walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

use symbol database to lookup variable type for buffer overrun checks

This commit is contained in:
Robert Reif 2011-06-22 23:11:17 -04:00
parent 48e6ea271a
commit a87fb388e3
1 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

25
lib/checkbufferoverrun.cpp
View File

@ -1277,10 +1277,15 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
continue; // FIXME we loose the check for negative index when we bail
// get maximum size from type
// find where this token is defined
const Token *index_type = Token::findmatch(_tokenizer->tokens(), "%varid%", tok->tokAt(varpos + 2)->varId());
// find where this type is defined
const Variable *var = _tokenizer->getSymbolDatabase()->getVariableFromVarId(tok->tokAt(varpos + 2)->varId());
index_type = index_type->previous();
// make sure it is in the database
if (!var)
continue;
// get type token
const Token *index_type = var->typeEndToken();
if (index_type->str() == "char")
{
@ -1363,16 +1368,18 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
if (varid > 0)
{
// get type of variable
const Token *declTok = Token::findmatch(_tokenizer->tokens(), "[;{}] %type% * %varid% ;", varid);
if (!declTok)
const Variable *var = _tokenizer->getSymbolDatabase()->getVariableFromVarId(varid);
/** @todo false negatives: this may be too conservative */
if (!var || var->typeEndToken()->str() != "*" || var->typeStartToken()->next() != var->typeEndToken())
continue;
type = declTok->next()->str();
// get name of variable
type = var->typeStartToken()->str();
// malloc() gets count of bytes and not count of
// elements, so we should calculate count of elements
// manually
unsigned int sizeOfType = _tokenizer->sizeOfType(declTok->next());
unsigned int sizeOfType = _tokenizer->sizeOfType(var->typeStartToken());
if (sizeOfType > 0)
size /= static_cast<int>(sizeOfType);
}
@ -1903,8 +1910,8 @@ void CheckBufferOverrun::negativeIndex()
if (tok2->previous() && tok2->previous()->varId())
{
const Token *tok3 = Token::findmatch(_tokenizer->tokens(), "%varid%", tok2->previous()->varId());
if (tok3 && Token::Match(tok3->next(), "[ %any% ] ;|["))
const Variable *var = _tokenizer->getSymbolDatabase()->getVariableFromVarId(tok2->previous()->varId());
if (var && var->isArray())
negativeIndexError(tok, index);
}
}