Fixed ##3211 (Crash in gitHEAD when arglist count is smaller than format string)

This commit is contained in:
PKEuS 2011-10-16 07:06:18 +02:00 committed by Daniel Marjamäki
parent 8afc1b6f2d
commit 71a1d98693
2 changed files with 38 additions and 2 deletions

View File

@ -141,18 +141,24 @@ void CheckNullPointer::parseFunctionCall(const Token &tok, std::list<const Token
if (*i == '%') {
percent = !percent;
} else if (percent && std::isalpha(*i)) {
if (*i == 'n' || *i == 's' || scan) {
if ((*i == 'n' || *i == 's' || scan) && (!scan || value == 0)) {
if ((value == 0 && argListTok->str() == "0") || (Token::Match(argListTok, "%var%") && argListTok->varId() > 0)) {
var.push_back(argListTok);
}
}
for (; argListTok; argListTok = argListTok->next()) { // Find next argument
if (argListTok->str() == "(")
argListTok = argListTok->link();
if(argListTok == 0)
break;
if (argListTok->str() == ",") {
argListTok = argListTok->next();
break;
}
}
if(!argListTok)
break;
percent = false;
}
}

View File

@ -1406,8 +1406,38 @@ private:
" printf(\"%s\", s);\n"
"}");
ASSERT_EQUALS("", errout.str());
check("void f(char* foo) {\n"
" char location[200];\n"
" int width, height;\n"
" sscanf(imgInfo, \"%s %d %d\", location, &width, &height);\n"
"}");
ASSERT_EQUALS("", errout.str()); // ticket #3207
check("void f(char *dummy) {\n"
" int iVal;\n"
" sscanf(dummy, \"%d%c\", &iVal);\n"
"}");
ASSERT_EQUALS("", errout.str()); // ticket #3211
check("void f(char *dummy) {\n"
" int* iVal = 0;\n"
" sscanf(dummy, \"%d\", iVal);\n"
"}");
ASSERT_EQUALS("[test.cpp:3]: (error) Possible null pointer dereference: iVal\n", errout.str());
check("void f(char *dummy) {\n"
" int* iVal;\n"
" sscanf(dummy, \"%d\", foo(iVal));\n"
"}");
ASSERT_EQUALS("", errout.str());
check("void f(char *dummy) {\n"
" int* iVal = 0;\n"
" sscanf(dummy, \"%d%d\", foo(iVal), iVal);\n"
"}");
ASSERT_EQUALS("[test.cpp:3]: (error) Possible null pointer dereference: iVal\n", errout.str());
}
};
REGISTER_TEST(TestNullPointer)