Successfully tested on x86_64-pc-linux-gnu.
Pushed to trunk as r13-4218-g9ada45967b4cf5.
gcc/testsuite/ChangeLog:
* gcc.dg/analyzer/CWE-131-examples.c: New test.
* gcc.dg/analyzer/file-CWE-1341-example.c: New test.
* gcc.dg/analyzer/malloc-CWE-401-example.c: New test.
* gcc.dg/analyzer/malloc-CWE-415-examples.c: New test.
* gcc.dg/analyzer/malloc-CWE-416-examples.c: New test.
* gcc.dg/analyzer/malloc-CWE-590-examples.c: New test.
Signed-off-by: David Malcolm <dmalc...@redhat.com>
---
.../gcc.dg/analyzer/CWE-131-examples.c | 146 ++++++++++++++++++
.../gcc.dg/analyzer/file-CWE-1341-example.c | 41 +++++
.../gcc.dg/analyzer/malloc-CWE-401-example.c | 37 +++++
.../gcc.dg/analyzer/malloc-CWE-415-examples.c | 53 +++++++
.../gcc.dg/analyzer/malloc-CWE-416-examples.c | 60 +++++++
.../gcc.dg/analyzer/malloc-CWE-590-examples.c | 44 ++++++
6 files changed, 381 insertions(+)
create mode 100644 gcc/testsuite/gcc.dg/analyzer/CWE-131-examples.c
create mode 100644 gcc/testsuite/gcc.dg/analyzer/file-CWE-1341-example.c
create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-CWE-401-example.c
create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-CWE-415-examples.c
create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-CWE-416-examples.c
create mode 100644 gcc/testsuite/gcc.dg/analyzer/malloc-CWE-590-examples.c
diff --git a/gcc/testsuite/gcc.dg/analyzer/CWE-131-examples.c
b/gcc/testsuite/gcc.dg/analyzer/CWE-131-examples.c
new file mode 100644
index 00000000000..3bc898cd0cc
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/CWE-131-examples.c
@@ -0,0 +1,146 @@
+/* Examples adapted from https://cwe.mitre.org/data/definitions/131.html
+ which states "Copyright © 2006–2022, The MITRE Corporation. CWE, CWSS,
CWRAF, and the CWE logo are trademarks of The MITRE Corporation."
+ and which has this on:
+ https://cwe.mitre.org/about/termsofuse.html
+
+ Terms of Use
+
+ CWE™ is free to use by any organization or individual for any research,
development, and/or commercial purposes, per these CWE Terms of Use. The MITRE
Corporation ("MITRE") has copyrighted the CWE List, Top 25, CWSS, and CWRAF for
the benefit of the community in order to ensure each remains a free and open
standard, as well as to legally protect the ongoing use of it and any resulting
content by government, vendors, and/or users. CWE is a trademark of MITRE.
Please contact c...@mitre.org if you require further clarification on this
issue.
+
+ LICENSE
+
+ CWE Submissions: By submitting materials to The MITRE Corporation’s
("MITRE") Common Weakness Enumeration Program (CWE™), you hereby grant to MITRE
a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to use, reproduce, prepare derivative works of, publicly
display, publicly perform, sublicense, and distribute your submitted materials
and derivative works. Unless otherwise required by applicable law or agreed to
in writing, it is understood that you are providing such materials on an "AS
IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+ CWE Usage: MITRE hereby grants you a non-exclusive, royalty-free license to
use CWE for research, development, and commercial purposes. Any copy you make
for such purposes is authorized on the condition that you reproduce MITRE’s
copyright designation and this license in any such copy.
