Fixed #1935 (false negative: detect buffer overrun from network functions (recv, recvfrom..))

2010-08-14 20:19:23 +02:00 · 2010-08-14 20:19:23 +02:00 · 248bb3b6e8
parent a55a06cea5
commit 248bb3b6e8
2 changed files with 32 additions and 0 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -478,7 +478,12 @@ void CheckBufferOverrun::checkFunctionCall(const Token &tok, unsigned int par, c
    if (par == 2)
    {
        total_size["read"] = 3;
+        total_size["pread"] = 3;
        total_size["write"] = 3;
+        total_size["recv"] = 3;
+        total_size["recvfrom"] = 3;
+        total_size["send"] = 3;
+        total_size["sendto"] = 3;
    }

    std::map<std::string, unsigned int>::const_iterator it = total_size.find(tok.str());
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -1318,6 +1318,33 @@ private:
              "}\n");
        ASSERT_EQUALS("", errout.str());

+        check("void f()\n"
+              "{\n"
+              "char str[3];\n"
+              "recv(s, str, 4, 0);\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds: str\n", errout.str());
+
+        check("void f()\n"
+              "{\n"
+              "char str[3];\n"
+              "recvfrom(s, str, 4, 0, 0x0, 0x0);\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds: str\n", errout.str());
+
+        check("void f()\n"
+              "{\n"
+              "char str[3];\n"
+              "send(s, str, 4, 0);\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds: str\n", errout.str());
+
+        check("void f()\n"
+              "{\n"
+              "char str[3];\n"
+              "sendto(s, str, 4, 0, 0x0, 0x0);\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds: str\n", errout.str());
    }