From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id A9EB63858D28 for ; Wed, 18 Jan 2023 16:45:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A9EB63858D28 Authentication-Results: sourceware.org; dmarc=pass (p=none dis=none) header.from=redhat.com Authentication-Results: sourceware.org; spf=pass smtp.mailfrom=redhat.com DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=redhat.com; s=mimecast20190719; t=1674060306; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=Nw5+bupx6BXqCmAXLclLwOg5qsjSMZNS4owETVpTePE=; b=OJBnb8qs1OApocJNiB2iXxoYWyPzp+EY6RILWj+E4XNiVMhlBi/OW7Tdeo+soIKnQmUDrG IzSxXrX1NvGc/sgvEriKe3ggI/THiNKHN4lQtCmkr5KPfvrVLxBY8HWvPiYi3JYcLbpclV hjoIHuxPeb+KCJocq4r0HqmZEhg2hj4= Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-296-lEfwABSnPo2UvyD4jGHFAg-1; Wed, 18 Jan 2023 11:45:05 -0500 X-MC-Unique: lEfwABSnPo2UvyD4jGHFAg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CD1C81875044 for ; Wed, 18 Jan 2023 16:45:04 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.17.121]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8E781140EBF6; Wed, 18 Jan 2023 16:45:04 +0000 (UTC) From: David Malcolm To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed] analyzer: add SARD testsuite 81 Date: Wed, 18 Jan 2023 11:45:01 -0500 Message-Id: <20230118164501.8130-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com Content-Transfer-Encoding: quoted-printable Content-Type: text/plain; charset="US-ASCII"; x-default=true X-Spam-Status: No, score=-11.2 required=5.0 tests=BAYES_00,DKIMWL_WL_HIGH,DKIM_SIGNED,DKIM_VALID,DKIM_VALID_AU,DKIM_VALID_EF,GIT_PATCH_0,KAM_NUMSUBJECT,RCVD_IN_DNSWL_NONE,RCVD_IN_MSPIKE_H2,SPF_HELO_NONE,SPF_NONE,TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org List-Id: A 2013 paper [1] proposed 5 simple tests for evaluating the effectiveness of static analysis tools at detecting CWE-121 ("Stack-based Buffer Overflow"). The tests can be found in: https://samate.nist.gov/SARD/test-suites/81 This patch adds theses 5 tests to -fanalyzer's testsuite, lightly modified to add DejaGnu directives. This is for unit-testing; for broader testing of -fanalyzer I'm working on a separate integration testing suite that builds various real-world C projects with -fanalyzer, currently here: https://github.com/davidmalcolm/gcc-analyzer-integration-tests Successfully regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-5244-gc6a011119bfa03. [1] Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overfl= ow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependab= le Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publica= tion/get_pdf.cfm?pub_id=3D913117 (Accessed January 17, 2023) gcc/testsuite/ChangeLog: =09* gcc.dg/analyzer/SARD-tc117-basic-00001-min.c: New test, adapted =09from https://samate.nist.gov/SARD/test-suites/81. =09* gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c: Likewise. =09* gcc.dg/analyzer/SARD-tc249-basic-00034-min.c: Likewise. =09* gcc.dg/analyzer/SARD-tc293-basic-00045-min.c: Likewise. =09* gcc.dg/analyzer/SARD-tc841-basic-00182-min.c: Likewise. Signed-off-by: David Malcolm --- .../analyzer/SARD-tc117-basic-00001-min.c | 67 +++++++++++++++++ .../SARD-tc1909-stack_overflow_loop.c | 29 ++++++++ .../analyzer/SARD-tc249-basic-00034-min.c | 67 +++++++++++++++++ .../analyzer/SARD-tc293-basic-00045-min.c | 69 ++++++++++++++++++ .../analyzer/SARD-tc841-basic-00182-min.c | 73 +++++++++++++++++++ 5 files changed, 305 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-mi= n.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflo= w_loop.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-mi= n.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-mi= n.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-mi= n.c diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c b/g= cc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c new file mode 100644 index 00000000000..e1ce195ad8b --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c @@ -0,0 +1,67 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Over= flow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Depend= able Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publi= cation/get_pdf.cfm?pub_id=3D913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000000000000000000100 */ + +/* + * WRITE/READ =09 0=09write + * WHICH BOUND =09 0=09upper + * DATA TYPE =09 0=09char + * MEMORY LOCATION =09 0=09stack + * SCOPE =09 0=09same + * CONTAINER =09 0=09no + * POINTER =09 0=09no + * INDEX COMPLEXITY =09 0=09constant + * ADDRESS COMPLEXITY =09 0=09constant + * LENGTH COMPLEXITY =09 0=09N/A + * ADDRESS ALIAS =09 0=09none + * INDEX ALIAS =09 0=09none + * LOCAL CONTROL FLOW =09 0=09none + * SECONDARY CONTROL FLOW =09 0=09none + * LOOP STRUCTURE =09 0=09no + * LOOP COMPLEXITY =09 0=09N/A + * ASYNCHRONY =09 0=09no + * TAINT =09 0=09no + * RUNTIME ENV. DEPENDENCE =09 0=09no + * MAGNITUDE =09 1=091 byte + * CONTINUOUS/DISCRETE =09 0=09discrete + * SIGNEDNESS =09 0=09no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to= use,=20 +copy, modify, and distribute this software and its documentation for any= =20 +purpose, provided that the above copyright notice and the following three= =20 +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPEC= IAL,=20 +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWA= RE=20 +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY = OF=20 +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO= =20 +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOS= E,=20 +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION = TO=20 +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + buf[10] =3D 'A'; /* { dg-warning "stack-based buffer overflow" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { ta= rget *-*-* } .-1 } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.= c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c new file mode 100644 index 00000000000..07bdd31daf1 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c @@ -0,0 +1,29 @@ +/* Adapted from=0D + https://samate.nist.gov/SARD/downloads/test-suites/2013-02-07-basic-c= we-effectiveness-cwe-121-stack-based-buffer-overflow-for-c.zip=0D + Part of https://samate.nist.gov/SARD/test-suites/81:=0D + See:=0D + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Over= flow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Depend= able Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publi= cation/get_pdf.cfm?pub_id=3D913117 (Accessed January 17, 2023)=0D +*/=0D +=0D +/* This software was developed at the National Institute of Standards and= =0D + * Technology by employees of the Federal Government in the course of thei= r=0D + * official duties. Pursuant to title 17 Section 105 of the United States= =0D + * Code this software is not subject to copyright protection and is in the= =0D + * public domain. NIST assumes no responsibility whatsoever for its use by= =0D + * other parties, and makes no guarantees, expressed or implied, about its= =0D + * quality, reliability, or any other characteristic.=0D +=0D + * We would appreciate acknowledgement if the software is used.=0D + * The SAMATE project website is: http://samate.nist.gov=0D +*/=0D +=0D +#include =0D +=0D +int main(int argc, char *argv[])=0D +{=0D +=09char bStr[10];=0D +=09for (unsigned i=3D1;i<=3D10;++i) {=0D +=09=09bStr[i] =3D (char)i + 'a'; /* { dg-warning "stack-based buffer overf= low" "PR analyzer/108432" { xfail *-*-* } } */=0D +=09}=0D +=09return 0;=0D +}=0D diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c b/g= cc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c new file mode 100644 index 00000000000..4031e6d56c3 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c @@ -0,0 +1,67 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/249/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Over= flow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Depend= able Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publi= cation/get_pdf.cfm?pub_id=3D913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000001600030000000100 */ + +/* + * WRITE/READ =09 0=09write + * WHICH BOUND =09 0=09upper + * DATA TYPE =09 0=09char + * MEMORY LOCATION =09 0=09stack + * SCOPE =09 0=09same + * CONTAINER =09 0=09no + * POINTER =09 1=09yes + * INDEX COMPLEXITY =09 6=09N/A + * ADDRESS COMPLEXITY =09 0=09constant + * LENGTH COMPLEXITY =09 0=09N/A + * ADDRESS ALIAS =09 0=09none + * INDEX ALIAS =09 3=09N/A + * LOCAL CONTROL FLOW =09 0=09none + * SECONDARY CONTROL FLOW =09 0=09none + * LOOP STRUCTURE =09 0=09no + * LOOP COMPLEXITY =09 0=09N/A + * ASYNCHRONY =09 0=09no + * TAINT =09 0=09no + * RUNTIME ENV. DEPENDENCE =09 0=09no + * MAGNITUDE =09 1=091 byte + * CONTINUOUS/DISCRETE =09 0=09discrete + * SIGNEDNESS =09 0=09no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to= use,=20 +copy, modify, and distribute this software and its documentation for any= =20 +purpose, provided that the above copyright notice and the following three= =20 +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPEC= IAL,=20 +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWA= RE=20 +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY = OF=20 +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO= =20 +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOS= E,=20 +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION = TO=20 +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + *(buf + 10) =3D 'A'; /* { dg-warning "stack-based buffer overflow" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { ta= rget *-*-* } .