up

2025-12-01 21:16:22 +02:00
parent c11d87d252
commit 909d9b6220
208 changed files with 860954 additions and 832 deletions
--- a/bench/reachability-benchmark/cases/c/memcpy-overflow/src/main.c
+++ b/bench/reachability-benchmark/cases/c/memcpy-overflow/src/main.c
@@ -0,0 +1,38 @@
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+
+static int process(size_t len)
+{
+    char src[512];
+    char dst[128];
+    memset(src, 'A', sizeof(src));
+    memset(dst, 0, sizeof(dst));
+
+    // Attacker-controlled length; no bounds check.
+    memcpy(dst, src, len);
+
+    // Return first byte to keep optimizer from removing the copy.
+    return dst[0];
+}
+
+int main(int argc, char **argv)
+{
+    if (argc < 2)
+    {
+        fprintf(stderr, "usage: %s <len>\n", argv[0]);
+        return 1;
+    }
+
+    char *end = NULL;
+    long len = strtol(argv[1], &end, 10);
+    if (end == argv[1] || len < 0)
+    {
+        fprintf(stderr, "invalid length\n");
+        return 1;
+    }
+
+    int r = process((size_t)len);
+    printf("result=%d\n", r);
+    return 0;
+}