Fixed #690 (False positive: (possible error) Buffer overrun)

http://sourceforge.net/apps/trac/cppcheck/ticket/690
2009-09-20 17:54:19 +07:00 · 2009-09-20 17:54:19 +07:00 · 5dee65048f
parent 58a9e05697
commit 5dee65048f
2 changed files with 21 additions and 1 deletions
--- a/src/checkbufferoverrun.cpp
+++ b/src/checkbufferoverrun.cpp
@ -30,6 +30,7 @@
 #include <sstream>
 #include <list>
 #include <cstring>
+#include <cctype>


 #include <cstdlib>     // <- strtoul
@ -407,8 +408,15 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
                }
                else if (*fmt == '%')
                {
+                    ++fmt;
+
+                    // skip field width
+                    while (std::isdigit(*fmt)) {
+                        ++fmt;
+                    }
+
                    // FIXME: better handling for format specifiers
-                    fmt += 2;
+                    ++fmt;
                    continue;
                }
                ++fmt;
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -98,6 +98,7 @@ private:
        TEST_CASE(sprintf1);
        TEST_CASE(sprintf2);
        TEST_CASE(sprintf3);
+        TEST_CASE(sprintf4);

        TEST_CASE(snprintf1);
        TEST_CASE(snprintf2);
@ -622,6 +623,17 @@ private:
        ASSERT_EQUALS("", errout.str());
    }

+    void sprintf4()
+    {
+        // ticket #690
+        check("void f()\n"
+              "{\n"
+              "    char a[3];\n"
+              "    sprintf(a, \"%02ld\", 99);\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
    void snprintf1()
    {
        check("void f()\n"