gcc/testsuite/c-c++-common/analyzer/SARD-tc117-basic-00001-min.c

   1 /* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0
   2    Part of https://samate.nist.gov/SARD/test-suites/81
   3    See:
   4      Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023)
   5 */
   6
   7 /* Taxonomy Classification: 0000000000000000000100 */
   8
   9 /*
  10  *  WRITE/READ                   0      write
  11  *  WHICH BOUND                  0      upper
  12  *  DATA TYPE                    0      char
  13  *  MEMORY LOCATION              0      stack
  14  *  SCOPE                        0      same
  15  *  CONTAINER                    0      no
  16  *  POINTER                      0      no
  17  *  INDEX COMPLEXITY             0      constant
  18  *  ADDRESS COMPLEXITY           0      constant
  19  *  LENGTH COMPLEXITY            0      N/A
  20  *  ADDRESS ALIAS                0      none
  21  *  INDEX ALIAS                  0      none
  22  *  LOCAL CONTROL FLOW           0      none
  23  *  SECONDARY CONTROL FLOW       0      none
  24  *  LOOP STRUCTURE               0      no
  25  *  LOOP COMPLEXITY              0      N/A
  26  *  ASYNCHRONY                   0      no
  27  *  TAINT                        0      no
  28  *  RUNTIME ENV. DEPENDENCE      0      no
  29  *  MAGNITUDE                    1      1 byte
  30  *  CONTINUOUS/DISCRETE          0      discrete
  31  *  SIGNEDNESS                   0      no
  32  */
  33
  34 /*
  35 Copyright 2004 M.I.T.
  36
  37 Permission is hereby granted, without written agreement or royalty fee, to use,
  38 copy, modify, and distribute this software and its documentation for any
  39 purpose, provided that the above copyright notice and the following three
  40 paragraphs appear in all copies of this software.
  41
  42 IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
  43 INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE
  44 AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF
  45 SUCH DAMANGE.
  46
  47 M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO
  48 THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE,
  49 AND NON-INFRINGEMENT.
  50
  51 THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO
  52 PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
  53 */
  54
  55
  56 int main(int argc, char *argv[])
  57 {
  58   char buf[10];
  59
  60
  61   /*  BAD  */
  62   buf[10] = 'A'; /* { dg-warning "stack-based buffer overflow" } */
  63   /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */
  64
  65
  66   return 0;
  67 }