1*1f5207b7SJohn Levon #include "check_debug.h" 2*1f5207b7SJohn Levon 3*1f5207b7SJohn Levon void memdup(char *to, int size); 4*1f5207b7SJohn Levon void strcpy(char *dest, char *src); 5*1f5207b7SJohn Levon func(char * a,char * b)6*1f5207b7SJohn Levonvoid func (char *a, char *b) 7*1f5207b7SJohn Levon { 8*1f5207b7SJohn Levon char c[5]; 9*1f5207b7SJohn Levon 10*1f5207b7SJohn Levon a = memdup(b, 5); 11*1f5207b7SJohn Levon strcpy(c, a); 12*1f5207b7SJohn Levon a[5] = '\0'; 13*1f5207b7SJohn Levon } 14*1f5207b7SJohn Levon /* 15*1f5207b7SJohn Levon * check-name: smatch memdup overflow 16*1f5207b7SJohn Levon * check-command: smatch -I.. sm_overflow5.c 17*1f5207b7SJohn Levon * 18*1f5207b7SJohn Levon * check-output-start 19*1f5207b7SJohn Levon sm_overflow5.c:12 func() error: buffer overflow 'a' 5 <= 5 20*1f5207b7SJohn Levon * check-output-end 21*1f5207b7SJohn Levon */ 22