From patchwork Wed Jan 18 16:45:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: David Malcolm X-Patchwork-Id: 45385 Return-Path: Delivered-To: ouuuleilei@gmail.com Received: by 2002:adf:eb09:0:0:0:0:0 with SMTP id s9csp2441012wrn; Wed, 18 Jan 2023 08:45:55 -0800 (PST) X-Google-Smtp-Source: AMrXdXui3e+GtCc3CaDqNmYkvBzT2z5wUnxP220LA/nLTjDxVOywepRgEeN5GKAHTSxT5oRWFO6D X-Received: by 2002:aa7:d894:0:b0:49e:376b:1516 with SMTP id u20-20020aa7d894000000b0049e376b1516mr6520781edq.25.1674060354946; Wed, 18 Jan 2023 08:45:54 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1674060354; cv=none; d=google.com; s=arc-20160816; b=ScR55EYtEB1Hg7i9KDvs2WGp3H2B+5xOWrPvcNXIJffuGfP0s5KidndpZLkJIRJyZi 4zaMN9VvqCTrbvNyLTgpBycPtJP/SI4KkusVRUYKE5xub0My+J1VnwQ4yA6TqpJFRS34 CmMrRD/nDSsqpGSL8zWm7E9UpdJN/Wvy1uSx+hiUG0ycT7okIGmEY4PYHyuM9AOsJj3B 80TC7poe/hrQRUAoMeUjsgnHtf0vt4dEsNRclupn+hREK5eKahlLMyxHZozs8KYMjwTS rkZ4VIkTj8kFJYSC8KIEri7ng44r0tgFzISxo3MtfWNeAJRuTmWED5xC6ekb94uUH3Yx B1pQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:reply-to:from:list-subscribe:list-help:list-post :list-archive:list-unsubscribe:list-id:precedence :content-transfer-encoding:mime-version:message-id:date:subject:cc :to:dmarc-filter:delivered-to:dkim-signature:dkim-filter; bh=Nw5+bupx6BXqCmAXLclLwOg5qsjSMZNS4owETVpTePE=; b=aknhlTYHT5asZ11EUqxuJSMqPozJ1gGm2M1nmAEVKPnoVXk2297ZTf4+ku5BJQQTkf XO4NUmT2jKqrKUQCrz7YRwrJa6GS4m1EZBIVsv773d8zXnc3Uqw1mf3THXacibX6d6lV QiBCW+Ubhtm/sGEMbMdeB79TsxSZWFZWS+HAw8E0uBA/5kBeurB0xEA8Jf+2qW3e9TuA vQSNCYV0HXqX43flFRSA5FUl0wsKtqz0CQG/SX5dj+0hAuPcPpUfuTYwE4gSmLcuWibz 616FdltK0meEpgsxbmYEO8LlYHIjxPeDCUhzU9MXtgpOk/cg7EyPw+imNWTBAZ0u72ix 2cBg== ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=UOl2l2Ja; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from sourceware.org (ip-8-43-85-97.sourceware.org. [8.43.85.97]) by mx.google.com with ESMTPS id u21-20020aa7d995000000b0049e02ae135esi12229531eds.471.2023.01.18.08.45.54 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 18 Jan 2023 08:45:54 -0800 (PST) Received-SPF: pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) client-ip=8.43.85.97; Authentication-Results: mx.google.com; dkim=pass header.i=@gcc.gnu.org header.s=default header.b=UOl2l2Ja; spf=pass (google.com: domain of gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org designates 8.43.85.97 as permitted sender) smtp.mailfrom="gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org"; dmarc=pass (p=NONE sp=NONE dis=NONE) header.from=gnu.org Received: from server2.sourceware.org (localhost [IPv6:::1]) by sourceware.org (Postfix) with ESMTP id D33D7385842B for ; Wed, 18 Jan 2023 16:45:53 +0000 (GMT) DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org D33D7385842B DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gcc.gnu.org; s=default; t=1674060353; bh=Nw5+bupx6BXqCmAXLclLwOg5qsjSMZNS4owETVpTePE=; h=To:Cc:Subject:Date:List-Id:List-Unsubscribe:List-Archive: List-Post:List-Help:List-Subscribe:From:Reply-To:From; b=UOl2l2JarbXSF7MjaL70CUahSOtdtgrgbfZV7xtrM1OG1cIMQztyvwjojA2qlfALn YpDRW3i5O+ipwa6gjzyqZ+P9rHWUIAaJzPFjBTPPlQ7ea3bVw9WcV59Dd7BWCJjzZB gxQEtB5kQSxklfi/Kar1eqarpgtLBgi2X2sJHiso= X-Original-To: gcc-patches@gcc.gnu.org Delivered-To: gcc-patches@gcc.gnu.org Received: from us-smtp-delivery-124.mimecast.com (us-smtp-delivery-124.mimecast.com [170.10.133.124]) by sourceware.org (Postfix) with ESMTPS id A9EB63858D28 for ; Wed, 18 Jan 2023 16:45:06 +0000 (GMT) DMARC-Filter: OpenDMARC Filter v1.4.2 sourceware.org A9EB63858D28 Received: from mimecast-mx02.redhat.com (mimecast-mx02.redhat.com [66.187.233.88]) by relay.mimecast.com with ESMTP with STARTTLS (version=TLSv1.2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id