| /* Integration test of how the execution path looks for |
| -Wanalyzer-tainted-assertion with macro-tracking enabled |
| (the default), where the assertion macro is defined in |
| a system header. */ |
| |
| // TODO: remove need for this option |
| /* { dg-additional-options "-fanalyzer-checker=taint" } */ |
| |
| /* { dg-additional-options "-fdiagnostics-show-path-depths" } */ |
| /* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */ |
| |
| /* An assertion macro that has a call to a __noreturn__ function. */ |
| |
| /* This is marked as a system header. */ |
| #include "test-assert.h" |
| |
| int __attribute__((tainted_args)) |
| test_tainted_assert (int n) |
| { |
| assert (n > 0); /* { dg-warning "use of attacked-controlled value in condition for assertion \\\[CWE-617\\\] \\\[-Wanalyzer-tainted-assertion\\\]" } */ |
| return n * n; |
| } |
| |
| /* { dg-begin-multiline-output "" } |
| assert (n > 0); |
| ^~~~~~ |
| 'test_tainted_assert': event 1 (depth 0) |
| | |
| | test_tainted_assert (int n) |
| | ^~~~~~~~~~~~~~~~~~~ |
| | | |
| | (1) function 'test_tainted_assert' marked with '__attribute__((tainted_args))' |
| | |
| +--> 'test_tainted_assert': event 2 (depth 1) |
| | |
| | test_tainted_assert (int n) |
| | ^~~~~~~~~~~~~~~~~~~ |
| | | |
| | (2) entry to 'test_tainted_assert' |
| | |
| 'test_tainted_assert': events 3-6 (depth 1) |
| | |
| | |
| | do { if (!(EXPR)) __assert_fail (#EXPR, __FILE__, __LINE__); } while (0) |
| | ^ ~~~~~~~~~~~~~ |
| | | | |
| | | (5) ...to here |
| | | (6) treating '__assert_fail' as an assertion failure handler due to '__attribute__((__noreturn__))' |
| | (3) use of attacker-controlled value for control flow |
| | (4) following 'true' branch (when 'n <= 0')... |
| | |
| { dg-end-multiline-output "" } */ |