Fixed #900 (Improve out-of-bounds check to detect error with "new char(x)")

http://sourceforge.net/apps/trac/cppcheck/ticket/900

lib/checkbufferoverrun.cpp

@@ -656,6 +656,13 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
             varid = tok->tokAt(1)->varId();
             nextTok = 8;
         }
+        else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = new %type% ( %num% )"))
+        {
+            size = 1;
+            type = tok->strAt(4);
+            varid = tok->tokAt(1)->varId();
+            nextTok = 8;
+        }
         else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;"))
         {
             size = std::strtoul(tok->strAt(5), NULL, 10);

test/testbufferoverrun.cpp

@@ -104,6 +104,7 @@ private:
         TEST_CASE(buffer_overrun_9);
         TEST_CASE(buffer_overrun_10);
         TEST_CASE(buffer_overrun_11);
+        TEST_CASE(buffer_overrun_12);
 
         TEST_CASE(sprintf1);
         TEST_CASE(sprintf2);
@@ -956,6 +957,17 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void buffer_overrun_12()
+    {
+        // ticket #900
+        check("void f() {\n"
+              "  char *a = new char(30);\n"
+              "  sprintf(a, \"%s\", \"b\");\n"
+              "  delete a;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:3]: (error) Buffer access out-of-bounds\n", errout.str());
+    }
+
     void sprintf1()
     {
         check("void f()\n"