regehr / itc-benchmarks Goto Github PK

For the last example,

void data_underflow_012 ()
{
int min = -2147483647;
int dlist[4] = {0, 1, -2, -1};
int ret;
ret = min - dlist[2]; /Tool should detect this line as error/ /ERROR:Data underflow/
}

min - (-2) = min + 2; it will not be an error

If I'm reading things correctly, https://github.com/regehr/itc-benchmarks/blob/master/01.w_Defects/free_null_pointer.c is a test that a verifier complains about a free of a NULL pointer.

However, it's legal to call free on a NULL pointer;
to quote "7.20.3.2 The free function" of http://www.open-std.org/JTC1/SC22/wg14/www/docs/n1124.pdf

If ptr is a null pointer, no action occurs

If so, are these tests requiring false positives? (or am I misunderstanding things?)

Hope this is constructive

Hi, first place, good work for making these test cases available! Thanks!

Autoconf is generating Makefiles with CFLAGS='-g -O2', and -O2 will optimized lots of parts of the code since most of it just exist to support the vulnerability.

For example: https://github.com/regehr/itc-benchmarks/blob/master/01.w_Defects/free_null_pointer.c#L452, should receive a SIGSEGV, since ptr is NULL and is being accessed. But it actually doesn't crash since -O2 is on, so GCC optimized out that line.

I'd recommend adding the following line to your README.md:
./configure CFLAGS='-g' CXXFLAGS='-g', will prevent from passing -O to GCC

in case someone wants to make binary analysis.