| /* PR middle-end/77608 - missing protection on trivially detectable runtime |
| buffer overflow |
| { dg-do compile } |
| { dg-options "-O2 -Wstringop-overflow -ftrack-macro-expansion=0" } */ |
| |
| #define SIZE_MAX __SIZE_MAX__ |
| #define DIFF_MAX __PTRDIFF_MAX__ |
| #define DIFF_MIN (-DIFF_MAX - 1) |
| |
| typedef __SIZE_TYPE__ size_t; |
| |
| extern void* memcpy (void*, const void*, size_t); |
| extern char* strcpy (char*, const char*); |
| extern char* strncpy (char*, const char*, size_t); |
| |
| void sink (void*); |
| |
| static size_t unsigned_value (void) |
| { |
| extern volatile size_t unsigned_value_source; |
| return unsigned_value_source; |
| } |
| |
| static size_t unsigned_range (size_t min, size_t max) |
| { |
| size_t val = unsigned_value (); |
| return val < min || max < val ? min : val; |
| } |
| |
| #define UR(min, max) unsigned_range (min, max) |
| |
| |
| char a7[7]; |
| |
| struct MemArray { char a9[9]; char a1[1]; }; |
| |
| void test_memcpy_array (const void *s) |
| { |
| #define T(d, s, n) (memcpy ((d), (s), (n)), sink (d)) |
| |
| T (a7 + UR (0, 1), s, 7); |
| T (a7 + UR (0, 7), s, 7); |
| T (a7 + UR (0, 8), s, 7); |
| T (a7 + UR (0, DIFF_MAX), s, 7); |
| T (a7 + UR (0, SIZE_MAX), s, 7); |
| |
| T (a7 + UR (1, 2), s, 7); /* { dg-warning "writing 7 bytes into a region of size 6" } */ |
| T (a7 + UR (2, 3), s, 7); /* { dg-warning "writing 7 bytes into a region of size 5" } */ |
| T (a7 + UR (6, 9), s, 7); /* { dg-warning "writing 7 bytes into a region of size 1" } */ |
| T (a7 + UR (7, 9), s, 7); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| T (a7 + UR (8, 9), s, 7); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| |
| T (a7 + UR (9, 10), s, 7); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| T (a7 + UR (DIFF_MAX, DIFF_MAX + (size_t)1), s, 7); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| T (a7 + UR (DIFF_MAX, SIZE_MAX), s, 7); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| |
| /* This is valid. */ |
| char *d = a7 + 7; |
| T (d + UR (-8, -7), s, 7); |
| } |
| |
| /* Verify the absence of warnings for memcpy writing beyond object |
| boundaries. */ |
| |
| void test_memcpy_memarray (struct MemArray *p, const void *s) |
| { |
| #undef T |
| #define T(d, s, n) (memcpy ((d), (s), (n)), sink (d)) |
| |
| /* The following are valid. */ |
| T (p->a9 + UR (0, 1), s, 9); |
| T (p->a9 + UR (0, 7), s, 9); |
| T (p->a9 + UR (0, 8), s, 9); |
| T (p->a9 + UR (0, DIFF_MAX), s, 9); |
| T (p->a9 + UR (0, SIZE_MAX), s, 9); |
| |
| /* The following are invalid. Unfortunately, there is apparently enough |
| code out there that abuses memcpy to write past the end of one member |
| and into the members that follow so the following are not diagnosed |
| by design. It sure would be nice not to have to cater to hacks like |
| these... */ |
| T (p->a9 + UR (1, 2), s, 9); |
| T (p->a9 + UR (1, 2), s, 123); |
| } |
| |
| |
| void test_strcpy_array (void) |
| { |
| #undef T |
| #define T(d, s) (strcpy ((d), (s)), sink (d)) |
| |
| T (a7 + UR (0, 1), "012345"); |
| T (a7 + UR (0, 7), "012345"); |
| T (a7 + UR (0, 8), "012345"); |
| T (a7 + UR (0, DIFF_MAX), "012345"); |
| T (a7 + UR (0, SIZE_MAX), "012345"); |
| |
| T (a7 + UR (1, 2), "012345"); /* { dg-warning "writing 7 bytes into a region of size 6" } */ |
| T (a7 + UR (2, 3), "012345"); /* { dg-warning "writing 7 bytes into a region of size 5" } */ |
| T (a7 + UR (6, 9), "012345"); /* { dg-warning "writing 7 bytes into a region of size 1" } */ |
| T (a7 + UR (7, 9), "012345"); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| T (a7 + UR (8, 9), "012345"); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| |
| T (a7 + UR (9, 10), "012345"); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| T (a7 + UR (DIFF_MAX, DIFF_MAX + (size_t)1), "012345"); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| T (a7 + UR (DIFF_MAX, SIZE_MAX), "012345"); /* { dg-warning "writing 7 bytes into a region of size 0" } */ |
| |
| char *d = a7 + 7; |
| |
| T (d + UR (-8, -7), "012345"); |
| } |
| |
| void test_strncpy_memarray (struct MemArray *p, const void *s) |
| { |
| #undef T |
| #define T(d, s, n) (strncpy ((d), (s), (n)), sink (d)) |
| |
| T (p->a9 + UR (0, 1), s, 9); |
| T (p->a9 + UR (0, 7), s, 9); |
| T (p->a9 + UR (0, 8), s, 9); |
| T (p->a9 + UR (0, DIFF_MAX), s, 9); |
| T (p->a9 + UR (0, SIZE_MAX), s, 9); |
| |
| T (p->a9 + UR (1, 2), s, 9); /* { dg-warning "writing 9 bytes into a region of size 8" } */ |
| T (p->a9 + UR (2, 3), s, 9); /* { dg-warning "writing 9 bytes into a region of size 7" } */ |
| T (p->a9 + UR (6, 9), s, 9); /* { dg-warning "writing 9 bytes into a region of size 3" } */ |
| T (p->a9 + UR (9, 10), s, 9); /* { dg-warning "writing 9 bytes into a region of size 0" } */ |
| T (p->a9 + UR (10, 11), s, 9); /* { dg-warning "writing 9 bytes into a region of size 0" } */ |
| |
| T (p->a9 + UR (DIFF_MAX, DIFF_MAX + (size_t)1), s, 1); /* { dg-warning "writing 1 byte into a region of size 0" } */ |
| T (p->a9 + UR (DIFF_MAX, SIZE_MAX), s, 3); /* { dg-warning "writing 3 bytes into a region of size 0" } */ |
| } |