CheckBufferOverrun: Use portability warning for pointer arithmetic UB. It can be used by intention and usually works as intended.
This commit is contained in:
parent
bac1dfce86
commit
10ae551fef
|
@ -175,7 +175,7 @@ void CheckBufferOverrun::outOfBoundsError(const Token *tok, const std::string &w
|
|||
|
||||
void CheckBufferOverrun::pointerOutOfBoundsError(const Token *tok, const std::string &object)
|
||||
{
|
||||
reportError(tok, Severity::error, "pointerOutOfBounds", "Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the " + object + ".\n"
|
||||
reportError(tok, Severity::portability, "pointerOutOfBounds", "Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the " + object + ".\n"
|
||||
"Undefined behaviour: The result of this pointer arithmetic does not point into or just one element past the end of the " + object + ". Further information: https://www.securecoding.cert.org/confluence/display/seccode/ARR30-C.+Do+not+form+or+use+out+of+bounds+pointers+or+array+subscripts");
|
||||
}
|
||||
|
||||
|
@ -829,6 +829,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
|
|||
|
||||
const unsigned int declarationId = arrayInfo.declarationId();
|
||||
|
||||
const bool isPortabilityEnabled = _settings->isEnabled("portability");
|
||||
const bool isWarningEnabled = _settings->isEnabled("warning");
|
||||
|
||||
for (const Token* const end = tok->scope()->classEnd; tok != end; tok = tok->next()) {
|
||||
|
@ -837,7 +838,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
|
|||
valueFlowCheckArrayIndex(tok->next(), arrayInfo);
|
||||
}
|
||||
|
||||
else if (tok->astParent() && tok->astParent()->str() == "+") {
|
||||
else if (isPortabilityEnabled && tok->astParent() && tok->astParent()->str() == "+") {
|
||||
const ValueFlow::Value *index;
|
||||
if (tok == tok->astParent()->astOperand1())
|
||||
index = tok->astParent()->astOperand2()->getMaxValue(false);
|
||||
|
@ -850,15 +851,10 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
|
|||
}
|
||||
}
|
||||
|
||||
else if (tok->astParent() && tok->astParent()->str() == "-") {
|
||||
else if (isPortabilityEnabled && tok->astParent() && tok->astParent()->str() == "-") {
|
||||
const Variable *var = _tokenizer->getSymbolDatabase()->getVariableFromVarId(declarationId);
|
||||
if (var && var->isArray()) {
|
||||
const Token *index;
|
||||
if (tok == tok->astParent()->astOperand1())
|
||||
index = tok->astParent()->astOperand2();
|
||||
else
|
||||
index = tok->astParent()->astOperand1();
|
||||
|
||||
const Token *index = tok->astParent()->astOperand2();
|
||||
if (index && index->getValueGE(1,_settings))
|
||||
pointerOutOfBoundsError(tok, "array");
|
||||
}
|
||||
|
|
|
@ -2948,13 +2948,13 @@ private:
|
|||
" char a[10];\n"
|
||||
" char *p = a + 100;\n"
|
||||
"}");
|
||||
ASSERT_EQUALS("[test.cpp:3]: (error) Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the array.\n", errout.str());
|
||||
ASSERT_EQUALS("[test.cpp:3]: (portability) Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the array.\n", errout.str());
|
||||
|
||||
check("void f() {\n"
|
||||
" char a[10];\n"
|
||||
" return a + 100;\n"
|
||||
"}");
|
||||
ASSERT_EQUALS("[test.cpp:3]: (error) Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the array.\n", errout.str());
|
||||
ASSERT_EQUALS("[test.cpp:3]: (portability) Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the array.\n", errout.str());
|
||||
}
|
||||
|
||||
void pointer_out_of_bounds_2() {
|
||||
|
@ -2963,7 +2963,7 @@ private:
|
|||
" p += 100;\n"
|
||||
" free(p);"
|
||||
"}");
|
||||
ASSERT_EQUALS("[test.cpp:3]: (error) Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the buffer.\n", errout.str());
|
||||
ASSERT_EQUALS("[test.cpp:3]: (portability) Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the buffer.\n", errout.str());
|
||||
|
||||
check("void f() {\n"
|
||||
" char *p = malloc(10);\n"
|
||||
|
@ -2997,7 +2997,7 @@ private:
|
|||
" char x[10];\n"
|
||||
" return x-1;\n"
|
||||
"}");
|
||||
ASSERT_EQUALS("[test.cpp:3]: (error) Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the array.\n", errout.str());
|
||||
ASSERT_EQUALS("[test.cpp:3]: (portability) Undefined behaviour: Pointer arithmetic result does not point into or just past the end of the array.\n", errout.str());
|
||||
}
|
||||
|
||||
void sprintf1() {
|
||||
|
|
Loading…
Reference in New Issue