Fixed #1026 (false positive: buffer access out of bounds)
This commit is contained in:
parent
7f15fea735
commit
0b09c36851
|
@ -456,7 +456,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
|||
(varid == 0 && Token::Match(tok, ("strcpy|strcat ( " + varnames + " , %str% )").c_str())))
|
||||
{
|
||||
size_t len = Token::getStrLength(tok->tokAt(varc + 4));
|
||||
if (len >= static_cast<size_t>(size))
|
||||
if (len >= static_cast<size_t>(total_size))
|
||||
{
|
||||
bufferOverrun(tok);
|
||||
continue;
|
||||
|
@ -469,7 +469,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
|||
MathLib::isInt(tok->strAt(6)))
|
||||
{
|
||||
size_t len = MathLib::toLongNumber(tok->strAt(6));
|
||||
if (len > static_cast<size_t>(size))
|
||||
if (len > static_cast<size_t>(total_size))
|
||||
{
|
||||
bufferOverrun(tok);
|
||||
continue;
|
||||
|
@ -482,7 +482,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
|||
MathLib::isInt(tok->strAt(4)))
|
||||
{
|
||||
size_t len = MathLib::toLongNumber(tok->strAt(4));
|
||||
if (len > static_cast<size_t>(size))
|
||||
if (len > static_cast<size_t>(total_size))
|
||||
{
|
||||
bufferOverrun(tok);
|
||||
continue;
|
||||
|
@ -493,7 +493,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
|||
if (varid > 0 && Token::Match(tok, "strncat ( %varid% , %any% , %num% )", varid))
|
||||
{
|
||||
int n = std::atoi(tok->strAt(6));
|
||||
if (n >= (size - 1))
|
||||
if (n >= (total_size - 1))
|
||||
strncatUsage(tok);
|
||||
}
|
||||
|
||||
|
@ -502,7 +502,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
|||
if (varid > 0 && Token::Match(tok, "strncpy|strncat ( %varid% , %any% , %num% ) ; strncat ( %varid% , %any% , %num% )", varid))
|
||||
{
|
||||
int n = std::atoi(tok->strAt(6)) + std::atoi(tok->strAt(15));
|
||||
if (n > size)
|
||||
if (n > total_size)
|
||||
strncatUsage(tok->tokAt(9));
|
||||
}
|
||||
|
||||
|
@ -515,7 +515,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
|||
while (tok2 && Token::Match(tok2, "strcat ( %varid% , %str% ) ;", varid))
|
||||
{
|
||||
charactersAppend += Token::getStrLength(tok2->tokAt(4));
|
||||
if (charactersAppend >= static_cast<size_t>(size))
|
||||
if (charactersAppend >= static_cast<size_t>(total_size))
|
||||
{
|
||||
bufferOverrun(tok2);
|
||||
break;
|
||||
|
@ -527,14 +527,14 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
|||
// sprintf..
|
||||
if (varid > 0 && Token::Match(tok, "sprintf ( %varid% , %str% [,)]", varid))
|
||||
{
|
||||
checkSprintfCall(tok, size);
|
||||
checkSprintfCall(tok, total_size);
|
||||
}
|
||||
|
||||
// snprintf..
|
||||
if (varid > 0 && Token::Match(tok, "snprintf ( %varid% , %num% ,", varid))
|
||||
{
|
||||
int n = std::atoi(tok->strAt(4));
|
||||
if (n > size)
|
||||
if (n > total_size)
|
||||
outOfBounds(tok->tokAt(4), "snprintf size");
|
||||
}
|
||||
|
||||
|
|
|
@ -831,6 +831,13 @@ private:
|
|||
"}\n");
|
||||
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str());
|
||||
|
||||
check("void f()\n"
|
||||
"{\n"
|
||||
" long bb[2];\n"
|
||||
" write(stdin, bb, sizeof(bb));\n"
|
||||
"}\n");
|
||||
ASSERT_EQUALS("", errout.str());
|
||||
|
||||
check("void f()\n"
|
||||
"{\n"
|
||||
" char str[3];\n"
|
||||
|
|
Loading…
Reference in New Issue