walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

CheckBufferOverrun: Fix false positive

This commit is contained in:
Daniel Marjamäki 2019-03-19 21:06:37 +01:00
parent 9b6b94336c
commit 031362ae01
2 changed files with 11 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/checkbufferoverrun.cpp
View File

@ -421,6 +421,8 @@ ValueFlow::Value CheckBufferOverrun::getBufferSize(const Token *bufTok) const
if (var->isPointerArray()) if (var->isPointerArray())
v.intvalue = dim * mSettings->sizeof_pointer; v.intvalue = dim * mSettings->sizeof_pointer;
else if (var->isPointer())
return ValueFlow::Value(-1);
else { else {
const MathLib::bigint typeSize = bufTok->valueType()->typeSize(*mSettings); const MathLib::bigint typeSize = bufTok->valueType()->typeSize(*mSettings);
v.intvalue = dim * typeSize; v.intvalue = dim * typeSize;

11
test/testbufferoverrun.cpp
View File

@ -172,6 +172,7 @@ private:
TEST_CASE(buffer_overrun_27); // #4444 (segmentation fault) TEST_CASE(buffer_overrun_27); // #4444 (segmentation fault)
TEST_CASE(buffer_overrun_29); // #7083: false positive: typedef and initialization with strings TEST_CASE(buffer_overrun_29); // #7083: false positive: typedef and initialization with strings
TEST_CASE(buffer_overrun_30); // #6367 TEST_CASE(buffer_overrun_30); // #6367
TEST_CASE(buffer_overrun_31);
TEST_CASE(buffer_overrun_errorpath); TEST_CASE(buffer_overrun_errorpath);
// TODO CTU TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch // TODO CTU TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch
// TODO TEST_CASE(buffer_overrun_function_array_argument); // TODO TEST_CASE(buffer_overrun_function_array_argument);
@ -2567,6 +2568,13 @@ private:
ASSERT_EQUALS("[test.cpp:3]: (error) Array 's->m[9]' accessed at index 36, which is out of bounds.\n", errout.str()); ASSERT_EQUALS("[test.cpp:3]: (error) Array 's->m[9]' accessed at index 36, which is out of bounds.\n", errout.str());
} }
void buffer_overrun_31() {
check("void f(WhereInfo *pWInfo, int *aiCur) {\n"
" memcpy(aiCur, pWInfo->aiCurOnePass, sizeof(int)*2);\n"
"}");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_errorpath() { void buffer_overrun_errorpath() {
setMultiline(); setMultiline();
settings0.templateLocation = "{file}:{line}:note:{info}"; settings0.templateLocation = "{file}:{line}:note:{info}";
@ -3603,8 +3611,7 @@ private:
"void bar(char *p) {\n" "void bar(char *p) {\n"
" strncpy(p, str, 100);\n" " strncpy(p, str, 100);\n"
"}\n", false); "}\n", false);
ASSERT_EQUALS("[test.cpp:4]: (warning, inconclusive) The buffer 'str' may not be null-terminated after the call to strncpy().\n" ASSERT_EQUALS("[test.cpp:4]: (warning, inconclusive) The buffer 'str' may not be null-terminated after the call to strncpy().\n", errout.str());
"[test.cpp:8]: (warning, inconclusive) The buffer 'p' may not be null-terminated after the call to strncpy().\n", errout.str());
} }
void terminateStrncpy4() { void terminateStrncpy4() {