walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

dangerous functions: removed 'scanf' because it can be used in a safe way

This commit is contained in:
Daniel Marjamäki 2010-08-14 07:50:35 +02:00
parent db78c3acdf
commit 6efad92647
2 changed files with 3 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/checkdangerousfunctions.cpp
View File

@ -46,10 +46,6 @@ void CheckDangerousFunctions::dangerousFunctions()
{
dangerousFunctiongets(tok);
}
else if (Token::simpleMatch(tok, "scanf ("))
{
dangerousFunctionscanf(tok);
}
}
}
//---------------------------------------------------------------------------
@ -65,10 +61,3 @@ void CheckDangerousFunctions::dangerousFunctiongets(const Token *tok)
reportError(tok, Severity::style, "dangerousFunctiongets", "Found 'gets'. You should use 'fgets' instead\n"
"Using gets can easily cause buffer overflows.");
}
void CheckDangerousFunctions::dangerousFunctionscanf(const Token *tok)
{
reportError(tok, Severity::style, "dangerousFunctionscanf", "Found 'scanf'. You should use 'fgets' instead\n"
"If reading a string the 'scanf' can easily cause a buffer overflow if the data is too big.\n"
"If you want to convert the input to a number a wrong input may cause a crash.");
}

10
lib/checkdangerousfunctions.h
View File

@ -57,27 +57,23 @@ private:
void dangerousFunctionmktemp(const Token *tok);
/** Report Error : Using dangerous function 'gets' */
void dangerousFunctiongets(const Token *tok);
/** Report Error : Using dangerous function 'scanf' */
void dangerousFunctionscanf(const Token *tok);
void getErrorMessages()
{
dangerousFunctionmktemp(0);
dangerousFunctiongets(0);
dangerousFunctionscanf(0);
}
std::string name() const
{
return "Deprecated functions";
return "Dangerous functions (buffer overflows)";
}
std::string classInfo() const
{
return "Warn if any of these deprecated functions are used:\n"
return "Warn if any of these dangerous functions are used:\n"
"* mktemp\n"
"* gets\n"
"* scanf\n";
"* gets\n";
}
};
/// @}