walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Buffer overrun: Added comments

This commit is contained in:
Daniel Marjamäki 2011-01-06 13:02:21 +01:00
parent f838f89d01
commit 04a117938d
1 changed files with 23 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
lib/checkbufferoverrun.cpp
View File

@ -198,8 +198,10 @@ private:
*/ */
static bool bailoutIfSwitch(const Token *tok, const unsigned int varid) static bool bailoutIfSwitch(const Token *tok, const unsigned int varid)
{ {
// Used later to check if the body belongs to a "if"
const std::string str1(tok->str()); const std::string str1(tok->str());
// Count { and }
unsigned int indentlevel = 0; unsigned int indentlevel = 0;
for (; tok; tok = tok->next()) for (; tok; tok = tok->next())
{ {
@ -441,6 +443,7 @@ void CheckBufferOverrun::parse_for_body(const Token *tok2, const ArrayInfo &arra
{ {
const std::string pattern((arrayInfo.varid ? std::string("%varid%") : arrayInfo.varname) + " [ " + strindex + " ]"); const std::string pattern((arrayInfo.varid ? std::string("%varid%") : arrayInfo.varname) + " [ " + strindex + " ]");
// count { and } for tok2
int indentlevel2 = 0; int indentlevel2 = 0;
for (; tok2; tok2 = tok2->next()) for (; tok2; tok2 = tok2->next())
{ {
@ -567,7 +570,12 @@ void CheckBufferOverrun::checkFunctionCall(const Token &tok, unsigned int par, c
if (arrayInfo.element_size == 0) if (arrayInfo.element_size == 0)
return; return;
// arg : the index of the "wanted" argument in the function call.
unsigned int arg = it->second; unsigned int arg = it->second;
// Parse function call. When a ',' is seen, arg is decremented.
// if arg becomes 1 then the current function parameter is the wanted parameter.
// if arg becomes 1000 then multiply current and next argument.
for (const Token *tok2 = tok.tokAt(2); tok2; tok2 = tok2->next()) for (const Token *tok2 = tok.tokAt(2); tok2; tok2 = tok2->next())
{ {
if (tok2->str() == "(") if (tok2->str() == "(")
@ -750,6 +758,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
// out of bounds then this flag will be set. // out of bounds then this flag will be set.
bool pointerIsOutOfBounds = false; bool pointerIsOutOfBounds = false;
// Count { and } for tok
int indentlevel = 0; int indentlevel = 0;
for (; tok; tok = tok->next()) for (; tok; tok = tok->next())
{ {
@ -949,6 +958,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
{ {
const MathLib::bigint total_size = arrayInfo.num[0] * arrayInfo.element_size; const MathLib::bigint total_size = arrayInfo.num[0] * arrayInfo.element_size;
// Count { and } for tok
unsigned int indentlevel = 0; unsigned int indentlevel = 0;
for (; tok; tok = tok->next()) for (; tok; tok = tok->next())
{ {
@ -1208,6 +1218,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
void CheckBufferOverrun::checkGlobalAndLocalVariable() void CheckBufferOverrun::checkGlobalAndLocalVariable()
{ {
// Count { and } when parsing all tokens
int indentlevel = 0; int indentlevel = 0;
for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
{ {
@ -1217,9 +1228,16 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
else if (tok->str() == "}") else if (tok->str() == "}")
--indentlevel; --indentlevel;
// size : Max array index
MathLib::bigint size = 0; MathLib::bigint size = 0;
// type : The type of a array element
std::string type; std::string type;
// varid : The variable id for the array
unsigned int varid = 0; unsigned int varid = 0;
// nextTok : number of tokens used in variable declaration - used to skip to next statement.
int nextTok = 0; int nextTok = 0;
// if the previous token exists, it must be either a variable name or "[;{}]" // if the previous token exists, it must be either a variable name or "[;{}]"
@ -1243,6 +1261,7 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
if (Token::Match(tok, "%type% *| %var% [ %var% ] [;=]")) if (Token::Match(tok, "%type% *| %var% [ %var% ] [;=]"))
{ {
// varpos : position for variable token
unsigned char varpos = 1; unsigned char varpos = 1;
if (tok->next()->str() == "*") if (tok->next()->str() == "*")
++varpos; ++varpos;
@ -1661,6 +1680,8 @@ void CheckBufferOverrun::checkSprintfCall(const Token *tok, const MathLib::bigin
// Parameter is more complex, than just a value or variable. Ignore it for now // Parameter is more complex, than just a value or variable. Ignore it for now
// and skip to next token. // and skip to next token.
parameters.push_back(0); parameters.push_back(0);
// count parantheses for tok3
int ind = 0; int ind = 0;
for (const Token *tok3 = tok2->next(); tok3; tok3 = tok3->next()) for (const Token *tok3 = tok2->next(); tok3; tok3 = tok3->next())
{ {
@ -1734,6 +1755,7 @@ void CheckBufferOverrun::checkBufferAllocatedWithStrlen()
else else
continue; continue;
// count { and } for tok
int indentlevel = 0; int indentlevel = 0;
for (; tok && tok->next(); tok = tok->next()) for (; tok && tok->next(); tok = tok->next())
{ {
@ -1958,6 +1980,7 @@ bool CheckBufferOverrun::ArrayInfo::declare(const Token *tok, const Tokenizer &t
tok->str() == "extern")) tok->str() == "extern"))
tok = tok->next(); tok = tok->next();
// ivar : number of type tokens
int ivar = 0; int ivar = 0;
if (Token::Match(tok, "%type% *| %var% [")) if (Token::Match(tok, "%type% *| %var% ["))
ivar = 1; ivar = 1;