Fixed #900 (Improve out-of-bounds check to detect error with "new char(x)")

http://sourceforge.net/apps/trac/cppcheck/ticket/900
This commit is contained in:
Slava Semushin 2009-11-15 18:02:03 +06:00
parent 822f64ec9a
commit 3911dd79cb
2 changed files with 19 additions and 0 deletions

View File

@ -656,6 +656,13 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
varid = tok->tokAt(1)->varId();
nextTok = 8;
}
else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = new %type% ( %num% )"))
{
size = 1;
type = tok->strAt(4);
varid = tok->tokAt(1)->varId();
nextTok = 8;
}
else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;"))
{
size = std::strtoul(tok->strAt(5), NULL, 10);

View File

@ -104,6 +104,7 @@ private:
TEST_CASE(buffer_overrun_9);
TEST_CASE(buffer_overrun_10);
TEST_CASE(buffer_overrun_11);
TEST_CASE(buffer_overrun_12);
TEST_CASE(sprintf1);
TEST_CASE(sprintf2);
@ -956,6 +957,17 @@ private:
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_12()
{
// ticket #900
check("void f() {\n"
" char *a = new char(30);\n"
" sprintf(a, \"%s\", \"b\");\n"
" delete a;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:3]: (error) Buffer access out-of-bounds\n", errout.str());
}
void sprintf1()
{
check("void f()\n"