From bef9f39d033ea5c9600f39af7cfd213e01aab4c1 Mon Sep 17 00:00:00 2001
From: Alastair Reid <adreid@google.com>
Date: Mon, 2 Nov 2020 16:47:51 +0000
Subject: fix: bcmp with n==0

This was executing the loop when n==0 leading to an out of bound pointer
error.

Found while verifying Rust code that compares strings.
---
 test/Runtime/klee-libc/bcmp.c | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)
 create mode 100644 test/Runtime/klee-libc/bcmp.c

(limited to 'test/Runtime/klee-libc/bcmp.c')

diff --git a/test/Runtime/klee-libc/bcmp.c b/test/Runtime/klee-libc/bcmp.c
new file mode 100644
index 00000000..d0f5d7e5
--- /dev/null
+++ b/test/Runtime/klee-libc/bcmp.c
@@ -0,0 +1,21 @@
+// RUN: %clang %s -emit-llvm %O0opt -c -o %t1.bc
+// RUN: rm -rf %t.klee-out
+// RUN: %klee --output-dir=%t.klee-out --exit-on-error --libc=klee %t1.bc
+
+// test bcmp for sizes including zero
+
+#include <assert.h>
+#include <stdlib.h>
+#include <strings.h>
+
+int main() {
+  for (int i = 0; i < 5; ++i) {
+    void *s = malloc(i);
+    if (s) {
+      klee_make_symbolic(s, i, "s");
+      assert(0 == bcmp(s, s, i));
+      free(s);
+    }
+  }
+  return 0;
+}
-- 
cgit 1.4.1