Fix FP bufferAccessOutOfBounds (#4427)
* Fix FN with buffer size 1 * Fix FP bufferAccessOutOfBounds
This commit is contained in:
chrchr-github
GitHub
parent
3925a27182
commit
5804cc44e7
|
|
@ -655,7 +655,7 @@ void CheckBufferOverrun::bufferOverflow()
|
||||||
if (bufferSize.intvalue <= 0)
|
if (bufferSize.intvalue <= 0)
|
||||||
continue;
|
continue;
|
||||||
// buffer size == 1 => do not warn for dynamic memory
|
// buffer size == 1 => do not warn for dynamic memory
|
||||||
if (bufferSize.intvalue == 1 && args[argnr]->str() == ".") { // TODO: check if parent was allocated dynamically
|
if (bufferSize.intvalue == 1 && Token::simpleMatch(argtok->astParent(), ".")) { // TODO: check if parent was allocated dynamically
|
||||||
const Token *tok2 = argtok;
|
const Token *tok2 = argtok;
|
||||||
while (Token::simpleMatch(tok2->astParent(), "."))
|
while (Token::simpleMatch(tok2->astParent(), "."))
|
||||||
tok2 = tok2->astParent();
|
tok2 = tok2->astParent();
|
||||||
|
|
|
||||||
|
|
@ -3225,6 +3225,15 @@ private:
|
||||||
" free(p);\n"
|
" free(p);\n"
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: p\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: p\n", errout.str());
|
||||||
|
|
||||||
|
check("typedef struct { char buf[1]; } S;\n"
|
||||||
|
"S* f() {\n"
|
||||||
|
" S* s = NULL;\n"
|
||||||
|
" s = (S*)malloc(sizeof(S) + 10);\n"
|
||||||
|
" sprintf((char*)s->buf, \"abc\");\n"
|
||||||
|
" return s;\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
void buffer_overrun_errorpath() {
|
void buffer_overrun_errorpath() {
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue