validation/sm_array_overflow.c

   1 int a[] = {1, 2, 3, 4};
   2 char *b = "abc";
   3 char c[4];
   4 char d[4] = "";
   5
   6 int x;
   7 static int options_write(void)
   8 {
   9         int i;
  10         char *str = b;
  11         char *str2 = "123";
  12         char *str3;
  13         char *str4;
  14         char *str5;
  15         unsigned int j = 4;
  16
  17         str3 = str2;
  18         str4 = str;
  19         if (x)
  20                 str5 = "asdf";
  21         else
  22                 str5 = "aa";
  23
  24         for (i = 0; i < 4 && frob(); i++)
  25                 ;
  26         a[i] = 42;
  27         b[i] = '\0';
  28         c[i] = '\0';
  29         str[j] = '\0';
  30         str2[j] = '\0';
  31         str3[j] = '\0';
  32         str4[j] = '\0';
  33         str5[j] = '\0';
  34         d[j] = '\0';
  35 }
  36 /*
  37  * check-name: smatch array check
  38  * check-command: smatch --spammy sm_array_overflow.c
  39  *
  40  * check-output-start
  41 sm_array_overflow.c:26 options_write() error: buffer overflow 'a' 4 <= 4
  42 sm_array_overflow.c:27 options_write() error: buffer overflow 'b' 4 <= 4
  43 sm_array_overflow.c:28 options_write() error: buffer overflow 'c' 4 <= 4
  44 sm_array_overflow.c:29 options_write() error: buffer overflow 'str' 4 <= 4
  45 sm_array_overflow.c:30 options_write() error: buffer overflow 'str2' 4 <= 4
  46 sm_array_overflow.c:31 options_write() error: buffer overflow 'str3' 4 <= 4
  47 sm_array_overflow.c:32 options_write() error: buffer overflow 'str4' 4 <= 4
  48 sm_array_overflow.c:34 options_write() error: buffer overflow 'd' 4 <= 4
  49  * check-output-end
  50  */