walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Handling pointers in 'CheckBufferOverrun_StructVariable'

This commit is contained in:
Daniel Marjamäki 2008-03-21 18:55:29 +00:00
parent 0a86992806
commit 13f681879f
2 changed files with 72 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
CheckBufferOverrun.cpp
View File

@ -323,6 +323,29 @@ static void CheckBufferOverrun_LocalVariable()
}
//---------------------------------------------------------------------------
static void CheckBufferOverrun_StructVariable_CheckVar( TOKEN *tok1, const char varname[], const char dot[], const char arrname[], const int arrsize )
{
const char *badpattern[] = {"varname",".","arrname","[","","]",NULL};
badpattern[0] = varname;
badpattern[1] = dot;
badpattern[2] = arrname;
TOKEN *tok2 = findtoken( tok1, badpattern );
while (tok2)
{
if ( IsNumber( getstr(tok2, 4) ) )
{
if ( atoi( getstr(tok2, 4) ) >= arrsize )
{
std::ostringstream errmsg;
errmsg << FileLine(tok2) << ": Array index out of bounds";
ReportErr(errmsg.str());
}
}
tok2 = findtoken( tok2->next, badpattern );
}
}
//---------------------------------------------------------------------------
static void CheckBufferOverrun_StructVariable()
{
const char *declstruct_pattern[] = {"struct","","{",0};
@ -340,45 +363,33 @@ static void CheckBufferOverrun_StructVariable()
{
if ( tok2->str[0] == '}' )
break;
if ( strchr( ";{", tok2->str[0] ) )
{
const char *arrname = 0;
const char *arrsize = 0;
if ( strchr( ";{,(", tok2->str[0] ) )
{
// Declare array..
if ( match(tok2->next, "var var [ num ] ;") )
{
arrname = getstr(tok2, 2);
arrsize = getstr(tok2, 4);
}
if ( ! arrname )
continue;
const char *arrname = getstr(tok2, 2);
const char *arrsize = getstr(tok2, 4);
for ( TOKEN *tok3 = tokens; tok3; tok3 = tok3->next )
{
if ( strcmp(tok3->str, structname) )
continue;
if ( ! match( tok3->next, "var ;" ) )
continue;
const char *varname = tok3->next->str;
const char *badpattern[] = {"varname",".","arrname","[","","]",NULL};
badpattern[0] = varname;
badpattern[2] = arrname;
TOKEN *tok4 = findtoken( tok3, badpattern );
while (tok4)
// Declare variable: Fred fred1;
if ( match( tok3->next, "var ;" ) )
{
if ( IsNumber( getstr(tok4, 4) ) )
{
if ( atoi( getstr(tok4,4) ) >= atoi(arrsize) )
{
std::ostringstream errmsg;
errmsg << FileLine(tok4) << ": Buffer overrun";
ReportErr(errmsg.str());
const char *varname = tok3->next->str;
CheckBufferOverrun_StructVariable_CheckVar( tok3, varname, ".", arrname, atoi(arrsize) );
}
// Declare pointer: Fred *fred1
else if ( match(tok3->next, "* var") && tok3->next->next->next && strchr(",);=", tok3->next->next->next->str[0]) )
{
const char *varname = tok3->next->next->str;
CheckBufferOverrun_StructVariable_CheckVar( tok3, varname, "->", arrname, atoi(arrsize) );
}
tok4 = findtoken( tok4->next, badpattern );
}
}
}

32
tests.cpp
View File

@ -391,9 +391,36 @@ static void buffer_overrun()
" struct ABC abc;\n"
" abc.str[10] = 0;\n"
"}\n";
check( CheckBufferOverrun, __LINE__, test8, "[test.cpp:9]: Buffer overrun\n" );
check( CheckBufferOverrun, __LINE__, test8, "[test.cpp:9]: Array index out of bounds\n" );
const char test9[] = "const int SIZE = 10;\n"
"\n"
"struct ABC\n"
"{\n"
" char str[SIZE];\n"
"};\n"
"\n"
"static void f()\n"
"{\n"
" struct ABC abc;\n"
" abc.str[SIZE] = 0;\n"
"}\n";
check( CheckBufferOverrun, __LINE__, test9, "[test.cpp:11]: Array index out of bounds\n" );
const char test10[] = "struct ABC\n"
"{\n"
" char str[10];\n"
"};\n"
"\n"
"static void f(ABC *abc)\n"
"{\n"
" abc->str[10] = 0;\n"
"}\n";
check( CheckBufferOverrun, __LINE__, test10, "[test.cpp:8]: Array index out of bounds\n" );
// TODO
/*
@ -725,6 +752,7 @@ static void division()
static void unused_variable()
{
/* TODO
// Unused private member variable...
const char test1[] = "class Fred\n"
"{\n"
@ -737,7 +765,7 @@ static void unused_variable()
"{\n"
" i = 0;\n"
"}\n";
*/
// Scope of variable..
const char test2[] = "void f()\n"