diff --git a/src/checkbufferoverrun.cpp b/src/checkbufferoverrun.cpp index 5991c2a3c..8d497af42 100644 --- a/src/checkbufferoverrun.cpp +++ b/src/checkbufferoverrun.cpp @@ -307,6 +307,11 @@ void CheckBufferOverrunClass::CheckBufferOverrun_CheckScope(const Token *tok, co _errorLogger->outOfBounds(_tokenizer, tok->tokAt(4), "snprintf size"); } + // cin.. + if (varid > 0 && Token::Match(tok, "cin >> %varid% ;", varid)) + { + _errorLogger->bufferOverrun(_tokenizer, tok); + } // Function call.. // It's not interesting to check what happens when the whole struct is diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index c0fee848c..106ba3e7a 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -95,6 +95,8 @@ private: TEST_CASE(strncat1); TEST_CASE(strncat2); + TEST_CASE(cin1); + TEST_CASE(varid1); TEST_CASE(varid2); @@ -492,6 +494,17 @@ private: + void cin1() + { + check("void f()\n" + "{\n" + " char str[10];\n" + " cin >> str;\n" + "}\n"); + ASSERT_EQUALS(std::string("[test.cpp:4]: (all) Buffer overrun\n"), errout.str()); + } + + void varid1() {