// gt-0004: Function pointer call to sink
// Expected: REACHABLE (tier: executed)
// Vulnerability: CWE-120 (Buffer Copy without Checking Size)

#include <stdio.h>
#include <string.h>

typedef void (*copy_func_t)(char *, const char *);

void copy_data(char *dest, const char *src) {
    // Vulnerable: strcpy without bounds check
    strcpy(dest, src);  // SINK: CWE-120
}

void safe_copy(char *dest, const char *src) {
    strncpy(dest, src, 31);
    dest[31] = '\0';
}

int main(int argc, char *argv[]) {
    char buffer[32];
    copy_func_t copier;
    
    // Function pointer assignment - harder for static analysis
    if (argc > 2 && argv[2][0] == 's') {
        copier = safe_copy;
    } else {
        copier = copy_data;  // Vulnerable path selected
    }
    
    if (argc > 1) {
        copier(buffer, argv[1]);  // Indirect call
        printf("Result: %s\n", buffer);
    }
    
    return 0;
}