Fixed ticket #499 (buffer overflow not detected when using macros)
sprintf() buffer overrun detection works wrong due to typo (since time
when it was added in commit a604f56f19
).
Also reports buffer overrun when sprintf() writes bytes equal to
buffer size -- in this case off-by-one error appears.
http://sourceforge.net/apps/trac/cppcheck/ticket/499
This commit is contained in:
parent
a73346e889
commit
6c022798ea
|
@ -313,7 +313,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
||||||
if (tok2->str()[0] == '\"')
|
if (tok2->str()[0] == '\"')
|
||||||
{
|
{
|
||||||
len -= 2;
|
len -= 2;
|
||||||
const char *str = tok->str().c_str();
|
const char *str = tok2->str().c_str();
|
||||||
while (*str)
|
while (*str)
|
||||||
{
|
{
|
||||||
if (*str == '\\')
|
if (*str == '\\')
|
||||||
|
@ -323,7 +323,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if (len > (int)size)
|
if (len >= (int)size)
|
||||||
{
|
{
|
||||||
bufferOverrun(tok);
|
bufferOverrun(tok);
|
||||||
}
|
}
|
||||||
|
|
|
@ -502,6 +502,14 @@ private:
|
||||||
" sprintf(str, \"%s\", \"abc\");\n"
|
" sprintf(str, \"%s\", \"abc\");\n"
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
|
||||||
|
|
||||||
|
check("void f()\n"
|
||||||
|
"{\n"
|
||||||
|
" char * c = new char[10];\n"
|
||||||
|
" sprintf(c, \"%s\", \"/usr/LongLongLongLongUserName/bin/LongLongApplicationName\");\n"
|
||||||
|
" delete [] c;\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (possible error) Buffer overrun\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
void snprintf1()
|
void snprintf1()
|
||||||
|
|
Loading…
Reference in New Issue