blob: 8c445b0e6efb63e166e96918b57caa534a4482b7 (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
|
// REQUIRES: geq-llvm-5.0
// RUN: %clang %s -fsanitize=pointer-overflow -emit-llvm -g %O0opt -c -o %t.bc
// RUN: rm -rf %t.klee-out
// RUN: %klee --output-dir=%t.klee-out --emit-all-errors --ubsan-runtime %t.bc 2>&1 | FileCheck %s
#include "klee/klee.h"
#include <stdio.h>
int main() {
char c;
char* ptr = &c;
size_t offset;
volatile char* result;
klee_make_symbolic(&offset, sizeof(offset), "offset");
klee_assume((size_t)(ptr) + offset != 0);
// CHECK: runtime/Sanitizer/ubsan/ubsan_handlers.cpp:35: pointer-overflow
result = ptr + offset;
return 0;
}
|
