(root)/
gcc-13.2.0/
gcc/
testsuite/
gcc.dg/
builtin-stringop-chk-1.c
       1  /* Test whether buffer overflow warnings for __*_chk builtins
       2     are emitted properly.  */
       3  /* { dg-do compile } */
       4  /* { dg-options "-O2 -Wno-format -std=gnu99 -ftrack-macro-expansion=0 -fno-tree-dse" } */
       5  // { dg-skip-if "packed attribute missing for t" { "epiphany-*-*" } }
       6  
       7  extern void abort (void);
       8  
       9  #include "../gcc.c-torture/execute/builtins/chk.h"
      10  
      11  #define va_list    __builtin_va_list
      12  #define va_start   __builtin_va_start
      13  #define va_end     __builtin_va_end
      14  
      15  volatile void *vx;
      16  char buf1[20];
      17  int x;
      18  
      19  void
      20  test (int arg, ...)
      21  {
      22    char buf2[20];
      23    va_list ap;
      24    char *p = &buf1[10], *q;
      25  
      26    memcpy (&buf2[19], "ab", 1);
      27    memcpy (&buf2[19], "ab", 2); /* { dg-warning "writing 2 bytes into a region of size 1" "memcpy" } */
      28    vx = mempcpy (&buf2[19], "ab", 1);
      29    vx = mempcpy (&buf2[19], "ab", 2); /* { dg-warning "writing 2 " "mempcpy" } */
      30    memmove (&buf2[18], &buf1[10], 2);
      31    memmove (&buf2[18], &buf1[10], 3); /* { dg-warning "writing 3 " "memmove" } */
      32    memset (&buf2[16], 'a', 4);
      33    memset (&buf2[15], 'b', 6); /* { dg-warning "writing 6 " "memset" } */
      34    strcpy (&buf2[18], "a");
      35    strcpy (&buf2[18], "ab"); /* { dg-warning "writing 3 " "strcpy" } */
      36    vx = stpcpy (&buf2[18], "a");
      37    vx = stpcpy (&buf2[18], "ab"); /* { dg-warning "writing 3" "stpcpy" } */
      38    strncpy (&buf2[18], "a", 2);
      39  
      40    /* Both warnings below are equally meaningful.  */
      41    strncpy (&buf2[18], "a", 3); /* { dg-warning "(writing 3 bytes into a region of size 2|specified bound 3 exceeds destination size 2)" "strncpy" } */
      42  
      43    strncpy (&buf2[18], "abc", 2);
      44    strncpy (&buf2[18], "abc", 3); /* { dg-warning "writing 3 " "strncpy" } */
      45    memset (buf2, '\0', sizeof (buf2));
      46    strcat (&buf2[18], "a");
      47    memset (buf2, '\0', sizeof (buf2));
      48    strcat (&buf2[18], "ab"); /* { dg-warning "writing 3 " "strcat" } */
      49    sprintf (&buf2[18], "%s", buf1);
      50    sprintf (&buf2[18], "%s", "a");
      51    sprintf (&buf2[18], "%s", "ab"); /* { dg-warning "writing 3 " "sprintf" } */
      52    sprintf (&buf2[18], "a");
      53    sprintf (&buf2[18], "ab"); /* { dg-warning "writing 3 " "sprintf" } */
      54    snprintf (&buf2[18], 2, "%d", x);
      55    /* N argument to snprintf is the size of the buffer.
      56       Although this particular call wouldn't overflow buf2,
      57       incorrect buffer size was passed to it and therefore
      58       we want a warning and runtime failure.  */
      59    snprintf (&buf2[18], 3, "%d", x); /* { dg-warning "specified bound 3 exceeds destination size 2" "snprintf" } */
      60    va_start (ap, arg);
      61    vsprintf (&buf2[18], "a", ap);
      62    va_end (ap);
      63  
      64    va_start (ap, arg);
      65    vsprintf (&buf2[18], "ab", ap); /* { dg-warning "writing 3" "vsprintf" } */
      66    va_end (ap);
      67    va_start (ap, arg);
      68    vsnprintf (&buf2[18], 2, "%s", ap);
      69    va_end (ap);
      70    va_start (ap, arg);
      71    /* See snprintf above.  */
      72    vsnprintf (&buf2[18], 3, "%s", ap); /* { dg-warning "specified bound 3 exceeds destination size 2" "vsnprintf" } */
      73    va_end (ap);
      74  
      75    p = p + 10;
      76    memset (p, 'd', 0);
      77    q = strcpy (p, ""); /* { dg-warning "writing 1 " "strcpy" } */
      78  
      79    /* This invokes undefined behavior, since we are past the end of buf1.  */
      80    p = p + 10;
      81    memset (p, 'd', 1); /* { dg-warning "writing 1 " "memset" } */
      82  
      83    memset (q, 'd', 0);
      84    memset (q, 'd', 1); /* { dg-warning "writing 1 " "memset" } */
      85    q = q - 10;
      86    memset (q, 'd', 10);
      87  }
      88  
      89  char *str = "ABCDEFG";
      90  typedef struct { char b[16]; } H;
      91  
      92  /* Some brown paper bag bugs found in real applications.
      93     This test is here merely for amusement.  */
      94  
      95  void
      96  test2 (const H h)
      97  {
      98    char c;
      99    strncpy (&c, str, 3); /* { dg-warning "(writing 3 bytes into a region of size 1|specified bound 3 exceeds destination size 1)" "strncpy" } */
     100  
     101    struct { char b[4]; } x;
     102    sprintf (x.b, "%s", "ABCD"); /* { dg-warning "writing 5" "sprintf" } */
     103  
     104    unsigned int i;
     105    memcpy (&i, &h, sizeof (h)); /* { dg-warning "writing 16 " "memcpy" } */
     106  
     107    unsigned char buf[21];
     108    memset (buf + 16, 0, 8); /* { dg-warning "writing 8 " "memset" } */
     109  
     110    typedef struct { __INT32_TYPE__ i, j, k, l; } S;
     111    S *s[3];
     112    memset (s, 0, sizeof (S) * 3); /* { dg-warning "writing 48 " "memset" } */
     113  
     114    struct T { char a[8]; char b[4]; char c[10]; } t;
     115    stpcpy (t.c,"Testing..."); /* { dg-warning "writing" "stpcpy" } */
     116  
     117    char b1[7];
     118    char b2[4];
     119    memset (b1, 0, sizeof (b1));
     120    memset (b2, 0, sizeof (b1)); /* { dg-warning "writing 7" "memset" } */
     121  }