From 50a34b8a37070126101f3514b3f48b7ce2ea5b4d Mon Sep 17 00:00:00 2001 From: Slava Semushin Date: Sat, 26 Sep 2009 22:58:14 +0700 Subject: [PATCH] Fixed #731 (False positive, strcpy copying a buffer with a null character) http://sourceforge.net/apps/trac/cppcheck/ticket/731 --- src/token.cpp | 7 +++++++ test/testbufferoverrun.cpp | 12 ++++++++++++ test/testtoken.cpp | 3 +++ 3 files changed, 22 insertions(+) diff --git a/src/token.cpp b/src/token.cpp index 7b6f98a4c..5e4d8b112 100644 --- a/src/token.cpp +++ b/src/token.cpp @@ -510,7 +510,14 @@ size_t Token::getStrLength(const Token *tok) while (*str) { if (*str == '\\') + { ++str; + + // string ends at '\0' + if (*str == '0') + break; + } + ++str; ++len; } diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 8e4da0fd2..cac5ec67a 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -94,6 +94,7 @@ private: TEST_CASE(buffer_overrun_4); TEST_CASE(buffer_overrun_5); TEST_CASE(buffer_overrun_6); + TEST_CASE(buffer_overrun_7); TEST_CASE(sprintf1); TEST_CASE(sprintf2); @@ -580,6 +581,17 @@ private: ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str()); } + void buffer_overrun_7() + { + // ticket #731 + check("void f()\n" + "{\n" + " char a[2];\n" + " strcpy(a, \"a\\0\");\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } + void sprintf1() { check("void f()\n" diff --git a/test/testtoken.cpp b/test/testtoken.cpp index 592b3955a..85ff6bc4a 100644 --- a/test/testtoken.cpp +++ b/test/testtoken.cpp @@ -93,6 +93,9 @@ private: tok.str("\"test \\\\test\""); ASSERT_EQUALS(10, Token::getStrLength(&tok)); + + tok.str("\"a\\0\""); + ASSERT_EQUALS(1, Token::getStrLength(&tok)); } void strValue()