зеркало из https://github.com/github/codeql.git
Swift: Test Manual Memory Management closure functions.
This commit is contained in:
Родитель
366a9f1b7e
Коммит
1de9919193
|
@ -1,6 +1,7 @@
|
|||
|
||||
// --- stubs ---
|
||||
|
||||
func sourceInt(_ label: String) -> Int { return 0 }
|
||||
func sourceString(_ label: String) -> String { return "" }
|
||||
func sourceUInt8(_ label: String) -> UInt8 { return 0 }
|
||||
func sink(arg: Any) {}
|
||||
|
@ -127,3 +128,78 @@ func testWritingPointerContainersInCalls(mpc: MyPointerContainer, mgpc: MyGeneri
|
|||
writeGenericPointerContainer(mgpc: mgpc)
|
||||
sink(arg: mgpc.ptr.pointee) // $ tainted=writeGenericPointerContainer
|
||||
}
|
||||
|
||||
// ---
|
||||
|
||||
func testManualMemoryManagement() {
|
||||
let i1 = sourceInt("i1")
|
||||
let r1 = withUnsafePointer(to: i1, {
|
||||
ptr in
|
||||
sink(arg: ptr)
|
||||
sink(arg: ptr[0]) // $ MISSING: tainted=i1
|
||||
sink(arg: ptr.pointee) // $ MISSING: tainted=i1
|
||||
return sourceInt("r1")
|
||||
})
|
||||
sink(arg: r1) // $ MISSING: tainted=r1
|
||||
|
||||
var i2 = sourceInt("i2")
|
||||
let r2 = withUnsafeMutablePointer(to: &i2, {
|
||||
ptr in
|
||||
sink(arg: ptr)
|
||||
sink(arg: ptr[0]) // $ MISSING: tainted=i2
|
||||
sink(arg: ptr.pointee) // $ MISSING: tainted=i2
|
||||
ptr.pointee = sourceInt("i2_overwrite")
|
||||
sink(arg: ptr)
|
||||
sink(arg: ptr[0]) // $ MISSING: tainted=i2_overwrite
|
||||
sink(arg: ptr.pointee) // $ tainted=i2_overwrite
|
||||
return sourceInt("r2")
|
||||
})
|
||||
sink(arg: r2) // $ MISSING: tainted=r2
|
||||
sink(arg: i2) // $ MISSING: tainted=i2_overwrite SPURIOUS: tainted=i2
|
||||
|
||||
let i3 = sourceInt("i3")
|
||||
let r3 = withUnsafeBytes(of: i3, {
|
||||
ptr in
|
||||
sink(arg: ptr)
|
||||
sink(arg: ptr[0]) // $ MISSING: tainted=i3
|
||||
ptr.withMemoryRebound(to: Int.self, {
|
||||
buffer in
|
||||
sink(arg: buffer)
|
||||
sink(arg: buffer[0]) // $ MISSING: tainted=i3
|
||||
})
|
||||
let buffer2 = ptr.bindMemory(to: Int.self)
|
||||
sink(arg: buffer2)
|
||||
sink(arg: buffer2[0]) // $ MISSING: tainted=i3
|
||||
return sourceInt("r3")
|
||||
})
|
||||
sink(arg: r3) // $ MISSING: tainted=r3
|
||||
|
||||
var i4 = sourceInt("i4")
|
||||
let r4 = withUnsafeMutableBytes(of: &i4, {
|
||||
ptr in
|
||||
sink(arg: ptr)
|
||||
sink(arg: ptr[0]) // $ MISSING: tainted=i4
|
||||
ptr[0] = sourceUInt8("i4_partialwrite")
|
||||
sink(arg: ptr) // $ tainted=i4_partialwrite MISSING: tainted=i4
|
||||
sink(arg: ptr[0]) // $ tainted=i4_partialwrite
|
||||
return sourceInt("r4")
|
||||
})
|
||||
sink(arg: r4) // $ MISSING: tainted=r4
|
||||
sink(arg: i4) // $ tainted=i4 MISSING: tainted=i4_partialwrite
|
||||
|
||||
let r5 = withUnsafeTemporaryAllocation(of: Int.self, capacity: 10, {
|
||||
buffer in
|
||||
sink(arg: buffer)
|
||||
sink(arg: buffer[0])
|
||||
buffer[0] = sourceInt("buffer5")
|
||||
sink(arg: buffer) // $ tainted=buffer5
|
||||
sink(arg: buffer[0]) // $ tainted=buffer5
|
||||
return sourceInt("r5")
|
||||
})
|
||||
sink(arg: r5) // $ MISSING: tainted=r5
|
||||
|
||||
let r6 = withExtendedLifetime(sourceInt("i6"), {
|
||||
return sourceInt("r6")
|
||||
})
|
||||
sink(arg: r6) // $ MISSING: tainted=r6
|
||||
}
|
||||
|
|
Загрузка…
Ссылка в новой задаче