From acd65a6829e77e8a37010ee86413b6c158fa4c20 Mon Sep 17 00:00:00 2001 From: Lucas Manuel Rodriguez Date: Thu, 29 Aug 2013 08:12:05 -0300 Subject: [PATCH] Fixed #4991: False Positive - Dangerous usage of 'arr' (not null-terminated) --- lib/checkuninitvar.cpp | 3 +++ test/testuninitvar.cpp | 18 ++++++++++++++++++ 2 files changed, 21 insertions(+) diff --git a/lib/checkuninitvar.cpp b/lib/checkuninitvar.cpp index dc6e2d34b..9d35d095b 100644 --- a/lib/checkuninitvar.cpp +++ b/lib/checkuninitvar.cpp @@ -284,6 +284,9 @@ private: if (!Token::Match(c->var->typeStartToken(), "char|wchar_t")) { continue; } + if (Token::Match(tok->next(), "[")) { // Check if it's not being accesed like: 'str[1]' + continue; + } checkUninitVar->uninitstringError(tok, c->var->name(), c->strncpy_); } else if (c->var->isPointer() && !c->var->isArray() && c->alloc) checkUninitVar->uninitdataError(tok, c->var->name()); diff --git a/test/testuninitvar.cpp b/test/testuninitvar.cpp index 85ac2a652..8cccf4a5c 100644 --- a/test/testuninitvar.cpp +++ b/test/testuninitvar.cpp @@ -46,6 +46,7 @@ private: TEST_CASE(uninitvar_strncpy); // strncpy doesn't always null-terminate TEST_CASE(uninitvar_memset); // not null-terminated TEST_CASE(uninitvar_memset_nonchar); + TEST_CASE(uninitvar_memset_char_access); TEST_CASE(uninitvar_func); // analyse functions TEST_CASE(func_uninit_var); // analyse function calls for: 'int a(int x) { return x+x; }' TEST_CASE(func_uninit_pointer); // analyse function calls for: 'void a(int *p) { *p = 0; }' @@ -1627,6 +1628,14 @@ private: " strncpy(str, buf, 10);\n" "}"); ASSERT_EQUALS("", errout.str()); + + checkUninitVar("void f() {\n" + " char dst[4];\n" + " const char* source = \"You\";\n" + " strncpy(dst, source, sizeof(dst));\n" + " char value = dst[2];\n" + "}"); + ASSERT_EQUALS("", errout.str()); } // initialization with memset (not 0-terminating string).. @@ -1648,6 +1657,15 @@ private: ASSERT_EQUALS(errout.str(), ""); } + void uninitvar_memset_char_access() { + checkUninitVar("void f() {\n" + " unsigned char c[10];\n" + " memset(c, 32, 10);\n" + " unsigned char value = c[3];\n" + "}"); + ASSERT_EQUALS(errout.str(), ""); + } + std::string analyseFunctions(const char code[]) { // Clear the error buffer.. errout.str("");