From b526fd7c49c5f4e77ec5cb988a5347692728ea67 Mon Sep 17 00:00:00 2001 From: Simon Martin Date: Fri, 21 Apr 2017 23:36:10 +0200 Subject: [PATCH] Ticket #7964: Don't crash on valid code using function pointers named strcpy or strcat in main(). --- lib/checkbufferoverrun.cpp | 6 +++++- test/testbufferoverrun.cpp | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index bb64d10b7..31d7bae75 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -1756,7 +1756,11 @@ void CheckBufferOverrun::checkInsecureCmdLineArgs() // Match common patterns that can result in a buffer overrun // e.g. strcpy(buffer, argv[0]) if (Token::Match(tok, "strcpy|strcat (")) { - tok = tok->tokAt(2)->nextArgument(); + const Token *nextArgument = tok->tokAt(2)->nextArgument(); + if (nextArgument) + tok = nextArgument; + else + continue; // Ticket #7964 if (Token::Match(tok, "* %varid%", varid) || Token::Match(tok, "%varid% [", varid)) cmdLineArgsError(tok); } diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 680fce7f6..10009d820 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -3731,6 +3731,16 @@ private: "}"); ASSERT_EQUALS("[test.cpp:3]: (error) Buffer overrun possible for long command line arguments.\n" "[test.cpp:4]: (error) Buffer overrun possible for long command line arguments.\n", errout.str()); + + // #7964 + check("int main(int argc, char *argv[]) {\n" + " char *strcpy();\n" + "}"); + ASSERT_EQUALS("", errout.str()); + check("int main(int argc, char *argv[]) {\n" + " char *strcat();\n" + "}"); + ASSERT_EQUALS("", errout.str()); } void checkBufferAllocatedWithStrlen() {