Fix false positives for %[ in scanf

This commit is contained in:
Richard Quirk 2011-11-14 22:36:20 +01:00
parent 097637a66c
commit 91713ffe84
2 changed files with 38 additions and 0 deletions

View File

@ -1280,6 +1280,17 @@ void CheckOther::checkWrongPrintfScanfArguments()
for (std::string::iterator i = formatString.begin(); i != formatString.end(); ++i) { for (std::string::iterator i = formatString.begin(); i != formatString.end(); ++i) {
if (*i == '%') { if (*i == '%') {
percent = !percent; percent = !percent;
} else if (percent && *i == '[') {
while (i != formatString.end()) {
if (*i == ']') {
numFormat++;
percent = false;
break;
}
++i;
}
if (i == formatString.end())
break;
} else if (percent && std::isalpha(*i)) { } else if (percent && std::isalpha(*i)) {
numFormat++; numFormat++;
percent = false; percent = false;

View File

@ -87,6 +87,7 @@ private:
TEST_CASE(selfAssignment); TEST_CASE(selfAssignment);
TEST_CASE(testScanf1); TEST_CASE(testScanf1);
TEST_CASE(testScanf2); TEST_CASE(testScanf2);
TEST_CASE(testScanf3);
TEST_CASE(testPrintfArgument); TEST_CASE(testPrintfArgument);
@ -1919,6 +1920,32 @@ private:
"[test.cpp:8]: (warning) fscanf format string has 0 parameters but 1 are given\n", errout.str()); "[test.cpp:8]: (warning) fscanf format string has 0 parameters but 1 are given\n", errout.str());
} }
void testScanf3() {
check("#include <stdio.h>\n"
"int main(int argc, char **argv)\n"
"{\n"
" char a[32];\n"
" int b, c;\n"
" FILE *file = fopen(\"test\", \"r\");\n"
" c = fscanf(file, \"%[^ ] %d\n\", a, &b);\n"
" fclose(file);\n"
" return c;\n"
"}\n");
ASSERT_EQUALS("", errout.str());
check("#include <stdio.h>\n"
"int main(int argc, char **argv)\n"
"{\n"
" char a[32];\n"
" int b;\n"
" FILE *file = fopen(\"test\", \"r\");\n"
" b = fscanf(file, \"%[^ \n\", a);\n"
" fclose(file);\n"
" return b;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:7]: (warning) fscanf format string has 0 parameters but 1 are given\n", errout.str());
}
void testPrintfArgument() { void testPrintfArgument() {
check("void foo() {\n" check("void foo() {\n"
" printf(\"%u\");\n" " printf(\"%u\");\n"