+
+ DISCLAIMERS
+
+ ALL DOCUMENTS AND THE INFORMATION CONTAINED IN THE CWE ARE PROVIDED ON AN
"AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+
+ IN NO EVENT SHALL THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE INFORMATION OR THE USE OR OTHER DEALINGS IN THE CWE. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+/* Support decls for example 1. */
+
+extern unsigned int GetUntrustedSizeValue();
+extern void ExitError(const char *) __attribute__((noreturn));
+
+typedef struct Widget
+{
+} Widget;
+
+#define MAX_NUM_WIDGETS 100
+
+extern Widget *InitializeWidget();
+extern void showWidgets(Widget **);
+
+void example_1 (void)
+{
+ int i;
+ unsigned int numWidgets;
+ Widget **WidgetList;
+
+ numWidgets = GetUntrustedSizeValue();
+ if ((numWidgets == 0) || (numWidgets > MAX_NUM_WIDGETS)) {
+ ExitError("Incorrect number of widgets requested!");
+ }
+ WidgetList = (Widget **)malloc(numWidgets * sizeof(Widget *));
+ printf("WidgetList ptr=%p\n", WidgetList);
+ for(i=0; i<numWidgets; i++) {
+ WidgetList[i] = InitializeWidget(); /* { dg-warning "dereference of
possibly-NULL 'WidgetList'" } */
+ }
+ WidgetList[numWidgets] = NULL; /* { dg-warning "heap-based buffer overflow"
} */
+ showWidgets(WidgetList);
+}
+
+/* Support decls for example 2. */
+
+typedef struct img_t
+{
+ char placeholder[1024];
+} img_t;
+
+extern int get_num_imgs();
+
+img_t *example_2 (void)
+{
+ img_t *table_ptr; /*struct containing img data, 10kB each*/
+ int num_imgs;
+ /* ... */
+ num_imgs = get_num_imgs();
+ table_ptr = (img_t*)malloc(sizeof(img_t)*num_imgs); /* TODO: ideally we'd
warn about possible overflow here. */
+ /* ... */
+ return table_ptr;
+}
+
+/* Support decls for example 3. */
+
+#define MAX_SIZE 100
+extern void die(const char *) __attribute__((noreturn));
+
+char * example_3 (char *user_supplied_string)
+{
+ int i, dst_index;
+ char *dst_buf = (char*)malloc(4*sizeof(char) * MAX_SIZE);
+ if ( MAX_SIZE <= strlen(user_supplied_string) ){
+ die("user string too long, die evil hacker!");
+ }
+ dst_index = 0;
+ for ( i = 0; i < strlen(user_supplied_string); i++ ){
+ if( '&' == user_supplied_string[i] ){
+ dst_buf[dst_index++] = '&'; /* { dg-warning "dereference of
possibly-NULL 'dst_buf'" } */
+ dst_buf[dst_index++] = 'a';
+ dst_buf[dst_index++] = 'm';
+ dst_buf[dst_index++] = 'p';
+ dst_buf[dst_index++] = ';'; /* TODO: ideally we'd warn about possible
out-of-bounds write here. */
+ }
+ else if ('<' == user_supplied_string[i] ){
+ /* encode to < */
+ }
+ else dst_buf[dst_index++] = user_supplied_string[i]; /* { dg-warning
"dereference of possibly-NULL 'dst_buf'" } */
+ }
+ return dst_buf;
+}
+
+/* Support decls for example 4. */
+
+typedef struct DataPacket { int headers; } DataPacket;
+typedef struct PacketHeader {} PacketHeader;
+extern int AcceptSocketConnection();
+extern void ReadPacket(DataPacket *, int);
+extern void ParsePacketHeaders(DataPacket *, PacketHeader *);
+
+void example_4 (DataPacket *packet)
+{
+ int sock;
+
+ int numHeaders;
+ PacketHeader *headers;
+
+ sock=AcceptSocketConnection();
+ ReadPacket(packet, sock);
+ numHeaders =packet->headers;
+
+ if (numHeaders > 100) {
+ ExitError("too many headers!");
+ }
+ headers = malloc(numHeaders * sizeof(PacketHeader)); /* TODO: ideally we'd
warn about possible overflow here with negative numHeaders. */
+ ParsePacketHeaders(packet, headers);
+}
+
+void example_5 (void)
+{
+ int *id_sequence;
+
+ /* Allocate space for an array of three ids. */
+ id_sequence = (int*) malloc(3); /* { dg-warning "allocated buffer size is
not a multiple of the pointee's size" } */
