parent
f138df2909
commit
2ab8de2650
|
@ -1141,7 +1141,7 @@ void CheckBufferOverrun::negativeArraySize()
|
||||||
continue;
|
continue;
|
||||||
const ValueFlow::Value* sz = valOperand->getValueLE(-1, mSettings);
|
const ValueFlow::Value* sz = valOperand->getValueLE(-1, mSettings);
|
||||||
if (sz)
|
if (sz)
|
||||||
negativeMemoryAllocationSizeError(tok);
|
negativeMemoryAllocationSizeError(tok, sz);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1155,8 +1155,11 @@ void CheckBufferOverrun::negativeArraySizeError(const Token* tok)
|
||||||
"Declaration of array '" + arrayName + "' with negative size is undefined behaviour", CWE758, Certainty::safe);
|
"Declaration of array '" + arrayName + "' with negative size is undefined behaviour", CWE758, Certainty::safe);
|
||||||
}
|
}
|
||||||
|
|
||||||
void CheckBufferOverrun::negativeMemoryAllocationSizeError(const Token* tok)
|
void CheckBufferOverrun::negativeMemoryAllocationSizeError(const Token* tok, const ValueFlow::Value* value)
|
||||||
{
|
{
|
||||||
reportError(tok, Severity::error, "negativeMemoryAllocationSize",
|
const std::string msg = "Memory allocation size is negative.";
|
||||||
"Memory allocation size is negative.", CWE131, Certainty::safe);
|
const ErrorPath errorPath = getErrorPath(tok, value, msg);
|
||||||
|
const bool inconclusive = value != nullptr && !value->isKnown();
|
||||||
|
reportError(errorPath, inconclusive ? Severity::warning : Severity::error, "negativeMemoryAllocationSize",
|
||||||
|
msg, CWE131, inconclusive ? Certainty::inconclusive : Certainty::safe);
|
||||||
}
|
}
|
||||||
|
|
|
@ -87,9 +87,8 @@ public:
|
||||||
c.bufferOverflowError(nullptr, nullptr, Certainty::normal);
|
c.bufferOverflowError(nullptr, nullptr, Certainty::normal);
|
||||||
c.objectIndexError(nullptr, nullptr, true);
|
c.objectIndexError(nullptr, nullptr, true);
|
||||||
c.argumentSizeError(nullptr, "function", 1, "buffer", nullptr, nullptr);
|
c.argumentSizeError(nullptr, "function", 1, "buffer", nullptr, nullptr);
|
||||||
c.negativeMemoryAllocationSizeError(nullptr);
|
c.negativeMemoryAllocationSizeError(nullptr, nullptr);
|
||||||
c.negativeArraySizeError(nullptr);
|
c.negativeArraySizeError(nullptr);
|
||||||
c.negativeMemoryAllocationSizeError(nullptr);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
/** @brief Parse current TU and extract file info */
|
/** @brief Parse current TU and extract file info */
|
||||||
|
@ -125,7 +124,7 @@ private:
|
||||||
|
|
||||||
void negativeArraySize();
|
void negativeArraySize();
|
||||||
void negativeArraySizeError(const Token* tok);
|
void negativeArraySizeError(const Token* tok);
|
||||||
void negativeMemoryAllocationSizeError(const Token* tok); // provide a negative value to memory allocation function
|
void negativeMemoryAllocationSizeError(const Token* tok, const ValueFlow::Value* value); // provide a negative value to memory allocation function
|
||||||
|
|
||||||
void objectIndex();
|
void objectIndex();
|
||||||
void objectIndexError(const Token *tok, const ValueFlow::Value *v, bool known);
|
void objectIndexError(const Token *tok, const ValueFlow::Value *v, bool known);
|
||||||
|
|
|
@ -4911,6 +4911,15 @@ private:
|
||||||
" a = (int *)alloca( -10 );\n"
|
" a = (int *)alloca( -10 );\n"
|
||||||
"}");
|
"}");
|
||||||
TODO_ASSERT_EQUALS("[test.cpp:4]: (error) Memory allocation size is negative.\n", "", errout.str());
|
TODO_ASSERT_EQUALS("[test.cpp:4]: (error) Memory allocation size is negative.\n", "", errout.str());
|
||||||
|
|
||||||
|
check("int* f(int n) {\n" // #11145
|
||||||
|
" int d = -1;\n"
|
||||||
|
" for (int i = 0; i < n; ++i)\n"
|
||||||
|
" d = std::max(i, d);\n"
|
||||||
|
" int* p = new int[d];\n"
|
||||||
|
" return p;\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:3] -> [test.cpp:5]: (warning, inconclusive) Memory allocation size is negative.\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
void negativeArraySize() {
|
void negativeArraySize() {
|
||||||
|
|
Loading…
Reference in New Issue