Merge pull request #894 from simartin/ticket_7964

Ticket #7964: Don't crash on valid code using function pointers named strcpy or strcat in main()
This commit is contained in:
Daniel Marjamäki 2017-04-22 01:24:03 +02:00 committed by GitHub
commit 7140bae226
2 changed files with 15 additions and 1 deletions

View File

@ -1756,7 +1756,11 @@ void CheckBufferOverrun::checkInsecureCmdLineArgs()
// Match common patterns that can result in a buffer overrun
// e.g. strcpy(buffer, argv[0])
if (Token::Match(tok, "strcpy|strcat (")) {
tok = tok->tokAt(2)->nextArgument();
const Token *nextArgument = tok->tokAt(2)->nextArgument();
if (nextArgument)
tok = nextArgument;
else
continue; // Ticket #7964
if (Token::Match(tok, "* %varid%", varid) || Token::Match(tok, "%varid% [", varid))
cmdLineArgsError(tok);
}

View File

@ -3731,6 +3731,16 @@ private:
"}");
ASSERT_EQUALS("[test.cpp:3]: (error) Buffer overrun possible for long command line arguments.\n"
"[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str());
// #7964
check("int main(int argc, char *argv[]) {\n"
" char *strcpy();\n"
"}");
ASSERT_EQUALS("", errout.str());
check("int main(int argc, char *argv[]) {\n"
" char *strcat();\n"
"}");
ASSERT_EQUALS("", errout.str());
}
void checkBufferAllocatedWithStrlen() {