1/* Test whether buffer overflow warnings for __*_chk builtins 2 are emitted properly. */ 3/* { dg-do compile } */ 4/* { dg-options "-O2 -std=gnu99" } */ 5/* { dg-options "-mstructure-size-boundary=8 -O2 -std=gnu99" { target arm-*-* } } */ 6 7extern void abort (void); 8 9#include "../gcc.c-torture/execute/builtins/chk.h" 10#include <stdarg.h> 11 12volatile void *vx; 13char buf1[20]; 14int x; 15 16void 17test (int arg, ...) 18{ 19 char buf2[20]; 20 va_list ap; 21 char *p = &buf1[10], *q; 22 23 memcpy (&buf2[19], "ab", 1); 24 memcpy (&buf2[19], "ab", 2); /* { dg-warning "will always overflow" "memcpy" } */ 25 vx = mempcpy (&buf2[19], "ab", 1); 26 vx = mempcpy (&buf2[19], "ab", 2); /* { dg-warning "will always overflow" "mempcpy" } */ 27 memmove (&buf2[18], &buf1[10], 2); 28 memmove (&buf2[18], &buf1[10], 3); /* { dg-warning "will always overflow" "memmove" } */ 29 memset (&buf2[16], 'a', 4); 30 memset (&buf2[15], 'b', 6); /* { dg-warning "will always overflow" "memset" } */ 31 strcpy (&buf2[18], "a"); 32 strcpy (&buf2[18], "ab"); /* { dg-warning "will always overflow" "strcpy" } */ 33 vx = stpcpy (&buf2[18], "a"); 34 vx = stpcpy (&buf2[18], "ab"); /* { dg-warning "will always overflow" "stpcpy" } */ 35 strncpy (&buf2[18], "a", 2); 36 strncpy (&buf2[18], "a", 3); /* { dg-warning "will always overflow" "strncpy" } */ 37 strncpy (&buf2[18], "abc", 2); 38 strncpy (&buf2[18], "abc", 3); /* { dg-warning "will always overflow" "strncpy" } */ 39 memset (buf2, '\0', sizeof (buf2)); 40 strcat (&buf2[18], "a"); 41 memset (buf2, '\0', sizeof (buf2)); 42 strcat (&buf2[18], "ab"); /* { dg-warning "will always overflow" "strcat" } */ 43 sprintf (&buf2[18], "%s", buf1); 44 sprintf (&buf2[18], "%s", "a"); 45 sprintf (&buf2[18], "%s", "ab"); /* { dg-warning "will always overflow" "sprintf" } */ 46 sprintf (&buf2[18], "a"); 47 sprintf (&buf2[18], "ab"); /* { dg-warning "will always overflow" "sprintf" } */ 48 snprintf (&buf2[18], 2, "%d", x); 49 /* N argument to snprintf is the size of the buffer. 50 Although this particular call wouldn't overflow buf2, 51 incorrect buffer size was passed to it and therefore 52 we want a warning and runtime failure. */ 53 snprintf (&buf2[18], 3, "%d", x); /* { dg-warning "will always overflow" "snprintf" } */ 54 va_start (ap, arg); 55 vsprintf (&buf2[18], "a", ap); 56 va_end (ap); 57 va_start (ap, arg); 58 vsprintf (&buf2[18], "ab", ap); /* { dg-warning "will always overflow" "vsprintf" } */ 59 va_end (ap); 60 va_start (ap, arg); 61 vsnprintf (&buf2[18], 2, "%s", ap); 62 va_end (ap); 63 va_start (ap, arg); 64 /* See snprintf above. */ 65 vsnprintf (&buf2[18], 3, "%s", ap); /* { dg-warning "will always overflow" "vsnprintf" } */ 66 va_end (ap); 67 68 p = p + 10; 69 memset (p, 'd', 0); 70 q = strcpy (p, ""); /* { dg-warning "will always overflow" "strcpy" } */ 71 72 /* This invokes undefined behaviour, since we are past the end of buf1. */ 73 p = p + 10; 74 memset (p, 'd', 1); /* { dg-warning "will always overflow" "memset" } */ 75 76 memset (q, 'd', 0); 77 memset (q, 'd', 1); /* { dg-warning "will always overflow" "memset" } */ 78 q = q - 10; 79 memset (q, 'd', 10); 80} 81 82char *str = "ABCDEFG"; 83typedef struct { char b[16]; } H; 84 85/* Some brown paper bag bugs found in real applications. 86 This test is here merely for amusement. */ 87 88void 89test2 (const H h) 90{ 91 char c; 92 strncpy (&c, str, 3); /* { dg-warning "will always overflow" "strncpy" } */ 93 94 struct { char b[4]; } x; 95 sprintf (x.b, "%s", "ABCD"); /* { dg-warning "will always overflow" "sprintf" } */ 96 97 unsigned int i; 98 memcpy (&i, &h, sizeof (h)); /* { dg-warning "will always overflow" "memcpy" } */ 99 100 unsigned char buf[21]; 101 memset (buf + 16, 0, 8); /* { dg-warning "will always overflow" "memset" } */ 102 103 typedef struct { int i, j, k, l; } S; 104 S *s[3]; 105 memset (s, 0, sizeof (S) * 3); /* { dg-warning "will always overflow" "memset" } */ 106 107 struct T { char a[8]; char b[4]; char c[10]; } t; 108 stpcpy (t.c,"Testing..."); /* { dg-warning "will always overflow" "stpcpy" } */ 109 110 char b1[7]; 111 char b2[4]; 112 memset (b1, 0, sizeof (b1)); 113 memset (b2, 0, sizeof (b1)); /* { dg-warning "will always overflow" "memset" } */ 114} 115