cppcheck/test/testbufferoverrun.cpp

1057 lines
28 KiB
C++
Raw Normal View History

2008-12-18 22:28:57 +01:00
/*
* Cppcheck - A tool for static C/C++ code analysis
* Copyright (C) 2007-2009 Daniel Marjamäki and Cppcheck team.
2008-12-18 22:28:57 +01:00
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
2008-12-18 22:28:57 +01:00
*/
#include "../src/tokenize.h"
#include "../src/checkbufferoverrun.h"
2008-12-18 22:28:57 +01:00
#include "testsuite.h"
#include <sstream>
extern std::ostringstream errout;
class TestBufferOverrun : public TestFixture
{
public:
TestBufferOverrun() : TestFixture("TestBufferOverrun")
{ }
private:
void check(const char code[])
2008-12-18 22:28:57 +01:00
{
// Tokenize..
Tokenizer tokenizer;
std::istringstream istr(code);
tokenizer.tokenize(istr, "test.cpp");
2008-12-18 22:28:57 +01:00
// Assign variable ids
tokenizer.setVarId();
2009-02-02 18:27:34 +01:00
tokenizer.simplifyTokenList();
2008-12-18 22:28:57 +01:00
// Fill function list
tokenizer.fillFunctionList();
// Clear the error buffer..
errout.str("");
// Check for buffer overruns..
Settings settings;
settings._showAll = true;
2009-07-13 16:00:15 +02:00
CheckBufferOverrun checkBufferOverrun(&tokenizer, &settings, this);
checkBufferOverrun.bufferOverrun();
2008-12-18 22:28:57 +01:00
}
void run()
{
TEST_CASE(noerr1);
TEST_CASE(noerr2);
TEST_CASE(noerr3);
TEST_CASE(noerr4);
2009-01-28 06:31:26 +01:00
TEST_CASE(sizeof1);
TEST_CASE(sizeof2);
TEST_CASE(sizeof3);
TEST_CASE(array_index_1);
TEST_CASE(array_index_2);
TEST_CASE(array_index_3);
TEST_CASE(array_index_4);
TEST_CASE(array_index_5);
TEST_CASE(array_index_6);
TEST_CASE(array_index_7);
TEST_CASE(array_index_8);
TEST_CASE(array_index_9);
TEST_CASE(array_index_10);
TEST_CASE(array_index_11);
TEST_CASE(array_index_12);
TEST_CASE(array_index_13);
TEST_CASE(array_index_14);
TEST_CASE(array_index_15);
TEST_CASE(array_index_16);
TEST_CASE(array_index_17);
TEST_CASE(array_index_18);
TEST_CASE(buffer_overrun_1);
TEST_CASE(buffer_overrun_2);
TEST_CASE(buffer_overrun_3);
TEST_CASE(buffer_overrun_4);
TEST_CASE(buffer_overrun_5);
TEST_CASE(buffer_overrun_6);
TEST_CASE(buffer_overrun_7);
TEST_CASE(buffer_overrun_8);
TEST_CASE(buffer_overrun_9);
TEST_CASE(buffer_overrun_10);
TEST_CASE(buffer_overrun_11);
TEST_CASE(sprintf1);
TEST_CASE(sprintf2);
TEST_CASE(sprintf3);
TEST_CASE(sprintf4);
TEST_CASE(sprintf5);
TEST_CASE(sprintf6);
TEST_CASE(snprintf1);
2009-01-24 19:55:07 +01:00
TEST_CASE(snprintf2);
TEST_CASE(snprintf3);
2009-03-24 18:43:39 +01:00
TEST_CASE(snprintf4);
TEST_CASE(strncat1);
TEST_CASE(strncat2);
TEST_CASE(cin1);
TEST_CASE(varid1);
TEST_CASE(varid2);
TEST_CASE(assign1);
TEST_CASE(alloc); // Buffer allocated with new
TEST_CASE(memset1);
TEST_CASE(counter_test);
TEST_CASE(strncpy1);
2008-12-18 22:28:57 +01:00
}
void noerr1()
{
check("void f()\n"
"{\n"
" if (ab)\n"
" {\n"
" char str[50];\n"
" }\n"
" if (ab)\n"
" {\n"
" char str[50];\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2008-12-18 22:28:57 +01:00
}
void noerr2()
{
check("void f1(char *str)\n"
"{\n"
" strcpy(buf,str);\n"
"}\n"
"void f2(char *str)\n"
"{\n"
" strcat(buf,str);\n"
"}\n"
"void f3(char *str)\n"
"{\n"
" sprintf(buf,\"%s\",str);\n"
"}\n"
"void f4(const char str[])\n"
"{\n"
" strcpy(buf, str);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2008-12-18 22:28:57 +01:00
}
void noerr3()
{
check("static void f()\n"
"{\n"
" char data[1];\n"
" return abc.data[1];\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2008-12-18 22:28:57 +01:00
}
void noerr4()
{
// The memory isn't read or written and therefore there is no error.
