(root)/
gcc-13.2.0/
gcc/
testsuite/
gcc.dg/
analyzer/
taint-divisor-1.c
       1  // TODO: remove need for this option:
       2  /* { dg-additional-options "-fanalyzer-checker=taint" } */
       3  
       4  #include "analyzer-decls.h"
       5  #include <stdio.h>
       6  
       7  struct st1
       8  {
       9    int a;
      10    int b;
      11  };
      12  
      13  
      14  int test_1 (FILE *f)
      15  {
      16    struct st1 s;
      17    fread (&s, sizeof (s), 1, f);
      18    return s.a / s.b;  /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */
      19  }
      20  
      21  int test_2 (FILE *f)
      22  {
      23    struct st1 s;
      24    fread (&s, sizeof (s), 1, f);
      25    return s.a % s.b;  /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */
      26  }
      27  
      28  /* We shouldn't complain if the divisor has been checked for zero.  */
      29  
      30  int test_checked_ne_zero (FILE *f)
      31  {
      32    struct st1 s;
      33    fread (&s, sizeof (s), 1, f);
      34    if (s.b)
      35      return s.a / s.b; /* { dg-bogus "divisor" } */
      36    else
      37      return 0;
      38  }
      39  
      40  int test_checked_gt_zero (FILE *f)
      41  {
      42    struct st1 s;
      43    fread (&s, sizeof (s), 1, f);
      44    if (s.b > 0)
      45      return s.a / s.b; /* { dg-bogus "divisor" } */
      46    else
      47      return 0;
      48  }
      49  
      50  int test_checked_lt_zero (FILE *f)
      51  {
      52    struct st1 s;
      53    fread (&s, sizeof (s), 1, f);
      54    if (s.b < 0)
      55      return s.a / s.b; /* { dg-bogus "divisor" } */
      56    else
      57      return 0;
      58  }
      59  
      60  /* We should complain if the check on the divisor still allows it to be
      61     zero.  */
      62  
      63  int test_checked_ge_zero (FILE *f)
      64  {
      65    struct st1 s;
      66    fread (&s, sizeof (s), 1, f);
      67    if (s.b >= 0)
      68      return s.a / s.b;  /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */
      69    else
      70      return 0;
      71  }
      72  
      73  int test_checked_le_zero (FILE *f)
      74  {
      75    struct st1 s;
      76    fread (&s, sizeof (s), 1, f);
      77    if (s.b <= 0)
      78      return s.a / s.b;  /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */
      79    else
      80      return 0;
      81  }
      82  
      83  int test_checked_eq_zero (FILE *f)
      84  {
      85    struct st1 s;
      86    fread (&s, sizeof (s), 1, f);
      87    /* Wrong sense of test.  */
      88    if (s.b != 0)
      89      return 0;
      90    else
      91      return s.a / s.b;  /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */
      92  }