Fixed #6668 (False positive bufferAccessOutOfBounds on sprintf() - regression)

This commit is contained in:
Daniel Marjamäki 2015-06-07 14:01:20 +02:00
parent c18461b173
commit 0ca410a4d7
2 changed files with 13 additions and 0 deletions

View File

@ -361,6 +361,10 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &ftok, unsigned int
for (std::size_t i = 0; i < arrayInfo.num().size(); ++i)
arraySize *= arrayInfo.num(i);
// dimension is 0 or unknown => bailout
if (arraySize == 0)
return;
const Token *charSizeToken = nullptr;
if (checkMinSizes(*minsizes, &ftok, (std::size_t)arraySize, &charSizeToken, _settings))
bufferOverrunError(callstack, arrayInfo.varname());

View File

@ -3261,6 +3261,15 @@ private:
" mysprintf(x.a, \"aa\");\n"
"}", settings);
ASSERT_EQUALS("", errout.str());
check("struct Foo {\n" // #6668 - unknown size
" char a[LEN];\n"
" void f();\n"
"};"
"void Foo::f() {\n"
" mysprintf(a, \"abcd\");\n"
"}", settings);
ASSERT_EQUALS("", errout.str());
}
void minsize_mul() {