1 int a[] = {1, 2, 3, 4}; 2 char *b = "abc"; 3 char c[4]; 4 char d[4] = ""; 5 6 int x; 7 static int options_write(void) 8 { 9 int i; 10 char *str = b; 11 char *str2 = "123"; 12 char *str3; 13 char *str4; 14 char *str5; 15 unsigned int j = 4; 16 17 str3 = str2; 18 str4 = str; 19 if (x) 20 str5 = "asdf"; 21 else 22 str5 = "aa"; 23 24 for (i = 0; i < 4 && frob(); i++) 25 ; 26 a[i] = 42; 27 b[i] = '\0'; 28 c[i] = '\0'; 29 str[j] = '\0'; 30 str2[j] = '\0'; 31 str3[j] = '\0'; 32 str4[j] = '\0'; 33 str5[j] = '\0'; 34 d[j] = '\0'; 35 } 36 /* 37 * check-name: smatch array check 38 * check-command: smatch --spammy sm_array_overflow.c 39 * 40 * check-output-start 41 sm_array_overflow.c:26 options_write() error: buffer overflow 'a' 4 <= 4 42 sm_array_overflow.c:27 options_write() error: buffer overflow 'b' 4 <= 4 43 sm_array_overflow.c:28 options_write() error: buffer overflow 'c' 4 <= 4 44 sm_array_overflow.c:29 options_write() error: buffer overflow 'str' 4 <= 4 45 sm_array_overflow.c:30 options_write() error: buffer overflow 'str2' 4 <= 4 46 sm_array_overflow.c:31 options_write() error: buffer overflow 'str3' 4 <= 4 47 sm_array_overflow.c:32 options_write() error: buffer overflow 'str4' 4 <= 4 48 sm_array_overflow.c:34 options_write() error: buffer overflow 'd' 4 <= 4 49 * check-output-end 50 */ 51