From 1887bd3cf03f7360702eb1b67d786c023e9f0c58 Mon Sep 17 00:00:00 2001 From: fuzzelhjb Date: Tue, 2 Jul 2019 11:44:24 +0200 Subject: [PATCH] add CERT STR11-C check (#1902) * add CERT STR11-C check * fix some logical checks * fix merge issue * update str11 check --- addons/cert.py | 34 ++++++++++++++++++++++++++++++++++ addons/test/cert-test.c | 7 +++++++ 2 files changed, 41 insertions(+) diff --git a/addons/cert.py b/addons/cert.py index 933698172..8dbab901b 100755 --- a/addons/cert.py +++ b/addons/cert.py @@ -278,6 +278,39 @@ def str07(data): continue reportError(token, 'style', 'Use the bounds-checking interfaces %s_s()' % (token.str), 'STR07-C') +# STR11-C +# Do not specify the bound of a character array initialized with a string literal +def str11(data): + for token in data.tokenlist: + if not token.isString: + continue + + strlen = token.strlen + parent = token.astParent + + if parent is None: + continue + parentOp1 = parent.astOperand1 + if parentOp1 is None or parentOp1.str!='[': + continue + + if not parent.isAssignmentOp: + continue + + varToken = parentOp1.astOperand1 + if varToken is None or not varToken.isName: + continue + if varToken.variable is None: + continue + if varToken != varToken.variable.nameToken: + continue + valueToken = parentOp1.astOperand2 + if valueToken is None: + continue + + if valueToken.isNumber and int(valueToken.str)==strlen: + reportError(valueToken, 'style', 'Do not specify the bound of a character array initialized with a string literal', 'STR11-C') + for arg in sys.argv[1:]: if arg == '-verify': VERIFY = True @@ -307,6 +340,7 @@ for arg in sys.argv[1:]: str03(cfg) str05(cfg) str07(cfg) + str11(cfg) msc30(cfg) if VERIFY: diff --git a/addons/test/cert-test.c b/addons/test/cert-test.c index 90a324b49..c8417fa4e 100644 --- a/addons/test/cert-test.c +++ b/addons/test/cert-test.c @@ -102,3 +102,10 @@ void str07(char *buf, const char *newBuf) strcat(buf, newBuf); //cert-STR07-C strcpy(str, newBuf); //cert-STR07-C } + +void str11() +{ + const char str[3]="abc"; //cert-STR11-C + const char *x[10]; x[3]="def"; +} +