Fixed #4444 (segmentation fault)

This commit is contained in:
Thomas Jarosch 2012-12-28 11:15:18 +01:00
parent bd2f59bdf0
commit 4708be09f5
2 changed files with 15 additions and 2 deletions

View File

@ -700,8 +700,10 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &tok, unsigned int p
// If argument is '%type% a[num]' then check bounds against num // If argument is '%type% a[num]' then check bounds against num
if (func) { if (func) {
const Variable* argument = func->getArgumentVar(par-1); const Variable* argument = func->getArgumentVar(par-1);
if (argument && Token::Match(argument->typeStartToken(), "%type% %var% [ %num% ] [,)[]")) { const Token *nameToken;
const Token *tok2 = argument->nameToken()->next(); if (argument && Token::Match(argument->typeStartToken(), "%type% %var% [ %num% ] [,)[]")
&& (nameToken = argument->nameToken()) != NULL) {
const Token *tok2 = nameToken->next();
MathLib::bigint argsize = _tokenizer->sizeOfType(argument->typeStartToken()); MathLib::bigint argsize = _tokenizer->sizeOfType(argument->typeStartToken());
if (argsize == 100) // unknown size if (argsize == 100) // unknown size

View File

@ -159,6 +159,7 @@ private:
TEST_CASE(buffer_overrun_24); // #4106 TEST_CASE(buffer_overrun_24); // #4106
TEST_CASE(buffer_overrun_25); // #4096 TEST_CASE(buffer_overrun_25); // #4096
TEST_CASE(buffer_overrun_26); // #4432 (segmentation fault) TEST_CASE(buffer_overrun_26); // #4432 (segmentation fault)
TEST_CASE(buffer_overrun_27); // #4444 (segmentation fault)
TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch
TEST_CASE(buffer_overrun_function_array_argument); TEST_CASE(buffer_overrun_function_array_argument);
TEST_CASE(possible_buffer_overrun_1); // #3035 TEST_CASE(possible_buffer_overrun_1); // #3035
@ -2646,6 +2647,16 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
void buffer_overrun_27() { // ticket #4444 (segmentation fault)
check("void abc(struct foobar[5]);\n"
"void main() {\n"
"struct foobar x[5];\n"
"abc(x);\n"
"}");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_bailoutIfSwitch() { void buffer_overrun_bailoutIfSwitch() {
// No false positive // No false positive
check("void f1(char *s) {\n" check("void f1(char *s) {\n"