CheckBufferOverrun: Fixed minsize checking of string literals. Check sizeof string instead of strlen.

This commit is contained in:
Daniel Marjamäki 2014-07-30 20:35:21 +02:00
parent 25846cf223
commit 5de1e35350
2 changed files with 13 additions and 1 deletions

View File

@ -1540,7 +1540,13 @@ void CheckBufferOverrun::checkStringArgument()
const std::list<Library::ArgumentChecks::MinSize> *minsizes = _settings->library.argminsizes(tok->str(), argnr);
if (!minsizes)
continue;
if (checkMinSizes(*minsizes, tok, Token::getStrLength(argtok)+1U, nullptr))
unsigned int sizeofstring = 1;
for (unsigned int i = 0U; i < argtok->str().size(); i++) {
if (argtok->str()[i] == '\\')
++i;
++sizeofstring;
}
if (checkMinSizes(*minsizes, tok, sizeofstring, nullptr))
bufferOverrunError(argtok);
}
}

View File

@ -3272,6 +3272,12 @@ private:
"memcpy (&str2,str1,15);\n" // <-- strlen(str1) + 1 = 15
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: str1\n", errout.str());
checkstd("void f() { \n"
" char str[5];\n"
" memcpy (str, \"\\0\\0\\0\\0\\0\", 5);\n"
"}");
ASSERT_EQUALS("", errout.str());
}
void varid1() {