validation/sm_array_overflow.c

   1 int a[] = {1, 2, 3, 4};
   2 char *b = "abc";
   3 char c[4];
   4 char d[4] = "";
   5
   6 int x;
   7 static int options_write(void)
   8 {
   9         int i;
  10         char *str = b;
  11         char *str2 = "123";
  12         char *str3;
  13         char *str4;
  14         char *str5;
  15
  16         str3 = str2;
  17         str4 = str;
  18         if (x)
  19                 str5 = "asdf";
  20         else
  21                 str5 = "aa";
  22
  23         for (i = 0; i < 4 && frob(); i++)
  24                 ;
  25         a[i] = 42;
  26         b[i] = '\0';
  27         c[i] = '\0';
  28         d[i] = '\0';
  29         str[i] = '\0';
  30         str2[i] = '\0';
  31         str3[i] = '\0';
  32         str4[i] = '\0';
  33         str5[i] = '\0';
  34 }
  35 /*
  36  * check-name: smatch array check
  37  * check-command: smatch sm_array_overflow.c
  38  *
  39  * check-output-start
  40 sm_array_overflow.c:25 options_write() error: buffer overflow 'a' 4 <= 4
  41 sm_array_overflow.c:26 options_write() error: buffer overflow 'b' 4 <= 4
  42 sm_array_overflow.c:27 options_write() error: buffer overflow 'c' 4 <= 4
  43 sm_array_overflow.c:28 options_write() error: buffer overflow 'd' 4 <= 4
  44 sm_array_overflow.c:29 options_write() error: buffer overflow 'str' 4 <= 4
  45 sm_array_overflow.c:30 options_write() error: buffer overflow 'str2' 4 <= 4
  46 sm_array_overflow.c:31 options_write() error: buffer overflow 'str3' 4 <= 4
  47 sm_array_overflow.c:32 options_write() error: buffer overflow 'str4' 4 <= 4
  48  * check-output-end
  49  */