buffer overruns: added tests and improved the checking
This commit is contained in:
parent
0f83b0b9ea
commit
a282495c2a
|
@ -292,13 +292,30 @@ static void CheckBufferOverrun_LocalVariable()
|
||||||
else if (tok->str[0]=='}')
|
else if (tok->str[0]=='}')
|
||||||
indentlevel--;
|
indentlevel--;
|
||||||
|
|
||||||
else if (indentlevel > 0 && Match(tok, "%type% %var% [ %num% ] ;"))
|
else if (indentlevel > 0)
|
||||||
{
|
{
|
||||||
const char *varname[2];
|
const char *varname[2] = {0};
|
||||||
varname[0] = getstr(tok,1);
|
unsigned int size = 0;
|
||||||
varname[1] = 0;
|
const char *type = 0;
|
||||||
unsigned int size = strtoul(getstr(tok,3), NULL, 10);
|
|
||||||
int total_size = size * SizeOfType(tok->str);
|
if (Match(tok, "%type% %var% [ %num% ] ;"))
|
||||||
|
{
|
||||||
|
varname[0] = getstr(tok,1);
|
||||||
|
size = strtoul(getstr(tok,3), NULL, 10);
|
||||||
|
type = tok->str;
|
||||||
|
}
|
||||||
|
else if (indentlevel > 0 && Match(tok, "[*;{}] %var% = new %type% [ %num% ]"))
|
||||||
|
{
|
||||||
|
varname[0] = getstr(tok,1);
|
||||||
|
size = strtoul(getstr(tok,6), NULL, 10);
|
||||||
|
type = getstr(tok, 4);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
|
int total_size = size * SizeOfType(type);
|
||||||
if (total_size == 0)
|
if (total_size == 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
|
37
tests.cpp
37
tests.cpp
|
@ -208,6 +208,14 @@ static void buffer_overrun()
|
||||||
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:5]: Array index out of bounds\n" );
|
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:5]: Array index out of bounds\n" );
|
||||||
|
|
||||||
|
|
||||||
|
code = "void f()\n"
|
||||||
|
"{\n"
|
||||||
|
" char *str = new char[0x10];\n"
|
||||||
|
" str[15] = 0;\n"
|
||||||
|
" str[16] = 0;\n"
|
||||||
|
"}\n";
|
||||||
|
check( CheckBufferOverrun, __LINE__, code, "[test.cpp:5]: Array index out of bounds\n" );
|
||||||
|
|
||||||
|
|
||||||
code = "void f()\n"
|
code = "void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
|
@ -455,6 +463,7 @@ static void memleak_in_function()
|
||||||
// * for/while..
|
// * for/while..
|
||||||
// * mismatching allocation and deallocation
|
// * mismatching allocation and deallocation
|
||||||
// * garbage collection
|
// * garbage collection
|
||||||
|
// * arrays
|
||||||
// * struct members
|
// * struct members
|
||||||
// * function calls
|
// * function calls
|
||||||
|
|
||||||
|
@ -610,6 +619,18 @@ static void memleak_in_function()
|
||||||
check( CheckMemoryLeak, __LINE__, code, "" );
|
check( CheckMemoryLeak, __LINE__, code, "" );
|
||||||
|
|
||||||
|
|
||||||
|
/* TODO
|
||||||
|
code = "void f()\n"
|
||||||
|
"{\n"
|
||||||
|
" char *str;\n"
|
||||||
|
" for (int i = 0; i < 10; ++i)\n"
|
||||||
|
" str = strdup(\"hello\");\n"
|
||||||
|
" free(str);\n"
|
||||||
|
"}\n";
|
||||||
|
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:5]: Memory leak: str" );
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
code = "void f()\n"
|
code = "void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" for (int i = 0; i < j; i++)\n"
|
" for (int i = 0; i < j; i++)\n"
|
||||||
|
@ -679,6 +700,22 @@ static void memleak_in_function()
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
////////////////////////////////////////////////
|
||||||
|
// arrays
|
||||||
|
////////////////////////////////////////////////
|
||||||
|
|
||||||
|
|
||||||
|
/* TODO
|
||||||
|
code = "static void f()\n"
|
||||||
|
"{\n"
|
||||||
|
" char *str[10];\n"
|
||||||
|
" str[0] = strdup(\"hello\");\n"
|
||||||
|
"}\n";
|
||||||
|
check( CheckMemoryLeak, __LINE__, code, "[test.cpp:3]: Memory leak: str[0]\n" );
|
||||||
|
*/
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
////////////////////////////////////////////////
|
////////////////////////////////////////////////
|
||||||
// struct members
|
// struct members
|
||||||
////////////////////////////////////////////////
|
////////////////////////////////////////////////
|
||||||
|
|
Loading…
Reference in New Issue