buffer overrun: catch cases when using cin to read to a char array

This commit is contained in:
Daniel Marjamäki 2009-02-21 12:22:04 +00:00
parent 5269e38ae2
commit 08f76279ed
2 changed files with 18 additions and 0 deletions

View File

@ -307,6 +307,11 @@ void CheckBufferOverrunClass::CheckBufferOverrun_CheckScope(const Token *tok, co
_errorLogger->outOfBounds(_tokenizer, tok->tokAt(4), "snprintf size");
}
// cin..
if (varid > 0 && Token::Match(tok, "cin >> %varid% ;", varid))
{
_errorLogger->bufferOverrun(_tokenizer, tok);
}
// Function call..
// It's not interesting to check what happens when the whole struct is

View File

@ -95,6 +95,8 @@ private:
TEST_CASE(strncat1);
TEST_CASE(strncat2);
TEST_CASE(cin1);
TEST_CASE(varid1);
TEST_CASE(varid2);
@ -492,6 +494,17 @@ private:
void cin1()
{
check("void f()\n"
"{\n"
" char str[10];\n"
" cin >> str;\n"
"}\n");
ASSERT_EQUALS(std::string("[test.cpp:4]: (all) Buffer overrun\n"), errout.str());
}
void varid1()
{