(root)/
gcc-13.2.0/
gcc/
testsuite/
gcc.dg/
analyzer/
SARD-tc841-basic-00182-min.c
       1  /* Adapted from https://samate.nist.gov/SARD/test-cases/841/versions/1.0.0
       2     Part of https://samate.nist.gov/SARD/test-suites/81
       3     See:
       4       Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
       5  */
       6  
       7  /* The purpose of this testcase is to see if -fanalyzer can detect the bug.  */
       8  /* { dg-additional-options "-Wno-stringop-overflow" } */
       9  
      10  /* Taxonomy Classification: 0000300602130000031110 */
      11  
      12  /*
      13   *  WRITE/READ               	 0	write
      14   *  WHICH BOUND              	 0	upper
      15   *  DATA TYPE                	 0	char
      16   *  MEMORY LOCATION          	 0	stack
      17   *  SCOPE                    	 3	inter-file/inter-proc
      18   *  CONTAINER                	 0	no
      19   *  POINTER                  	 0	no
      20   *  INDEX COMPLEXITY         	 6	N/A
      21   *  ADDRESS COMPLEXITY       	 0	constant
      22   *  LENGTH COMPLEXITY        	 2	constant
      23   *  ADDRESS ALIAS            	 1	yes, one level
      24   *  INDEX ALIAS              	 3	N/A
      25   *  LOCAL CONTROL FLOW       	 0	none
      26   *  SECONDARY CONTROL FLOW   	 0	none
      27   *  LOOP STRUCTURE           	 0	no
      28   *  LOOP COMPLEXITY          	 0	N/A
      29   *  ASYNCHRONY               	 0	no
      30   *  TAINT                    	 3	file read
      31   *  RUNTIME ENV. DEPENDENCE  	 1	yes
      32   *  MAGNITUDE                	 1	1 byte
      33   *  CONTINUOUS/DISCRETE      	 1	continuous
      34   *  SIGNEDNESS               	 0	no
      35   */
      36  
      37  /*
      38  Copyright 2004 M.I.T.
      39  
      40  Permission is hereby granted, without written agreement or royalty fee, to use, 
      41  copy, modify, and distribute this software and its documentation for any 
      42  purpose, provided that the above copyright notice and the following three 
      43  paragraphs appear in all copies of this software.
      44  
      45  IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, 
      46  INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE 
      47  AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF 
      48  SUCH DAMANGE.
      49  
      50  M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO 
      51  THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, 
      52  AND NON-INFRINGEMENT.
      53  
      54  THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO 
      55  PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
      56  */
      57  
      58  #include <assert.h>
      59  #include <stdio.h>
      60  
      61  int main(int argc, char *argv[])
      62  {
      63    FILE * f;
      64    char buf[10];
      65  
      66    f = fopen("TestInputFile1", "r");
      67    assert(f != NULL);
      68  
      69    /*  BAD  */
      70    fgets(buf, 11, f); /* { dg-warning "stack-based buffer overflow" "PR analyzer/105895" { xfail *-*-* } } */
      71  
      72    fclose(f);
      73  
      74  
      75    return 0;
      76  }