repo.or.cz
/
smatch.git
/
blob
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
log
|
graphiclog1
|
graphiclog2
|
commit
|
commitdiff
|
tree
|
refs
|
edit
|
fork
blame
|
history
|
raw
|
HEAD
fill_db_untrusted: follow untrusted data down the call tree
[smatch.git]
/
validation
/
sm_strlen.c
blob
96390d8d65e0069fce51dc27891ca9a919abe6a5
1
int
strlen
(
char
*
str
);
2
int
strcpy
(
char
*
str
);
3
4
void
func
(
char
*
input
)
5
{
6
int
input_len
;
7
char
buf
[
4
];
8
9
input_len
=
strlen
(
input
);
10
if
(
input_len
<=
5
) {
11
strcpy
(
buf
,
input
);
12
}
13
if
(
input_len
<=
3
) {
14
strcpy
(
buf
,
input
);
15
}
16
}
17
/*
18
* check-name: Smatch strlen test
19
* check-command: smatch sm_strlen.c
20
*
21
* check-output-start
22
sm_strlen.c +11 func(7) error: strcpy() 'input' too large for 'buf' (6 vs 4)
23
* check-output-end
24
*/