check("static void f()\n"
"{\n"
" char data[100];\n"
" const char *p = &data[100];\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2008-12-18 22:28:57 +01:00
}
2009-01-28 06:31:26 +01:00
void sizeof1()
{
check("static void f()\n"
"{\n"
" char data[10];\n"
" data[ sizeof(*data) ] = 0;\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2009-01-28 06:31:26 +01:00
}
void sizeof2()
{
check("static void f()\n"
"{\n"
" char data[10];\n"
" data[ sizeof(data[0]) ] = 0;\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("static void f()\n"
"{\n"
" int data[2];\n"
" data[ sizeof(data[0]) ] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Array index out of bounds\n", errout.str());
}
void sizeof3()
{
check("void f()\n"
"{\n"
" char group[32];\n"
" snprintf(group, sizeof(group), \"%u\", 0);\n"
" struct group *gr;\n"
" snprintf(group, sizeof(group), \"%u\", gr->gr_gid);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
2009-01-28 06:31:26 +01:00
2008-12-18 22:28:57 +01:00
void array_index_1()
{
check("void f()\n"
"{\n"
" char str[0x10];\n"
" str[15] = 0;\n"
" str[16] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_2()
{
check("void f()\n"
"{\n"
" char *str = new char[0x10];\n"
" str[15] = 0;\n"
" str[16] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_3()
{
{
check("void f()\n"
"{\n"
" int val[50];\n"
" int i;\n"
" for (i = 0; i < 100; i++)\n"
" sum += val[i];\n"
"}\n");
ASSERT_EQUALS("[test.cpp:6]: (possible error) Buffer overrun\n", errout.str());
}
{
check("void f()\n"
"{\n"
" int val[50];\n"
" int i;\n"
" for (i = 1; i < 100; i++)\n"
" sum += val[i];\n"
"}\n");
ASSERT_EQUALS("[test.cpp:6]: (possible error) Buffer overrun\n", errout.str());
}
{
check("void f(int a)\n"
"{\n"
" int val[50];\n"
" int i;\n"
" for (i = a; i < 100; i++)\n"
" sum += val[i];\n"
"}\n");
ASSERT_EQUALS("[test.cpp:6]: (possible error) Buffer overrun\n", errout.str());
}
2008-12-18 22:28:57 +01:00
}
void array_index_4()
{
check("const int SIZE = 10;\n"
"void f()\n"
"{\n"
" int i[SIZE];\n"
" i[SIZE] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_5()
{
check("void f()\n"
"{\n"
" int i[10];\n"
" i[ sizeof(i) - 1 ] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_6()
{
check("struct ABC\n"
"{\n"
" char str[10];\n"
"};\n"
"\n"
"static void f()\n"
"{\n"
" struct ABC abc;\n"
" abc.str[10] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:9]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_7()
{
check("struct ABC\n"
"{\n"
" char str[10];\n"
"};\n"
"\n"
"static void f(ABC *abc)\n"
"{\n"
" abc->str[10] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:8]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_8()
{
check("const int SIZE = 10;\n"
"\n"
"struct ABC\n"
"{\n"
" char str[SIZE];\n"
"};\n"
"\n"
"static void f()\n"
"{\n"
" struct ABC abc;\n"
" abc.str[SIZE] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:11]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_9()
{
check("static void memclr( char *data )\n"
"{\n"
" data[10] = 0;\n"
"}\n"
"\n"
"static void f()\n"
"{\n"
" char str[5];\n"
" memclr( str ); // ERROR\n"
"}\n");
ASSERT_EQUALS("[test.cpp:9] -> [test.cpp:3]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_10()
{
check("struct ABC\n"
"{\n"
" char str[10];\n"
"};\n"
"\n"
"static void memclr( char *data )\n"
"{\n"
" data[10] = 0;\n"
"}\n"
"\n"
"static void f(ABC *abc)\n"
"{\n"
" memclr(abc->str);\n"
"}\n");
ASSERT_EQUALS("[test.cpp:13] -> [test.cpp:8]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_11()
{
check("class ABC\n"
"{\n"
"public:\n"
" ABC();\n"
" char *str[10];\n"
" struct ABC *next;"
