Buffer Overrun: Using dangerous functions

This commit is contained in:
Daniel Marjamäki 2007-05-20 17:02:24 +00:00
parent f6c1973e67
commit 9ac1525d8e
3 changed files with 45 additions and 0 deletions

View File

@ -71,6 +71,9 @@ void WarningRedundantCode();
// Warning upon: if (condition); // Warning upon: if (condition);
void WarningIf(); void WarningIf();
// Using dangerous functions
void WarningDangerousFunctions();
//--------------------------------------------------------------------------- //---------------------------------------------------------------------------
static void CppCheck(const char FileName[]); static void CppCheck(const char FileName[]);
@ -151,6 +154,9 @@ static void CppCheck(const char FileName[])
// if (condition); // if (condition);
WarningIf(); WarningIf();
// Dangerous functions, such as 'gets' and 'scanf'
WarningDangerousFunctions();
// Clean up tokens.. // Clean up tokens..
while (tokens) while (tokens)
{ {
@ -1994,4 +2000,32 @@ void WarningIf()
} }
} }
} }
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Dangerous functions
//---------------------------------------------------------------------------
void WarningDangerousFunctions()
{
for (TOKEN *tok = tokens; tok; tok = tok->next)
{
if (match(tok, "gets ("))
{
std::ostringstream ostr;
ostr << FileLine(tok) << ": Found 'gets'. You should use 'fgets' instead";
ReportErr(ostr.str());
}
else if (match(tok, "scanf (") && strcmp(getstr(tok,2),"\"%s\"") == 0)
{
std::ostringstream ostr;
ostr << FileLine(tok) << ": Found 'scanf'. You should use 'fgets' instead";
ReportErr(ostr.str());
}
}
}

View File

@ -0,0 +1,2 @@
[testdangerousfunc1\testdangerousfunc1.cpp:4]: Found 'gets'. You should use 'fgets' instead
[testdangerousfunc1\testdangerousfunc1.cpp:7]: Found 'scanf'. You should use 'fgets' instead

View File

@ -0,0 +1,9 @@
void f()
{
gets(str);
scanf("%f", &f);
scanf("%s", str);
}