From ba5558748dbf963b35badbea4ed3a10c1bc8ca77 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Fri, 23 Dec 2011 08:44:28 +0100 Subject: [PATCH] Uninitialized variables: Fixed false 'dangerous usage of strncpy' positive when resulting string is used by strncpy --- lib/checkuninitvar.cpp | 8 ++++++++ test/testuninitvar.cpp | 8 ++++++++ 2 files changed, 16 insertions(+) diff --git a/lib/checkuninitvar.cpp b/lib/checkuninitvar.cpp index 7d3ecb699..d1e18939a 100644 --- a/lib/checkuninitvar.cpp +++ b/lib/checkuninitvar.cpp @@ -593,9 +593,17 @@ private: std::list var; CheckNullPointer::parseFunctionCall(tok, var, 1); for (std::list::const_iterator it = var.begin(); it != var.end(); ++it) { + // does iterator point at first function parameter? + const bool firstPar(*it == tok.tokAt(2)); + // is function memset/memcpy/etc? if (tok.str().compare(0,3,"mem") == 0) use_array_mem(checks, *it); + + // second parameter for strncpy/strncat/etc + else if (!firstPar && tok.str().compare(0,4,"strn") == 0) + use_array_mem(checks, *it); + else use_array(checks, *it); diff --git a/test/testuninitvar.cpp b/test/testuninitvar.cpp index fc2199f9c..d4daee407 100644 --- a/test/testuninitvar.cpp +++ b/test/testuninitvar.cpp @@ -1374,6 +1374,14 @@ private: "}"); ASSERT_EQUALS("", errout.str()); } + + // Using strncpy isn't necessarily dangerous usage + checkUninitVar("void f(const char dev[], char *str) {\n" + " char buf[10];\n" + " strncpy(buf, dev, 10);\n" + " strncpy(str, buf, 10);\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); } // initialization with memset (not 0-terminating string)..