From 19ed8e93118ee6afd5f6509863d9c56df6aedb7e Mon Sep 17 00:00:00 2001 From: Slava Semushin Date: Sun, 27 Sep 2009 00:06:54 +0700 Subject: [PATCH] Fixed #729 (False positive: Buffer overrun when ? is used to select parameter) http://sourceforge.net/apps/trac/cppcheck/ticket/729 --- src/checkbufferoverrun.cpp | 8 +++++++- test/testbufferoverrun.cpp | 12 ++++++++++++ 2 files changed, 19 insertions(+), 1 deletion(-) diff --git a/src/checkbufferoverrun.cpp b/src/checkbufferoverrun.cpp index eb0bc27f6..c39ac8078 100644 --- a/src/checkbufferoverrun.cpp +++ b/src/checkbufferoverrun.cpp @@ -431,11 +431,17 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con { len = 0; const Token *end = tok->next()->link(); + bool argumentAlreadyChecked = false; for (const Token *tok2 = tok->tokAt(6); tok2 && tok2 != end; tok2 = tok2->next()) { - if (tok2->str()[0] == '\"') + if (tok2->str() == ",") + { + argumentAlreadyChecked = false; + } + else if (Token::Match(tok2, "%str%") && argumentAlreadyChecked == false) { len += (int)Token::getStrLength(tok2); + argumentAlreadyChecked = true; } } if (len >= (int)size) diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index cac5ec67a..af65a6c88 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -100,6 +100,7 @@ private: TEST_CASE(sprintf2); TEST_CASE(sprintf3); TEST_CASE(sprintf4); + TEST_CASE(sprintf5); TEST_CASE(snprintf1); TEST_CASE(snprintf2); @@ -648,6 +649,17 @@ private: ASSERT_EQUALS("", errout.str()); } + void sprintf5() + { + // ticket #729 + check("void f(bool condition)\n" + "{\n" + " char buf[3];\n" + " sprintf(buf, \"%s\", condition ? \"11\" : \"22\");\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } + void snprintf1() { check("void f()\n"