cppcheck/lib/checkbufferoverrun.h

174 lines
7.0 KiB
C
Raw Normal View History

/*
* Cppcheck - A tool for static C/C++ code analysis
2023-01-28 10:16:34 +01:00
* Copyright (C) 2007-2023 Cppcheck team.
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
//---------------------------------------------------------------------------
#ifndef checkbufferoverrunH
#define checkbufferoverrunH
//---------------------------------------------------------------------------
2009-03-20 17:35:53 +01:00
#include "check.h"
2017-05-27 04:33:47 +02:00
#include "config.h"
2019-03-23 08:36:10 +01:00
#include "ctu.h"
#include "errortypes.h"
#include "mathlib.h"
#include "symboldatabase.h"
#include "tokenize.h"
#include "vfvalue.h"
#include <list>
2017-05-27 04:33:47 +02:00
#include <map>
#include <string>
2017-05-27 04:33:47 +02:00
#include <vector>
namespace tinyxml2 {
2020-04-13 13:48:05 +02:00
class XMLElement;
}
class ErrorLogger;
class Settings;
class Token;
/// @addtogroup Checks
/// @{
/**
* @brief buffer overruns and array index out of bounds
*
* Buffer overrun and array index out of bounds are pretty much the same.
* But I generally use 'array index' if the code contains []. And the given
* index is out of bounds.
* I generally use 'buffer overrun' if you for example call a strcpy or
* other function and pass a buffer and reads or writes too much data.
*/
class CPPCHECKLIB CheckBufferOverrun : public Check {
public:
/** This constructor is used when registering the CheckClass */
2021-08-07 20:51:18 +02:00
CheckBufferOverrun() : Check(myName()) {}
2009-03-20 17:35:53 +01:00
private:
2010-03-17 22:16:18 +01:00
/** This constructor is used when running checks. */
2009-07-13 16:00:15 +02:00
CheckBufferOverrun(const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
2021-08-07 20:51:18 +02:00
: Check(myName(), tokenizer, settings, errorLogger) {}
2009-03-20 17:35:53 +01:00
void runChecks(const Tokenizer &tokenizer, ErrorLogger *errorLogger) override {
CheckBufferOverrun checkBufferOverrun(&tokenizer, tokenizer.getSettings(), errorLogger);
checkBufferOverrun.arrayIndex();
checkBufferOverrun.pointerArithmetic();
checkBufferOverrun.bufferOverflow();
checkBufferOverrun.arrayIndexThenCheck();
checkBufferOverrun.stringNotZeroTerminated();
checkBufferOverrun.objectIndex();
checkBufferOverrun.argumentSize();
checkBufferOverrun.negativeArraySize();
2009-03-20 17:35:53 +01:00
}
void getErrorMessages(ErrorLogger *errorLogger, const Settings *settings) const override {
CheckBufferOverrun c(nullptr, settings, errorLogger);
c.arrayIndexError(nullptr, std::vector<Dimension>(), std::vector<ValueFlow::Value>());
c.pointerArithmeticError(nullptr, nullptr, nullptr);
c.negativeIndexError(nullptr, std::vector<Dimension>(), std::vector<ValueFlow::Value>());
c.arrayIndexThenCheckError(nullptr, "i");
c.bufferOverflowError(nullptr, nullptr, Certainty::normal);
c.objectIndexError(nullptr, nullptr, true);
2021-08-29 15:38:58 +02:00
c.argumentSizeError(nullptr, "function", 1, "buffer", nullptr, nullptr);
c.negativeMemoryAllocationSizeError(nullptr, nullptr);
c.negativeArraySizeError(nullptr);
}
2019-03-23 08:36:10 +01:00
/** @brief Parse current TU and extract file info */
Check::FileInfo *getFileInfo(const Tokenizer *tokenizer, const Settings *settings) const override;
2019-03-23 08:36:10 +01:00
/** @brief Analyse all file infos for all TU */
bool analyseWholeProgram(const CTU::FileInfo *ctu, const std::list<Check::FileInfo*> &fileInfo, const Settings& settings, ErrorLogger &errorLogger) override;
2019-03-23 08:36:10 +01:00
void arrayIndex();
void arrayIndexError(const Token* tok,
const std::vector<Dimension>& dimensions,
const std::vector<ValueFlow::Value>& indexes);
void negativeIndexError(const Token* tok,
const std::vector<Dimension>& dimensions,
const std::vector<ValueFlow::Value>& indexes);
void pointerArithmetic();
void pointerArithmeticError(const Token *tok, const Token *indexToken, const ValueFlow::Value *indexValue);
void bufferOverflow();
void bufferOverflowError(const Token *tok, const ValueFlow::Value *value, Certainty certainty);
void arrayIndexThenCheck();
void arrayIndexThenCheckError(const Token *tok, const std::string &indexName);
void stringNotZeroTerminated();
void terminateStrncpyError(const Token *tok, const std::string &varname);
void argumentSize();
2021-08-29 15:38:58 +02:00
void argumentSizeError(const Token *tok, const std::string &functionName, nonneg int paramIndex, const std::string &paramExpression, const Variable *paramVar, const Variable *functionArg);
void negativeArraySize();
void negativeArraySizeError(const Token* tok);
void negativeMemoryAllocationSizeError(const Token* tok, const ValueFlow::Value* value); // provide a negative value to memory allocation function
void objectIndex();
void objectIndexError(const Token *tok, const ValueFlow::Value *v, bool known);
ValueFlow::Value getBufferSize(const Token *bufTok) const;
2019-03-23 08:36:10 +01:00
// CTU
/** data for multifile checking */
class MyFileInfo : public Check::FileInfo {
public:
/** unsafe array index usage */
std::list<CTU::FileInfo::UnsafeUsage> unsafeArrayIndex;
2023-06-14 12:30:45 +02:00
/** unsafe pointer arithmetic */
std::list<CTU::FileInfo::UnsafeUsage> unsafePointerArith;
2019-03-23 08:36:10 +01:00
/** Convert MyFileInfo data into xml string */
std::string toString() const override;
2019-03-23 08:36:10 +01:00
};
2019-06-15 13:01:45 +02:00
static bool isCtuUnsafeBufferUsage(const Check *check, const Token *argtok, MathLib::bigint *offset, int type);
static bool isCtuUnsafeArrayIndex(const Check *check, const Token *argtok, MathLib::bigint *offset);
static bool isCtuUnsafePointerArith(const Check *check, const Token *argtok, MathLib::bigint *offset);
2019-03-23 08:36:10 +01:00
Check::FileInfo * loadFileInfoFromXml(const tinyxml2::XMLElement *xmlElement) const override;
static bool analyseWholeProgram1(const std::map<std::string, std::list<const CTU::FileInfo::CallBase *>> &callsMap, const CTU::FileInfo::UnsafeUsage &unsafeUsage, int type, ErrorLogger &errorLogger);
2019-03-23 08:36:10 +01:00
2014-11-20 14:20:09 +01:00
static std::string myName() {
2009-06-12 15:20:08 +02:00
return "Bounds checking";
}
std::string classInfo() const override {
return "Out of bounds checking:\n"
"- Array index out of bounds\n"
"- Pointer arithmetic overflow\n"
"- Buffer overflow\n"
"- Dangerous usage of strncat()\n"
"- Using array index before checking it\n"
"- Partial string write that leads to buffer that is not zero terminated.\n"
"- Check for large enough arrays being passed to functions\n"
"- Allocating memory with a negative size\n";
}
};
/// @}
//---------------------------------------------------------------------------
#endif // checkbufferoverrunH