From a73ada54d5fab47623b466c9a0fe85c7f075845c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 10 Oct 2010 09:15:18 +0200 Subject: [PATCH] Fixed #1705 (false negative: access past end of buffer) --- lib/checkbufferoverrun.cpp | 7 +++++++ test/testbufferoverrun.cpp | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 6b7abe743..35b693543 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -1170,6 +1170,13 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable() varid = tok->tokAt(1)->varId(); nextTok = 8; } + else if (indentlevel > 0 && Token::Match(tok, "[;{}] %var% = %str% ;")) + { + size = 1 + tok->tokAt(3)->strValue().size(); + type = "char"; + varid = tok->next()->varId(); + nextTok = 4; + } else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;")) { size = MathLib::toLongNumber(tok->strAt(5)); diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 9b5e83ffe..4d4cad893 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -158,6 +158,7 @@ private: TEST_CASE(alloc1); // Buffer allocated with new TEST_CASE(alloc2); // Buffer allocated with malloc + TEST_CASE(alloc3); // statically allocated buffer TEST_CASE(memset1); TEST_CASE(memset2); @@ -2064,6 +2065,17 @@ private: ASSERT_EQUALS("[test.cpp:4]: (error) Array 'x[10]' index 10 out of bounds\n", errout.str()); } + // statically allocated buffer + void alloc3() + { + check("void foo()\n" + "{\n" + " const char *s = \"123\";\n" + " s[10] = 0;\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:4]: (error) Array 's[4]' index 10 out of bounds\n", errout.str()); + } + void memset1() { check("void foo()\n"