Bug Summary

File:example3.c
Warning:line 14, column 3
Call to function 'gets' is extremely insecure as it can always result in a buffer overflow

Annotated Source Code

Press '?' to see keyboard shortcuts

clang -cc1 -triple x86_64-unknown-linux-gnu -analyze -disable-free -disable-llvm-verifier -discard-value-names -main-file-name example3.c -analyzer-store=region -analyzer-opt-analyze-nested-blocks -analyzer-checker=core -analyzer-checker=apiModeling -analyzer-checker=unix -analyzer-checker=deadcode -analyzer-checker=security.insecureAPI.UncheckedReturn -analyzer-checker=security.insecureAPI.getpw -analyzer-checker=security.insecureAPI.gets -analyzer-checker=security.insecureAPI.mktemp -analyzer-checker=security.insecureAPI.mkstemp -analyzer-checker=security.insecureAPI.vfork -analyzer-checker=nullability.NullPassedToNonnull -analyzer-checker=nullability.NullReturnedFromNonnull -analyzer-output plist -w -mrelocation-model static -mthread-model posix -mdisable-fp-elim -fmath-errno -masm-verbose -mconstructor-aliases -munwind-tables -fuse-init-array -target-cpu x86-64 -dwarf-column-info -debugger-tuning=gdb -resource-dir /opt/qses/clang9/lib/clang/9.0.0 -internal-isystem /usr/local/include -internal-isystem /opt/qses/clang9/lib/clang/9.0.0/include -internal-externc-isystem /usr/include/x86_64-linux-gnu -internal-externc-isystem /include -internal-externc-isystem /usr/include -Wno-deprecated-declarations -std=c99 -fdebug-compilation-dir /home/qsesdcc_gmail_com/lab4code -ferror-limit 19 -fmessage-length 0 -fobjc-runtime=gcc -fdiagnostics-show-option -analyzer-checker security -analyzer-checker security.insecureAPI.gets -analyzer-output=html -faddrsig -o /home/qsesdcc_gmail_com/lab4code/static_analysis/2019-11-07-110128-1986-1 -x c example3.c
1
2#include <stdio.h>
3#include <string.h>
4#include <stdlib.h>
5
6#define SECRET"open sesame" "open sesame"
7
8int main(int argc, char** argv) {
9 int you_may_enter;
10 char answer[16+1] = "";
11 --argc; ++argv;
12 printf("Hello stranger, what is the passphrase?\n" );
13 you_may_enter=0;
14 gets(answer);
Call to function 'gets' is extremely insecure as it can always result in a buffer overflow
15 if (strcmp(answer, SECRET"open sesame") == 0) {
16 you_may_enter = 1;
17 }
18
19 if (you_may_enter != 0) {
20 printf("You may enter! Answer matches the passphrase: '%s' vs '%s'\n", answer, SECRET"open sesame");
21 }
22 else {
23 printf("Sorry stranger, you may not enter!\n");
24 }
25 return 0;
26}
27
28