CheckBufferOverrun: Better handling of functions with variable arguments

2012-09-22 16:19:19 +02:00 · 2012-09-22 16:19:19 +02:00 · a17f37c67d
parent 458b8ce2cc
commit a17f37c67d
2 changed files with 17 additions and 0 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -605,6 +605,10 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &tok, unsigned int p
            if (!parameter || _tokenizer->sizeOfType(parameter->typeStartToken()) != arrayInfo.element_size())
                return;

+            // Variable function arguments..
+            if (Token::simpleMatch(parameter->typeStartToken(), ". . ."))
+                return;
+
            // Check the parameter usage in the function scope..
            for (const Token* ftok = func->functionScope->classStart; ftok != func->functionScope->classEnd; ftok = ftok->next()) {
                if (Token::Match(ftok, "if|for|while (")) {
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -112,6 +112,7 @@ private:
        TEST_CASE(array_index_42);
        TEST_CASE(array_index_43); // struct with array
        TEST_CASE(array_index_44); // #3979
+        TEST_CASE(array_index_45); // #4207 - calling function with variable number of parameters (...)
        TEST_CASE(array_index_multidim);
        TEST_CASE(array_index_switch_in_for);
        TEST_CASE(array_index_for_in_for);   // FP: #2634
@ -1452,6 +1453,18 @@ private:
        ASSERT_EQUALS("", errout.str());
    }

+    void array_index_45() { // #4207 - handling of function with variable number of parameters
+        check("void f(const char *format, ...) {\n"
+              "    va_args args;\n"
+              "    va_start(args, format);\n"
+              "}\n"
+              "void test() {\n"
+              "    CHAR buffer[1024];\n"
+              "    f(\"%s\", buffer);\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
    void array_index_multidim() {
        check("void f()\n"
              "{\n"