1// RUN: %clang_cc1 -Wstrncat-size -verify -fsyntax-only %s
2// RUN: %clang_cc1 -DUSE_BUILTINS -Wstrncat-size -verify -fsyntax-only %s
3// RUN: %clang_cc1 -fsyntax-only -Wstrncat-size -fixit -x c %s
4// RUN: %clang_cc1 -DUSE_BUILTINS -fsyntax-only -Wstrncat-size -fixit -x c %s
5
6typedef __SIZE_TYPE__ size_t;
7size_t strlen (const char *s);
8
9#ifdef USE_BUILTINS
10# define BUILTIN(f) __builtin_ ## f
11#else
12# define BUILTIN(f) f
13#endif
14
15#define strncat BUILTIN(strncat)
16char *strncat(char *restrict s1, const char *restrict s2, size_t n);
17
18struct {
19  char f1[100];
20  char f2[100][3];
21} s4, **s5;
22
23char s1[100];
24char s2[200];
25int x;
26
27void test(char *src) {
28  char dest[10];
29
30  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest) - 1); // no-warning
31  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // no-warning - the code might assume that dest is empty
32
33  strncat(dest, src, sizeof(src)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
34
35  strncat(dest, src, sizeof(src) - 1); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
36
37  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
38
39  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
40
41  strncat((*s5)->f2[x], s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
42  strncat(s1+3, s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}}
43  strncat(s4.f1, s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
44}
45
46// Don't issue FIXIT for flexible arrays.
47struct S {
48  int y;
49  char x[];
50};
51
52void flexible_arrays(struct S *s) {
53  char str[] = "hi";
54  strncat(s->x, str,  sizeof(str)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}}
55}
56
57// Don't issue FIXIT for destinations of size 1.
58void size_1() {
59  char z[1];
60  char str[] = "hi";
61
62  strncat(z, str, sizeof(z)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}}
63}
64
65// Support VLAs.
66void vlas(int size) {
67  char z[size];
68  char str[] = "hi";
69
70  strncat(z, str, sizeof(str)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
71}
72