Fixed Ticket #82 (detect buffer overrun; dynamic memory)

src/checkbufferoverrun.cpp

@@ -443,6 +443,14 @@ void CheckBufferOverrunClass::CheckBufferOverrun_GlobalAndLocalVariable()
             varid = tok->tokAt(1)->varId();
             nextTok = 8;
         }
+        else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;"))
+        {
+            varname[0] = tok->strAt(1);
+            size = std::strtoul(tok->strAt(5), NULL, 10);
+            type = "char";
+            varid = tok->tokAt(1)->varId();
+            nextTok = 7;
+        }
         else
         {
             continue;

test/testbufferoverrun.cpp

@@ -101,6 +101,8 @@ private:
         TEST_CASE(varid2);
 
         TEST_CASE(assign1);
+
+        TEST_CASE(alloc);    // Buffer allocated with new
     }
 
 
@@ -545,6 +547,25 @@ private:
               "}\n");
         ASSERT_EQUALS(std::string("[test.cpp:5]: (all) Array index out of bounds\n"), errout.str());
     }
+
+
+
+    void alloc()
+    {
+        check("void foo()\n"
+              "{\n"
+              "    char *s = new char[10];\n"
+              "    s[10] = 0;\n"
+              "}\n");
+        ASSERT_EQUALS(std::string("[test.cpp:4]: (all) Array index out of bounds\n"), errout.str());
+
+        check("void foo()\n"
+              "{\n"
+              "    char *s = malloc(10);\n"
+              "    s[10] = 0;\n"
+              "}\n");
+        ASSERT_EQUALS(std::string("[test.cpp:4]: (all) Array index out of bounds\n"), errout.str());
+    }
 };
 
 REGISTER_TEST(TestBufferOverrun)