Invalid Function Parameter: Check calls to strtol and strtoul

2007-06-05 18:58:27 +00:00 · 2007-06-05 18:58:27 +00:00 · 10a7868fc6
parent 0b7686d2be
commit 10a7868fc6
5 changed files with 58 additions and 0 deletions
--- a/CheckOther.cpp
+++ b/CheckOther.cpp
@ -3,6 +3,7 @@
 #include "Tokenize.h"
 #include "CommonCheck.h"
 #include <sstream>
+#include <stdlib.h>     // <- atoi
 //---------------------------------------------------------------------------


@ -243,3 +244,47 @@ void WarningIf()
 }
 //---------------------------------------------------------------------------

+
+
+
+//---------------------------------------------------------------------------
+// strtol(str, 0, radix)  <- radix must be 0 or 2-36
+//---------------------------------------------------------------------------
+
+void InvalidFunctionUsage()
+{
+    for ( TOKEN *tok = tokens; tok; tok = tok->next )
+    {
+        if ( strcmp(tok->str, "strtol") && strcmp(tok->str, "strtoul") )
+            continue;
+
+        // Locate the third parameter of the function call..
+        int parlevel = 0;
+        int param = 1;
+        for ( TOKEN *tok2 = tok->next; tok2; tok2 = tok2->next )
+        {
+            if ( tok2->str[0] == '(' )
+                parlevel++;
+            else if (tok2->str[0] == ')')
+                parlevel--;
+            else if (parlevel == 1 && tok2->str[0] == ',')
+            {
+                param++;
+                if (param==3)
+                {
+                    if ( match(tok2, ", num )") )
+                    {
+                        int radix = atoi(tok2->next->str);
+                        if (!(radix==0 || (radix>=2 && radix<=36)))
+                        {
+                            std::ostringstream ostr;
+                            ostr << FileLine(tok2) << ": Invalid radix in call to strtol or strtoul. Must be 0 or 2-36";
+                            ReportErr(ostr.str());
+                        }
+                    }
+                    break;
+                }
+            }
+        }
+    }
+}
--- a/CheckOther.h
+++ b/CheckOther.h
@ -22,6 +22,8 @@ void WarningIf();
 // Using dangerous functions
 void WarningDangerousFunctions();

+// Invalid function usage..
+void InvalidFunctionUsage();

 //---------------------------------------------------------------------------
 #endif
--- a/main.cpp
+++ b/main.cpp
@ -132,6 +132,9 @@ static void CppCheck(const char FileName[])
    // Dangerous functions, such as 'gets' and 'scanf'
    WarningDangerousFunctions();

+    // Invalid function usage..
+    InvalidFunctionUsage();
+
    // Clean up tokens..
    DeallocateTokens();
 }
--- a/testfunc4/err.msg
+++ b/testfunc4/err.msg
@ -0,0 +1 @@
+[testfunc4\testfunc4.cpp:5]: Invalid radix in call to strtol or strtoul. Must be 0 or 2-36
--- a/testfunc4/testfunc4.cpp
+++ b/testfunc4/testfunc4.cpp
@ -0,0 +1,7 @@
+
+void f()
+{
+    // The parameter "1" is invalid!
+    strtoul(str, NULL, 1);
+}
+
				`@ -0,0 +1 @@`
				`[testfunc4\testfunc4.cpp:5]: Invalid radix in call to strtol or strtoul. Must be 0 or 2-36`