Fixed #1705 (false negative: access past end of buffer)

This commit is contained in:
Daniel Marjamäki 2010-10-10 09:15:18 +02:00
parent 14f12e0647
commit a73ada54d5
2 changed files with 19 additions and 0 deletions

View File

@ -1170,6 +1170,13 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
varid = tok->tokAt(1)->varId(); varid = tok->tokAt(1)->varId();
nextTok = 8; nextTok = 8;
} }
else if (indentlevel > 0 && Token::Match(tok, "[;{}] %var% = %str% ;"))
{
size = 1 + tok->tokAt(3)->strValue().size();
type = "char";
varid = tok->next()->varId();
nextTok = 4;
}
else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;")) else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;"))
{ {
size = MathLib::toLongNumber(tok->strAt(5)); size = MathLib::toLongNumber(tok->strAt(5));

View File

@ -158,6 +158,7 @@ private:
TEST_CASE(alloc1); // Buffer allocated with new TEST_CASE(alloc1); // Buffer allocated with new
TEST_CASE(alloc2); // Buffer allocated with malloc TEST_CASE(alloc2); // Buffer allocated with malloc
TEST_CASE(alloc3); // statically allocated buffer
TEST_CASE(memset1); TEST_CASE(memset1);
TEST_CASE(memset2); TEST_CASE(memset2);
@ -2064,6 +2065,17 @@ private:
ASSERT_EQUALS("[test.cpp:4]: (error) Array 'x[10]' index 10 out of bounds\n", errout.str()); ASSERT_EQUALS("[test.cpp:4]: (error) Array 'x[10]' index 10 out of bounds\n", errout.str());
} }
// statically allocated buffer
void alloc3()
{
check("void foo()\n"
"{\n"
" const char *s = \"123\";\n"
" s[10] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (error) Array 's[4]' index 10 out of bounds\n", errout.str());
}
void memset1() void memset1()
{ {
check("void foo()\n" check("void foo()\n"