"};\n"
"\n"
"static void f()\n"
"{\n"
" for ( ABC *abc = abc1; abc; abc = abc->next() )\n"
" {\n"
" abc->str[10] = 0;\n"
" }\n"
"}\n");
ASSERT_EQUALS("[test.cpp:12]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_12()
{
check("class Fred\n"
"{\n"
"private:\n"
" char str[10];\n"
"public:\n"
" Fred();\n"
"};\n"
"Fred::Fred()\n"
"{\n"
" str[10] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:10]: (possible error) Array index out of bounds\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void array_index_13()
{
check("void f()\n"
"{\n"
" char buf[10];\n"
" for (int i = 0; i < 100; i++)\n"
" {\n"
" if (i < 10)\n"
" int x = buf[i];\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void array_index_14()
{
check("void f()\n"
"{\n"
" int a[10];\n"
" for (int i = 0; i < 10; i++)\n"
" a[i+10] = i;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
}
void array_index_15()
{
check("void f()\n"
"{\n"
" int a[10];\n"
" for (int i = 0; i < 10; i++)\n"
" a[10+i] = i;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
}
void array_index_16()
{
check("void f()\n"
"{\n"
" int a[10];\n"
" for (int i = 0; i < 10; i++)\n"
" a[i+1] = i;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
}
void array_index_17()
{
check("void f()\n"
"{\n"
" int a[10];\n"
" for (int i = 0; i < 10; i++)\n"
" a[i*2] = i;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
check("void f()\n"
"{\n"
" int a[12];\n"
" for (int i = 0; i < 12; i+=6)\n"
" a[i+5] = i;\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" int a[12];\n"
" for (int i = 0; i < 12; i+=6)\n"
" a[i+6] = i;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
}
void array_index_18()
{
check("void f()\n"
"{\n"
" int a[5];\n"
" for (int i = 0; i < 6; i++)\n"
" {\n"
" a[i] = i;\n"
" i+=1;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" int a[5];\n"
" for (int i = 0; i < 6; i++)\n"
" {\n"
" a[i] = i;\n"
" i++;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" int a[5];\n"
" for (int i = 0; i < 6; i++)\n"
" {\n"
" a[i] = i;\n"
" ++i;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" int a[5];\n"
" for (int i = 0; i < 6; i++)\n"
" {\n"
" a[i] = i;\n"
" i=4;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" int a[6];\n"
" for (int i = 0; i < 7; i++)\n"
" {\n"
" a[i] = i;\n"
" i+=1;\n"
" }\n"
"}\n");
TODO_ASSERT_EQUALS("[test.cpp:6]: (possible error) Buffer overrun\n", errout.str());
}
2008-12-18 22:28:57 +01:00
void buffer_overrun_1()
{
check("void f()\n"
"{\n"
" char str[3];\n"
" strcpy(str, \"abc\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void buffer_overrun_2()
{
check("struct ABC\n"
"{\n"
" char str[5];\n"
"};\n"
"\n"
"static void f(ABC *abc)\n"
"{\n"
" strcpy( abc->str, \"abcdef\" );\n"
"}\n");
ASSERT_EQUALS("[test.cpp:8]: (possible error) Buffer overrun\n", errout.str());
2008-12-18 22:28:57 +01:00
}
void buffer_overrun_3()
{
check("int a[10];\n"
"\n"
"void foo()\n"
"{\n"
" int i;\n"
" for (i = 0; i <= 10; ++i)\n"
" a[i] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:7]: (possible error) Buffer overrun\n", errout.str());
}
void buffer_overrun_4()
{
check("void foo()\n"
"{\n"
" const char *p[2];\n"
" for (int i = 0; i < 8; ++i)\n"
" p[i] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Buffer overrun\n", errout.str());
// No false positive
check("void foo(int x, int y)\n"
"{\n"
" const char *p[2];\n"
" x = y * p[1];\n"
" p[1] = 0;\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_5()
{
check("void f()\n"
"{\n"
" char n[5];\n"
" sprintf(n, \"d\");\n"
" printf(\"hello!\");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_6()
