mirror of
https://github.com/github/codeql.git
synced 2025-12-19 18:33:16 +01:00
52 lines
1.1 KiB
C++
52 lines
1.1 KiB
C++
// semmle-extractor-options: --clang
|
|
|
|
#ifdef _MSC_VER
|
|
#define restrict __restrict
|
|
#else
|
|
#define restrict __restrict__
|
|
#endif
|
|
|
|
int sprintf(char *restrict s, const char *restrict format, ...);
|
|
char * strdup(const char *restrict s);
|
|
|
|
void *__builtin_alloca(unsigned long sz);
|
|
#define alloca __builtin_alloca
|
|
|
|
// case 1: a GNU c/c++ lambda with an alloca in it
|
|
char *foo(int count) {
|
|
char *buf = ({
|
|
char *b = (char *)alloca(32); // GOOD
|
|
sprintf(b, "Value is %d\n", count);
|
|
b;
|
|
});
|
|
return strdup(buf);
|
|
}
|
|
|
|
// case 1: a GNU expression statement with an alloca in it
|
|
// nested inside a do-while(0)
|
|
char *bar(int count) {
|
|
char *buf;
|
|
do {
|
|
buf = ({
|
|
char *b = (char *)alloca(32); // GOOD
|
|
sprintf(b, "Value is %d\n", count);
|
|
b;
|
|
});
|
|
} while (0);
|
|
return strdup(buf);
|
|
}
|
|
|
|
// case 2: a GNU expression statement with an alloca in it
|
|
// nested inside an unbounded loop
|
|
char *baz(int count) {
|
|
char *buf;
|
|
do {
|
|
buf = ({
|
|
char *b = (char *)alloca(32); // BAD
|
|
sprintf(b, "Value is %d\n", count);
|
|
b;
|
|
});
|
|
} while (count++);
|
|
return strdup(buf);
|
|
}
|