From 9ac1525d8e27b57c6dfaa5ea236538a1e7c1b287 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <hyd_danmar@users.sourceforge.net>
Date: Sun, 20 May 2007 17:02:24 +0000
Subject: [PATCH] Buffer Overrun: Using dangerous functions

---
 main.cpp                                  | 34 +++++++++++++++++++++++
 testdangerousfunc1/err.msg                |  2 ++
 testdangerousfunc1/testdangerousfunc1.cpp |  9 ++++++
 3 files changed, 45 insertions(+)
 create mode 100644 testdangerousfunc1/err.msg
 create mode 100644 testdangerousfunc1/testdangerousfunc1.cpp

diff --git a/main.cpp b/main.cpp
index a1f9e59be..29572c450 100644
--- a/main.cpp
+++ b/main.cpp
@@ -71,6 +71,9 @@ void WarningRedundantCode();
 // Warning upon: if (condition);
 void WarningIf();
 
+// Using dangerous functions
+void WarningDangerousFunctions();
+
 //---------------------------------------------------------------------------
 
 static void CppCheck(const char FileName[]);
@@ -151,6 +154,9 @@ static void CppCheck(const char FileName[])
     // if (condition);
     WarningIf();
 
+    // Dangerous functions, such as 'gets' and 'scanf'
+    WarningDangerousFunctions();
+
     // Clean up tokens..
     while (tokens)
     {
@@ -1994,4 +2000,32 @@ void WarningIf()
         }
     }
 }
+//---------------------------------------------------------------------------
 
+
+
+
+
+//---------------------------------------------------------------------------
+// Dangerous functions
+//---------------------------------------------------------------------------
+
+void WarningDangerousFunctions()
+{
+    for (TOKEN *tok = tokens; tok; tok = tok->next)
+    {
+        if (match(tok, "gets ("))
+        {
+            std::ostringstream ostr;
+            ostr << FileLine(tok) << ": Found 'gets'. You should use 'fgets' instead";
+            ReportErr(ostr.str());
+        }
+
+        else if (match(tok, "scanf (") && strcmp(getstr(tok,2),"\"%s\"") == 0)
+        {
+            std::ostringstream ostr;
+            ostr << FileLine(tok) << ": Found 'scanf'. You should use 'fgets' instead";
+            ReportErr(ostr.str());
+        }
+    }
+}
diff --git a/testdangerousfunc1/err.msg b/testdangerousfunc1/err.msg
new file mode 100644
index 000000000..b9cc30825
--- /dev/null
+++ b/testdangerousfunc1/err.msg
@@ -0,0 +1,2 @@
+[testdangerousfunc1\testdangerousfunc1.cpp:4]: Found 'gets'. You should use 'fgets' instead
+[testdangerousfunc1\testdangerousfunc1.cpp:7]: Found 'scanf'. You should use 'fgets' instead
diff --git a/testdangerousfunc1/testdangerousfunc1.cpp b/testdangerousfunc1/testdangerousfunc1.cpp
new file mode 100644
index 000000000..cd8bda0a8
--- /dev/null
+++ b/testdangerousfunc1/testdangerousfunc1.cpp
@@ -0,0 +1,9 @@
+
+void f()
+{
+    gets(str);
+
+    scanf("%f", &f);
+    scanf("%s", str);
+}
+