{
check("void f()\n"
"{\n"
" char n[5];\n"
" strcat(n, \"abc\");\n"
" strcat(n, \"def\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Buffer overrun\n", errout.str());
check("void f()\n"
"{\n"
" char n[5];\n"
" strcat(strcat(n, \"abc\"), \"def\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
}
void buffer_overrun_7()
{
// ticket #731
check("void f()\n"
"{\n"
" char a[2];\n"
" strcpy(a, \"a\\0\");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_8()
{
// ticket #714
check("void f()\n"
"{\n"
" char a[5];\n"
" for (int i = 0; i < 20; i+= 100)\n"
" {\n"
" a[i] = 0;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" char a[5];\n"
" for (int i = 0; i < 20; i = i + 100)\n"
" {\n"
" a[i] = 0;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" char a[5];\n"
" for (int i = 0; i < 20; i = 100 + i)\n"
" {\n"
" a[i] = 0;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_9()
{
// ticket #738
check("void f()\n"
"{\n"
" char a[5];\n"
" for (int i = 0; i < 20; )\n"
" {\n"
" a[i] = 0;\n"
" i += 100;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_10()
{
// ticket #740
check("void f()\n"
"{\n"
" char a[4];\n"
" for (int i = 0; i < 4; i++)\n"
" {\n"
" char b = a[i];\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_11()
{
check("void f()\n"
"{\n"
" char a[4];\n"
" for (float i=0; i<10.0;i+=0.1)\n"
" {\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" char a[4];\n"
" for (float i=0; i<10.0;i=i+0.1)\n"
" {\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" char a[4];\n"
" for (float i=0; i<10.0;i=0.1+i)\n"
" {\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void sprintf1()
{
check("void f()\n"
"{\n"
" char str[3];\n"
" sprintf(str, \"%s\", \"abc\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
check("void f()\n"
"{\n"
" char * c = new char[10];\n"
" sprintf(c, \"%s\", \"/usr/LongLongLongLongUserName/bin/LongLongApplicationName\");\n"
" delete [] c;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
}
void sprintf2()
{
check("void f()\n"
"{\n"
" char str[5];\n"
" sprintf(str, \"%d: %s\", getnumber(), \"abcde\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
}
void sprintf3()
{
check("void f()\n"
"{\n"
" char str[3];\n"
" sprintf(str, \"test\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
check("void f()\n"
"{\n"
" char str[5];\n"
" sprintf(str, \"test%s\", "");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void sprintf4()
{
// ticket #690
check("void f()\n"
"{\n"
" char a[3];\n"
" sprintf(a, \"%02ld\", 99);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void sprintf5()
{
// ticket #729
check("void f(bool condition)\n"
"{\n"
" char buf[3];\n"
" sprintf(buf, \"%s\", condition ? \"11\" : \"22\");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void sprintf6()
{
check("void f(bool condition)\n"
"{\n"
" char buf[3];\n"
" sprintf(buf, \"%s\", condition ? \"11\" : \"222\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
}
void snprintf1()
{
check("void f()\n"
"{\n"
" char str[5];\n"
" snprintf(str, 10, \"%s\", \"abc\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (error) snprintf size is out of bounds\n", errout.str());
}
2009-01-24 19:55:07 +01:00
void snprintf2()
{
check("void f()\n"
"{\n"
" char str[5];\n"
" snprintf(str, 5, \"%s\", \"abc\");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2009-01-24 19:55:07 +01:00
}
void snprintf3()
{
check("void f()\n"
"{\n"
" char str[5];\n"
" snprintf(str, sizeof str, \"%s\", \"abc\");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2009-01-24 19:55:07 +01:00
}
2009-03-24 18:43:39 +01:00
void snprintf4()
{
