walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Unit Testing: All tests for buffer overruns were moved

This commit is contained in:
Daniel Marjamäki 2008-02-16 16:45:56 +00:00
parent 4cb3c7b96b
commit 851e81cd12
15 changed files with 119 additions and 102 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
testbufferoverrun1/err.msg
View File

@ -1 +0,0 @@
[testbufferoverrun1\testbufferoverrun1.cpp:7]: Array index out of bounds

8
testbufferoverrun1/testbufferoverrun1.cpp
View File

@ -1,8 +0,0 @@
void f()
{
char str[0x10];
str[15] = 0;
str[16] = 0;
}

1
testbufferoverrun2/err.msg
View File

@ -1 +0,0 @@
[testbufferoverrun2\testbufferoverrun2.cpp:7]: Buffer overrun

8
testbufferoverrun2/testbufferoverrun2.cpp
View File

@ -1,8 +0,0 @@
void f()
{
int val[50];
for (i = 0; i < 100; i++)
sum += val[i];
}

0
testbufferoverrun3/err.msg
View File

13
testbufferoverrun3/testbufferoverrun3.cpp
View File

@ -1,13 +0,0 @@
void f()
{
if (ab)
{
char str[50];
}
if (ab)
{
char str[50];
}
}

1
testbufferoverrun4/err.msg
View File

@ -1 +0,0 @@
[testbufferoverrun4\testbufferoverrun4.cpp:6]: Buffer overrun

7
testbufferoverrun4/testbufferoverrun4.cpp
View File

@ -1,7 +0,0 @@
void f()
{
char str[3];
strcpy(str, "abc");
}

1
testbufferoverrun5/err.msg
View File

@ -1 +0,0 @@
[testbufferoverrun5\testbufferoverrun5.cpp:8]: Array index out of bounds

11
testbufferoverrun5/testbufferoverrun5.cpp
View File

@ -1,11 +0,0 @@
const int SIZE = 10;
void f()
{
int i[SIZE];
i[SIZE] = 0;
}

1
testbufferoverrun6/err.msg
View File

@ -1 +0,0 @@
[testbufferoverrun6\testbufferoverrun6.cpp:8]: Array index out of bounds

10
testbufferoverrun6/testbufferoverrun6.cpp
View File

@ -1,10 +0,0 @@
void f()
{
int i[10];
i[ sizeof(i) - 1 ] = 0;
}

4
testbufferoverrun7/err.msg
View File

@ -1,4 +0,0 @@
[testbufferoverrun7\testbufferoverrun7.cpp:5]: A string with unknown length is copied to buffer.
[testbufferoverrun7\testbufferoverrun7.cpp:10]: A string with unknown length is copied to buffer.
[testbufferoverrun7\testbufferoverrun7.cpp:15]: A string with unknown length is copied to buffer.
[testbufferoverrun7\testbufferoverrun7.cpp:20]: A string with unknown length is copied to buffer.

21
testbufferoverrun7/testbufferoverrun7.cpp
View File

@ -1,21 +0,0 @@
void f1(char *str)
{
strcpy(buf,str);
}
void f2(char *str)
{
strcat(buf,str);
}
void f3(char *str)
{
sprintf(buf,"%s",str);
}
void f4(const char str[])
{
strcpy(buf, str);
}

