walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Reviewed handling of unknown types in ExecutionPathBufferOverrun

This commit is contained in:
Daniel Marjamäki 2012-06-23 08:15:59 +02:00
parent dc4982115a
commit ac524c56ad
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/checkbufferoverrun.cpp
View File

@ -2000,7 +2000,7 @@ private:
const Token *parse(const Token &tok, std::list<ExecutionPath *> &checks) const { const Token *parse(const Token &tok, std::list<ExecutionPath *> &checks) const {
if (Token::Match(tok.previous(), "[;{}]")) { if (Token::Match(tok.previous(), "[;{}]")) {
// Declaring variable.. // Declaring variable..
if (Token::Match(&tok, "%type% %var% ;") && tok.isStandardType()) { if (Token::Match(&tok, "%type% %var% ;") /*&& (tok.isStandardType() || isC)*/) {
checks.push_back(new ExecutionPathBufferOverrun(owner, arrayInfo, tok.next()->varId())); checks.push_back(new ExecutionPathBufferOverrun(owner, arrayInfo, tok.next()->varId()));
return tok.tokAt(2); return tok.tokAt(2);
} }

16
test/testbufferoverrun.cpp
View File

@ -223,6 +223,7 @@ private:
TEST_CASE(executionPaths3); // no FP for function parameter TEST_CASE(executionPaths3); // no FP for function parameter
TEST_CASE(executionPaths4); // Ticket #2386 - Segmentation fault in the ExecutionPath handling TEST_CASE(executionPaths4); // Ticket #2386 - Segmentation fault in the ExecutionPath handling
TEST_CASE(executionPaths5); // Ticket #2920 - False positive when size is unknown TEST_CASE(executionPaths5); // Ticket #2920 - False positive when size is unknown
TEST_CASE(executionPaths6); // unknown types
TEST_CASE(cmdLineArgs1); TEST_CASE(cmdLineArgs1);
@ -3363,7 +3364,7 @@ private:
} }
void epcheck(const char code[]) { void epcheck(const char code[], const char filename[] = "test.cpp") {
// Clear the error buffer.. // Clear the error buffer..
errout.str(""); errout.str("");
@ -3372,7 +3373,7 @@ private:
// Tokenize.. // Tokenize..
Tokenizer tokenizer(&settings, this); Tokenizer tokenizer(&settings, this);
std::istringstream istr(code); std::istringstream istr(code);
tokenizer.tokenize(istr, "test.cpp"); tokenizer.tokenize(istr, filename);
tokenizer.simplifyTokenList(); tokenizer.simplifyTokenList();
// Check for buffer overruns.. // Check for buffer overruns..
@ -3450,6 +3451,17 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
void executionPaths6() { // handling unknown type
const char code[] = "void f() {\n"
" u32 a[10];"
" u32 i = 0;\n"
" if (x) { i = 1000; }\n"
" a[i] = 0;\n"
"}";
epcheck(code);
ASSERT_EQUALS("[test.cpp:4]: (error) Array 'a[10]' index 1000 out of bounds\n", errout.str());
}
void cmdLineArgs1() { void cmdLineArgs1() {
check("int main(int argc, char* argv[])\n" check("int main(int argc, char* argv[])\n"
"{\n" "{\n"