Fixed #1478 (false negative: buffer access out of bounds not detected after free and malloc)

This commit is contained in:
Daniel Marjamäki 2017-12-31 14:58:26 +01:00
parent 79f6793076
commit 7d2450e445
2 changed files with 10 additions and 2 deletions

View File

@ -1233,8 +1233,7 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
const Scope * scope = symbolDatabase->functionScopes[i]; const Scope * scope = symbolDatabase->functionScopes[i];
for (const Token *tok = scope->classStart; tok != scope->classEnd; tok = tok->next()) { for (const Token *tok = scope->classStart; tok != scope->classEnd; tok = tok->next()) {
// if the previous token exists, it must be either a variable name or "[;{}]" if (!Token::Match(tok, "[*;{}] %var% ="))
if (tok->previous() && !Token::Match(tok->previous(), "%name%|;|{|}"))
continue; continue;
// size : Max array index // size : Max array index

View File

@ -2985,6 +2985,15 @@ private:
"}"); "}");
ASSERT_EQUALS("[test.cpp:3]: (error) Array 'tab4[20]' accessed at index 20, which is out of bounds.\n", errout.str()); ASSERT_EQUALS("[test.cpp:3]: (error) Array 'tab4[20]' accessed at index 20, which is out of bounds.\n", errout.str());
// ticket #1478
check("void foo() {\n"
" char *p = malloc(10);\n"
" free(p);\n"
" p = malloc(10);\n"
" p[10] = 0;\n"
"}");
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'p[10]' accessed at index 10, which is out of bounds.\n", errout.str());
// ticket #1134 // ticket #1134
check("void f() {\n" check("void f() {\n"
" int *x, i;\n" " int *x, i;\n"