gcc/testsuite/gcc.dg/analyzer/taint-assert-system-header.c - gcc - Git at Google

 /* Integration test of how the execution path looks for
    -Wanalyzer-tainted-assertion with macro-tracking enabled
    (the default), where the assertion macro is defined in
    a system header.  */

 // TODO: remove need for this option
 /* { dg-additional-options "-fanalyzer-checker=taint" } */

 /* { dg-additional-options "-fdiagnostics-show-path-depths" } */
 /* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */

 /* An assertion macro that has a call to a __noreturn__ function.  */

 /* This is marked as a system header.  */
 #include "test-assert.h"

 int __attribute__((tainted_args))
 test_tainted_assert (int n)
 {
   assert (n > 0); /* { dg-warning "use of attacked-controlled value in condition for assertion \\\[CWE-617\\\] \\\[-Wanalyzer-tainted-assertion\\\]" } */
   return n * n;
 }

 /* { dg-begin-multiline-output "" }
    assert (n > 0);
    ^~~~~~
   'test_tainted_assert': event 1 (depth 0)
     |
     | test_tainted_assert (int n)
     | ^~~~~~~~~~~~~~~~~~~
     | |
     | (1) function 'test_tainted_assert' marked with '__attribute__((tainted_args))'
     |
     +--> 'test_tainted_assert': event 2 (depth 1)
            |
            | test_tainted_assert (int n)
            | ^~~~~~~~~~~~~~~~~~~
            | |
            | (2) entry to 'test_tainted_assert'
            |
          'test_tainted_assert': events 3-6 (depth 1)
            |
            |
            |   do { if (!(EXPR)) __assert_fail (#EXPR, __FILE__, __LINE__); } while (0)
            |           ^         ~~~~~~~~~~~~~
            |           |         |
            |           |         (5) ...to here
            |           |         (6) treating '__assert_fail' as an assertion failure handler due to '__attribute__((__noreturn__))'
            |           (3) use of attacker-controlled value for control flow
            |           (4) following 'true' branch (when 'n <= 0')...
            |
    { dg-end-multiline-output "" } */
	/* Integration test of how the execution path looks for
	-Wanalyzer-tainted-assertion with macro-tracking enabled
	(the default), where the assertion macro is defined in
	a system header. */

	// TODO: remove need for this option
	/* { dg-additional-options "-fanalyzer-checker=taint" } */

	/* { dg-additional-options "-fdiagnostics-show-path-depths" } */
	/* { dg-additional-options "-fdiagnostics-path-format=inline-events -fdiagnostics-show-caret" } */

	/* An assertion macro that has a call to a __noreturn__ function. */

	/* This is marked as a system header. */
	#include "test-assert.h"

	int __attribute__((tainted_args))
	test_tainted_assert (int n)
	{
	assert (n > 0); /* { dg-warning "use of attacked-controlled value in condition for assertion \\\[CWE-617\\\] \\\[-Wanalyzer-tainted-assertion\\\]" } */
	return n * n;
	}

	/* { dg-begin-multiline-output "" }
	assert (n > 0);
	^~~~~~
	'test_tainted_assert': event 1 (depth 0)
	\|
	\| test_tainted_assert (int n)
	\| ^~~~~~~~~~~~~~~~~~~
	\| \|
	\| (1) function 'test_tainted_assert' marked with '__attribute__((tainted_args))'
	\|
	+--> 'test_tainted_assert': event 2 (depth 1)
	\|
	\| test_tainted_assert (int n)
	\| ^~~~~~~~~~~~~~~~~~~
	\| \|
	\| (2) entry to 'test_tainted_assert'
	\|
	'test_tainted_assert': events 3-6 (depth 1)
	\|
	\|
	\| do { if (!(EXPR)) __assert_fail (#EXPR, __FILE__, __LINE__); } while (0)
	\| ^ ~~~~~~~~~~~~~
	\| \| \|
	\| \| (5) ...to here
	\| \| (6) treating '__assert_fail' as an assertion failure handler due to '__attribute__((__noreturn__))'
	\| (3) use of attacker-controlled value for control flow
	\| (4) following 'true' branch (when 'n <= 0')...
	\|
	{ dg-end-multiline-output "" } */