#include <stdlib.h>
#include <string.h>

struct str {
  size_t len;
  char data[];
};

struct str *
test_const_size (void)
{
  struct str *str = malloc(sizeof(str) + 10);
  if (str) {
    str->len = 10;
    memset(str->data, 'x', 10);
    return str;
  }
  return NULL;
}

struct str *
test_const_size_oob_1 (void)
{
  /* Forgetting to add space for the trailing array.  */
  struct str *str = malloc(sizeof(str));
  if (str) {
    str->len = 10;
    memset(str->data, 'x', 10); /* { dg-warning "heap-based buffer overflow" "Wanalyzer-out-of-bounds" } */
    /* { dg-warning "'memset' writing 10 bytes into a region of size 0 overflows the destination" "Wstringop-overflow" { target *-*-* } .-1 } */
    return str;
  }
  return NULL;
}

struct str *
test_const_size_oob_2 (void)
{
  struct str *str = malloc(sizeof(str) + 10);
  if (str) {
    str->len = 10;
    /* Using the wrong size here.  */
    memset(str->data, 'x', 11); /* { dg-warning "heap-based buffer overflow" "Wanalyzer-out-of-bounds" } */
    /* { dg-warning "'memset' writing 11 bytes into a region of size 10 overflows the destination" "Wstringop-overflow" { target *-*-* } .-1 } */
    return str;
  }
  return NULL;
}

struct str *
test_symbolic_size (size_t len)
{
  struct str *str = malloc(sizeof(str) + len);
  if (str) {
    str->len = len;
    memset(str->data, 'x', len);
    return str;
  }
  return NULL;
}

struct str *
test_symbolic_size_oob (size_t len)
{
  /* Forgetting to add space for the trailing array.  */
  struct str *str = malloc(sizeof(str));
  if (str) {
    str->len = len;
    memset(str->data, 'x', len); /* { dg-warning "heap-based buffer overflow" "PR analyzer/98247" { xfail *-*-* } } */
    // TODO(xfail): we don't yet complain about this case, which occurs when len > 0
    return str;
  }
  return NULL;
}

struct str *
test_symbolic_size_with_terminator (size_t len)
{
  struct str *str = malloc(sizeof(str) + len + 1);
  if (str) {
    str->len = len;
    memset(str->data, 'x', len);
    str->data[len] = '\0';
    return str;
  }
  return NULL;
}

struct str *
test_symbolic_size_with_terminator_oob (size_t len)
{
  /* Forgetting to add 1 for the terminator.  */
  struct str *str = malloc(sizeof(str) + len);
  if (str) {
    str->len = len;
    memset(str->data, 'x', len);
    str->data[len] = '\0'; /* { dg-warning "heap-based buffer overflow" } */
    return str;
  }
  return NULL;
}