1 /* PR middle-end/87041 - -Wformat "reading through null pointer" on
2    unreachable code
3    Test to verify that the applicable subset of -Wformat-overflow warnings
4    are issued for the printf function.
5    { dg-do compile }
6    { dg-options "-O -Wformat -Wformat-overflow=1 -ftrack-macro-expansion=0" }
7    { dg-require-effective-target int32plus } */
8 
9 /* When debugging, define LINE to the line number of the test case to exercise
10    and avoid exercising any of the others.  The buffer and objsize macros
11    below make use of LINE to avoid warnings for other lines.  */
12 #ifndef LINE
13 # define LINE 0
14 #endif
15 
16 #define INT_MAX __INT_MAX__
17 
18 typedef __SIZE_TYPE__ size_t;
19 
20 #if !__cplusplus
21 typedef __WCHAR_TYPE__ wchar_t;
22 #endif
23 
24 typedef __WINT_TYPE__ wint_t;
25 
26 typedef unsigned char UChar;
27 
28 void sink (void*, ...);
29 
30 int dummy_printf (const char*, ...);
31 
32 const char chr_no_nul = 'a';
33 const char arr_no_nul[] = { 'a', 'b' };
34 
35 
36 /* Helper to expand function to either __builtin_f or dummy_f to
37    make debugging GCC easy.  */
38 #define T(...)							\
39   (((!LINE || LINE == __LINE__)					\
40     ? __builtin_printf : dummy_printf) (__VA_ARGS__))
41 
42 /* Exercise the "%c" directive with constant arguments.  */
43 
test_printf_c_const(int width)44 void test_printf_c_const (int width)
45 {
46   /* Verify that a warning is issued for exceeding INT_MAX bytes and
47      not otherwise.  */
48   T ("%*c",  INT_MAX - 1, '1');
49   T ("%*c",  INT_MAX,     '1');
50   T ("X%*c", INT_MAX - 1, '1');
51   T ("X%*c", INT_MAX,     '1');   /* { dg-warning "directive output of \[0-9\]+ bytes causes result to exceed .INT_MAX." } */
52 
53   T ("%*c%*c", INT_MAX - 1, '1', INT_MAX - 1, '2'); /* { dg-warning "directive output of \[0-9\]+ bytes causes result to exceed .INT_MAX." } */
54 
55   T ("%*cX", INT_MAX - 2, '1');
56   T ("%*cX", INT_MAX - 1, '1');
57   T ("%*cX", INT_MAX,     '1');   /* { dg-warning "output of \[0-9\]+ bytes causes result to exceed .INT_MAX." } */
58 
59   if (width < INT_MAX - 1)
60     width = INT_MAX - 1;
61   T ("%*cX", width, '1');
62   T ("%*cXY", width, '1');        /* { dg-warning ".XY. directive output of 2 bytes causes result to exceed .INT_MAX." } */
63 
64   /* Also exercise a non-constant format string.  The warning points
65      to the line where the format is declared (see bug 87773) so avoid
66      triggering that bug here.  */
67   const char *fmt = "%*cXYZ";  T (fmt, width, '1');            /* { dg-warning ".XYZ. directive output of 3 bytes causes result to exceed .INT_MAX." } */
68 }
69 
70 
71 /* Exercise the "%s" directive with constant arguments.  */
72 
test_printf_s_const(int width)73 void test_printf_s_const (int width)
74 {
75   const char *nulptr = 0;
76 
77   T ("%s", nulptr);               /* { dg-warning "\\\[-Wformat|-Wnonnull]" } */
78   T ("%.0s", nulptr);             /* { dg-warning ".%.0s. directive argument is null" } */
79 
80   /* Verify no warning is issued for unreachable code.  */
81   if (nulptr)
82     T ("%s", nulptr);
83 
84   T ("%s", &chr_no_nul);          /* { dg-warning ".%s. directive argument is not a nul-terminated string" } */
85   T ("%s", arr_no_nul);           /* { dg-warning ".%s. directive argument is not a nul-terminated string" } */
86 
87   /* Verify that output in excess of INT_MAX bytes is diagnosed even
88      when the size of the destination object is unknown.  */
89   T ("%*s",  INT_MAX - 1, "");
90   T ("%*s",  INT_MAX,     "");
91   T ("X%*s", INT_MAX,     "");    /* { dg-warning "directive output of \[0-9\]+ bytes causes result to exceed .INT_MAX." } */
92 
93   if (width < INT_MAX - 1)
94     width = INT_MAX - 1;
95   T ("%*sX", width, "1");
96   T ("%*sXY", width, "1");        /* { dg-warning ".XY. directive output of 2 bytes causes result to exceed .INT_MAX." } */
97 }
98 
99 
100 const wchar_t wchr_no_nul = L'a';
101 const wchar_t warr_no_nul[] = { L'a', L'b' };
102 
103 /* Exercise the "%s" directive with constant arguments.  */
104 
test_printf_ls_const(int width)105 void test_printf_ls_const (int width)
106 {
107   const wchar_t *nulptr = 0;
108 
109   T ("%ls", nulptr);              /* { dg-warning ".%ls. directive argument is null" } */
110   T ("%.0ls", nulptr);            /* { dg-warning ".%.0ls. directive argument is null" } */
111 
112   /* Verify no warning is issued for unreachable code.  */
113   if (nulptr)
114     T ("%ls", nulptr);
115 
116   T ("%ls", &wchr_no_nul);        /* { dg-warning ".%ls. directive argument is not a nul-terminated string" } */
117   T ("%ls", warr_no_nul);         /* { dg-warning ".%ls. directive argument is not a nul-terminated string" "pr88211" { xfail *-*-* } } */
118 
119   /* Verify that output in excess of INT_MAX bytes is diagnosed even
120      when the size of the destination object is unknown.  */
121   T ("%*ls",  INT_MAX - 1, L"");
122   T ("%*ls",  INT_MAX,     L"");
123   T ("X%*ls", INT_MAX,     L"");  /* { dg-warning "directive output of \[0-9\]+ bytes causes result to exceed .INT_MAX." } */
124 
125   if (width < INT_MAX - 1)
126     width = INT_MAX - 1;
127   T ("%*lsX", width, L"1");
128   T ("%*lsXY", width, L"1");      /* { dg-warning ".XY. directive output of 2 bytes causes result to exceed .INT_MAX." } */
129 }
130