walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Add bounds check to getVariableFromVarId() 

While poking around the memory leak check,
I managed to trigger an out-of-bounds access
in the symbol database.

Fix it by sanity checking the variable id
passed to getVariableFromVarId().
This commit is contained in:
Thomas Jarosch 2015-01-14 22:59:01 +01:00
parent ef7f104335
commit 1cc85bfce3
2 changed files with 16 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/symboldatabase.h
View File

@ -968,6 +968,9 @@ public:
} }
const Variable *getVariableFromVarId(std::size_t varId) const { const Variable *getVariableFromVarId(std::size_t varId) const {
if (varId >= _variableList.size())
return nullptr;
return _variableList[varId]; return _variableList[varId];
} }

13
test/testsymboldatabase.cpp
View File

@ -128,6 +128,7 @@ private:
TEST_CASE(arrayMemberVar2); TEST_CASE(arrayMemberVar2);
TEST_CASE(arrayMemberVar3); TEST_CASE(arrayMemberVar3);
TEST_CASE(staticMemberVar); TEST_CASE(staticMemberVar);
TEST_CASE(getVariableFromVarIdBoundsCheck);
TEST_CASE(hasRegularFunction); TEST_CASE(hasRegularFunction);
TEST_CASE(hasInlineClassFunction); TEST_CASE(hasInlineClassFunction);
@ -750,6 +751,18 @@ private:
ASSERT(v && v->isStatic() && v->isConst() && v->isPrivate()); ASSERT(v && v->isStatic() && v->isConst() && v->isPrivate());
} }
void getVariableFromVarIdBoundsCheck() {
GET_SYMBOL_DB("int x;\n"
"int y;\n");
const Variable* v = db->getVariableFromVarId(2);
// three elements: varId 0 also counts via a fake-entry
ASSERT(v && db->getVariableListSize() == 3);
const Variable* v_must_be_null = db->getVariableFromVarId(3);
ASSERT(v_must_be_null == nullptr);
}
void hasRegularFunction() { void hasRegularFunction() {
GET_SYMBOL_DB("void func() { }\n") GET_SYMBOL_DB("void func() { }\n")