Lines Matching refs:to
23 // Input to a test is a zero-terminated string str with given length
24 // Accesses to the bytes to the left and to the right of str
25 // are presumed to produce OOB errors
35 // We don't insert RedZones to the left of global variables
42 // String is not zero-terminated, strlen will lead to OOB access
61 // TODO(samsonov): Fix expected messages in StrLenOOBTestTemplate to
62 // make test for stack_string work. Or move it to output tests.
90 // Argument points to not allocated memory.
110 // Argument points to not allocated memory.
122 char *to = Ident((char*)malloc(to_size));
126 strcpy(to, from);
127 strcpy(to + to_size - from_size, from);
130 // "to" or "from" points to not allocated memory.
131 EXPECT_DEATH(Ident(strcpy(to - 1, from)), LeftOOBWriteMessage(1));
132 EXPECT_DEATH(Ident(strcpy(to, from - 1)), LeftOOBReadMessage(1));
133 EXPECT_DEATH(Ident(strcpy(to, from + from_size)), RightOOBReadMessage(0));
134 EXPECT_DEATH(Ident(strcpy(to + to_size, from)), RightOOBWriteMessage(0));
137 EXPECT_DEATH(Ident(strcpy(to, from)), RightOOBReadMessage(0));
138 free(to);
145 char *to = Ident((char*)malloc(to_size));
150 strncpy(to, from, 0);
151 strncpy(to - 1, from - 1, 0);
153 strncpy(to, from, from_size);
154 strncpy(to, from, to_size);
155 strncpy(to, from + from_size - 1, to_size);
156 strncpy(to + to_size - 1, from, 1);
157 // One of {to, from} points to not allocated memory
158 EXPECT_DEATH(Ident(strncpy(to, from - 1, from_size)),
160 EXPECT_DEATH(Ident(strncpy(to - 1, from, from_size)),
162 EXPECT_DEATH(Ident(strncpy(to, from + from_size, 1)),
164 EXPECT_DEATH(Ident(strncpy(to + to_size, from, 1)),
166 // Length of "to" is too small
167 EXPECT_DEATH(Ident(strncpy(to + to_size - from_size + 1, from, from_size)),
169 EXPECT_DEATH(Ident(strncpy(to + 1, from, to_size)),
174 strncpy(to, from, from_size);
176 EXPECT_DEATH(Ident(strncpy(to, from, to_size)),
178 free(to);
197 // StrChr argument points to not allocated memory.
213 // StrChr argument points to not allocated memory.
293 // One of arguments points to not allocated memory.
331 // One of arguments points to not allocated memory.
354 // strcat() reads strlen(to) bytes from |to| before concatenating.
356 char *to = MallocAndMemsetString(to_size);
357 to[0] = '\0';
362 strcat(to, from);
363 strcat(to, from);
364 strcat(to + from_size, from + from_size - 2);
367 EXPECT_DEATH(strcat(to - 1, from + from_size - 1), LeftOOBAccessMessage(1));
368 // One of arguments points to not allocated memory.
369 EXPECT_DEATH(strcat(to - 1, from), LeftOOBAccessMessage(1));
370 EXPECT_DEATH(strcat(to, from - 1), LeftOOBReadMessage(1));
371 EXPECT_DEATH(strcat(to, from + from_size), RightOOBReadMessage(0));
375 EXPECT_DEATH(strcat(to, from), RightOOBReadMessage(0));
377 // "to" is too short to fit "from".
378 memset(to, 'z', to_size);
379 to[to_size - from_size + 1] = '\0';
380 EXPECT_DEATH(strcat(to, from), RightOOBWriteMessage(0));
381 // length of "to" is just enough.
382 strcat(to, from + 1);
384 free(to);
389 // strncat() reads strlen(to) bytes from |to| before concatenating.
391 char *to = MallocAndMemsetString(to_size);
392 to[0] = '\0';
396 strncat(to, from, 0);
397 strncat(to, from, from_size);
399 strncat(to, from, 2 * from_size);
401 EXPECT_DEATH(strncat(to - 1, from, 0), LeftOOBAccessMessage(1));
402 strncat(to, from + from_size - 1, 10);
403 // One of arguments points to not allocated memory.
404 EXPECT_DEATH(strncat(to - 1, from, 2), LeftOOBAccessMessage(1));
405 EXPECT_DEATH(strncat(to, from - 1, 2), LeftOOBReadMessage(1));
406 EXPECT_DEATH(strncat(to, from + from_size, 2), RightOOBReadMessage(0));
409 memset(to, 'z', to_size);
410 to[0] = '\0';
412 EXPECT_DEATH(strncat(to, from, from_size + 1), RightOOBReadMessage(0));
413 // "to" is too short to fit "from".
414 to[0] = 'z';
415 to[to_size - from_size + 1] = '\0';
416 EXPECT_DEATH(strncat(to, from, from_size - 1), RightOOBWriteMessage(0));
417 // "to" is just enough.
418 strncat(to, from, from_size - 2);
420 free(to);
436 // Check "memcpy". Use Ident() to avoid inlining.
444 // We do not treat memcpy with to==from as a bug.
497 // Invalid pointer to the string.
505 // Sometimes we need to detect overflow if no digits are found.
538 // Invalid pointer to the string.
545 // Add terminating zero to get rid of overflow.
548 // Sometimes we need to detect overflow if no digits are found.
