Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression)

2015-06-07 14:01:20 +02:00 · 2015-06-07 14:01:20 +02:00 · 0ca410a4d7
parent c18461b173
commit 0ca410a4d7
2 changed files with 13 additions and 0 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -361,6 +361,10 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &ftok, unsigned int
        for (std::size_t i = 0; i < arrayInfo.num().size(); ++i)
            arraySize *= arrayInfo.num(i);

+        // dimension is 0 or unknown => bailout
+        if (arraySize == 0)
+            return;
+
        const Token *charSizeToken = nullptr;
        if (checkMinSizes(*minsizes, &ftok, (std::size_t)arraySize, &charSizeToken, _settings))
            bufferOverrunError(callstack, arrayInfo.varname());
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -3261,6 +3261,15 @@ private:
              "  mysprintf(x.a, \"aa\");\n"
              "}", settings);
        ASSERT_EQUALS("", errout.str());
+
+        check("struct Foo {\n" // #6668 - unknown size
+              "  char a[LEN];\n"
+              "  void f();\n"
+              "};"
+              "void Foo::f() {\n"
+              "  mysprintf(a, \"abcd\");\n"
+              "}", settings);
+        ASSERT_EQUALS("", errout.str());
    }

    void minsize_mul() {