diff --git a/Compte_rendu_Yassine_Ettayeb.docx b/Compte_rendu_Yassine_Ettayeb.docx
new file mode 100644
index 0000000000000000000000000000000000000000..6164e6ac2a046ae479cc8e50237d942a45441d99
Binary files /dev/null and b/Compte_rendu_Yassine_Ettayeb.docx differ
diff --git a/config/cert_exp_33_realloc.c b/config/cert_exp_33_realloc.c
index 4933f33d3dd936ac882ed51e558d06b3e84e4f63..67c4f7757a5d1d2cf65b0267bb179ad441048a5f 100644
--- a/config/cert_exp_33_realloc.c
+++ b/config/cert_exp_33_realloc.c
@@ -1,42 +1,45 @@
#include <stdlib.h>
#include <stdio.h>
-
-
+#include <string.h>
+
enum { OLD_SIZE = 10, NEW_SIZE = 20 };
-
-int *resize_array(int *array, size_t count) {
- if (0 == count) {
+
+int *resize_array(int *array, size_t old_count, size_t new_count) {
+ if (0 == new_count) {
return 0;
}
-
- int *ret = (int *)realloc(array, count * sizeof(int)); //@ split ret==0;
+
+ int *ret = (int *)realloc(array, new_count * sizeof(int));
if (!ret) {
free(array);
return 0;
}
-
+
+ if (new_count > old_count) {
+ memset(ret + old_count, 0, (new_count - old_count) * sizeof(int));
+ }
+
return ret;
}
-
+
void func(void) {
-
+
int *array = (int *)malloc(OLD_SIZE * sizeof(int));
if (0 == array) {
/* Handle error */
return;
}
-
+
for (size_t i = 0; i < OLD_SIZE; ++i) {
array[i] = i;
- Frama_C_show_each_init_array(array[i]);
}
-
- array = resize_array(array, NEW_SIZE);
+
+ array = resize_array(array, OLD_SIZE, NEW_SIZE);
if (0 == array) {
/* Handle error */
return;
}
-
+
for (size_t i = 0; i < NEW_SIZE; ++i) {
printf("%d ", array[i]);
}
diff --git a/config/cwe20.c b/config/cwe20.c
index 9a723653eb1eb7474248a502ab6c75b6e3b0d4e4..79b53e1a1da920f4d9c1b82f23ae32fd092ba203 100644
--- a/config/cwe20.c
+++ b/config/cwe20.c
@@ -1,5 +1,8 @@
#include <stdio.h>
#include <stdlib.h>
+#include <stddef.h>
+
+
void die(const char* s) {
printf("%s",s);
exit(2);
@@ -24,10 +27,28 @@ int main () {
if ( EOF == error ){
die("No integer passed: Die evil hacker!\n");
}
+
+ // Vérification des dimensions pour éviter des erreurs de mémoire
+ if (m <= 0 || n <= 0 || m > MAX_DIM || n > MAX_DIM) {
+ die("Invalid board size: Die evil hacker!\n");
+ }
if ( m > MAX_DIM || n > MAX_DIM ) {
die("Value too large: Die evil hacker!\n");
}
+
+ //@ split m;
+ //@ split n;
+
board = (board_square_t*) malloc( m * n * sizeof(board_square_t));
+
+ // Vérification si malloc a échoué
+ if (!board) {
+ return 2;
+ }
+
+ //@ split m;
+ //@ split n;
+
for (int i = 0; i < m; i++) {
for (int j = 0; j < n; j++) {
board[n*i+j] = 0;