check("void f(int x)\n"
"{\n"
" char str[5];\n"
" snprintf(str, 8 - x, \"abcdefghijkl\");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2009-03-24 18:43:39 +01:00
}
2008-12-18 22:28:57 +01:00
void strncat1()
{
check("void f()\n"
"{\n"
" char str[16];\n"
" strncpy(str, a, 10);\n"
" strncat(str, b, 10);\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Dangerous usage of strncat. Tip: the 3rd parameter means maximum number of characters to append\n", errout.str());
}
void strncat2()
{
check("void f()\n"
"{\n"
" char str[5];\n"
" strncat(str, a, 5);\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Dangerous usage of strncat. Tip: the 3rd parameter means maximum number of characters to append\n", errout.str());
}
void cin1()
{
check("void f()\n"
"{\n"
" char str[10];\n"
" cin >> str;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Dangerous usage of std::cin, possible buffer overrun\n", errout.str());
}
2008-12-18 22:28:57 +01:00
void varid1()
{
check("void foo()\n"
"{\n"
" char str[10];\n"
" if (str[0])\n"
" {\n"
" char str[50];\n"
" str[30] = 0;\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2008-12-18 22:28:57 +01:00
}
void varid2()
{
check("void foo()\n"
"{\n"
" char str[10];\n"
" if (str[0])\n"
" {\n"
" char str[50];\n"
" memset(str,0,50);\n"
" }\n"
"}\n");
ASSERT_EQUALS("", errout.str());
2008-12-18 22:28:57 +01:00
}
void assign1()
{
check("char str[3] = {'a', 'b', 'c'};\n"
"\n"
"void foo()\n"
"{\n"
" str[3] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Array index out of bounds\n", errout.str());
}
void alloc()
{
check("void foo()\n"
"{\n"
" char *s = new char[10];\n"
" s[10] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Array index out of bounds\n", errout.str());
check("void foo()\n"
"{\n"
" char *s = malloc(10);\n"
" s[10] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Array index out of bounds\n", errout.str());
}
void memset1()
{
check("void foo()\n"
"{\n"
" char s[10];\n"
" memset(s, 5, '*');\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) The size argument is given as a char constant\n", errout.str());
}
void counter_test()
{
ASSERT_EQUALS(6, CheckBufferOverrun::count("Hello"));
ASSERT_EQUALS(2, CheckBufferOverrun::count("s"));
ASSERT_EQUALS(2, CheckBufferOverrun::count("i"));
ASSERT_EQUALS(2, CheckBufferOverrun::count("%d"));
ASSERT_EQUALS(2, CheckBufferOverrun::count("%1d"));
ASSERT_EQUALS(3, CheckBufferOverrun::count("%2.2d"));
ASSERT_EQUALS(1, CheckBufferOverrun::count("%s"));
ASSERT_EQUALS(6, CheckBufferOverrun::count("%-5s"));
ASSERT_EQUALS(2, CheckBufferOverrun::count("\\\""));
2009-09-29 17:51:29 +02:00
TODO_ASSERT_EQUALS(6, CheckBufferOverrun::count("Hello\\0Text"));
TODO_ASSERT_EQUALS(2, CheckBufferOverrun::count("%%"));
}
void strncpy1()
{
check("void f()\n"
"{\n"
" char a[6];\n"
" char c[7];\n"
" strcpy(a,\"hello\");\n"
" strncpy(c,a,sizeof(c));\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" char a[6];\n"
" char c[6];\n"
" strcpy(a,\"hello\");\n"
" strncpy(c,a,sizeof(c));\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" char a[6];\n"
" char c[5];\n"
" strcpy(a,\"hello\");\n"
" strncpy(c,a,sizeof(c)+1);\n"
"}\n");
ASSERT_EQUALS("[test.cpp:6]: (possible error) Buffer overrun\n", errout.str());
check("void f()\n"
"{\n"
" char c[6];\n"
" strncpy(c,\"hello!\",sizeof(c));\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("void f()\n"
"{\n"
" char c[6];\n"
" strncpy(c,\"hello!\",sizeof(c)+1);\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
}
2008-12-18 22:28:57 +01:00
};
REGISTER_TEST(TestBufferOverrun)
2008-12-18 22:28:57 +01:00