us-mta-296-lEfwABSnPo2UvyD4jGHFAg-1; Wed, 18 Jan 2023 11:45:05 -0500 X-MC-Unique: lEfwABSnPo2UvyD4jGHFAg-1 Received: from smtp.corp.redhat.com (int-mx07.intmail.prod.int.rdu2.redhat.com [10.11.54.7]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mimecast-mx02.redhat.com (Postfix) with ESMTPS id CD1C81875044 for ; Wed, 18 Jan 2023 16:45:04 +0000 (UTC) Received: from t14s.localdomain.com (unknown [10.2.17.121]) by smtp.corp.redhat.com (Postfix) with ESMTP id 8E781140EBF6; Wed, 18 Jan 2023 16:45:04 +0000 (UTC) To: gcc-patches@gcc.gnu.org Cc: David Malcolm Subject: [committed] analyzer: add SARD testsuite 81 Date: Wed, 18 Jan 2023 11:45:01 -0500 Message-Id: <20230118164501.8130-1-dmalcolm@redhat.com> MIME-Version: 1.0 X-Scanned-By: MIMEDefang 3.1 on 10.11.54.7 X-Mimecast-Spam-Score: 0 X-Mimecast-Originator: redhat.com X-Spam-Status: No, score=-11.2 required=5.0 tests=BAYES_00, DKIMWL_WL_HIGH, DKIM_SIGNED, DKIM_VALID, DKIM_VALID_AU, DKIM_VALID_EF, GIT_PATCH_0, KAM_NUMSUBJECT, RCVD_IN_DNSWL_NONE, RCVD_IN_MSPIKE_H2, SPF_HELO_NONE, SPF_NONE, TXREP autolearn=ham autolearn_force=no version=3.4.6 X-Spam-Checker-Version: SpamAssassin 3.4.6 (2021-04-09) on server2.sourceware.org X-BeenThere: gcc-patches@gcc.gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Gcc-patches mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: David Malcolm via Gcc-patches From: David Malcolm Reply-To: David Malcolm Errors-To: gcc-patches-bounces+ouuuleilei=gmail.com@gcc.gnu.org Sender: "Gcc-patches" X-getmail-retrieved-from-mailbox: =?utf-8?q?INBOX?= X-GMAIL-THRID: =?utf-8?q?1755379510633101930?= X-GMAIL-MSGID: =?utf-8?q?1755379510633101930?= A 2013 paper [1] proposed 5 simple tests for evaluating the effectiveness of static analysis tools at detecting CWE-121 ("Stack-based Buffer Overflow"). The tests can be found in: https://samate.nist.gov/SARD/test-suites/81 This patch adds theses 5 tests to -fanalyzer's testsuite, lightly modified to add DejaGnu directives. This is for unit-testing; for broader testing of -fanalyzer I'm working on a separate integration testing suite that builds various real-world C projects with -fanalyzer, currently here: https://github.com/davidmalcolm/gcc-analyzer-integration-tests Successfully regrtested on x86_64-pc-linux-gnu. Pushed to trunk as r13-5244-gc6a011119bfa03. [1] Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) gcc/testsuite/ChangeLog: * gcc.dg/analyzer/SARD-tc117-basic-00001-min.c: New test, adapted from https://samate.nist.gov/SARD/test-suites/81. * gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c: Likewise. * gcc.dg/analyzer/SARD-tc249-basic-00034-min.c: Likewise. * gcc.dg/analyzer/SARD-tc293-basic-00045-min.c: Likewise. * gcc.dg/analyzer/SARD-tc841-basic-00182-min.c: Likewise. Signed-off-by: David Malcolm --- .../analyzer/SARD-tc117-basic-00001-min.c | 67 +++++++++++++++++ .../SARD-tc1909-stack_overflow_loop.c | 29 ++++++++ .../analyzer/SARD-tc249-basic-00034-min.c | 67 +++++++++++++++++ .../analyzer/SARD-tc293-basic-00045-min.c | 69 ++++++++++++++++++ .../analyzer/SARD-tc841-basic-00182-min.c | 73 +++++++++++++++++++ 5 files changed, 305 insertions(+) create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c create mode 100644 gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c new file mode 100644 index 00000000000..e1ce195ad8b --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc117-basic-00001-min.c @@ -0,0 +1,67 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/117/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000000000000000000100 */ + +/* + * WRITE/READ 0 write + * WHICH BOUND 0 upper + * DATA TYPE 0 char + * MEMORY LOCATION 0 stack + * SCOPE 0 same + * CONTAINER 0 no + * POINTER 0 no + * INDEX COMPLEXITY 