1 /* See e.g. https://en.cppreference.com/w/c/string/byte/strlen */
3 #include "analyzer-decls.h"
5 typedef __SIZE_TYPE__
size_t;
7 static size_t __attribute__((noinline
))
8 call_strlen_1 (const char *p
)
10 return __builtin_strlen (p
);
13 void test_string (void)
15 __analyzer_eval (call_strlen_1 ("abc") == 3); /* { dg-warning "TRUE" } */
18 static size_t __attribute__((noinline
))
19 call_strlen_2 (const char *p
)
21 return __builtin_strlen (p
); /* { dg-warning "stack-based buffer over-read" } */
24 void test_unterminated (void)
26 const char buf
[3] = "abc";
27 __analyzer_eval (call_strlen_2 (buf
) == 3); /* { dg-warning "UNKNOWN" } */
30 void test_uninitialized (void)
33 __builtin_strlen (buf
); /* { dg-warning "use of uninitialized value 'buf\\\[0\\\]'" } */
36 void test_partially_initialized (void)
40 __builtin_strlen (buf
); /* { dg-warning "use of uninitialized value 'buf\\\[1\\\]'" } */
43 extern size_t strlen (const char *str
);
46 test_passthrough (const char *str
)
52 - complain if NULL str
53 - should it be tainted if str's bytes are tainted?