You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

74 lines
1.4 KiB

/*
* Copyright (c) 2018-present, Facebook, Inc.
*
* This source code is licensed under the MIT license found in the
* LICENSE file in the root directory of this source tree.
*/
#include <stdlib.h>
extern int __infer_taint_source();
extern void __infer_taint_sink(int i);
void basic_bad() {
int arr[10];
int source = __infer_taint_source();
arr[source] = 2;
}
int multi_level_source_bad() { return __infer_taint_source(); }
void multi_level_sink_bad(int i) {
int arr[10];
if (i > 0)
arr[i] = 2;
}
struct arg {
int taint;
int bo;
};
arg multi_level_source_ok() {
return {.taint = __infer_taint_source(), .bo = 12};
}
void multi_level_sink_ok(int taint, int bo) {
__infer_taint_sink(taint);
int arr[10];
arr[bo] = 0;
}
void multi_level_bad() {
int i = multi_level_source_bad();
multi_level_sink_bad(i);
}
void multi_level_good() { int i = multi_level_source_bad(); }
void memory_alloc_bad1_FN() { int arr[__infer_taint_source()]; }
void memory_alloc_bad2() {
int s = __infer_taint_source();
if (s <= 2147483647) {
int arr[s];
}
}
struct st {
int size;
int ind;
};
st overlapping_issues_source_good() {
return {.size = __infer_taint_source(), .ind = 10};
}
void overlapping_issues_sink_good(st info) {
int arr[info.size];
arr[info.ind] = 0;
}
void overlapping_issues_good() {
overlapping_issues_sink_good(overlapping_issues_source_good());
}