walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

dangerous scanf usage: Added verbose information

This commit is contained in:
Daniel Marjamäki 2010-08-14 18:35:48 +02:00
parent 5846630fa9
commit 2e249670b3
1 changed files with 17 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
lib/checkother.cpp
View File

@ -474,7 +474,23 @@ void CheckOther::invalidScanf()
void CheckOther::invalidScanfError(const Token *tok)
{
reportError(tok, Severity::style,
"invalidscanf", "scanf without field width limits can crash with huge input data");
"invalidscanf", "scanf without field width limits can crash with huge input data\n"
"To fix this error message add a field width specifier:\n"
" %s => %20s\n"
" %i => %3i\n"
"\n"
"Sample program that can crash:\n"
"\n"
"#include <stdio.h>\n"
"int main()\n"
"{\n"
" int a;\n"
" scanf(\"%i\", &a);\n"
" return 0;\n"
"}\n"
"\n"
"To make it crash:\n"
"perl -e 'print \"5\"x2100000' | ./a.out");
}
//---------------------------------------------------------------------------