validation/sm_array_overflow4.c

   1 #include <stdio.h>
   2 #include <string.h>
   3
   4 #define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0]))
   5
   6 long long a[] = {1, 2};
   7
   8 int main(void)
   9 {
  10         short *s = a;
  11         short *s2 = (&(a));
  12         char buf[4];
  13         int i;
  14
  15         printf("%d\n", s[1]);
  16         printf("%d\n", s[2]);
  17         printf("%d\n", s[3]);
  18         printf("%d\n", s[4]);
  19         printf("%d\n", s[5]);
  20         printf("%d\n", s[6]);
  21         printf("%d\n", s[7]);
  22         printf("%d\n", s[8]);
  23         printf("%d\n", s2[8]);
  24         printf("%d\n", ((short *)a)[6]);
  25         printf("%d\n", ((short *)a)[8]);
  26         strcpy(buf, "1234");
  27
  28         return 0;
  29 }
  30 /*
  31  * check-name: smatch overflow check #4
  32  * check-command: smatch sm_array_overflow4.c
  33  *
  34  * check-output-start
  35 sm_array_overflow4.c +22 main(14) error: buffer overflow 's' 8 <= 8
  36 sm_array_overflow4.c +23 main(15) error: buffer overflow 's2' 8 <= 8
  37 sm_array_overflow4.c +25 main(17) error: buffer overflow 'a' 8 <= 8
  38 sm_array_overflow4.c +26 main(18) error: strcpy() "1234" too large for buf (5 vs 4)
  39  * check-output-end
  40  */