1 // RUN: %clang_analyze_cc1 -triple hexagon-unknown-linux -verify %s \
2 // RUN: -analyzer-checker=core,valist.Uninitialized,valist.CopyToSelf \
3 // RUN: -analyzer-disable-checker=core.CallAndMessage \
4 // RUN: -analyzer-output=text
5 //
6 // RUN: %clang_analyze_cc1 -triple x86_64-pc-linux-gnu -verify %s \
7 // RUN: -analyzer-checker=core,valist.Uninitialized,valist.CopyToSelf \
8 // RUN: -analyzer-disable-checker=core.CallAndMessage \
9 // RUN: -analyzer-output=text
10 //
11 // RUN: %clang_analyze_cc1 -triple x86_64-pc-linux-gnu %s \
12 // RUN: -analyzer-checker=core,valist.Uninitialized
13
14 #include "Inputs/system-header-simulator-for-valist.h"
15
f1(int fst,...)16 void f1(int fst, ...) {
17 va_list va;
18 (void)va_arg(va, int); // expected-warning{{va_arg() is called on an uninitialized va_list}}
19 // expected-note@-1{{va_arg() is called on an uninitialized va_list}}
20 }
21
f2(int fst,...)22 int f2(int fst, ...) {
23 va_list va;
24 va_start(va, fst); // expected-note{{Initialized va_list}}
25 va_end(va); // expected-note{{Ended va_list}}
26 return va_arg(va, int); // expected-warning{{va_arg() is called on an uninitialized va_list}}
27 // expected-note@-1{{va_arg() is called on an uninitialized va_list}}
28 }
29
f3(int fst,...)30 void f3(int fst, ...) {
31 va_list va, va2;
32 va_start(va, fst);
33 va_copy(va2, va);
34 va_end(va);
35 (void)va_arg(va2, int);
36 va_end(va2);
37 } //no-warning
38
f4(int cond,...)39 void f4(int cond, ...) {
40 va_list va;
41 if (cond) { // expected-note{{Assuming 'cond' is 0}}
42 // expected-note@-1{{Taking false branch}}
43 va_start(va, cond);
44 (void)va_arg(va,int);
45 }
46 va_end(va); //expected-warning{{va_end() is called on an uninitialized va_list}}
47 // expected-note@-1{{va_end() is called on an uninitialized va_list}}
48 }
49
f5(va_list fst,...)50 void f5(va_list fst, ...) {
51 va_start(fst, fst);
52 (void)va_arg(fst, int);
53 va_end(fst);
54 } // no-warning
55
f7(int * fst,...)56 void f7(int *fst, ...) {
57 va_list x;
58 va_list *y = &x;
59 va_start(*y,fst);
60 (void)va_arg(x, int);
61 va_end(x);
62 } // no-warning
63
f8(int * fst,...)64 void f8(int *fst, ...) {
65 va_list x;
66 va_list *y = &x;
67 va_start(*y,fst); // expected-note{{Initialized va_list}}
68 va_end(x); // expected-note{{Ended va_list}}
69 (void)va_arg(*y, int); //expected-warning{{va_arg() is called on an uninitialized va_list}}
70 // expected-note@-1{{va_arg() is called on an uninitialized va_list}}
71 }
72
73 // This only contains problems which are handled by varargs.Unterminated.
