walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed #617 (False positive "buffer overrun" when sprintf() doesn't have optional parameters) 

http://sourceforge.net/apps/trac/cppcheck/ticket/617
This commit is contained in:
Slava Semushin 2009-08-27 00:17:32 +07:00
parent 9bdd1def58
commit 7c86a10a9d
2 changed files with 29 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
src/checkbufferoverrun.cpp
View File

@ -387,7 +387,6 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
if (varid > 0 && Token::Match(tok, "sprintf ( %varid% , %str% [,)]", varid)) if (varid > 0 && Token::Match(tok, "sprintf ( %varid% , %str% [,)]", varid))
{ {
int len = -2; int len = -2;
const Token *end = tok->next()->link();
// check format string // check format string
const char *fmt = tok->strAt(4); const char *fmt = tok->strAt(4);
@ -412,8 +411,11 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
bufferOverrun(tok); bufferOverrun(tok);
} }
// check arguments // check arguments (if they exists)
if (tok->tokAt(5)->str() == ",")
{
len = 0; len = 0;
const Token *end = tok->next()->link();
for (const Token *tok2 = tok->tokAt(6); tok2 && tok2 != end; tok2 = tok2->next()) for (const Token *tok2 = tok->tokAt(6); tok2 && tok2 != end; tok2 = tok2->next())
{ {
if (tok2->str()[0] == '\"') if (tok2->str()[0] == '\"')
@ -434,6 +436,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
bufferOverrun(tok); bufferOverrun(tok);
} }
} }
}
// snprintf.. // snprintf..
if (varid > 0 && Token::Match(tok, "snprintf ( %varid% , %num% ,", varid)) if (varid > 0 && Token::Match(tok, "snprintf ( %varid% , %num% ,", varid))

11
test/testbufferoverrun.cpp
View File

@ -92,6 +92,7 @@ private:
TEST_CASE(buffer_overrun_2); TEST_CASE(buffer_overrun_2);
TEST_CASE(buffer_overrun_3); TEST_CASE(buffer_overrun_3);
TEST_CASE(buffer_overrun_4); TEST_CASE(buffer_overrun_4);
TEST_CASE(buffer_overrun_5);
TEST_CASE(sprintf1); TEST_CASE(sprintf1);
TEST_CASE(sprintf2); TEST_CASE(sprintf2);
@ -546,6 +547,16 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
void buffer_overrun_5()
{
check("void f()\n"
"{\n"
" char n[5];\n"
" sprintf(n, \"d\");\n"
" printf(\"hello!\");\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void sprintf1() void sprintf1()