gcc/testsuite/c-c++-common/analyzer/SARD-tc117-basic-00001-min.c - gcc.git - Git at Google

 /* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0
    Part of https://samate.nist.gov/SARD/test-suites/81
    See:
      Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
 */

 /* Taxonomy Classification: 0000000000000000000100 */

 /*
  *  WRITE/READ               	 0	write
  *  WHICH BOUND              	 0	upper
  *  DATA TYPE                	 0	char
  *  MEMORY LOCATION          	 0	stack
  *  SCOPE                    	 0	same
  *  CONTAINER                	 0	no
  *  POINTER                  	 0	no
  *  INDEX COMPLEXITY         	 0	constant
  *  ADDRESS COMPLEXITY       	 0	constant
  *  LENGTH COMPLEXITY        	 0	N/A
  *  ADDRESS ALIAS            	 0	none
  *  INDEX ALIAS              	 0	none
  *  LOCAL CONTROL FLOW       	 0	none
  *  SECONDARY CONTROL FLOW   	 0	none
  *  LOOP STRUCTURE           	 0	no
  *  LOOP COMPLEXITY          	 0	N/A
  *  ASYNCHRONY               	 0	no
  *  TAINT                    	 0	no
  *  RUNTIME ENV. DEPENDENCE  	 0	no
  *  MAGNITUDE                	 1	1 byte
  *  CONTINUOUS/DISCRETE      	 0	discrete
  *  SIGNEDNESS               	 0	no
  */

 /*
 Copyright 2004 M.I.T.

 Permission is hereby granted, without written agreement or royalty fee, to use,
 copy, modify, and distribute this software and its documentation for any
 purpose, provided that the above copyright notice and the following three
 paragraphs appear in all copies of this software.

 IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
 INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE
 AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF
 SUCH DAMANGE.

 M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO
 THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
 AND NON-INFRINGEMENT.

 THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO
 PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
 */


 int main(int argc, char *argv[])
 {
   char buf[10];


   /*  BAD  */
   buf[10] = 'A'; /* { dg-warning "stack-based buffer overflow" } */
   /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */


   return 0;
 }
	/* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0
	Part of https://samate.nist.gov/SARD/test-suites/81
	See:
	Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
	*/

	/* Taxonomy Classification: 0000000000000000000100 */

	/*
	* WRITE/READ 0 write
	* WHICH BOUND 0 upper
	* DATA TYPE 0 char
	* MEMORY LOCATION 0 stack
	* SCOPE 0 same
	* CONTAINER 0 no
	* POINTER 0 no
	* INDEX COMPLEXITY 0 constant
	* ADDRESS COMPLEXITY 0 constant
	* LENGTH COMPLEXITY 0 N/A
	* ADDRESS ALIAS 0 none
	* INDEX ALIAS 0 none
	* LOCAL CONTROL FLOW 0 none
	* SECONDARY CONTROL FLOW 0 none
	* LOOP STRUCTURE 0 no
	* LOOP COMPLEXITY 0 N/A
	* ASYNCHRONY 0 no
	* TAINT 0 no
	* RUNTIME ENV. DEPENDENCE 0 no
	* MAGNITUDE 1 1 byte
	* CONTINUOUS/DISCRETE 0 discrete
	* SIGNEDNESS 0 no
	*/

	/*
	Copyright 2004 M.I.T.

	Permission is hereby granted, without written agreement or royalty fee, to use,
	copy, modify, and distribute this software and its documentation for any
	purpose, provided that the above copyright notice and the following three
	paragraphs appear in all copies of this software.

	IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
	INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE
	AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF
	SUCH DAMANGE.

	M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO
	THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
	AND NON-INFRINGEMENT.

	THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO
	PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
	*/


	int main(int argc, char *argv[])
	{
	char buf[10];


	/* BAD */
	buf[10] = 'A'; /* { dg-warning "stack-based buffer overflow" } */
	/* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target --* } .-1 } */


	return 0;
	}