xref: /aosp_15_r20/external/clang/test/Analysis/vfork.c (revision 67e74705e28f6214e480b399dd47ea732279e315) 
1*67e74705SXin Li // RUN: %clang_cc1 -analyze -analyzer-checker=core,security.insecureAPI.vfork,unix.Vfork -verify %s
2*67e74705SXin Li // RUN: %clang_cc1 -analyze -analyzer-checker=core,security.insecureAPI.vfork,unix.Vfork -verify -x c++ %s
3*67e74705SXin Li 
4*67e74705SXin Li #include "Inputs/system-header-simulator.h"
5*67e74705SXin Li 
6*67e74705SXin Li void foo();
7*67e74705SXin Li 
8*67e74705SXin Li // Ensure that child process is properly checked.
f1(int x)9*67e74705SXin Li int f1(int x) {
10*67e74705SXin Li   pid_t pid = vfork(); // expected-warning{{Call to function 'vfork' is insecure}}
11*67e74705SXin Li   if (pid != 0)
12*67e74705SXin Li     return 0;
13*67e74705SXin Li 
14*67e74705SXin Li   switch (x) {
15*67e74705SXin Li   case 0:
16*67e74705SXin Li     // Ensure that modifying pid is ok.
17*67e74705SXin Li     pid = 1; // no-warning
18*67e74705SXin Li     // Ensure that calling whitelisted routines is ok.
19*67e74705SXin Li     execl("", "", 0); // no-warning
20*67e74705SXin Li     _exit(1); // no-warning
21*67e74705SXin Li     break;
22*67e74705SXin Li   case 1:
23*67e74705SXin Li     // Ensure that writing variables is prohibited.
24*67e74705SXin Li     x = 0; // expected-warning{{This assignment is prohibited after a successful vfork}}
25*67e74705SXin Li     break;
26*67e74705SXin Li   case 2:
27*67e74705SXin Li     // Ensure that calling functions is prohibited.
28*67e74705SXin Li     foo(); // expected-warning{{This function call is prohibited after a successful vfork}}
29*67e74705SXin Li     break;
30*67e74705SXin Li   default:
31*67e74705SXin Li     // Ensure that returning from function is prohibited.
32*67e74705SXin Li     return 0; // expected-warning{{Return is prohibited after a successful vfork; call _exit() instead}}
33*67e74705SXin Li   }
34*67e74705SXin Li 
35*67e74705SXin Li   while(1);
36*67e74705SXin Li }
37*67e74705SXin Li 
38*67e74705SXin Li // Same as previous but without explicit pid variable.
f2(int x)39*67e74705SXin Li int f2(int x) {
40*67e74705SXin Li   pid_t pid = vfork(); // expected-warning{{Call to function 'vfork' is insecure}}
41*67e74705SXin Li 
42*67e74705SXin Li   switch (x) {
43*67e74705SXin Li   case 0:
44*67e74705SXin Li     // Ensure that writing pid is ok.
45*67e74705SXin Li     pid = 1; // no-warning
46*67e74705SXin Li     // Ensure that calling whitelisted routines is ok.
47*67e74705SXin Li     execl("", "", 0); // no-warning
48*67e74705SXin Li     _exit(1); // no-warning
49*67e74705SXin Li     break;
50*67e74705SXin Li   case 1:
51*67e74705SXin Li     // Ensure that writing variables is prohibited.
52*67e74705SXin Li     x = 0; // expected-warning{{This assignment is prohibited after a successful vfork}}
53*67e74705SXin Li     break;
54*67e74705SXin Li   case 2:
55*67e74705SXin Li     // Ensure that calling functions is prohibited.
56*67e74705SXin Li     foo(); // expected-warning{{This function call is prohibited after a successful vfork}}
57*67e74705SXin Li     break;
58*67e74705SXin Li   default:
59*67e74705SXin Li     // Ensure that returning from function is prohibited.
60*67e74705SXin Li     return 0; // expected-warning{{Return is prohibited after a successful vfork; call _exit() instead}}
61*67e74705SXin Li   }
62*67e74705SXin Li 
63*67e74705SXin Li   while(1);
64*67e74705SXin Li }
65*67e74705SXin Li 
66*67e74705SXin Li // Ensure that parent process isn't restricted.
f3(int x)67*67e74705SXin Li int f3(int x) {
68*67e74705SXin Li   if (vfork() == 0) // expected-warning{{Call to function 'vfork' is insecure}}
69*67e74705SXin Li     _exit(1);
70*67e74705SXin Li   x = 0; // no-warning
71*67e74705SXin Li   foo(); // no-warning
72*67e74705SXin Li   return 0;
73*67e74705SXin Li } // no-warning
74*67e74705SXin Li 
75*67e74705SXin Li // Unbound pids are special so test them separately.
f4(int x)76*67e74705SXin Li void f4(int x) {
77*67e74705SXin Li   switch (x) {
78*67e74705SXin Li   case 0:
79*67e74705SXin Li     vfork(); // expected-warning{{Call to function 'vfork' is insecure}}
80*67e74705SXin Li     x = 0; // expected-warning{{This assignment is prohibited after a successful vfork}}
81*67e74705SXin Li     break;
82*67e74705SXin Li 
83*67e74705SXin Li   case 1:
84*67e74705SXin Li     {
85*67e74705SXin Li       char args[2];
86*67e74705SXin Li       switch (vfork()) { // expected-warning{{Call to function 'vfork' is insecure}}
87*67e74705SXin Li       case 0:
88*67e74705SXin Li         args[0] = 0; // expected-warning{{This assignment is prohibited after a successful vfork}}
89*67e74705SXin Li         exit(1);
90*67e74705SXin Li       }
91*67e74705SXin Li       break;
92*67e74705SXin Li     }
93*67e74705SXin Li 
94*67e74705SXin Li   case 2:
95*67e74705SXin Li     {
96*67e74705SXin Li       pid_t pid;
97*67e74705SXin Li       if ((pid = vfork()) == 0) // expected-warning{{Call to function 'vfork' is insecure}}
98*67e74705SXin Li         while(1); // no-warning
99*67e74705SXin Li       break;
100*67e74705SXin Li     }
101*67e74705SXin Li   }
102*67e74705SXin Li   while(1);
103*67e74705SXin Li } //no-warning
104*67e74705SXin Li 
105*67e74705SXin Li 
f5()106*67e74705SXin Li void f5() {
107*67e74705SXin Li   // See "libxtables: move some code to avoid cautions in vfork man page"
108*67e74705SXin Li   // (http://lists.netfilter.org/pipermail/netfilter-buglog/2014-October/003280.html).
109*67e74705SXin Li   if (vfork() == 0) { // expected-warning{{Call to function 'vfork' is insecure}}
110*67e74705SXin Li     execl("prog", "arg1", 0); // no-warning
111*67e74705SXin Li     exit(1);  // expected-warning{{This function call is prohibited after a successful vfork}}
112*67e74705SXin Li   }
113*67e74705SXin Li }
114*67e74705SXin Li 
115