145
|
1 /* PR middle-end/91582 - missing heap overflow detection for strcpy
|
|
2
|
|
3 The -Warray-bounds instances here probably should be replaced by
|
|
4 -Wstringop-overflow when it detects these overflows (see also
|
|
5 the xfails in Wstringop-overflow-25.c).
|
|
6
|
|
7 { dg-do compile }
|
|
8 { dg-options "-O2 -Wall -Wno-stringop-overflow -ftrack-macro-expansion=0" } */
|
|
9
|
|
10 #include "range.h"
|
|
11
|
|
12 #define INT_MAX __INT_MAX__
|
|
13 #define INT_MIN (-INT_MAX - 1)
|
|
14
|
|
15 #define ATTR(...) __attribute__ ((__VA_ARGS__))
|
|
16 #define NOIPA ATTR (noipa)
|
|
17
|
|
18 extern void* malloc (size_t);
|
|
19 extern char* strcpy (char*, const char*);
|
|
20
|
|
21 void sink (void*);
|
|
22
|
|
23 #define S36 "0123456789abcdefghijklmnopqrstuvwxyz"
|
|
24 #define S(N) (S36 + sizeof S36 - N - 1)
|
|
25
|
|
26 struct Flex
|
|
27 {
|
|
28 char n, ax[];
|
|
29 };
|
|
30
|
|
31 extern struct Flex fx;
|
|
32 struct Flex f1 = { 1, { 1 } };
|
|
33 struct Flex f2 = { 2, { 1, 2 } };
|
|
34 struct Flex f3 = { 3, { 1, 2, 3 } };
|
|
35
|
|
36 #define T(src, f) do { \
|
|
37 char *s = src; \
|
|
38 char *d = f.ax; \
|
|
39 strcpy (d, s); \
|
|
40 sink (&f); \
|
|
41 } while (0)
|
|
42
|
|
43 NOIPA void test_strcpy_flexarray (void)
|
|
44 {
|
|
45 T (S (0), fx); // { dg-bogus "\\\[-Warray-bounds" "pr92815" { xfail *-*-*} }
|
|
46 T (S (9), fx); // { dg-bogus "\\\[-Warray-bounds" "pr92815" { xfail *-*-*} }
|
|
47
|
|
48 T (S (0), f1);
|
|
49 T (S (1), f1); // { dg-warning "\\\[-Warray-bounds" }
|
|
50
|
|
51 T (S (0), f2);
|
|
52 T (S (1), f2);
|
|
53 T (S (2), f2); // { dg-warning "\\\[-Warray-bounds" }
|
|
54
|
|
55 T (S (0), f3);
|
|
56 T (S (2), f3);
|
|
57 T (S (3), f3); // { dg-warning "\\\[-Warray-bounds" }
|
|
58 T (S (9), f3); // { dg-warning "\\\[-Warray-bounds" }
|
|
59 }
|
|
60
|
|
61 #undef T
|
|
62 #define T(T, src, n) do { \
|
|
63 char *s = src; \
|
|
64 typedef struct { T n, ax[]; } Flex; \
|
|
65 Flex *p = (Flex*)malloc (sizeof *p + n); \
|
|
66 char *d = (char*)p->ax; \
|
|
67 strcpy (d, s); \
|
|
68 sink (p); \
|
|
69 } while (0)
|
|
70
|
|
71 NOIPA void test_strcpy_malloc_flexarray (void)
|
|
72 {
|
|
73 size_t r_0_1 = UR (0, 1);
|
|
74
|
|
75 T (char, S (0), r_0_1);
|
|
76 T (char, S (1), r_0_1); // { dg-warning "\\\[-Warray-bounds" }
|
|
77
|
|
78 size_t r_1_2 = UR (1, 2);
|
|
79
|
|
80 T (char, S (0), r_1_2);
|
|
81 T (char, S (1), r_1_2);
|
|
82 T (char, S (2), r_1_2); // { dg-warning "\\\[-Warray-bounds" }
|
|
83
|
|
84 size_t r_2_3 = UR (2, 3);
|
|
85
|
|
86 T (char, S (0), r_2_3);
|
|
87 T (char, S (2), r_2_3);
|
|
88 T (char, S (3), r_2_3); // { dg-warning "\\\[-Warray-bounds" }
|
|
89 T (char, S (9), r_2_3); // { dg-warning "\\\[-Warray-bounds" }
|
|
90 }
|