+ if (id_sequence == NULL) exit(1);
+
+ /* Populate the id array. */
+ id_sequence[0] = 13579; /* { dg-warning "heap-based buffer overflow" } */
+ id_sequence[1] = 24680; /* { dg-warning "heap-based buffer overflow" } */
+ id_sequence[2] = 97531; /* { dg-warning "heap-based buffer overflow" } */
+} /* { dg-warning "leak of 'id_sequence'" } */
diff --git a/gcc/testsuite/gcc.dg/analyzer/file-CWE-1341-example.c
b/gcc/testsuite/gcc.dg/analyzer/file-CWE-1341-example.c
new file mode 100644
index 00000000000..2add3cb109b
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/file-CWE-1341-example.c
@@ -0,0 +1,41 @@
+/* Example adapted from https://cwe.mitre.org/data/definitions/1341.html
+ which states "Copyright © 2006–2022, The MITRE Corporation. CWE, CWSS,
CWRAF, and the CWE logo are trademarks of The MITRE Corporation."
+ and which has this on:
+ https://cwe.mitre.org/about/termsofuse.html
+
+ Terms of Use
+
+ CWE™ is free to use by any organization or individual for any research,
development, and/or commercial purposes, per these CWE Terms of Use. The MITRE
Corporation ("MITRE") has copyrighted the CWE List, Top 25, CWSS, and CWRAF for
the benefit of the community in order to ensure each remains a free and open
standard, as well as to legally protect the ongoing use of it and any resulting
content by government, vendors, and/or users. CWE is a trademark of MITRE.
Please contact c...@mitre.org if you require further clarification on this
issue.
+
+ LICENSE
+
+ CWE Submissions: By submitting materials to The MITRE Corporation’s
("MITRE") Common Weakness Enumeration Program (CWE™), you hereby grant to MITRE
a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to use, reproduce, prepare derivative works of, publicly
display, publicly perform, sublicense, and distribute your submitted materials
and derivative works. Unless otherwise required by applicable law or agreed to
in writing, it is understood that you are providing such materials on an "AS
IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+ CWE Usage: MITRE hereby grants you a non-exclusive, royalty-free license to
use CWE for research, development, and commercial purposes. Any copy you make
for such purposes is authorized on the condition that you reproduce MITRE’s
copyright designation and this license in any such copy.
+
+ DISCLAIMERS
+
+ ALL DOCUMENTS AND THE INFORMATION CONTAINED IN THE CWE ARE PROVIDED ON AN
"AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+
+ IN NO EVENT SHALL THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE INFORMATION OR THE USE OR OTHER DEALINGS IN THE CWE. */
+
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+void example_1 (void)
+{
+ char b[2000];
+ FILE *f = fopen("dbl_cls.c", "r"); /* { dg-message "opened here" } */
+ if (f)
+ {
+ b[0] = 0;
+ fread(b, 1, sizeof(b) - 1, f);
+ printf("%s\n'", b);
+ int r1 = fclose(f); /* { dg-message "first 'fclose' here" } */
+ printf("\n-----------------\n1 close done '%d'\n", r1);
+
+ int r2 = fclose(f); /* { dg-warning "double 'fclose' of FILE 'f'" } */
+ printf("2 close done '%d'\n", r2);
+ }
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-401-example.c
b/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-401-example.c
new file mode 100644
index 00000000000..cfb5e86260c
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-401-example.c
@@ -0,0 +1,37 @@
+/* Example adapted from https://cwe.mitre.org/data/definitions/401.html
+ which states "Copyright © 2006–2022, The MITRE Corporation. CWE, CWSS,
CWRAF, and the CWE logo are trademarks of The MITRE Corporation."
