walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed #7083 (false positive: typedef and initialization with strings)

This commit is contained in:
umanamente 2016-06-21 22:42:46 +02:00 committed by Daniel Marjamäki
parent 315f705f53
commit 0f11007c19
2 changed files with 25 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/checkbufferoverrun.cpp
View File

@ -1502,15 +1502,20 @@ void CheckBufferOverrun::bufferOverrun2()
varname = tok->str(); varname = tok->str();
const Variable * const var = tok->variable();
if (!var)
continue;
const Token * const strtoken = tok->getValueTokenMinStrSize(); const Token * const strtoken = tok->getValueTokenMinStrSize();
if (strtoken) { if (strtoken && !var->isArray()) {
// TODO: check for access to symbol inside the array bounds, but outside the stored string:
// char arr[10] = "123";
// arr[7] = 'x'; // warning: arr[7] is inside the array bounds, but past the string's end
ArrayInfo arrayInfo(tok->varId(), varname, 1U, Token::getStrSize(strtoken)); ArrayInfo arrayInfo(tok->varId(), varname, 1U, Token::getStrSize(strtoken));
valueFlowCheckArrayIndex(tok->next(), arrayInfo); valueFlowCheckArrayIndex(tok->next(), arrayInfo);
} } else {
if (var->nameToken() == tok || !var->isArray())
else {
const Variable * const var = tok->variable();
if (!var || var->nameToken() == tok || !var->isArray())
continue; continue;
// TODO: last array in struct.. // TODO: last array in struct..

14
test/testbufferoverrun.cpp
View File

@ -164,6 +164,7 @@ private:
TEST_CASE(buffer_overrun_26); // #4432 (segmentation fault) TEST_CASE(buffer_overrun_26); // #4432 (segmentation fault)
TEST_CASE(buffer_overrun_27); // #4444 (segmentation fault) TEST_CASE(buffer_overrun_27); // #4444 (segmentation fault)
TEST_CASE(buffer_overrun_28); // Out of bound char array access TEST_CASE(buffer_overrun_28); // Out of bound char array access
TEST_CASE(buffer_overrun_29); // #7083: false positive: typedef and initialization with strings
TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch
TEST_CASE(buffer_overrun_function_array_argument); TEST_CASE(buffer_overrun_function_array_argument);
TEST_CASE(possible_buffer_overrun_1); // #3035 TEST_CASE(possible_buffer_overrun_1); // #3035
@ -2475,6 +2476,19 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
// #7083: false positive: typedef and initialization with strings
void buffer_overrun_29() {
check("typedef char testChar[10]; \n"
"int main(){ \n"
" testChar tc1 = \"\"; \n"
" tc1[5]='a'; \n"
"} \n"
);
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_bailoutIfSwitch() { void buffer_overrun_bailoutIfSwitch() {
// No false positive // No false positive
check("void f1(char *s) {\n" check("void f1(char *s) {\n"