public inbox for gcc-cvs@sourceware.org help / color / mirror / Atom feed
From: David Malcolm <dmalcolm@gcc.gnu.org> To: gcc-cvs@gcc.gnu.org Subject: [gcc r13-5244] analyzer: add SARD testsuite 81 Date: Wed, 18 Jan 2023 16:42:16 +0000 (GMT) [thread overview] Message-ID: <20230118164216.D852B3858C30@sourceware.org> (raw) https://gcc.gnu.org/g:c6a011119bfa038ccbfc9f123ede14a3d6237fab commit r13-5244-gc6a011119bfa038ccbfc9f123ede14a3d6237fab Author: David Malcolm <dmalcolm@redhat.com> Date: Wed Jan 18 11:41:47 2023 -0500 analyzer: add SARD testsuite 81 A 2013 paper [1] proposed 5 simple tests for evaluating the effectiveness of static analysis tools at detecting CWE-121 ("Stack-based Buffer Overflow"). The tests can be found in: https://samate.nist.gov/SARD/test-suites/81 This patch adds theses 5 tests to -fanalyzer's testsuite, lightly modified to add DejaGnu directives. This is for unit-testing; for broader testing of -fanalyzer I'm working on a separate integration testing suite that builds various real-world C projects with -fanalyzer, currently here: https://github.com/davidmalcolm/gcc-analyzer-integration-tests [1] Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) gcc/testsuite/ChangeLog: * gcc.dg/analyzer/SARD-tc117-basic-00001-min.c: New test, adapted from https://samate.nist.gov/SARD/test-suites/81. * gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c: Likewise. * gcc.dg/analyzer/SARD-tc249-basic-00034-min.c: Likewise. * gcc.dg/analyzer/SARD-tc293-basic-00045-min.c: Likewise. * gcc.dg/analyzer/SARD-tc841-basic-00182-min.c: Likewise. Signed-off-by: David Malcolm <dmalcolm@redhat.com> Diff: --- .../gcc.dg/analyzer/SARD-tc117-basic-00001-min.c | 67 ++++++++++++++++++++ .../analyzer/SARD-tc1909-stack_overflow_loop.c | 29 +++++++++ .../gcc.dg/analyzer/SARD-tc249-basic-00034-min.c | 67 ++++++++++++++++++++ .../gcc.dg/analyzer/SARD-tc293-basic-00045-min.c | 69 ++++++++++++++++++++ .../gcc.dg/analyzer/SARD-tc841-basic-00182-min.c | 73 ++++++++++++++++++++++ 5 files changed, 305 insertions(+) diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c new file mode 100644 index 00000000000..e1ce195ad8b --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c @@ -0,0 +1,67 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000000000000000000100 */ + +/* + * WRITE/READ 0 write + * WHICH BOUND 0 upper + * DATA TYPE 0 char + * MEMORY LOCATION 0 stack + * SCOPE 0 same + * CONTAINER 0 no + * POINTER 0 no + * INDEX COMPLEXITY 0 constant + * ADDRESS COMPLEXITY 0 constant + * LENGTH COMPLEXITY 0 N/A + * ADDRESS ALIAS 0 none + * INDEX ALIAS 0 none + * LOCAL CONTROL FLOW 0 none + * SECONDARY CONTROL FLOW 0 none + * LOOP STRUCTURE 0 no + * LOOP COMPLEXITY 0 N/A + * ASYNCHRONY 0 no + * TAINT 0 no + * RUNTIME ENV. DEPENDENCE 0 no + * MAGNITUDE 1 1 byte + * CONTINUOUS/DISCRETE 0 discrete + * SIGNEDNESS 0 no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to use, +copy, modify, and distribute this software and its documentation for any +purpose, provided that the above copyright notice and the following three +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + buf[10] = 'A'; /* { dg-warning "stack-based buffer overflow" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c new file mode 100644 index 00000000000..2a7612ad6f0 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c @@ -0,0 +1,29 @@ +/* Adapted from + https://samate.nist.gov/SARD/downloads/test-suites/2013-02-07-basic-cwe-effectiveness-cwe-121-stack-based-buffer-overflow-for-c.zip + Part of https://samate.nist.gov/SARD/test-suites/81: + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* This software was developed at the National Institute of Standards and + * Technology by employees of the Federal Government in the course of their + * official duties. Pursuant to title 17 Section 105 of the United States + * Code this software is not subject to copyright protection and is in the + * public domain. NIST assumes no responsibility whatsoever for its use by + * other parties, and makes no guarantees, expressed or implied, about its + * quality, reliability, or any other characteristic. + + * We would appreciate acknowledgement if the software is used. + * The SAMATE project website is: http://samate.nist.gov +*/ + +#include <stdlib.h> + +int main(int argc, char *argv[]) +{ + char bStr[10]; + for (unsigned i=1;i<=10;++i) { + bStr[i] = (char)i + 'a'; /* { dg-warning "stack-based buffer overflow" "PR analyzer/108432" { xfail *-*-* } } */ + } + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c new file mode 100644 index 00000000000..4031e6d56c3 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c @@ -0,0 +1,67 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/249/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000001600030000000100 */ + +/* + * WRITE/READ 0 write + * WHICH BOUND 0 upper + * DATA TYPE 0 char + * MEMORY LOCATION 0 stack + * SCOPE 0 same + * CONTAINER 0 no + * POINTER 1 yes + * INDEX COMPLEXITY 6 N/A + * ADDRESS COMPLEXITY 0 constant + * LENGTH COMPLEXITY 0 N/A + * ADDRESS ALIAS 0 none + * INDEX ALIAS 3 N/A + * LOCAL CONTROL FLOW 0 none + * SECONDARY CONTROL FLOW 0 none + * LOOP STRUCTURE 0 no + * LOOP COMPLEXITY 0 N/A + * ASYNCHRONY 0 no + * TAINT 0 no + * RUNTIME ENV. DEPENDENCE 0 no + * MAGNITUDE 1 1 byte + * CONTINUOUS/DISCRETE 0 discrete + * SIGNEDNESS 0 no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to use, +copy, modify, and distribute this software and its documentation for any +purpose, provided that the above copyright notice and the following three +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + *(buf + 10) = 'A'; /* { dg-warning "stack-based buffer overflow" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c new file mode 100644 index 00000000000..36c1946b197 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c @@ -0,0 +1,69 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/293/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000300601130000000110 */ + +/* + * WRITE/READ 0 write + * WHICH BOUND 0 upper + * DATA TYPE 0 char + * MEMORY LOCATION 0 stack + * SCOPE 3 inter-file/inter-proc + * CONTAINER 0 no + * POINTER 0 no + * INDEX COMPLEXITY 6 N/A + * ADDRESS COMPLEXITY 0 constant + * LENGTH COMPLEXITY 1 none + * ADDRESS ALIAS 1 yes, one level + * INDEX ALIAS 3 N/A + * LOCAL CONTROL FLOW 0 none + * SECONDARY CONTROL FLOW 0 none + * LOOP STRUCTURE 0 no + * LOOP COMPLEXITY 0 N/A + * ASYNCHRONY 0 no + * TAINT 0 no + * RUNTIME ENV. DEPENDENCE 0 no + * MAGNITUDE 1 1 byte + * CONTINUOUS/DISCRETE 1 continuous + * SIGNEDNESS 0 no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to use, +copy, modify, and distribute this software and its documentation for any +purpose, provided that the above copyright notice and the following three +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + +#include <string.h> + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + strcpy(buf, "AAAAAAAAAA"); /* { dg-warning "stack-based buffer overflow" "analyzer warning" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "analyzer note" { target *-*-* } .-1 } */ + /* { dg-warning "'__builtin_memcpy' writing 11 bytes into a region of size 10 overflows the destination" "Wstringop-overflow" { target *-*-* } .-2 } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c new file mode 100644 index 00000000000..577dce13f00 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c @@ -0,0 +1,73 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/841/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000300602130000031110 */ + +/* + * WRITE/READ 0 write + * WHICH BOUND 0 upper + * DATA TYPE 0 char + * MEMORY LOCATION 0 stack + * SCOPE 3 inter-file/inter-proc + * CONTAINER 0 no + * POINTER 0 no + * INDEX COMPLEXITY 6 N/A + * ADDRESS COMPLEXITY 0 constant + * LENGTH COMPLEXITY 2 constant + * ADDRESS ALIAS 1 yes, one level + * INDEX ALIAS 3 N/A + * LOCAL CONTROL FLOW 0 none + * SECONDARY CONTROL FLOW 0 none + * LOOP STRUCTURE 0 no + * LOOP COMPLEXITY 0 N/A + * ASYNCHRONY 0 no + * TAINT 3 file read + * RUNTIME ENV. DEPENDENCE 1 yes + * MAGNITUDE 1 1 byte + * CONTINUOUS/DISCRETE 1 continuous + * SIGNEDNESS 0 no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to use, +copy, modify, and distribute this software and its documentation for any +purpose, provided that the above copyright notice and the following three +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + +#include <assert.h> +#include <stdio.h> + +int main(int argc, char *argv[]) +{ + FILE * f; + char buf[10]; + + f = fopen("TestInputFile1", "r"); + assert(f != NULL); + + /* BAD */ + fgets(buf, 11, f); /* { dg-warning "stack-based buffer overflow" "PR analyzer/105895" { xfail *-*-* } } */ + + fclose(f); + + + return 0; +}
reply other threads:[~2023-01-18 16:42 UTC|newest] Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions: You may reply publicly to this message via plain-text email using any one of the following methods: * Save the following mbox file, import it into your mail client, and reply-to-all from there: mbox Avoid top-posting and favor interleaved quoting: https://en.wikipedia.org/wiki/Posting_style#Interleaved_style * Reply using the --to, --cc, and --in-reply-to switches of git-send-email(1): git send-email \ --in-reply-to=20230118164216.D852B3858C30@sourceware.org \ --to=dmalcolm@gcc.gnu.org \ --cc=gcc-cvs@gcc.gnu.org \ /path/to/YOUR_REPLY https://kernel.org/pub/software/scm/git/docs/git-send-email.html * If your mail client supports setting the In-Reply-To header via mailto: links, try the mailto: linkBe sure your reply has a Subject: header at the top and a blank line before the message body.
This is a public inbox, see mirroring instructions for how to clone and mirror all data and code used for this inbox; as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).