From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id 42C2F3858429 for ; Fri, 9 Sep 2022 21:24:05 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.1 sourceware.org 42C2F3858429 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1662758644; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=WfbZS6oLht1t6DyfDUZFhXZ+RrWWMQ+iuTY/70kZbgE=; b=S11FQXu8FUOWiiaFgBHz68RNVD2JlNkFaQc+Dhoqorcn3QYfjBloXZQeGVKQtDwLBJoWLj hfto7oGQgK1rPbFFmlTo2FBt54cOkMPynttNstRq8O59B0POg0WRYjCR+9/UxRnBBc5Q4d Z76mkMn6yXhpgyqNxa6z3mRowFgpZHg= Received: from mimecast-mx02.redhat.com (mx3-rdu2.redhat.com [66.187.233.73]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-156-Sj-nwRSrOj283rUEzlur5w-1; Fri, 09 Sep 2022 17:24:03 -0400 X-MC-Unique: Sj-nwRSrOj283rUEzlur5w-1 Received: from smtp.corp.redhat.com (int-mx02.intmail.prod.int.rdu2.redhat.com [10.11.54.2]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id 510403C025AD for ; Fri, 9 Sep 2022 21:24:03 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.17.147]) by smtp.corp.redhat.com (Postfix) with ESMTP id 27DC140D282E; Fri, 9 Sep 2022 21:24:03 +0000 (UTC) From: David Malcolm To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed] analyzer: add test coverage for flexible array members [PR98247] Date: Fri, 9 Sep 2022 17:24:01 -0400 Message-Id: <20220909212401.626138-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 2.84 on 10.11.54.2 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: 8bit Content-Type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-12.4 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,RCVD_IN_DNSWL_LOW,SPF_HELO_NONE,SPF_NONE,TXREP,T_SCC_BODY_TEXT_LINE autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: Successfully bootstrapped & regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-2571-g084dc9a0c6cec1. gcc/testsuite/ChangeLog: PR analyzer/98247 * gcc.dg/analyzer/flexible-array-member-1.c: New test. Signed-off-by: David Malcolm --- .../gcc.dg/analyzer/flexible-array-member-1.c | 100 ++++++++++++++++++ 1 file changed, 100 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/analyzer/flexible-array-member-1.c diff --git a/gcc/testsuite/gcc.dg/analyzer/flexible-array-member-1.c b/gcc/testsuite/gcc.dg/analyzer/flexible-array-member-1.c new file mode 100644 index 00000000000..2df085a43f2 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/flexible-array-member-1.c @@ -0,0 +1,100 @@ +#include +#include + +struct str { + size_t len; + char data[]; +}; + +struct str * +test_const_size (void) +{ + struct str *str = malloc(sizeof(str) + 10); + if (str) { + str->len = 10; + memset(str->data, 'x', 10); + return str; + } + return NULL; +} + +struct str * +test_const_size_oob_1 (void) +{ + /* Forgetting to add space for the trailing array. */ + struct str *str = malloc(sizeof(str)); + if (str) { + str->len = 10; + memset(str->data, 'x', 10); /* { dg-warning "heap-based buffer overflow" "Wanalyzer-out-of-bounds" } */ + /* { dg-warning "'memset' writing 10 bytes into a region of size 0 overflows the destination" "Wstringop-overflow" { target *-*-* } .-1 } */ + return str; + } + return NULL; +} + +struct str * +test_const_size_oob_2 (void) +{ + struct str *str = malloc(sizeof(str) + 10); + if (str) { + str->len = 10; + /* Using the wrong size here. */ + memset(str->data, 'x', 11); /* { dg-warning "heap-based buffer overflow" "Wanalyzer-out-of-bounds" } */ + /* { dg-warning "'memset' writing 11 bytes into a region of size 10 overflows the destination" "Wstringop-overflow" { target *-*-* } .-1 } */ + return str; + } + return NULL; +} + +struct str * +test_symbolic_size (size_t len) +{ + struct str *str = malloc(sizeof(str) + len); + if (str) { + str->len = len; + memset(str->data, 'x', len); + return str; + } + return NULL; +} + +struct str * +test_symbolic_size_oob (size_t len) +{ + /* Forgetting to add space for the trailing array. */ + struct str *str = malloc(sizeof(str)); + if (str) { + str->len = len; + memset(str->data, 'x', len); /* { dg-warning "heap-based buffer overflow" "PR analyzer/98247" { xfail *-*-* } } */ + // TODO(xfail): we don't yet complain about this case, which occurs when len > 0 + return str; + } + return NULL; +} + +struct str * +test_symbolic_size_with_terminator (size_t len) +{ + struct str *str = malloc(sizeof(str) + len + 1); + if (str) { + str->len = len; + memset(str->data, 'x', len); + str->data[len] = '\0'; + return str; + } + return NULL; +} + +struct str * +test_symbolic_size_with_terminator_oob (size_t len) +{ + /* Forgetting to add 1 for the terminator. */ + struct str *str = malloc(sizeof(str) + len); + if (str) { + str->len = len; + memset(str->data, 'x', len); + str->data[len] = '\0'; /* { dg-warning "heap-based buffer overflow" } */ + return str; + } + return NULL; +} -- 2.26.3