From 5dee65048f369cc042cca50cb6689eb07b2dc727 Mon Sep 17 00:00:00 2001 From: Slava Semushin Date: Sun, 20 Sep 2009 17:54:19 +0700 Subject: [PATCH] Fixed #690 (False positive: (possible error) Buffer overrun) http://sourceforge.net/apps/trac/cppcheck/ticket/690 --- src/checkbufferoverrun.cpp | 10 +++++++++- test/testbufferoverrun.cpp | 12 ++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) diff --git a/src/checkbufferoverrun.cpp b/src/checkbufferoverrun.cpp index cfb044a18..019f67a2d 100644 --- a/src/checkbufferoverrun.cpp +++ b/src/checkbufferoverrun.cpp @@ -30,6 +30,7 @@ #include #include #include +#include #include // <- strtoul @@ -407,8 +408,15 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con } else if (*fmt == '%') { + ++fmt; + + // skip field width + while (std::isdigit(*fmt)) { + ++fmt; + } + // FIXME: better handling for format specifiers - fmt += 2; + ++fmt; continue; } ++fmt; diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index b3bd3ebab..db30a8461 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -98,6 +98,7 @@ private: TEST_CASE(sprintf1); TEST_CASE(sprintf2); TEST_CASE(sprintf3); + TEST_CASE(sprintf4); TEST_CASE(snprintf1); TEST_CASE(snprintf2); @@ -622,6 +623,17 @@ private: ASSERT_EQUALS("", errout.str()); } + void sprintf4() + { + // ticket #690 + check("void f()\n" + "{\n" + " char a[3];\n" + " sprintf(a, \"%02ld\", 99);\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } + void snprintf1() { check("void f()\n"