#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
/* Tests with constant buffer sizes. */
void test_1 (void)
{
- short *ptr = malloc (21 * sizeof (short));
+ int16_t *ptr = malloc (21 * sizeof (int16_t));
free (ptr);
}
void test_2 (void)
{
- int *ptr = malloc (21 * sizeof (short)); /* { dg-line malloc2 } */
+ int32_t *ptr = malloc (21 * sizeof (int16_t)); /* { dg-line malloc2 } */
free (ptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } malloc2 } */
- /* { dg-message "\\d+ bytes" "note" { target *-*-* } malloc2 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } malloc2 } */
+ /* { dg-message "42 bytes" "note" { target *-*-* } malloc2 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } malloc2 } */
}
void test_3 (void)
{
- void *ptr = malloc (21 * sizeof (short));
- short *sptr = (short *)ptr;
+ void *ptr = malloc (21 * sizeof (int16_t));
+ int16_t *sptr = (int16_t *)ptr;
free (sptr);
}
void test_4 (void)
{
- void *ptr = malloc (21 * sizeof (short)); /* { dg-message "\\d+ bytes" } */
- int *iptr = (int *)ptr; /* { dg-line assign4 } */
+ void *ptr = malloc (21 * sizeof (int16_t)); /* { dg-message "42 bytes" } */
+ int32_t *iptr = (int32_t *)ptr; /* { dg-line assign4 } */
free (iptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } assign4 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } assign4 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } assign4 } */
}
void test_5 (void)
{
- int user_input;
+ int32_t user_input;
scanf("%i", &user_input);
- int n;
+ int32_t n;
if (user_input == 0)
- n = 21 * sizeof (short);
+ n = 21 * sizeof (int16_t);
else
- n = 42 * sizeof (short);
+ n = 42 * sizeof (int16_t);
void *ptr = malloc (n);
- short *sptr = (short *)ptr;
+ int16_t *sptr = (int16_t *)ptr;
free (sptr);
}
void test_6 (void)
{
- int user_input;
+ int32_t user_input;
scanf("%i", &user_input);
- int n;
+ int32_t n;
if (user_input == 0)
- n = 21 * sizeof (short);
+ n = 21 * sizeof (int16_t);
else
- n = 42 * sizeof (short);
+ n = 42 * sizeof (int16_t);
void *ptr = malloc (n); /* { dg-message "" "note" } */
/* ^^^ on widening_svalues no expr is returned
by get_representative_tree at the moment. */
- int *iptr = (int *)ptr; /* { dg-line assign6 } */
+ int32_t *iptr = (int32_t *)ptr; /* { dg-line assign6 } */
free (iptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } assign6 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } assign6 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } assign6 } */
}
void test_7 (void)
{
- int user_input;
+ int32_t user_input;
scanf("%i", &user_input);
- int n;
+ int32_t n;
if (user_input == 0)
n = 1;
else if (user_input == 2)
n = 7;
/* n is an unknown_svalue at this point. */
void *ptr = malloc (n);
- int *iptr = (int *)ptr;
+ int32_t *iptr = (int32_t *)ptr;
free (iptr);
}
-void *create_buffer (int n)
+void *create_buffer (int32_t n)
{
return malloc(n);
}
void test_8 (void)
{
- int *buf = create_buffer(4 * sizeof (int));
+ int32_t *buf = create_buffer(4 * sizeof (int));
free (buf);
}
impl_region_model_context::warn. To ensure that the indentation
in the diagnostic is right, the warning has to be emitted on an EN
that is after the return edge. */
- int *buf = create_buffer(42); /* { dg-warning "" "" { xfail *-*-* } } */
+ int32_t *buf = create_buffer(42); /* { dg-warning "" "" { xfail *-*-* } } */
free (buf);
}
-void test_10 (int n)
+void test_10 (int32_t n)
{
char *ptr = malloc (7 * n);
free (ptr);
#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
/* Tests with symbolic buffer sizes. */
-void test_1 (int n)
+void test_1 (int32_t n)
{
- short *ptr = malloc (n * sizeof (short));
+ int16_t *ptr = malloc (n * sizeof (int16_t));
free (ptr);
}
-void test_2 (int n)
+void test_2 (int32_t n)
{
- int *ptr = malloc (n * sizeof (short)); /* { dg-line malloc2 } */
+ int32_t *ptr = malloc (n * sizeof (int16_t)); /* { dg-line malloc2 } */
free (ptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } malloc2 } */
/* { dg-message "'\[a-z0-9\\*\\(\\)\\s\]*' bytes" "note" { target *-*-* } malloc2 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } malloc2 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4" "note" { target *-*-* } malloc2 } */
}
-void test_3 (int n)
+void test_3 (int32_t n)
{
- void *ptr = malloc (n * sizeof (short));
