2 files changed, 60 insertions, 2 deletions

diff --git a/test/Sema/warn-strncat-size.c b/test/Sema/warn-strncat-size.c
new file mode 100644
index 0000000000..4233f25d5a
--- /dev/null
+++ b/test/Sema/warn-strncat-size.c
@@ -0,0 +1,60 @@
+// RUN: %clang_cc1 -Wstrncat-size -verify -fsyntax-only %s
+
+typedef __SIZE_TYPE__ size_t;
+char  *strncat(char *, const char *, size_t);
+size_t strlen (const char *s);
+
+struct {
+  char f1[100];
+  char f2[100][3];
+} s4, **s5;
+
+char s1[100];
+char s2[200];
+int x;
+
+void test(char *src) {
+  char dest[10];
+
+  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest) - 1); // no-warning
+  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // no-warning - the code might assume that dest is empty
+
+  strncat(dest, src, sizeof(src)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
+
+  strncat(dest, src, sizeof(src) - 1); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
+
+  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
+
+  strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
+
+  strncat((*s5)->f2[x], s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
+  strncat(s1+3, s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}}
+  strncat(s4.f1, s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
+}
+
+// Don't issue FIXIT for flexible arrays.
+struct S {
+  int y;
+  char x[];
+};
+
+void flexible_arrays(struct S *s) {
+  char str[] = "hi";
+  strncat(s->x, str,  sizeof(str)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}}
+}
+
+// Don't issue FIXIT for destinations of size 1.
+void size_1() {
+  char z[1];
+  char str[] = "hi";
+
+  strncat(z, str, sizeof(z)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}}
+}
+
+// Support VLAs.
+void vlas(int size) {
+  char z[size];
+  char str[] = "hi";
+
+  strncat(z, str, sizeof(str)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
+}
diff --git a/test/SemaCXX/warn-memset-bad-sizeof.cpp b/test/SemaCXX/warn-memset-bad-sizeof.cpp
index a018223cbd..388e362768 100644
--- a/test/SemaCXX/warn-memset-bad-sizeof.cpp
+++ b/test/SemaCXX/warn-memset-bad-sizeof.cpp
@@ -132,8 +132,6 @@ void strcpy_and_friends() {
 
   strncpy(buff, BAR, sizeof(BAR)); // \
       // expected-warning {{argument to 'sizeof' in 'strncpy' call is the same expression as the source}}
-  strncat(buff, BAR, sizeof(BAR)); // \
-      // expected-warning {{argument to 'sizeof' in 'strncat' call is the same expression as the source}}
   strndup(FOO, sizeof(FOO)); // \
       // expected-warning {{argument to 'sizeof' in 'strndup' call is the same expression as the source}}
 }