From a99515ca911c7826fe2808e7689c3d1b1404aeda Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 16 Sep 2012 08:20:43 +0200 Subject: [PATCH] Fixed #3933 (Negative array index issue (because sizeof struct is assumed to be 100)) --- lib/tokenize.cpp | 12 ------------ test/testbufferoverrun.cpp | 13 ++++++++----- test/testsimplifytokens.cpp | 13 +------------ 3 files changed, 9 insertions(+), 29 deletions(-) diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index 603af52c8..5ff9abd1b 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -3035,14 +3035,6 @@ void Tokenizer::createLinks2() bool Tokenizer::simplifySizeof() { - for (Token *tok = list.front(); tok; tok = tok->next()) { - if (Token::Match(tok, "class|struct %var%")) { - // we assume that the size of structs and classes are always - // 100 bytes. - _typeSize[tok->next()->str()] = 100; - } - } - // Locate variable declarations and calculate the size std::map sizeOfVar; for (Token *tok = list.front(); tok; tok = tok->next()) { @@ -3060,10 +3052,6 @@ bool Tokenizer::simplifySizeof() sizeOfVar[varId] = MathLib::longToString(size); } - else if (Token::Match(tok->tokAt(-3), "[;{}(,] struct %type% %var% [;,)]")) { - sizeOfVar[varId] = "100"; - } - else if (Token::Match(tok->previous(), "%type% %var% [ %num% ] [;=]") || Token::Match(tok->tokAt(-2), "%type% * %var% [ %num% ] [;=]")) { const unsigned int size = sizeOfType(tok->previous()); diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 20531dcdc..7f327d918 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -563,7 +563,7 @@ private: "}\n"); TODO_ASSERT_EQUALS("[test.cpp:9]: (error) Array 'str[1]' accessed at index 11, which is out of bounds.\n", "", errout.str()); - // This is out of bounds because it is outside the memory allocated. + // This is out of bounds if 'sizeof(ABC)' is 1 (No padding) check("struct ABC\n" "{\n" " char str[1];\n" @@ -574,7 +574,7 @@ private: " struct ABC* x = (struct ABC *)malloc(sizeof(ABC) + 10);\n" " x->str[11] = 0;" "}\n"); - ASSERT_EQUALS("[test.cpp:9]: (error) Array 'x.str[11]' accessed at index 11, which is out of bounds.\n", errout.str()); + TODO_ASSERT_EQUALS("error", "", errout.str()); // This is out of bounds because it is outside the memory allocated /** @todo this doesn't work because of a bug in sizeof(struct) */ @@ -591,6 +591,7 @@ private: TODO_ASSERT_EQUALS("[test.cpp:9]: (error) Array 'str[1]' accessed at index 1, which is out of bounds.\n", "", errout.str()); // This is out of bounds because it is outside the memory allocated + // But only if 'sizeof(ABC)' is 1 (No padding) check("struct ABC\n" "{\n" " char str[1];\n" @@ -601,7 +602,7 @@ private: " struct ABC* x = (struct ABC *)malloc(sizeof(ABC));\n" " x->str[1] = 0;" "}\n"); - ASSERT_EQUALS("[test.cpp:9]: (error) Array 'x.str[1]' accessed at index 1, which is out of bounds.\n", errout.str()); + TODO_ASSERT_EQUALS("error", "", errout.str()); // This is out of bounds because it is not a variable array check("struct ABC\n" @@ -2791,6 +2792,7 @@ private: "}\n"); ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds.\n", errout.str()); + // This is out of bounds if 'sizeof(ABC)' is 1 (No padding) check("struct Foo { char a[1]; };\n" "void f()\n" "{\n" @@ -2798,7 +2800,7 @@ private: " sprintf(x.a, \"aa\");\n" " free(x);\n" "}\n"); - ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds.\n", errout.str()); + TODO_ASSERT_EQUALS("error", "", errout.str()); check("struct Foo { char a[1]; };\n" "void f()\n" @@ -2883,6 +2885,7 @@ private: "}\n"); ASSERT_EQUALS("[test.cpp:5]: (error) snprintf size is out of bounds: Supplied size 2 is larger than actual size 1.\n", errout.str()); + // This is out of bounds if 'sizeof(ABC)' is 1 (No padding) check("struct Foo { char a[1]; };\n" "void f()\n" "{\n" @@ -2890,7 +2893,7 @@ private: " snprintf(x.a, 2, \"aa\");\n" " free(x);\n" "}\n"); - ASSERT_EQUALS("[test.cpp:5]: (error) snprintf size is out of bounds: Supplied size 2 is larger than actual size 1.\n", errout.str()); + TODO_ASSERT_EQUALS("error", "", errout.str()); check("struct Foo { char a[1]; };\n" "void f()\n" diff --git a/test/testsimplifytokens.cpp b/test/testsimplifytokens.cpp index a87fb7e8b..7b8483e2e 100644 --- a/test/testsimplifytokens.cpp +++ b/test/testsimplifytokens.cpp @@ -65,7 +65,6 @@ private: TEST_CASE(elseif1); TEST_CASE(ifa_ifa); // "if (a) { if (a) .." => "if (a) { if (1) .." - TEST_CASE(sizeof1); TEST_CASE(sizeof2); TEST_CASE(sizeof3); TEST_CASE(sizeof4); @@ -88,7 +87,6 @@ private: TEST_CASE(sizeof21); // #2232 - sizeof...(Args) TEST_CASE(sizeof22); // #2599 TEST_CASE(sizeof23); // #2604 - TEST_CASE(sizeof24); // struct variable TEST_CASE(sizeofsizeof); TEST_CASE(casting); @@ -973,10 +971,6 @@ private: return tokenizer.sizeOfType(&tok1); } - void sizeof1() { - ASSERT_EQUALS("struct ABC * abc ; abc = malloc ( 100 ) ;", tok("struct ABC *abc = malloc(sizeof(*abc));")); - ASSERT_EQUALS("struct ABC * abc ; abc = malloc ( 100 ) ;", tok("struct ABC *abc = malloc(sizeof *abc );")); - } void sizeof2() { @@ -1505,7 +1499,7 @@ private: ASSERT_EQUALS("struct struct_a { char a [ 20 ] ; } ; " "void foo ( ) {" " struct_a a ;" - " append ( 100 ) . append ( ) ; " + " append ( sizeof ( a ) ) . append ( ) ; " "}", tok(code)); } @@ -1544,11 +1538,6 @@ private: tok(code); } - void sizeof24() { - const char code[] = "; struct AB ab; sizeof(ab)"; - ASSERT_EQUALS("; struct AB ab ; 100", tok(code)); - } - void sizeofsizeof() { // ticket #1682