Fixed false negative in CheckBufferOverrun::checkInsecureCmdLineArgs(), removed redundant tests

This commit is contained in:
PKEuS 2017-03-27 11:30:07 +02:00
parent 171e1b8244
commit 680828788b
2 changed files with 11 additions and 19 deletions

View File

@ -1753,10 +1753,10 @@ void CheckBufferOverrun::checkInsecureCmdLineArgs()
// Match common patterns that can result in a buffer overrun // Match common patterns that can result in a buffer overrun
// e.g. strcpy(buffer, argv[0]) // e.g. strcpy(buffer, argv[0])
if (Token::Match(tok, "strcpy|strcat ( %name% , * %varid%", varid) || if (Token::Match(tok, "strcpy|strcat (")) {
Token::Match(tok, "strcpy|strcat ( %name% , %varid% [", varid)) { tok = tok->tokAt(2)->nextArgument();
cmdLineArgsError(tok); if (Token::Match(tok, "* %varid%", varid) || Token::Match(tok, "%varid% [", varid))
tok = tok->linkAt(1); cmdLineArgsError(tok);
} }
} }
} }

View File

@ -3643,7 +3643,6 @@ private:
} }
void cmdLineArgs1() { void cmdLineArgs1() {
check("int main(int argc, char* argv[])\n" check("int main(int argc, char* argv[])\n"
"{\n" "{\n"
" char prog[10];\n" " char prog[10];\n"
@ -3658,13 +3657,6 @@ private:
"}"); "}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str()); ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char* argv[])\n"
"{\n"
" char prog[10];\n"
" strcpy(prog, argv[0]);\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **argv, char **envp)\n" check("int main(int argc, char **argv, char **envp)\n"
"{\n" "{\n"
" char prog[10];\n" " char prog[10];\n"
@ -3679,13 +3671,6 @@ private:
"}"); "}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str()); ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **argv, char **envp)\n"
"{\n"
" char prog[10];\n"
" strcpy(prog, argv[0]);\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **options)\n" check("int main(int argc, char **options)\n"
"{\n" "{\n"
" char prog[10];\n" " char prog[10];\n"
@ -3707,6 +3692,13 @@ private:
"}"); "}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str()); ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **options)\n"
"{\n"
" char prog[10];\n"
" strcpy(prog+3, *options);\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
check("int main(int argc, char **argv, char **envp)\n" check("int main(int argc, char **argv, char **envp)\n"
"{\n" "{\n"
" char prog[10];\n" " char prog[10];\n"