- short *sptr = (short *)ptr;
+ void *ptr = malloc (n * sizeof (int16_t));
+ int16_t *sptr = (int16_t *)ptr;
free (sptr);
}
-void test_4 (int n)
+void test_4 (int32_t n)
{
- void *ptr = malloc (n * sizeof (short)); /* { dg-message "'\[a-z0-9\\*\\(\\)\\s\]*'" "note" } */
- int *iptr = (int *)ptr; /* { dg-line assign4 } */
+ void *ptr = malloc (n * sizeof (int16_t)); /* { dg-message "'\[a-z0-9\\*\\(\\)\\s\]*'" "note" } */
+ int32_t *iptr = (int32_t *)ptr; /* { dg-line assign4 } */
free (iptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } assign4 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } assign4 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } assign4 } */
}
void test_5 (void)
{
- int user_input;
+ int32_t user_input;
scanf("%i", &user_input);
- int n;
+ int32_t n;
if (user_input == 0)
- n = 3 * user_input * sizeof (short);
+ n = 3 * user_input * sizeof (int16_t);
else
- n = 5 * user_input * sizeof (short);
+ n = 5 * user_input * sizeof (int16_t);
void *ptr = malloc (n);
- short *sptr = (short *)ptr;
+ int16_t *sptr = (int16_t *)ptr;
free (sptr);
}
void test_6 (void)
{
- int user_input;
+ int32_t user_input;
scanf("%i", &user_input);
- int n;
+ int32_t n;
if (user_input == 0)
n = user_input;
else if (user_input == 2)
n = user_input * 5;
/* n is an unknown_svalue at this point. */
void *ptr = malloc (n);
- int *iptr = (int *)ptr;
+ int32_t *iptr = (int32_t *)ptr;
free (iptr);
}
-void *create_buffer(int n)
+void *create_buffer(int32_t n)
{
return malloc(n);
}
-void test_7(int n)
+void test_7(int32_t n)
{
- int *buf = create_buffer(n * sizeof (int));
+ int32_t *buf = create_buffer(n * sizeof (int32_t));
free (buf);
}
-void test_8(int n)
+void test_8(int32_t n)
{
/* FIXME: At the moment, region_model::set_value (lhs, <return_value>)
is called at the src_node of the return edge. This edge has no stmts
impl_region_model_context::warn. To ensure that the indentation
in the diagnostic is right, the warning has to be emitted on an EN
that is after the return edge. */
- int *buf = create_buffer(n * sizeof(short)); /* { dg-warning "" "" { xfail *-*-* } } */
+ int32_t *buf = create_buffer(n * sizeof(int16_t)); /* { dg-warning "" "" { xfail *-*-* } } */
free (buf);
}
void test_9 (void)
{
- int n;
+ int32_t n;
scanf("%i", &n);
/* n is a conjured_svalue. */
void *ptr = malloc (n); /* { dg-message "'n' bytes" "note" } */
- int *iptr = (int *)ptr; /* { dg-line assign9 } */
+ int32_t *iptr = (int32_t *)ptr; /* { dg-line assign9 } */
free (iptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } assign9 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } assign9 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } assign9 } */
}
void test_11 (void)
{
- int n;
+ int32_t n;
scanf("%i", &n);
void *ptr = malloc (n);
- if (n == sizeof (int))
+ if (n == sizeof (int32_t))
{
/* n is a conjured_svalue but guarded such that we
know the value is a multiple of sizeof (*iptr). */
- int *iptr = (int *)ptr;
+ int32_t *iptr = (int32_t *)ptr;
free (iptr);
}
else
void test_12 (void)
{
- int n;
+ int32_t n;
scanf("%i", &n);
void *ptr = malloc (n); /* { dg-message "'n' bytes" } */
if (n == 5)
{
/* n is a conjured_svalue but guarded such that we
know the value isn't a multiple of sizeof (*iptr). */
- int *iptr = (int *)ptr; /* { dg-line assign12 } */
+ int32_t *iptr = (int32_t *)ptr; /* { dg-line assign12 } */
free (iptr);
}
else
free (ptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } assign12 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } assign12 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } assign12 } */
}
void test_13 (void)
{
- int n;
+ int32_t n;
scanf("%i", &n);
void *ptr = malloc (n);
if (n == n * n)
/* n is a conjured_svalue but guarded such that we don't have an
equivalence class for it. In such cases, we assume that the
condition ensures that the value is okay. */
- int *iptr = (int *)ptr;
+ int32_t *iptr = (int32_t *)ptr;
free (iptr);
}
else
#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
/* CWE-131 example 5 */
void test_1 (void)
{
- int *id_sequence = (int *) malloc (3); /* { dg-line malloc1 } */
+ int32_t *id_sequence = (int32_t *) malloc (3); /* { dg-line malloc1 } */
if (id_sequence == NULL) exit (1);
id_sequence[0] = 13579;