-1 } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c b/g= cc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c new file mode 100644 index 00000000000..36c1946b197 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c @@ -0,0 +1,69 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/293/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Over= flow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Depend= able Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publi= cation/get_pdf.cfm?pub_id=3D913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000300601130000000110 */ + +/* + * WRITE/READ =09 0=09write + * WHICH BOUND =09 0=09upper + * DATA TYPE =09 0=09char + * MEMORY LOCATION =09 0=09stack + * SCOPE =09 3=09inter-file/inter-proc + * CONTAINER =09 0=09no + * POINTER =09 0=09no + * INDEX COMPLEXITY =09 6=09N/A + * ADDRESS COMPLEXITY =09 0=09constant + * LENGTH COMPLEXITY =09 1=09none + * ADDRESS ALIAS =09 1=09yes, one level + * INDEX ALIAS =09 3=09N/A + * LOCAL CONTROL FLOW =09 0=09none + * SECONDARY CONTROL FLOW =09 0=09none + * LOOP STRUCTURE =09 0=09no + * LOOP COMPLEXITY =09 0=09N/A + * ASYNCHRONY =09 0=09no + * TAINT =09 0=09no + * RUNTIME ENV. DEPENDENCE =09 0=09no + * MAGNITUDE =09 1=091 byte + * CONTINUOUS/DISCRETE =09 1=09continuous + * SIGNEDNESS =09 0=09no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to= use,=20 +copy, modify, and distribute this software and its documentation for any= =20 +purpose, provided that the above copyright notice and the following three= =20 +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPEC= IAL,=20 +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWA= RE=20 +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY = OF=20 +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO= =20 +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOS= E,=20 +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION = TO=20 +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + +#include + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + strcpy(buf, "AAAAAAAAAA"); /* { dg-warning "stack-based buffer overflow"= "analyzer warning" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "analyzer n= ote" { target *-*-* } .-1 } */ + /* { dg-warning "'__builtin_memcpy' writing 11 bytes into a region of si= ze 10 overflows the destination" "Wstringop-overflow" { target *-*-* } .-2 = } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c b/g= cc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c new file mode 100644 index 00000000000..577dce13f00 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c @@ -0,0 +1,73 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/841/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Over= flow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Depend= able Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publi= cation/get_pdf.cfm?pub_id=3D913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000300602130000031110 */ + +/* + * WRITE/READ =09 0=09write + * WHICH BOUND =09 0=09upper + * DATA TYPE =09 0=09char + * MEMORY LOCATION =09 0=09stack + * SCOPE =09 3=09inter-file/inter-proc + * CONTAINER =09 0=09no + * POINTER =09 0=09no + * INDEX COMPLEXITY =09 6=09N/A + * ADDRESS COMPLEXITY =09 0=09constant + * LENGTH COMPLEXITY =09 2=09constant + * ADDRESS ALIAS =09 1=09yes, one level + * INDEX ALIAS =09 3=09N/A + * LOCAL CONTROL FLOW =09 0=09none + * SECONDARY CONTROL FLOW =09 0=09none + * LOOP STRUCTURE =09 0=09no + * LOOP COMPLEXITY =09 0=09N/A + * ASYNCHRONY =09 0=09no + * TAINT =09 3=09file read + * RUNTIME ENV. DEPENDENCE =09 1=09yes + * MAGNITUDE =09 1=091 byte + * CONTINUOUS/DISCRETE =09 1=09continuous + * SIGNEDNESS =09 0=09no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to= use,=20 +copy, modify, and distribute this software and its documentation for any= =20 +purpose, provided that the above copyright notice and the following three= =20 +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPEC= IAL,=20 +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWA= RE=20 +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY = OF=20 +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO= =20 +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOS= E,=20 +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION = TO=20 +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + +#include +#include + +int main(int argc, char *argv[]) +{ + FILE * f; + char buf[10]; + + f =3D fopen("TestInputFile1", "r"); + assert(f !=3D NULL); + + /* BAD */ + fgets(buf, 11, f); /* { dg-warning "stack-based buffer overflow" "PR ana= lyzer/105895" { xfail *-*-* } } */ + + fclose(f); + + + return 0; +} --=20 2.26.3