From a135683d2f4ce919af9d5a352ae8e47f3394a014 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sat, 23 Mar 2019 08:41:20 +0100 Subject: [PATCH] Refactoring; Renamed CWE786 and CWE788 --- lib/checkbufferoverrun.cpp | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 32b3cf99c..4471ed4bd 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -55,8 +55,8 @@ static const CWE CWE170(170U); // Improper Null Termination static const CWE CWE398(398U); // Indicator of Poor Code Quality static const CWE CWE682(682U); // Incorrect Calculation static const CWE CWE758(758U); // Reliance on Undefined, Unspecified, or Implementation-Defined Behavior -static const CWE CWE786(786U); // Access of Memory Location Before Start of Buffer -static const CWE CWE788(788U); // Access of Memory Location After End of Buffer +static const CWE CWE_BUFFER_UNDERRUN(786U); // Access of Memory Location Before Start of Buffer +static const CWE CWE_BUFFER_OVERRUN(788U); // Access of Memory Location After End of Buffer //--------------------------------------------------------------------------- @@ -340,8 +340,8 @@ static std::string arrayIndexMessage(const Token *tok, const std::vector &dimensions, const std::vector &indexes) { if (!tok) { - reportError(tok, Severity::error, "arrayIndexOutOfBounds", "Array 'arr[16]' accessed at index 16, which is out of bounds.", CWE788, false); - reportError(tok, Severity::warning, "arrayIndexOutOfBoundsCond", "Array 'arr[16]' accessed at index 16, which is out of bounds.", CWE788, false); + reportError(tok, Severity::error, "arrayIndexOutOfBounds", "Array 'arr[16]' accessed at index 16, which is out of bounds.", CWE_BUFFER_OVERRUN, false); + reportError(tok, Severity::warning, "arrayIndexOutOfBoundsCond", "Array 'arr[16]' accessed at index 16, which is out of bounds.", CWE_BUFFER_OVERRUN, false); return; } @@ -362,14 +362,14 @@ void CheckBufferOverrun::arrayIndexError(const Token *tok, const std::vectorerrorSeverity() ? Severity::error : Severity::warning, index->condition ? "arrayIndexOutOfBoundsCond" : "arrayIndexOutOfBounds", arrayIndexMessage(tok, dimensions, indexes, condition), - CWE788, + CWE_BUFFER_OVERRUN, index->isInconclusive()); } void CheckBufferOverrun::negativeIndexError(const Token *tok, const std::vector &dimensions, const std::vector &indexes) { if (!tok) { - reportError(tok, Severity::error, "negativeIndex", "Negative array index", CWE786, false); + reportError(tok, Severity::error, "negativeIndex", "Negative array index", CWE_BUFFER_UNDERRUN, false); return; } @@ -390,7 +390,7 @@ void CheckBufferOverrun::negativeIndexError(const Token *tok, const std::vector< negativeValue->errorSeverity() ? Severity::error : Severity::warning, "negativeIndex", arrayIndexMessage(tok, dimensions, indexes, condition), - CWE786, + CWE_BUFFER_UNDERRUN, negativeValue->isInconclusive()); } @@ -511,7 +511,7 @@ void CheckBufferOverrun::bufferOverflow() void CheckBufferOverrun::bufferOverflowError(const Token *tok, const ValueFlow::Value *value) { - reportError(getErrorPath(tok, value, "Buffer overrun"), Severity::error, "bufferAccessOutOfBounds", "Buffer is accessed out of bounds: " + (tok ? tok->expressionString() : "buf"), CWE788, false); + reportError(getErrorPath(tok, value, "Buffer overrun"), Severity::error, "bufferAccessOutOfBounds", "Buffer is accessed out of bounds: " + (tok ? tok->expressionString() : "buf"), CWE_BUFFER_OVERRUN, false); } //--------------------------------------------------------------------------- @@ -721,7 +721,7 @@ bool CheckBufferOverrun::analyseWholeProgram(const CTU::FileInfo *ctu, const std Severity::error, "Buffer access out of bounds; '" + unsafeUsage.myArgumentName + "' buffer size is " + MathLib::toString(functionCall->callArgValue) + " and it is accessed at offset " + MathLib::toString(unsafeUsage.value) + ".", "ctubufferoverrun", - CWE788, false); + CWE_BUFFER_OVERRUN, false); errorLogger.reportErr(errmsg); } else { const ErrorLogger::ErrorMessage errmsg(locationList, @@ -729,7 +729,7 @@ bool CheckBufferOverrun::analyseWholeProgram(const CTU::FileInfo *ctu, const std Severity::error, "Buffer access out of bounds; buffer '" + unsafeUsage.myArgumentName + "' is accessed at offset " + MathLib::toString(unsafeUsage.value) + ".", "ctubufferunderrun", - CWE786, false); + CWE_BUFFER_UNDERRUN, false); errorLogger.reportErr(errmsg); }