walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed #729 (False positive: Buffer overrun when ? is used to select parameter) 

http://sourceforge.net/apps/trac/cppcheck/ticket/729
This commit is contained in:
Slava Semushin 2009-09-27 00:06:54 +07:00
parent 50a34b8a37
commit 19ed8e9311
2 changed files with 19 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/checkbufferoverrun.cpp
View File

@ -431,11 +431,17 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
{ {
len = 0; len = 0;
const Token *end = tok->next()->link(); const Token *end = tok->next()->link();
bool argumentAlreadyChecked = false;
for (const Token *tok2 = tok->tokAt(6); tok2 && tok2 != end; tok2 = tok2->next()) for (const Token *tok2 = tok->tokAt(6); tok2 && tok2 != end; tok2 = tok2->next())
{ {
if (tok2->str()[0] == '\"') if (tok2->str() == ",")
{
argumentAlreadyChecked = false;
}
else if (Token::Match(tok2, "%str%") && argumentAlreadyChecked == false)
{ {
len += (int)Token::getStrLength(tok2); len += (int)Token::getStrLength(tok2);
argumentAlreadyChecked = true;
} }
} }
if (len >= (int)size) if (len >= (int)size)

12
test/testbufferoverrun.cpp
View File

@ -100,6 +100,7 @@ private:
TEST_CASE(sprintf2); TEST_CASE(sprintf2);
TEST_CASE(sprintf3); TEST_CASE(sprintf3);
TEST_CASE(sprintf4); TEST_CASE(sprintf4);
TEST_CASE(sprintf5);
TEST_CASE(snprintf1); TEST_CASE(snprintf1);
TEST_CASE(snprintf2); TEST_CASE(snprintf2);
@ -648,6 +649,17 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
void sprintf5()
{
// ticket #729
check("void f(bool condition)\n"
"{\n"
" char buf[3];\n"
" sprintf(buf, \"%s\", condition ? \"11\" : \"22\");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void snprintf1() void snprintf1()
{ {
check("void f()\n" check("void f()\n"