Fixed #4444 (segmentation fault)
This commit is contained in:
parent
bd2f59bdf0
commit
4708be09f5
|
@ -700,8 +700,10 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &tok, unsigned int p
|
||||||
// If argument is '%type% a[num]' then check bounds against num
|
// If argument is '%type% a[num]' then check bounds against num
|
||||||
if (func) {
|
if (func) {
|
||||||
const Variable* argument = func->getArgumentVar(par-1);
|
const Variable* argument = func->getArgumentVar(par-1);
|
||||||
if (argument && Token::Match(argument->typeStartToken(), "%type% %var% [ %num% ] [,)[]")) {
|
const Token *nameToken;
|
||||||
const Token *tok2 = argument->nameToken()->next();
|
if (argument && Token::Match(argument->typeStartToken(), "%type% %var% [ %num% ] [,)[]")
|
||||||
|
&& (nameToken = argument->nameToken()) != NULL) {
|
||||||
|
const Token *tok2 = nameToken->next();
|
||||||
|
|
||||||
MathLib::bigint argsize = _tokenizer->sizeOfType(argument->typeStartToken());
|
MathLib::bigint argsize = _tokenizer->sizeOfType(argument->typeStartToken());
|
||||||
if (argsize == 100) // unknown size
|
if (argsize == 100) // unknown size
|
||||||
|
|
|
@ -159,6 +159,7 @@ private:
|
||||||
TEST_CASE(buffer_overrun_24); // #4106
|
TEST_CASE(buffer_overrun_24); // #4106
|
||||||
TEST_CASE(buffer_overrun_25); // #4096
|
TEST_CASE(buffer_overrun_25); // #4096
|
||||||
TEST_CASE(buffer_overrun_26); // #4432 (segmentation fault)
|
TEST_CASE(buffer_overrun_26); // #4432 (segmentation fault)
|
||||||
|
TEST_CASE(buffer_overrun_27); // #4444 (segmentation fault)
|
||||||
TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch
|
TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch
|
||||||
TEST_CASE(buffer_overrun_function_array_argument);
|
TEST_CASE(buffer_overrun_function_array_argument);
|
||||||
TEST_CASE(possible_buffer_overrun_1); // #3035
|
TEST_CASE(possible_buffer_overrun_1); // #3035
|
||||||
|
@ -2646,6 +2647,16 @@ private:
|
||||||
ASSERT_EQUALS("", errout.str());
|
ASSERT_EQUALS("", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void buffer_overrun_27() { // ticket #4444 (segmentation fault)
|
||||||
|
check("void abc(struct foobar[5]);\n"
|
||||||
|
"void main() {\n"
|
||||||
|
"struct foobar x[5];\n"
|
||||||
|
"abc(x);\n"
|
||||||
|
"}");
|
||||||
|
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
}
|
||||||
|
|
||||||
void buffer_overrun_bailoutIfSwitch() {
|
void buffer_overrun_bailoutIfSwitch() {
|
||||||
// No false positive
|
// No false positive
|
||||||
check("void f1(char *s) {\n"
|
check("void f1(char *s) {\n"
|
||||||
|
|
Loading…
Reference in New Issue