+ and which has this on:
+ https://cwe.mitre.org/about/termsofuse.html
+
+ Terms of Use
+
+ CWE™ is free to use by any organization or individual for any research,
development, and/or commercial purposes, per these CWE Terms of Use. The MITRE
Corporation ("MITRE") has copyrighted the CWE List, Top 25, CWSS, and CWRAF for
the benefit of the community in order to ensure each remains a free and open
standard, as well as to legally protect the ongoing use of it and any resulting
content by government, vendors, and/or users. CWE is a trademark of MITRE.
Please contact c...@mitre.org if you require further clarification on this
issue.
+
+ LICENSE
+
+ CWE Submissions: By submitting materials to The MITRE Corporation’s
("MITRE") Common Weakness Enumeration Program (CWE™), you hereby grant to MITRE
a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to use, reproduce, prepare derivative works of, publicly
display, publicly perform, sublicense, and distribute your submitted materials
and derivative works. Unless otherwise required by applicable law or agreed to
in writing, it is understood that you are providing such materials on an "AS
IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+ CWE Usage: MITRE hereby grants you a non-exclusive, royalty-free license to
use CWE for research, development, and commercial purposes. Any copy you make
for such purposes is authorized on the condition that you reproduce MITRE’s
copyright designation and this license in any such copy.
+
+ DISCLAIMERS
+
+ ALL DOCUMENTS AND THE INFORMATION CONTAINED IN THE CWE ARE PROVIDED ON AN
"AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+
+ IN NO EVENT SHALL THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE INFORMATION OR THE USE OR OTHER DEALINGS IN THE CWE. */
+
+#define BLOCK_SIZE 4096
+
+#include <stdlib.h>
+#include <unistd.h>
+
+char* getBlock(int fd) {
+ char* buf = (char*) malloc(BLOCK_SIZE);
+ if (!buf) {
+ return NULL;
+ }
+ if (read(fd, buf, BLOCK_SIZE) != BLOCK_SIZE) {
+
+ return NULL; /* TODO: should complain that "buf" is leaked on this path.
*/
+ }
+ return buf;
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-415-examples.c
b/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-415-examples.c
new file mode 100644
index 00000000000..51d878a17c3
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-415-examples.c
@@ -0,0 +1,53 @@
+/* Example adapted from https://cwe.mitre.org/data/definitions/415.html
+ which states "Copyright © 2006–2022, The MITRE Corporation. CWE, CWSS,
CWRAF, and the CWE logo are trademarks of The MITRE Corporation."
+ and which has this on:
+ https://cwe.mitre.org/about/termsofuse.html
+
+ Terms of Use
+
+ CWE™ is free to use by any organization or individual for any research,
development, and/or commercial purposes, per these CWE Terms of Use. The MITRE
Corporation ("MITRE") has copyrighted the CWE List, Top 25, CWSS, and CWRAF for
the benefit of the community in order to ensure each remains a free and open
standard, as well as to legally protect the ongoing use of it and any resulting
content by government, vendors, and/or users. CWE is a trademark of MITRE.
Please contact c...@mitre.org if you require further clarification on this
issue.
+
+ LICENSE
+
+ CWE Submissions: By submitting materials to The MITRE Corporation’s
("MITRE") Common Weakness Enumeration Program (CWE™), you hereby grant to MITRE
a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to use, reproduce, prepare derivative works of, publicly
display, publicly perform, sublicense, and distribute your submitted materials
and derivative works. Unless otherwise required by applicable law or agreed to
in writing, it is understood that you are providing such materials on an "AS
IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+ CWE Usage: MITRE hereby grants you a non-exclusive, royalty-free license to
use CWE for research, development, and commercial purposes. Any copy you make
for such purposes is authorized on the condition that you reproduce MITRE’s
copyright designation and this license in any such copy.
