From 10a7868fc637e50706cb13faed67ef4f875a60f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Tue, 5 Jun 2007 18:58:27 +0000 Subject: [PATCH] Invalid Function Parameter: Check calls to strtol and strtoul --- CheckOther.cpp | 45 +++++++++++++++++++++++++++++++++++++++++ CheckOther.h | 2 ++ main.cpp | 3 +++ testfunc4/err.msg | 1 + testfunc4/testfunc4.cpp | 7 +++++++ 5 files changed, 58 insertions(+) create mode 100644 testfunc4/err.msg create mode 100644 testfunc4/testfunc4.cpp diff --git a/CheckOther.cpp b/CheckOther.cpp index 29e946c14..fd9533c7f 100644 --- a/CheckOther.cpp +++ b/CheckOther.cpp @@ -3,6 +3,7 @@ #include "Tokenize.h" #include "CommonCheck.h" #include +#include // <- atoi //--------------------------------------------------------------------------- @@ -243,3 +244,47 @@ void WarningIf() } //--------------------------------------------------------------------------- + + + +//--------------------------------------------------------------------------- +// strtol(str, 0, radix) <- radix must be 0 or 2-36 +//--------------------------------------------------------------------------- + +void InvalidFunctionUsage() +{ + for ( TOKEN *tok = tokens; tok; tok = tok->next ) + { + if ( strcmp(tok->str, "strtol") && strcmp(tok->str, "strtoul") ) + continue; + + // Locate the third parameter of the function call.. + int parlevel = 0; + int param = 1; + for ( TOKEN *tok2 = tok->next; tok2; tok2 = tok2->next ) + { + if ( tok2->str[0] == '(' ) + parlevel++; + else if (tok2->str[0] == ')') + parlevel--; + else if (parlevel == 1 && tok2->str[0] == ',') + { + param++; + if (param==3) + { + if ( match(tok2, ", num )") ) + { + int radix = atoi(tok2->next->str); + if (!(radix==0 || (radix>=2 && radix<=36))) + { + std::ostringstream ostr; + ostr << FileLine(tok2) << ": Invalid radix in call to strtol or strtoul. Must be 0 or 2-36"; + ReportErr(ostr.str()); + } + } + break; + } + } + } + } +} diff --git a/CheckOther.h b/CheckOther.h index aaf0a9941..c2d068800 100644 --- a/CheckOther.h +++ b/CheckOther.h @@ -22,6 +22,8 @@ void WarningIf(); // Using dangerous functions void WarningDangerousFunctions(); +// Invalid function usage.. +void InvalidFunctionUsage(); //--------------------------------------------------------------------------- #endif diff --git a/main.cpp b/main.cpp index 08ca67052..4375f8e18 100644 --- a/main.cpp +++ b/main.cpp @@ -132,6 +132,9 @@ static void CppCheck(const char FileName[]) // Dangerous functions, such as 'gets' and 'scanf' WarningDangerousFunctions(); + // Invalid function usage.. + InvalidFunctionUsage(); + // Clean up tokens.. DeallocateTokens(); } diff --git a/testfunc4/err.msg b/testfunc4/err.msg new file mode 100644 index 000000000..4bcb98dcf --- /dev/null +++ b/testfunc4/err.msg @@ -0,0 +1 @@ +[testfunc4\testfunc4.cpp:5]: Invalid radix in call to strtol or strtoul. Must be 0 or 2-36 diff --git a/testfunc4/testfunc4.cpp b/testfunc4/testfunc4.cpp new file mode 100644 index 000000000..5ef3410d5 --- /dev/null +++ b/testfunc4/testfunc4.cpp @@ -0,0 +1,7 @@ + +void f() +{ + // The parameter "1" is invalid! + strtoul(str, NULL, 1); +} +