walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

testbufferoverrun; fixed TODO test cases for pointer arithmetic overflows

This commit is contained in:
Daniel Marjamäki 2021-05-15 20:32:46 +02:00
parent 680a1ee1b9
commit b8314289c6
2 changed files with 12 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
lib/checkbufferoverrun.cpp
View File

@ -436,7 +436,7 @@ void CheckBufferOverrun::pointerArithmetic()
continue;
if (!tok->valueType() || tok->valueType()->pointer == 0)
continue;
if (!tok->astOperand1() || !tok->astOperand2())
if (!tok->isBinaryOp())
continue;
if (!tok->astOperand1()->valueType() || !tok->astOperand2()->valueType())
continue;
@ -472,7 +472,14 @@ void CheckBufferOverrun::pointerArithmetic()
if (const ValueFlow::Value *neg = indexToken->getValueLE(-1, mSettings))
pointerArithmeticError(tok, indexToken, neg);
} else if (tok->str() == "-") {
// TODO
const Token *array = arrayToken;
while (Token::Match(array, ".|::"))
array = array->astOperand2();
if (array->variable() && array->variable()->isArray()) {
const ValueFlow::Value *v = indexToken->getValueGE(1, mSettings);
if (v)
pointerArithmeticError(tok, indexToken, v);
}
}
}
}

6
test/testbufferoverrun.cpp
View File

@ -198,7 +198,7 @@ private:
TEST_CASE(pointer_out_of_bounds_2);
TEST_CASE(pointer_out_of_bounds_3);
TEST_CASE(pointer_out_of_bounds_4);
// TODO TEST_CASE(pointer_out_of_bounds_sub);
TEST_CASE(pointer_out_of_bounds_sub);
TEST_CASE(strcat1);
@ -3039,14 +3039,14 @@ private:
" if (i == 123) {}\n"
" dostuff(x-i);\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (portability) Undefined behaviour, when 'i' is 123 the pointer arithmetic 'x-i' is out of bounds.\n", errout.str());
ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (portability) Undefined behaviour, when 'i' is 123 the pointer arithmetic 'x-i' is out of bounds.\n", errout.str());
check("void f(int i) {\n"
" char x[10];\n"
" if (i == -20) {}\n"
" dostuff(x-i);\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (portability) Undefined behaviour, when 'i' is -20 the pointer arithmetic 'x-i' is out of bounds.\n", errout.str());
TODO_ASSERT_EQUALS("[test.cpp:4]: (portability) Undefined behaviour, when 'i' is -20 the pointer arithmetic 'x-i' is out of bounds.\n", "", errout.str());
}
void strcat1() {