134
tests.cpp
View File

@ -1,6 +1,8 @@
// Unit-testing cppcheck // Unit-testing cppcheck
//---------------------------------------------------------------------------
#include "tokenize.h" // <- Tokenizer #include "tokenize.h" // <- Tokenizer
#include "CommonCheck.h" #include "CommonCheck.h"
#include "CheckBufferOverrun.h" #include "CheckBufferOverrun.h"
@ -8,20 +10,23 @@
#include <iostream> #include <iostream>
#include <sstream> #include <sstream>
#define assert_equal(A,B) if (A!=B) { std::cerr << "Failed at line " << __LINE__ << "\n"; FailCount++; } else { SuccessCount++; } //---------------------------------------------------------------------------
#define assert_equal(A,B) if (A!=B) { std::cerr << "Failed at line " << line << "\n"; FailCount++; } else { SuccessCount++; }
//---------------------------------------------------------------------------
bool Debug = false; bool Debug = false;
bool ShowAll = false; bool ShowAll = false;
bool CheckCodingStyle = false; bool CheckCodingStyle = false;
//---------------------------------------------------------------------------
static unsigned int FailCount, SuccessCount; static unsigned int FailCount, SuccessCount;
//---------------------------------------------------------------------------
static void buffer_overrun_1(); static void buffer_overrun();
//---------------------------------------------------------------------------
int main() int main()
{ {
Files.push_back( std::string("test.cpp") ); Files.push_back( std::string("test.cpp") );
buffer_overrun_1(); buffer_overrun();
std::cout << "Success Rate: " std::cout << "Success Rate: "
<< SuccessCount << SuccessCount
<< " / " << " / "
@ -29,28 +34,127 @@ int main()
<< std::endl; << std::endl;
return 0; return 0;
} }
//---------------------------------------------------------------------------
static void buffer_overrun_1() static void buffer_overrun_check(const unsigned int line,
const char code[],
const char msg[])
{ {
const char code[] = "void f()\n"
"{\n"
" char str[0x10];\n"
" str[15] = 0;\n"
" str[16] = 0;\n"
"}\n";
// Tokenize.. // Tokenize..
tokens = tokens_back = NULL; tokens = tokens_back = NULL;
std::istringstream istr(code); std::istringstream istr(code);
TokenizeCode( istr ); TokenizeCode( istr );
SimplifyTokenList(); SimplifyTokenList();
// Check for buffer overruns..
errout.str(""); errout.str("");
CheckBufferOverrun(); CheckBufferOverrun();
std::string err = errout.str(); // Check the error messages..
assert_equal( errout.str(), "[test.cpp:5]: Array index out of bounds\n" ); assert_equal(errout.str(), msg);
// Cleanup..
DeallocateTokens();
} }
//---------------------------------------------------------------------------
static void buffer_overrun()
{
// test1: numeric array index
// test2: variable array index (for-loop)
// test3: creating several arrays with the same names.
// test4: using strcpy -> check string length
// test5: constant array index
// test6: calculated array index that is out of bounds
const char test1[] = "void f()\n"
"{\n"
" char str[0x10];\n"
" str[15] = 0;\n"
" str[16] = 0;\n"
"}\n";
buffer_overrun_check( __LINE__, test1, "[test.cpp:5]: Array index out of bounds\n" );
const char test2[] = "void f()\n"
"{\n"
" int val[50];\n"
" for (i = 0; i < 100; i++)\n"
" sum += val[i];\n"
"}\n";
buffer_overrun_check( __LINE__, test2, "[test.cpp:5]: Buffer overrun\n" );
const char test3[] = "void f()\n"
"{\n"
" if (ab)\n"
" {\n"
" char str[50];\n"
" }\n"
" if (ab)\n"
" {\n"
" char str[50];\n"
" }\n"
"}\n";
buffer_overrun_check( __LINE__, test3, "" );
const char test4[] = "void f()\n"
"{\n"
" char str[3];\n"
" strcpy(str, \"abc\");\n"
"}\n";
buffer_overrun_check( __LINE__, test4, "[test.cpp:4]: Buffer overrun\n" );
const char test5[] = "const int SIZE = 10;\n"
"void f()\n"
"{\n"
" int i[SIZE];\n"
" i[SIZE] = 0;\n"
"}\n";
buffer_overrun_check( __LINE__, test5, "[test.cpp:5]: Array index out of bounds\n" );
const char test6[] = "void f()\n"
"{\n"
" int i[10];\n"
" i[ sizeof(i) - 1 ] = 0;\n"
"}\n";
buffer_overrun_check( __LINE__, test6, "[test.cpp:4]: Array index out of bounds\n" );
const char test7[] = "void f1(char *str)\n"
"{\n"
" strcpy(buf,str);\n"
"}\n"
"void f2(char *str)\n"
"{\n"
" strcat(buf,str);\n"
"}\n"
"void f3(char *str)\n"
"{\n"
" sprintf(buf,\"%s\",str);\n"
"}\n"
"void f4(const char str[])\n"
"{\n"
" strcpy(buf, str);\n"
"}\n";
const char err7[] =
"[test.cpp:3]: A string with unknown length is copied to buffer.\n"
"[test.cpp:7]: A string with unknown length is copied to buffer.\n"
"[test.cpp:11]: A string with unknown length is copied to buffer.\n"
"[test.cpp:15]: A string with unknown length is copied to buffer.\n";
buffer_overrun_check( __LINE__, test7, err7 );
}
//---------------------------------------------------------------------------