gcc/testsuite/gcc.dg/analyzer/strlen-1.c

   1 /* See e.g. https://en.cppreference.com/w/c/string/byte/strlen */
   2
   3 #include "analyzer-decls.h"
   4
   5 typedef __SIZE_TYPE__ size_t;
   6
   7 static size_t __attribute__((noinline))
   8 call_strlen_1 (const char *p)
   9 {
  10   return __builtin_strlen (p);
  11 }
  12
  13 void test_string (void)
  14 {
  15   __analyzer_eval (call_strlen_1 ("abc") == 3); /* { dg-warning "TRUE" } */
  16 }
  17
  18 static size_t __attribute__((noinline))
  19 call_strlen_2 (const char *p)
  20 {
  21   return __builtin_strlen (p); /* { dg-warning "stack-based buffer over-read" } */
  22 }
  23
  24 void test_unterminated (void)
  25 {
  26   const char buf[3] = "abc";
  27   __analyzer_eval (call_strlen_2 (buf) == 3); /* { dg-warning "UNKNOWN" } */
  28 }
  29
  30 void test_uninitialized (void)
  31 {
  32   char buf[16];
  33   __builtin_strlen (buf); /* { dg-warning "use of uninitialized value 'buf\\\[0\\\]'" } */
  34 }
  35
  36 void test_partially_initialized (void)
  37 {
  38   char buf[16];
  39   buf[0] = 'a';
  40   __builtin_strlen (buf); /* { dg-warning "use of uninitialized value 'buf\\\[1\\\]'" } */
  41 }
  42
  43 extern size_t strlen (const char *str);
  44
  45 size_t
  46 test_passthrough (const char *str)
  47 {
  48   return strlen (str);
  49 }
  50
  51 /* TODO
  52    - complain if NULL str
  53    - should it be tainted if str's bytes are tainted?
  54 */