0 constant + * ADDRESS COMPLEXITY 0 constant + * LENGTH COMPLEXITY 0 N/A + * ADDRESS ALIAS 0 none + * INDEX ALIAS 0 none + * LOCAL CONTROL FLOW 0 none + * SECONDARY CONTROL FLOW 0 none + * LOOP STRUCTURE 0 no + * LOOP COMPLEXITY 0 N/A + * ASYNCHRONY 0 no + * TAINT 0 no + * RUNTIME ENV. DEPENDENCE 0 no + * MAGNITUDE 1 1 byte + * CONTINUOUS/DISCRETE 0 discrete + * SIGNEDNESS 0 no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to use, +copy, modify, and distribute this software and its documentation for any +purpose, provided that the above copyright notice and the following three +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + buf[10] = 'A'; /* { dg-warning "stack-based buffer overflow" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c new file mode 100644 index 00000000000..07bdd31daf1 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc1909-stack_overflow_loop.c @@ -0,0 +1,29 @@ +/* Adapted from + https://samate.nist.gov/SARD/downloads/test-suites/2013-02-07-basic-cwe-effectiveness-cwe-121-stack-based-buffer-overflow-for-c.zip + Part of https://samate.nist.gov/SARD/test-suites/81: + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* This software was developed at the National Institute of Standards and + * Technology by employees of the Federal Government in the course of their + * official duties. Pursuant to title 17 Section 105 of the United States + * Code this software is not subject to copyright protection and is in the + * public domain. NIST assumes no responsibility whatsoever for its use by + * other parties, and makes no guarantees, expressed or implied, about its + * quality, reliability, or any other characteristic. + + * We would appreciate acknowledgement if the software is used. + * The SAMATE project website is: http://samate.nist.gov +*/ + +#include + +int main(int argc, char *argv[]) +{ + char bStr[10]; + for (unsigned i=1;i<=10;++i) { + bStr[i] = (char)i + 'a'; /* { dg-warning "stack-based buffer overflow" "PR analyzer/108432" { xfail *-*-* } } */ + } + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c new file mode 100644 index 00000000000..4031e6d56c3 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc249-basic-00034-min.c @@ -0,0 +1,67 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/249/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000001600030000000100 */ + +/* + * WRITE/READ 0 write + * WHICH BOUND 0 upper + * DATA TYPE 0 char + * MEMORY LOCATION 0 stack + * SCOPE 0 same + * CONTAINER 0 no + * POINTER 1 yes + * INDEX COMPLEXITY 6 N/A + * ADDRESS COMPLEXITY 0 constant + * LENGTH COMPLEXITY 0 N/A + * ADDRESS ALIAS 0 none + * INDEX ALIAS 3 N/A + * LOCAL CONTROL FLOW 0 none + * SECONDARY CONTROL FLOW 0 none + * LOOP STRUCTURE 0 no + * LOOP COMPLEXITY 0 N/A + * ASYNCHRONY 0 no + * TAINT 0 no + * RUNTIME ENV. DEPENDENCE 0 no + * MAGNITUDE 1 1 byte + * CONTINUOUS/DISCRETE 0 discrete + * SIGNEDNESS 0 no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to use, +copy, modify, and distribute this software and its documentation for any +purpose, provided that the above copyright notice and the following three +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + *(buf + 10) = 'A'; /* { dg-warning "stack-based buffer overflow" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "note" { target *-*-* } .