Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests

This commit is contained in:
PKEuS 2017-03-27 11:30:07 +02:00
parent 171e1b8244
commit 680828788b
2 changed files with 11 additions and 19 deletions

View File

@ -1753,10 +1753,10 @@ void CheckBufferOverrun::checkInsecureCmdLineArgs()
// Match common patterns that can result in a buffer overrun
// e.g. strcpy(buffer, argv[0])
if (Token::Match(tok, "strcpy|strcat ( %name% , * %varid%", varid) ||
Token::Match(tok, "strcpy|strcat ( %name% , %varid% [", varid)) {
cmdLineArgsError(tok);
tok = tok->linkAt(1);
if (Token::Match(tok, "strcpy|strcat (")) {
tok = tok->tokAt(2)->nextArgument();
if (Token::Match(tok, "* %varid%", varid) || Token::Match(tok, "%varid% [", varid))
cmdLineArgsError(tok);
}
}
}

View File

@ -3643,7 +3643,6 @@ private:
}
void cmdLineArgs1() {
check("int main(int argc, char* argv[])\n"
"{\n"
" char prog[10];\n"
@ -3658,13 +3657,6 @@ private:
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char* argv[])\n"
"{\n"
" char prog[10];\n"
" strcpy(prog, argv[0]);\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **argv, char **envp)\n"
"{\n"
" char prog[10];\n"
@ -3679,13 +3671,6 @@ private:
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **argv, char **envp)\n"
"{\n"
" char prog[10];\n"
" strcpy(prog, argv[0]);\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **options)\n"
"{\n"
" char prog[10];\n"
@ -3707,6 +3692,13 @@ private:
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **options)\n"
"{\n"
" char prog[10];\n"
" strcpy(prog+3, *options);\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **argv, char **envp)\n"
"{\n"
" char prog[10];\n"