Fixed #1705 (false negative: access past end of buffer)
This commit is contained in:
parent
14f12e0647
commit
a73ada54d5
|
@ -1170,6 +1170,13 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
|
||||||
varid = tok->tokAt(1)->varId();
|
varid = tok->tokAt(1)->varId();
|
||||||
nextTok = 8;
|
nextTok = 8;
|
||||||
}
|
}
|
||||||
|
else if (indentlevel > 0 && Token::Match(tok, "[;{}] %var% = %str% ;"))
|
||||||
|
{
|
||||||
|
size = 1 + tok->tokAt(3)->strValue().size();
|
||||||
|
type = "char";
|
||||||
|
varid = tok->next()->varId();
|
||||||
|
nextTok = 4;
|
||||||
|
}
|
||||||
else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;"))
|
else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;"))
|
||||||
{
|
{
|
||||||
size = MathLib::toLongNumber(tok->strAt(5));
|
size = MathLib::toLongNumber(tok->strAt(5));
|
||||||
|
|
|
@ -158,6 +158,7 @@ private:
|
||||||
|
|
||||||
TEST_CASE(alloc1); // Buffer allocated with new
|
TEST_CASE(alloc1); // Buffer allocated with new
|
||||||
TEST_CASE(alloc2); // Buffer allocated with malloc
|
TEST_CASE(alloc2); // Buffer allocated with malloc
|
||||||
|
TEST_CASE(alloc3); // statically allocated buffer
|
||||||
|
|
||||||
TEST_CASE(memset1);
|
TEST_CASE(memset1);
|
||||||
TEST_CASE(memset2);
|
TEST_CASE(memset2);
|
||||||
|
@ -2064,6 +2065,17 @@ private:
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (error) Array 'x[10]' index 10 out of bounds\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (error) Array 'x[10]' index 10 out of bounds\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// statically allocated buffer
|
||||||
|
void alloc3()
|
||||||
|
{
|
||||||
|
check("void foo()\n"
|
||||||
|
"{\n"
|
||||||
|
" const char *s = \"123\";\n"
|
||||||
|
" s[10] = 0;\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (error) Array 's[4]' index 10 out of bounds\n", errout.str());
|
||||||
|
}
|
||||||
|
|
||||||
void memset1()
|
void memset1()
|
||||||
{
|
{
|
||||||
check("void foo()\n"
|
check("void foo()\n"
|
||||||
|
|
Loading…
Reference in New Issue