walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed subsequent false negatives in CheckBufferOverrun::checkInsecureCmdLineArgs() (#5835)

This commit is contained in:
PKEuS 2014-09-29 15:38:33 +02:00
parent 1df1b9c2bd
commit 68b26f8faa
2 changed files with 13 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/checkbufferoverrun.cpp
View File

@ -1613,10 +1613,7 @@ void CheckBufferOverrun::checkInsecureCmdLineArgs()
continue; continue;
// Jump to the opening curly brace // Jump to the opening curly brace
tok = tok->next()->link(); tok = symbolDatabase->functionScopes[i]->classStart;
if (!Token::simpleMatch(tok, ") {"))
continue;
tok = tok->next();
// Search within main() for possible buffer overruns involving argv // Search within main() for possible buffer overruns involving argv
for (const Token* end = tok->link(); tok != end; tok = tok->next()) { for (const Token* end = tok->link(); tok != end; tok = tok->next()) {
@ -1629,12 +1626,15 @@ void CheckBufferOverrun::checkInsecureCmdLineArgs()
if (Token::Match(tok, "strcpy|strcat ( %var% , * %varid%", varid) || if (Token::Match(tok, "strcpy|strcat ( %var% , * %varid%", varid) ||
Token::Match(tok, "strcpy|strcat ( %var% , %varid% [", varid)) { Token::Match(tok, "strcpy|strcat ( %var% , %varid% [", varid)) {
cmdLineArgsError(tok); cmdLineArgsError(tok);
tok = tok->linkAt(1);
} else if (Token::Match(tok, "sprintf ( %var% , %str% , %varid% [", varid) && } else if (Token::Match(tok, "sprintf ( %var% , %str% , %varid% [", varid) &&
tok->strAt(4).find("%s") != std::string::npos) { tok->strAt(4).find("%s") != std::string::npos) {
cmdLineArgsError(tok); cmdLineArgsError(tok);
tok = tok->linkAt(1);
} else if (Token::Match(tok, "sprintf ( %var% , %str% , * %varid%", varid) && } else if (Token::Match(tok, "sprintf ( %var% , %str% , * %varid%", varid) &&
tok->strAt(4).find("%s") != std::string::npos) { tok->strAt(4).find("%s") != std::string::npos) {
cmdLineArgsError(tok); cmdLineArgsError(tok);
tok = tok->linkAt(1);
} }
} }
} }

9
test/testbufferoverrun.cpp
View File

@ -3980,6 +3980,15 @@ private:
"}"); "}");
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
// #5835
checkstd("int main(int argc, char* argv[]) {\n"
" char prog[10];\n"
" sprintf(prog, \"%s\", argv[0]);\n"
" sprintf(prog, \"%s\", argv[0]);\n"
"}");
ASSERT_EQUALS("[test.cpp:3]: (error) Buffer overrun possible for long command line arguments.\n"
"[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
} }
void scope() { void scope() {