsigned magic; };
4 typedef struct tea_cheese kernel_tea_cheese_t;
5 extern kernel_tea_cheese_t _wonky_gesticulate_cheese;
6 
7 // This test case exercises the ElementRegion::getRValueType() logic.
8 
test1(void)9 void test1( void ) {
10   kernel_tea_cheese_t *wonky = &_wonky_gesticulate_cheese;
11   struct load_wine *cmd = (void*) &wonky[1];
12   cmd = cmd;
13   char *p = (void*) &wonky[1];
14   kernel_tea_cheese_t *q = &wonky[1];
15   // This test case tests both the RegionStore logic (doesn't crash) and
16   // the out-of-bounds checking.  We don't expect the warning for now since
17   // out-of-bound checking is temporarily disabled.
18   kernel_tea_cheese_t r = *q; // expected-warning{{Access out-of-bound array element (buffer overflow)}}
19 }
20 
test1_b(void)21 void test1_b( void ) {
22   kernel_tea_cheese_t *wonky = &_wonky_gesticulate_cheese;
23   struct load_wine *cmd = (void*) &wonky[1];
24   cmd = cmd;
25   char *p = (void*) &wonky[1];
26   *p = 1;  // expected-warning{{Access out-of-bound array element (buffer overflow)}}
27 }
28