CheckBufferOverrun: Added 'CheckDangerousFunctions'

CheckBufferOverrun.cpp

@@ -7,8 +7,6 @@
 
 #include <stdlib.h>     // <- strtoul
 
-extern bool IsNumber(const char str[]);
-
 //---------------------------------------------------------------------------
 
 
@@ -155,3 +153,31 @@ void CheckBufferOverrun()
 
 
 
+
+//---------------------------------------------------------------------------
+// Dangerous functions
+//---------------------------------------------------------------------------
+
+void WarningDangerousFunctions()
+{
+    for (TOKEN *tok = tokens; tok; tok = tok->next)
+    {
+        if (match(tok, "gets ("))
+        {
+            std::ostringstream ostr;
+            ostr << FileLine(tok) << ": Found 'gets'. You should use 'fgets' instead";
+            ReportErr(ostr.str());
+        }
+
+        else if (match(tok, "scanf (") && strcmp(getstr(tok,2),"\"%s\"") == 0)
+        {
+            std::ostringstream ostr;
+            ostr << FileLine(tok) << ": Found 'scanf'. You should use 'fgets' instead";
+            ReportErr(ostr.str());
+        }
+    }
+}
+//---------------------------------------------------------------------------
+
+
+

CheckBufferOverrun.h

@@ -6,6 +6,11 @@
 // Buffer overrun..
 void CheckBufferOverrun();
 
+
+// Dangerous functions that can cause buffer overruns
+void WarningDangerousFunctions();
+
+
 //---------------------------------------------------------------------------
 #endif