-1 } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c new file mode 100644 index 00000000000..36c1946b197 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc293-basic-00045-min.c @@ -0,0 +1,69 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/293/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000300601130000000110 */ + +/* + * WRITE/READ 0 write + * WHICH BOUND 0 upper + * DATA TYPE 0 char + * MEMORY LOCATION 0 stack + * SCOPE 3 inter-file/inter-proc + * CONTAINER 0 no + * POINTER 0 no + * INDEX COMPLEXITY 6 N/A + * ADDRESS COMPLEXITY 0 constant + * LENGTH COMPLEXITY 1 none + * ADDRESS ALIAS 1 yes, one level + * INDEX ALIAS 3 N/A + * LOCAL CONTROL FLOW 0 none + * SECONDARY CONTROL FLOW 0 none + * LOOP STRUCTURE 0 no + * LOOP COMPLEXITY 0 N/A + * ASYNCHRONY 0 no + * TAINT 0 no + * RUNTIME ENV. DEPENDENCE 0 no + * MAGNITUDE 1 1 byte + * CONTINUOUS/DISCRETE 1 continuous + * SIGNEDNESS 0 no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to use, +copy, modify, and distribute this software and its documentation for any +purpose, provided that the above copyright notice and the following three +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + +#include + +int main(int argc, char *argv[]) +{ + char buf[10]; + + + /* BAD */ + strcpy(buf, "AAAAAAAAAA"); /* { dg-warning "stack-based buffer overflow" "analyzer warning" } */ + /* { dg-message "write of 1 byte to beyond the end of 'buf'" "analyzer note" { target *-*-* } .-1 } */ + /* { dg-warning "'__builtin_memcpy' writing 11 bytes into a region of size 10 overflows the destination" "Wstringop-overflow" { target *-*-* } .-2 } */ + + + return 0; +} diff --git a/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c new file mode 100644 index 00000000000..577dce13f00 --- /dev/null +++ b/gcc/testsuite/gcc.dg/analyzer/SARD-tc841-basic-00182-min.c @@ -0,0 +1,73 @@ +/* Adapted from https://samate.nist.gov/SARD/test-cases/841/versions/1.0.0 + Part of https://samate.nist.gov/SARD/test-suites/81 + See: + Black, P. , Koo, H. and Irish, T. (2013), A Basic CWE-121 Buffer Overflow Effectiveness Test Suite, Proc. 6th Latin-American Symposium on Dependable Computing, Rio de Janeiro, -1, [online], https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=913117 (Accessed January 17, 2023) +*/ + +/* Taxonomy Classification: 0000300602130000031110 */ + +/* + * WRITE/READ 0 write + * WHICH BOUND 0 upper + * DATA TYPE 0 char + * MEMORY LOCATION 0 stack + * SCOPE 3 inter-file/inter-proc + * CONTAINER 0 no + * POINTER 0 no + * INDEX COMPLEXITY 6 N/A + * ADDRESS COMPLEXITY 0 constant + * LENGTH COMPLEXITY 2 constant + * ADDRESS ALIAS 1 yes, one level + * INDEX ALIAS 3 N/A + * LOCAL CONTROL FLOW 0 none + * SECONDARY CONTROL FLOW 0 none + * LOOP STRUCTURE 0 no + * LOOP COMPLEXITY 0 N/A + * ASYNCHRONY 0 no + * TAINT 3 file read + * RUNTIME ENV. DEPENDENCE 1 yes + * MAGNITUDE 1 1 byte + * CONTINUOUS/DISCRETE 1 continuous + * SIGNEDNESS 0 no + */ + +/* +Copyright 2004 M.I.T. + +Permission is hereby granted, without written agreement or royalty fee, to use, +copy, modify, and distribute this software and its documentation for any +purpose, provided that the above copyright notice and the following three +paragraphs appear in all copies of this software. + +IN NO EVENT SHALL M.I.T. BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL, +INCIDENTAL, OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OF THIS SOFTWARE +AND ITS DOCUMENTATION, EVEN IF M.I.T. HAS BEEN ADVISED OF THE POSSIBILITY OF +SUCH DAMANGE. + +M.I.T. SPECIFICALLY DISCLAIMS ANY WARRANTIES INCLUDING, BUT NOT LIMITED TO +THE IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, +AND NON-INFRINGEMENT. + +THE SOFTWARE IS PROVIDED ON AN "AS-IS" BASIS AND M.I.T. HAS NO OBLIGATION TO +PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS. +*/ + +#include +#include + +int main(int argc, char *argv[]) +{ + FILE * f; + char buf[10]; + + f = fopen("TestInputFile1", "r"); + assert(f != NULL); + + /* BAD */ + fgets(buf, 11, f); /* { dg-warning "stack-based buffer overflow" "PR analyzer/105895" { xfail *-*-* } } */ + + fclose(f); + + + return 0; +}