walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Refactoring strncpy/strncat checking to use ValueFlow and AST

This commit is contained in:
Daniel Marjamäki 2019-03-06 07:08:36 +01:00
parent e64c631dea
commit 3f37d5ac2d
2 changed files with 21 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

27
lib/checkbufferoverrun.cpp
View File

@ -1010,13 +1010,16 @@ void CheckBufferOverrun::checkScope_inner(const Token *tok, const ArrayInfo &arr
} }
} }
if (printWarning && Token::Match(tok2, "strncpy|strncat ( %varid% ,", arrayInfo.declarationId()) && Token::Match(tok2->linkAt(1)->tokAt(-2), ", %num% )")) { if (printWarning && Token::Match(tok2, "strncpy|strncat ( %varid% ,", arrayInfo.declarationId())) {
const Token* param3 = tok2->linkAt(1)->previous(); const std::vector<const Token *> args = getArguments(tok2);
const Token * const sizeArg = args.size() == 3 ? args[2] : nullptr;
const bool knownSize = sizeArg && sizeArg->hasKnownIntValue();
const Token * const endToken = tok2->linkAt(1);
// check for strncpy which is not terminated // check for strncpy which is not terminated
if (tok2->str() == "strncpy") { if (knownSize && tok2->str() == "strncpy") {
// strncpy takes entire variable length as input size // strncpy takes entire variable length as input size
const MathLib::biguint num = MathLib::toULongNumber(param3->str()); const MathLib::bigint num = sizeArg->getKnownIntValue();
// this is currently 'inconclusive'. See TestBufferOverrun::terminateStrncpy3 // this is currently 'inconclusive'. See TestBufferOverrun::terminateStrncpy3
if (printInconclusive && num >= total_size) { if (printInconclusive && num >= total_size) {
@ -1037,17 +1040,21 @@ void CheckBufferOverrun::checkScope_inner(const Token *tok, const ArrayInfo &arr
} }
// Dangerous usage of strncat.. // Dangerous usage of strncat..
else if (tok2->str() == "strncat") { else if (knownSize && tok2->str() == "strncat") {
const MathLib::biguint n = MathLib::toULongNumber(param3->str()); const MathLib::bigint n = sizeArg->getKnownIntValue();
if (n >= total_size) if (n >= total_size)
strncatUsageError(tok2); strncatUsageError(tok2);
} }
// Dangerous usage of strncpy + strncat.. // Dangerous usage of strncpy + strncat..
if (Token::Match(param3->tokAt(2), "; strncat ( %varid% ,", arrayInfo.declarationId()) && Token::Match(param3->linkAt(4)->tokAt(-2), ", %num% )")) { if (knownSize && Token::Match(endToken, ") ; strncat ( %varid% ,", arrayInfo.declarationId())) {
const MathLib::biguint n = MathLib::toULongNumber(param3->str()) + MathLib::toULongNumber(param3->linkAt(4)->strAt(-1)); const std::vector<const Token *> args2 = getArguments(endToken->tokAt(2));
if (n > total_size) const Token *sizeArg2 = args2.size() == 3 ? args2[2] : nullptr;
strncatUsageError(param3->tokAt(3)); if (sizeArg2 && sizeArg2->hasKnownIntValue()) {
const MathLib::bigint n = sizeArg->getKnownIntValue() + sizeArg2->getKnownIntValue();
if (n > total_size)
strncatUsageError(endToken->tokAt(4));
}
} }
} }

4
lib/token.h
View File

@ -917,6 +917,10 @@ public:
return mImpl->mValues && std::any_of(mImpl->mValues->begin(), mImpl->mValues->end(), std::mem_fn(&ValueFlow::Value::isKnown)); return mImpl->mValues && std::any_of(mImpl->mValues->begin(), mImpl->mValues->end(), std::mem_fn(&ValueFlow::Value::isKnown));
} }
MathLib::bigint getKnownIntValue() const {
return mImpl->mValues->front().intvalue;
}
const ValueFlow::Value * getValue(const MathLib::bigint val) const { const ValueFlow::Value * getValue(const MathLib::bigint val) const {
if (!mImpl->mValues) if (!mImpl->mValues)
return nullptr; return nullptr;