1 #include <stdio.h> 2 3 #define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0])) 4 5 int a[] = {1, 2, 3, 4}; 6 int b[] = { 7 [3] = 1, 8 }; 9 10 int x; 11 int main(void) 12 { 13 if (x < ARRAY_SIZE(a)) 14 a[x] = 1; 15 if (x < ARRAY_SIZE(b)) 16 b[x] = 1; 17 if (x < ARRAY_SIZE(b)) 18 b[4] = 1; 19 printf("%d\n", ARRAY_SIZE(b)); 20 } 21 /* 22 * check-name: smatch indexed array check 23 * check-command: smatch sm_array_overflow2.c 24 * 25 * check-output-start 26 sm_array_overflow2.c:18 main() error: buffer overflow 'b' 4 <= 4 27 * check-output-end 28 */ 29