reinit(int * fst,...)74 void reinit(int *fst, ...) {
75 va_list va;
76 va_start(va, fst);
77 va_start(va, fst);
78 (void)va_arg(va, int);
79 } // no-warning
80
reinitOk(int * fst,...)81 void reinitOk(int *fst, ...) {
82 va_list va;
83 va_start(va, fst);
84 (void)va_arg(va, int);
85 va_end(va);
86 va_start(va, fst);
87 (void)va_arg(va, int);
88 va_end(va);
89 } // no-warning
90
reinit3(int * fst,...)91 void reinit3(int *fst, ...) {
92 va_list va;
93 va_start(va, fst); // expected-note{{Initialized va_list}}
94 (void)va_arg(va, int);
95 va_end(va); // expected-note{{Ended va_list}}
96 va_start(va, fst); // expected-note{{Initialized va_list}}
97 (void)va_arg(va, int);
98 va_end(va); // expected-note{{Ended va_list}}
99 (void)va_arg(va, int); //expected-warning{{va_arg() is called on an uninitialized va_list}}
100 // expected-note@-1{{va_arg() is called on an uninitialized va_list}}
101 }
102
copyself(int fst,...)103 void copyself(int fst, ...) {
104 va_list va;
105 va_start(va, fst); // expected-note{{Initialized va_list}}
106 va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}}
107 // expected-note@-1{{va_list 'va' is copied onto itself}}
108 va_end(va);
109 }
110
copyselfUninit(int fst,...)111 void copyselfUninit(int fst, ...) {
112 va_list va;
113 va_copy(va, va); // expected-warning{{va_list 'va' is copied onto itself}}
114 // expected-note@-1{{va_list 'va' is copied onto itself}}
115 }
116
copyOverwrite(int fst,...)117 void copyOverwrite(int fst, ...) {
118 va_list va, va2;
119 va_start(va, fst); // expected-note{{Initialized va_list}}
120 va_copy(va, va2); // expected-warning{{Initialized va_list 'va' is overwritten by an uninitialized one}}
121 // expected-note@-1{{Initialized va_list 'va' is overwritten by an uninitialized one}}
122 }
123
copyUnint(int fst,...)124 void copyUnint(int fst, ...) {
125 va_list va, va2;
126 va_copy(va, va2); // expected-warning{{Uninitialized va_list is copied}}
127 // expected-note@-1{{Uninitialized va_list is copied}}
128 }
129
g1(int fst,...)130 void g1(int fst, ...) {
131 va_list va;
132 va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}}
133 // expected-note@-1{{va_end() is called on an uninitialized va_list}}
134 }
135
g2(int fst,...)136 void g2(int fst, ...) {
137 va_list va;
138 va_start(va, fst); // expected-note{{Initialized va_list}}
139 va_end(va); // expected-note{{Ended va_list}}
140 va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}}
141 // expected-note@-1{{va_end() is called on an uninitialized va_list}}
142 }
143
is_sink(int fst,...)144 void is_sink(int fst, ...) {
145 va_list va;
146 va_end(va); // expected-warning{{va_end() is called on an uninitialized va_list}}
147 // expected-note@-1{{va_end() is called on an uninitialized va_list}}
148 *((volatile int *)0) = 1;
149 }
150
151 // NOTE: this is invalid, as the man page of va_end requires that "Each invocation of va_start()
152 // must be matched by a corresponding invocation of va_end() in the same function."
ends_arg(va_list arg)153 void ends_arg(va_list arg) {
154 va_end(arg);
155 } //no-warning
156
uses_arg(va_list arg)157 void uses_arg(va_list arg) {
158 (void)va_arg(arg, int);
159 } //no-warning
160
call_vprintf_ok(int isstring,...)161 void call_vprintf_ok(int isstring, ...) {
162 va_list va;
163 va_start(va, isstring);
164 vprintf(isstring ? "%s" : "%d", va);
165 va_end(va);
166 } //no-warning
167
call_some_other_func(int n,...)168 void call_some_other_func(int n, ...) {
169 va_list va;
170 some_library_function(n, va);
171 } //no-warning
172
inlined_uses_arg_good(va_list arg)173 void inlined_uses_arg_good(va_list arg) {
174 (void)va_arg(arg, int);
175 }
176
call_inlined_uses_arg_good(int fst,...)177 void call_inlined_uses_arg_good(int fst, ...) {
178 va_list va;
179 va_start(va, fst);
180 inlined_uses_arg_good(va);
181 va_end(va);
182 }
183
va_copy_test(va_list arg)184 void va_copy_test(va_list arg) {
185 va_list dst;
186 va_copy(dst, arg);
187 va_end(dst);
188 }
189