1*1f5207b7SJohn Levon #include "check_debug.h" 2*1f5207b7SJohn Levon 3*1f5207b7SJohn Levon void strndup(char *to, int size); 4*1f5207b7SJohn Levon void strcpy(char *dest, char *src); 5*1f5207b7SJohn Levon func(char * a,char * b)6*1f5207b7SJohn Levonvoid func (char *a, char *b) 7*1f5207b7SJohn Levon { 8*1f5207b7SJohn Levon char c[5]; 9*1f5207b7SJohn Levon 10*1f5207b7SJohn Levon a = strndup(b, 5); 11*1f5207b7SJohn Levon strcpy(c, a); 12*1f5207b7SJohn Levon } 13*1f5207b7SJohn Levon /* 14*1f5207b7SJohn Levon * check-name: smatch strndup overflow 15*1f5207b7SJohn Levon * check-command: smatch -I.. sm_overflow4.c 16*1f5207b7SJohn Levon * 17*1f5207b7SJohn Levon * check-output-start 18*1f5207b7SJohn Levon sm_overflow4.c:11 func() error: strcpy() 'a' too large for 'c' (6 vs 5) 19*1f5207b7SJohn Levon * check-output-end 20*1f5207b7SJohn Levon */ 21