warn-strncat-size.c revision c36bedc90c687caa71748480c60707ea4608b092 
1// RUN: %clang_cc1 -Wstrncat-size -verify -fsyntax-only %s
2
3typedef __SIZE_TYPE__ size_t;
4char  *strncat(char *, const char *, size_t);
5size_t strlen (const char *s);
6
7struct {
8  char f1[100];
9  char f2[100][3];
10} s4, **s5;
11
12char s1[100];
13char s2[200];
14int x;
15
16void test(char *src) {
17  char dest[10];
18
19  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest) - 1); // no-warning
20  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // no-warning - the code might assume that dest is empty
21
22  strncat(dest, src, sizeof(src)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
23
24  strncat(dest, src, sizeof(src) - 1); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
25
26  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
27
28  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
29
30  strncat((*s5)->f2[x], s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
31  strncat(s1+3, s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}}
32  strncat(s4.f1, s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
33}
34
35// Don't issue FIXIT for flexible arrays.
36struct S {
37  int y;
38  char x[];
39};
40
41void flexible_arrays(struct S *s) {
42  char str[] = "hi";
43  strncat(s->x, str,  sizeof(str)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}}
44}
45
46// Don't issue FIXIT for destinations of size 1.
47void size_1() {
48  char z[1];
49  char str[] = "hi";
50
51  strncat(z, str, sizeof(z)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}}
52}
53
54// Support VLAs.
55void vlas(int size) {
56  char z[size];
57  char str[] = "hi";
58
59  strncat(z, str, sizeof(str)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
60}
61