1 // RUN: %clang_cc1 -Wstrncat-size -verify -fsyntax-only %s
2 // RUN: %clang_cc1 -DUSE_BUILTINS -Wstrncat-size -verify -fsyntax-only %s
3 // RUN: %clang_cc1 -fsyntax-only -Wstrncat-size -fixit -x c %s
4 // RUN: %clang_cc1 -DUSE_BUILTINS -fsyntax-only -Wstrncat-size -fixit -x c %s
5
6 typedef __SIZE_TYPE__ size_t;
7 size_t strlen (const char *s);
8
9 #ifdef USE_BUILTINS
10 # define BUILTIN(f) __builtin_ ## f
11 #else
12 # define BUILTIN(f) f
13 #endif
14
15 #define strncat BUILTIN(strncat)
16 char *strncat(char *restrict s1, const char *restrict s2, size_t n);
17
18 struct {
19 char f1[100];
20 char f2[100][3];
21 } s4, **s5;
22
23 char s1[100];
24 char s2[200];
25 int x;
26
test(char * src)27 void test(char *src) {
28 char dest[10];
29
30 strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest) - 1); // no-warning
31 strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - 1); // no-warning - the code might assume that dest is empty
32
33 strncat(dest, src, sizeof(src)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
34
35 strncat(dest, src, sizeof(src) - 1); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
36
37 strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
38
39 strncat(dest, "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA", sizeof(dest) - strlen(dest)); // expected-warning{{the value of the size argument in 'strncat' is too large, might lead to a buffer overflow}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
40
41 strncat((*s5)->f2[x], s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
42 strncat(s1+3, s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-warning {{strncat' size argument is too large; destination buffer has size 97, but size argument is 200}}
43 strncat(s4.f1, s2, sizeof(s2)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
44 }
45
46 // Don't issue FIXIT for flexible arrays.
47 struct S {
48 int y;
49 char x[];
50 };
51
flexible_arrays(struct S * s)52 void flexible_arrays(struct S *s) {
53 char str[] = "hi";
54 strncat(s->x, str, sizeof(str)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}}
55 }
56
57 // Don't issue FIXIT for destinations of size 1.
size_1()58 void size_1() {
59 char z[1];
60 char str[] = "hi";
61
62 strncat(z, str, sizeof(z)); // expected-warning{{the value of the size argument to 'strncat' is wrong}}
63 }
64
65 // Support VLAs.
vlas(int size)66 void vlas(int size) {
67 char z[size];
68 char str[] = "hi";
69
70 strncat(z, str, sizeof(str)); // expected-warning {{size argument in 'strncat' call appears to be size of the source}} expected-note {{change the argument to be the free space in the destination buffer minus the terminating null byte}}
71 }
72
73 // Non-array type gets a different error message.
f(char * s,char * d)74 void f(char* s, char* d) {
75 strncat(d, s, sizeof(d)); // expected-warning {{the value of the size argument to 'strncat' is wrong}}
76 }
77