+
+ DISCLAIMERS
+
+ ALL DOCUMENTS AND THE INFORMATION CONTAINED IN THE CWE ARE PROVIDED ON AN
"AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+
+ IN NO EVENT SHALL THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE INFORMATION OR THE USE OR OTHER DEALINGS IN THE CWE. */
+
+#include <stdlib.h>
+#include <string.h>
+
+#define SIZE 1024
+
+void example_1 (int abrt)
+{
+ char* ptr = (char*)malloc (SIZE);
+ /* ... */
+ if (abrt) {
+ free(ptr);
+ }
+ /* ... */
+ free(ptr); /* { dg-warning "double-'free' of 'ptr'" } */
+}
+
+#define BUFSIZE1 512
+#define BUFSIZE2 ((BUFSIZE1/2) - 8)
+
+int main(int argc, char **argv) {
+ char *buf1R1;
+ char *buf2R1;
+ char *buf1R2;
+ buf1R1 = (char *) malloc(BUFSIZE2);
+ buf2R1 = (char *) malloc(BUFSIZE2);
+ free(buf1R1);
+ free(buf2R1);
+ buf1R2 = (char *) malloc(BUFSIZE1);
+ strncpy(buf1R2, argv[1], BUFSIZE1-1); /* { dg-warning "use of possibly-NULL
'buf1R2'" } */
+ free(buf2R1); /* { dg-warning "double-'free' of 'buf2R1'" } */
+ free(buf1R2);
+}
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-416-examples.c
b/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-416-examples.c
new file mode 100644
index 00000000000..3f5e5e26033
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-416-examples.c
@@ -0,0 +1,60 @@
+/* Examples adapted from https://cwe.mitre.org/data/definitions/416.html
+ which states "Copyright © 2006–2022, The MITRE Corporation. CWE, CWSS,
CWRAF, and the CWE logo are trademarks of The MITRE Corporation."
+ and which has this on:
+ https://cwe.mitre.org/about/termsofuse.html
+
+ Terms of Use
+
+ CWE™ is free to use by any organization or individual for any research,
development, and/or commercial purposes, per these CWE Terms of Use. The MITRE
Corporation ("MITRE") has copyrighted the CWE List, Top 25, CWSS, and CWRAF for
the benefit of the community in order to ensure each remains a free and open
standard, as well as to legally protect the ongoing use of it and any resulting
content by government, vendors, and/or users. CWE is a trademark of MITRE.
Please contact c...@mitre.org if you require further clarification on this
issue.
+
+ LICENSE
+
+ CWE Submissions: By submitting materials to The MITRE Corporation’s
("MITRE") Common Weakness Enumeration Program (CWE™), you hereby grant to MITRE
a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to use, reproduce, prepare derivative works of, publicly
display, publicly perform, sublicense, and distribute your submitted materials
and derivative works. Unless otherwise required by applicable law or agreed to
in writing, it is understood that you are providing such materials on an "AS
IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+ CWE Usage: MITRE hereby grants you a non-exclusive, royalty-free license to
use CWE for research, development, and commercial purposes. Any copy you make
for such purposes is authorized on the condition that you reproduce MITRE’s
copyright designation and this license in any such copy.
