1 #include <stdio.h> 2 #include <string.h> 3 4 #define ARRAY_SIZE(x) (sizeof(x)/sizeof((x)[0])) 5 6 long long a[] = {1, 2}; 7 8 int main(char *arg0) 9 { 10 short *s = a; 11 short *s2 = (&(a)); 12 char buf[4], buf2[4]; 13 int i; 14 15 printf("%d\n", s[1]); 16 printf("%d\n", s[2]); 17 printf("%d\n", s[3]); 18 printf("%d\n", s[4]); 19 printf("%d\n", s[5]); 20 printf("%d\n", s[6]); 21 printf("%d\n", s[7]); 22 printf("%d\n", s[8]); 23 printf("%d\n", s2[8]); 24 printf("%d\n", ((short *)a)[6]); 25 printf("%d\n", ((short *)a)[8]); 26 strcpy(buf, "1234"); 27 strcpy(buf2, arg0); 28 29 return 0; 30 } 31 /* 32 * check-name: smatch overflow check #4 33 * check-command: smatch --spammy sm_array_overflow4.c 34 * 35 * check-output-start 36 sm_array_overflow4.c:22 main() error: buffer overflow 's' 8 <= 8 37 sm_array_overflow4.c:23 main() error: buffer overflow 's2' 8 <= 8 38 sm_array_overflow4.c:25 main() error: buffer overflow 'a' 8 <= 8 39 sm_array_overflow4.c:26 main() error: strcpy() '"1234"' too large for 'buf' (5 vs 4) 40 sm_array_overflow4.c:27 main() warn: strcpy() 'arg0' of unknown size might be too large for 'buf2' 41 * check-output-end 42 */