free (id_sequence);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } malloc1 } */
- /* { dg-message "\\d+ bytes" "note" { target *-*-* } malloc1 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } malloc1 } */
+ /* { dg-message "3 bytes" "note" { target *-*-* } malloc1 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } malloc1 } */
}
void test_2 (void)
{
- int *ptr = malloc (10 + sizeof(int)); /* { dg-line malloc2 } */
+ int32_t *ptr = malloc (10 + sizeof(int32_t)); /* { dg-line malloc2 } */
free (ptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } malloc2 } */
- /* { dg-message "\\d+ bytes" "note" { target *-*-* } malloc2 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } malloc2 } */
+ /* { dg-message "14 bytes" "note" { target *-*-* } malloc2 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } malloc2 } */
}
-void test_3 (int n)
+void test_3 (int32_t n)
{
- int *ptr = malloc (n + sizeof (int)); /* { dg-line malloc3 } */
+ int32_t *ptr = malloc (n + sizeof (int32_t)); /* { dg-line malloc3 } */
free (ptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } malloc3 } */
/* { dg-message "'\[a-z0-9\\+\\(\\)\\s\]*' bytes" "note" { target *-*-* } malloc3 } */
- /* { dg-message "'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } malloc3 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } malloc3 } */
}
-void test_4 (int n, int m)
+void test_4 (int32_t n, int32_t m)
{
- int *ptr = malloc ((n + m) * sizeof (int));
+ int32_t *ptr = malloc ((n + m) * sizeof (int32_t));
free (ptr);
}
#include <stdlib.h>
+#include <stdint.h>
/* Tests related to structs. */
struct base {
- int i;
+ int16_t i;
};
struct sub {
struct base b;
- int j;
+ int16_t j;
};
struct var_len {
- int i;
+ int16_t i;
char arr[];
};
void test_2 (void)
{
- long *ptr = malloc (5 * sizeof (struct base)); /* { dg-line malloc2 } */
+ int32_t *ptr = malloc (5 * sizeof (struct base)); /* { dg-line malloc2 } */
free (ptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } malloc2 } */
/* { dg-message "\\d+ bytes" "note" { target *-*-* } malloc2 } */
- /* { dg-message "'long (int)? \\*' here; 'sizeof \\(long (int)?\\)' is '\\d+'" "note" { target *-*-* } malloc2 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } malloc2 } */
}
void test_3 (void)
{
/* For constant sizes, we warn if the buffer
is too small to hold a single struct. */
- struct base *ptr = malloc (2); /* { dg-line malloc5 } */
+ struct base *ptr = malloc (1); /* { dg-line malloc5 } */
free (ptr);
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } malloc5 } */
- /* { dg-message "\\d+ bytes" "note" { target *-*-* } malloc5 } */
+ /* { dg-message "1 bytes" "note" { target *-*-* } malloc5 } */
/* { dg-message "'struct base \\*' here; 'sizeof \\(struct base\\)' is '\\d+'" "note" { target *-*-* } malloc5 } */
}
#include <stdlib.h>
#include <stdio.h>
+#include <stdint.h>
/* Tests related to statically allocated buffers. */
typedef struct a {
- short s;
+ int16_t s;
} a;
-int *test_1 (void)
+int32_t *test_1 (void)
{
a A; /* { dg-message "\\d+ bytes" "note" } */
A.s = 1;
- int *ptr = (int *) &A; /* { dg-line assign1 } */
+ int32_t *ptr = (int32_t *) &A; /* { dg-line assign1 } */
return ptr;
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } assign1 } */
- /* { dg-message "assigned to 'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } assign1 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } assign1 } */
}
-int *test2 (void)
+int32_t *test2 (void)
{
- char arr[sizeof (int)];
- int *ptr = (int *)arr;
+ char arr[sizeof (int32_t)];
+ int32_t *ptr = (int32_t *)arr;
return ptr;
}
-int *test3 (void)
+int32_t *test3 (void)
{
- char arr[sizeof (short)]; /* { dg-message "\\d+ bytes" "note" } */
- int *ptr = (int *)arr; /* { dg-line assign3 } */
+ char arr[sizeof (int16_t)]; /* { dg-message "\\d+ bytes" "note" } */
+ int32_t *ptr = (int32_t *)arr; /* { dg-line assign3 } */
return ptr;
/* { dg-warning "allocated buffer size is not a multiple of the pointee's size \\\[CWE-131\\\]" "warning" { target *-*-* } assign3 } */
- /* { dg-message "assigned to 'int \\*' here; 'sizeof \\(int\\)' is '\\d+'" "note" { target *-*-* } assign3 } */
+ /* { dg-message "'int32_t \\*' (\\\{aka 'int \\*'\\\})? here; 'sizeof \\(int32_t (\\\{aka int\\\})?\\)' is '4'" "note" { target *-*-* } assign3 } */
}