aboutsummaryrefslogtreecommitdiff
path: root/test/Analysis/taint-generic.c
diff options
context:
space:
mode:
Diffstat (limited to 'test/Analysis/taint-generic.c')
-rw-r--r--test/Analysis/taint-generic.c41
1 files changed, 34 insertions, 7 deletions
diff --git a/test/Analysis/taint-generic.c b/test/Analysis/taint-generic.c
index a23d20f79f..fd9884d3fa 100644
--- a/test/Analysis/taint-generic.c
+++ b/test/Analysis/taint-generic.c
@@ -3,6 +3,26 @@
int scanf(const char *restrict format, ...);
int getchar(void);
+typedef struct _FILE FILE;
+extern FILE *stdin;
+int fscanf(FILE *restrict stream, const char *restrict format, ...);
+int sprintf(char *str, const char *format, ...);
+void setproctitle(const char *fmt, ...);
+typedef __typeof(sizeof(int)) size_t;
+
+// Define string functions. Use builtin for some of them. They all default to
+// the processing in the taint checker.
+#define strcpy(dest, src) \
+ ((__builtin_object_size(dest, 0) != -1ULL) \
+ ? __builtin___strcpy_chk (dest, src, __builtin_object_size(dest, 1)) \
+ : __inline_strcpy_chk(dest, src))
+
+static char *__inline_strcpy_chk (char *dest, const char *src) {
+ return __builtin___strcpy_chk(dest, src, __builtin_object_size(dest, 1));
+}
+char *stpcpy(char *restrict s1, const char *restrict s2);
+char *strncpy( char * destination, const char * source, size_t num );
+
#define BUFSIZE 10
int Buffer[BUFSIZE];
@@ -47,16 +67,23 @@ void bufferGetchar(int x) {
Buffer[m] = 1; //expected-warning {{Out of bound memory access }}
}
-typedef struct _FILE FILE;
-extern FILE *stdin;
-int fscanf(FILE *restrict stream, const char *restrict format, ...);
-int sprintf(char *str, const char *format, ...);
-void setproctitle(const char *fmt, ...);
-
-void testUncontrolledFormatString() {
+void testUncontrolledFormatString(char **p) {
char s[80];
fscanf(stdin, "%s", s);
char buf[128];
sprintf(buf,s); // expected-warning {{Uncontrolled Format String}}
setproctitle(s, 3); // expected-warning {{Uncontrolled Format String}}
+
+ // Test taint propagation through strcpy and family.
+ char scpy[80];
+ strcpy(scpy, s);
+ sprintf(buf,scpy); // expected-warning {{Uncontrolled Format String}}
+
+ char spcpy[80];
+ stpcpy(spcpy, s);
+ setproctitle(spcpy, 3); // expected-warning {{Uncontrolled Format String}}
+
+ char sncpy[80];
+ strncpy(sncpy, s, 20);
+ setproctitle(sncpy, 3); // expected-warning {{Uncontrolled Format String}}
}
generated by cgit v1.2.3-18-g5258 (git 2.32.0) at 2025-05-07 15:34:03 +0000