diff options
Diffstat (limited to 'gcc/testsuite/gcc.dg')
-rw-r--r-- | gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c | 66 |
1 files changed, 66 insertions, 0 deletions
diff --git a/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c b/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c index 5a5a0b93ce0..b7c1faef1c4 100644 --- a/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c +++ b/gcc/testsuite/gcc.dg/analyzer/taint-divisor-1.c @@ -24,3 +24,69 @@ int test_2 (FILE *f) fread (&s, sizeof (s), 1, f); return s.a % s.b; /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */ } + +/* We shouldn't complain if the divisor has been checked for zero. */ + +int test_checked_ne_zero (FILE *f) +{ + struct st1 s; + fread (&s, sizeof (s), 1, f); + if (s.b) + return s.a / s.b; /* { dg-bogus "divisor" } */ + else + return 0; +} + +int test_checked_gt_zero (FILE *f) +{ + struct st1 s; + fread (&s, sizeof (s), 1, f); + if (s.b > 0) + return s.a / s.b; /* { dg-bogus "divisor" } */ + else + return 0; +} + +int test_checked_lt_zero (FILE *f) +{ + struct st1 s; + fread (&s, sizeof (s), 1, f); + if (s.b < 0) + return s.a / s.b; /* { dg-bogus "divisor" } */ + else + return 0; +} + +/* We should complain if the check on the divisor still allows it to be + zero. */ + +int test_checked_ge_zero (FILE *f) +{ + struct st1 s; + fread (&s, sizeof (s), 1, f); + if (s.b >= 0) + return s.a / s.b; /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */ + else + return 0; +} + +int test_checked_le_zero (FILE *f) +{ + struct st1 s; + fread (&s, sizeof (s), 1, f); + if (s.b <= 0) + return s.a / s.b; /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */ + else + return 0; +} + +int test_checked_eq_zero (FILE *f) +{ + struct st1 s; + fread (&s, sizeof (s), 1, f); + /* Wrong sense of test. */ + if (s.b != 0) + return 0; + else + return s.a / s.b; /* { dg-warning "use of attacker-controlled value 's\\.b' as divisor without checking for zero" } */ +} |