test/Analysis/return-ptr-range.cpp - clang - Git at Google

 // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.ReturnPtrRange -verify %s

 int arr[10];
 int *ptr;

 int conjure_index();

 int *test_element_index_lifetime() {
   do {
     int x = conjure_index();
     ptr = arr + x;
     if (x != 20)
       return arr; // no-warning
   } while (0);
   return ptr; // expected-warning{{Returned pointer value points outside the original object (potential buffer overflow)}}
 }

 int *test_element_index_lifetime_with_local_ptr() {
   int *local_ptr;
   do {
     int x = conjure_index();
     local_ptr = arr + x;
     if (x != 20)
       return arr; // no-warning
   } while (0);
   return local_ptr; // expected-warning{{Returned pointer value points outside the original object (potential buffer overflow)}}
 }
	// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.ReturnPtrRange -verify %s

	int arr[10];
	int *ptr;

	int conjure_index();

	int *test_element_index_lifetime() {
	do {
	int x = conjure_index();
	ptr = arr + x;
	if (x != 20)
	return arr; // no-warning
	} while (0);
	return ptr; // expected-warning{{Returned pointer value points outside the original object (potential buffer overflow)}}
	}

	int *test_element_index_lifetime_with_local_ptr() {
	int *local_ptr;
	do {
	int x = conjure_index();
	local_ptr = arr + x;
	if (x != 20)
	return arr; // no-warning
	} while (0);
	return local_ptr; // expected-warning{{Returned pointer value points outside the original object (potential buffer overflow)}}
	}