CheckBufferOverrun: Added 'CheckDangerousFunctions'

2007-05-25 06:44:53 +00:00 · 2007-05-25 06:44:53 +00:00 · 997ae5f5b8
parent 0a57ef44f7
commit 997ae5f5b8
2 changed files with 33 additions and 2 deletions
--- a/CheckBufferOverrun.cpp
+++ b/CheckBufferOverrun.cpp
@ -7,8 +7,6 @@

 #include <stdlib.h>     // <- strtoul

-extern bool IsNumber(const char str[]);
-
 //---------------------------------------------------------------------------


@ -155,3 +153,31 @@ void CheckBufferOverrun()



+
+//---------------------------------------------------------------------------
+// Dangerous functions
+//---------------------------------------------------------------------------
+
+void WarningDangerousFunctions()
+{
+    for (TOKEN *tok = tokens; tok; tok = tok->next)
+    {
+        if (match(tok, "gets ("))
+        {
+            std::ostringstream ostr;
+            ostr << FileLine(tok) << ": Found 'gets'. You should use 'fgets' instead";
+            ReportErr(ostr.str());
+        }
+
+        else if (match(tok, "scanf (") && strcmp(getstr(tok,2),"\"%s\"") == 0)
+        {
+            std::ostringstream ostr;
+            ostr << FileLine(tok) << ": Found 'scanf'. You should use 'fgets' instead";
+            ReportErr(ostr.str());
+        }
+    }
+}
+//---------------------------------------------------------------------------
+
+
+
--- a/CheckBufferOverrun.h
+++ b/CheckBufferOverrun.h
@ -6,6 +6,11 @@
 // Buffer overrun..
 void CheckBufferOverrun();

+
+// Dangerous functions that can cause buffer overruns
+void WarningDangerousFunctions();
+
+
 //---------------------------------------------------------------------------
 #endif