+
+ DISCLAIMERS
+
+ ALL DOCUMENTS AND THE INFORMATION CONTAINED IN THE CWE ARE PROVIDED ON AN
"AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+
+ IN NO EVENT SHALL THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE INFORMATION OR THE USE OR OTHER DEALINGS IN THE CWE. */
+
+#include <stdlib.h>
+#include <string.h>
+
+#define BUFSIZER1 512
+#define BUFSIZER2 ((BUFSIZER1/2) - 8)
+
+int main(int argc, char **argv) {
+ char *buf1R1;
+ char *buf2R1;
+ char *buf2R2;
+ char *buf3R2;
+ buf1R1 = (char *) malloc(BUFSIZER1);
+ buf2R1 = (char *) malloc(BUFSIZER1);
+ free(buf2R1);
+ buf2R2 = (char *) malloc(BUFSIZER2);
+ buf3R2 = (char *) malloc(BUFSIZER2);
+ strncpy(buf2R1, argv[1], BUFSIZER1-1); /* TODO: should complain about
use-after-free here. */
+ free(buf1R1);
+ free(buf2R2);
+ free(buf3R2);
+}
+
+#define SIZE 1024
+extern void logError(const char *, const char *);
+
+void example_2 (int err)
+{
+ int abrt = 0;
+
+ char* ptr = (char*)malloc (SIZE);
+ if (err) {
+ abrt = 1;
+ free(ptr);
+ }
+ /* ... */
+ if (abrt) {
+ logError("operation aborted before commit", ptr); /* TODO: arguably should
complain about use-after-free of ptr here. */
+ }
+} /* { dg-warning "leak of 'ptr'" } */
diff --git a/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-590-examples.c
b/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-590-examples.c
new file mode 100644
index 00000000000..036f8889a92
--- /dev/null
+++ b/gcc/testsuite/gcc.dg/analyzer/malloc-CWE-590-examples.c
@@ -0,0 +1,44 @@
+/* { dg-additional-options "-Wno-free-nonheap-object" } */
+
+/* Examples adapted from https://cwe.mitre.org/data/definitions/590.html
+ which states "Copyright © 2006–2022, The MITRE Corporation. CWE, CWSS,
CWRAF, and the CWE logo are trademarks of The MITRE Corporation."
+ and which has this on:
+ https://cwe.mitre.org/about/termsofuse.html
+
+ Terms of Use
+
+ CWE™ is free to use by any organization or individual for any research,
development, and/or commercial purposes, per these CWE Terms of Use. The MITRE
Corporation ("MITRE") has copyrighted the CWE List, Top 25, CWSS, and CWRAF for
the benefit of the community in order to ensure each remains a free and open
standard, as well as to legally protect the ongoing use of it and any resulting
content by government, vendors, and/or users. CWE is a trademark of MITRE.
Please contact c...@mitre.org if you require further clarification on this
issue.
+
+ LICENSE
+
+ CWE Submissions: By submitting materials to The MITRE Corporation’s
("MITRE") Common Weakness Enumeration Program (CWE™), you hereby grant to MITRE
a perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable
copyright license to use, reproduce, prepare derivative works of, publicly
display, publicly perform, sublicense, and distribute your submitted materials
and derivative works. Unless otherwise required by applicable law or agreed to
in writing, it is understood that you are providing such materials on an "AS
IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
implied, including, without limitation, any warranties or conditions of TITLE,
NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE.
+
+ CWE Usage: MITRE hereby grants you a non-exclusive, royalty-free license to
use CWE for research, development, and commercial purposes. Any copy you make
for such purposes is authorized on the condition that you reproduce MITRE’s
copyright designation and this license in any such copy.
+
+ DISCLAIMERS
+
+ ALL DOCUMENTS AND THE INFORMATION CONTAINED IN THE CWE ARE PROVIDED ON AN
"AS IS" BASIS AND THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES, DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION THEREIN WILL
NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS
FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT.
+
+ IN NO EVENT SHALL THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS
SPONSORED BY (IF ANY), THE MITRE CORPORATION, ITS BOARD OF TRUSTEES, OFFICERS,
AGENTS, AND EMPLOYEES BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY,
WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN
CONNECTION WITH THE INFORMATION OR THE USE OR OTHER DEALINGS IN THE CWE. */
+
+#include <stdlib.h>
+
+typedef struct record_t { char placeholder[1024]; } record_t;
+#define MAX_SIZE 100
+
+void foo_1(){
+ record_t bar[MAX_SIZE];
+
+ /* do something interesting with bar */
+
+ /* ... */
+ free(bar); /* { dg-warning "'free' of '&bar' which points to memory on the
stack" } */
+}
+
+record_t bar[MAX_SIZE]; //Global var
+void foo_2(){
+
+ /* do something interesting with bar */
+ /* ... */
+ free(bar); /* { dg-warning "'free' of '&bar' which points to memory not on
the heap" } */
+}
--
2.26.3
