(root)/
gcc-13.2.0/
gcc/
testsuite/
gcc.dg/
analyzer/
SARD-tc117-basic-00001-min.c
       1  /* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0
       2     Part of https://samate.nist.gov/SARD/test-suites/81
       3     See:
       4       Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
       5  */
       6  
       7  /* Taxonomy Classification: 0000000000000000000100 */
       8  
       9  /*
      10   *  WRITE/READ               	 0	write
      11   *  WHICH BOUND              	 0	upper
      12   *  DATA TYPE                	 0	char
      13   *  MEMORY LOCATION          	 0	stack
      14   *  SCOPE                    	 0	same
      15   *  CONTAINER                	 0	no
      16   *  POINTER                  	 0	no
      17   *  INDEX COMPLEXITY         	 0	constant
      18   *  ADDRESS COMPLEXITY       	 0	constant
      19   *  LENGTH COMPLEXITY        	 0	N/A
      20   *  ADDRESS ALIAS            	 0	none
      21   *  INDEX ALIAS              	 0	none
      22   *  LOCAL CONTROL FLOW       	 0	none
      23   *  SECONDARY CONTROL FLOW   	 0	none
      24   *  LOOP STRUCTURE           	 0	no
      25   *  LOOP COMPLEXITY          	 0	N/A
      26   *  ASYNCHRONY               	 0	no
      27   *  TAINT                    	 0	no
      28   *  RUNTIME ENV. DEPENDENCE  	 0	no
      29   *  MAGNITUDE                	 1	1 byte
      30   *  CONTINUOUS/DISCRETE      	 0	discrete
      31   *  SIGNEDNESS               	 0	no
      32   */
      33  
      34  /*
      35  Copyright 2004 M.I.T.
      36  
      37  Permission is hereby granted, without written agreement or royalty fee, to use, 
      38  copy, modify, and distribute this software and its documentation for any 
      39  purpose, provided that the above copyright notice and the following three 
      40  paragraphs appear in all copies of this software.
      41  
      42  IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, 
      43  INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE 
      44  AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF 
      45  SUCH DAMANGE.
      46  
      47  M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO 
      48  THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 
      49  AND NON-INFRINGEMENT.
      50  
      51  THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO 
      52  PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
      53  */
      54  
      55  
      56  int main(int argc, char *argv[])
      57  {
      58    char buf[10];
      59  
      60  
      61    /*  BAD  */
      62    buf[10] = 'A'; /* { dg-warning "stack-based buffer overflow" } */
      63    /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */
      64  
      65  
      66    return 0;
      67  }