walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix #11361 FP ctuPointerArith with unknown buffer size (#4591)

This commit is contained in:
chrchr-github 2022-11-23 19:11:47 +01:00 committed by GitHub
parent 9e09ccca86
commit 68acd77053
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 10 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/ctu.cpp
View File

@ -357,7 +357,7 @@ CTU::FileInfo *CTU::getFileInfo(const Tokenizer *tokenizer)
fileInfo->functionCalls.push_back(std::move(functionCall));
}
// array
if (argtok->variable() && argtok->variable()->isArray() && argtok->variable()->dimensions().size() == 1) {
if (argtok->variable() && argtok->variable()->isArray() && argtok->variable()->dimensions().size() == 1 && argtok->variable()->dimensionKnown(0)) {
FileInfo::FunctionCall functionCall;
functionCall.callValueType = ValueFlow::Value::ValueType::BUFFER_SIZE;
functionCall.callId = getFunctionId(tokenizer, tokFunction);

9
test/testbufferoverrun.cpp
View File

@ -5213,6 +5213,15 @@ private:
" dostuff(x);\n"
"}");
ASSERT_EQUALS("[test.cpp:4] -> [test.cpp:1]: (error) Pointer arithmetic overflow; 'p' buffer size is 12\n", errout.str());
ctu("void f(const char *p) {\n" // #11361
" const char* c = p + 1;\n"
"}\n"
"void g() {\n"
" const char s[N] = \"ab\";\n"
" f(s);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void objectIndex() {