CheckBufferOverrun: Array index out of bounds.
This commit is contained in:
Daniel Marjamäki
parent
9ac1525d8e
commit
bda349f9a6
85
main.cpp
85
main.cpp
|
|
@ -10,6 +10,7 @@
|
|||
#include <vector>
|
||||
|
||||
#include <ctype.h>
|
||||
#include <stdlib.h>
|
||||
#include <string.h>
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
|
|
@ -49,6 +50,9 @@ void CreateStatementList();
|
|||
// Memory leak..
|
||||
void CheckMemoryLeak();
|
||||
|
||||
// Buffer overrun..
|
||||
void CheckBufferOverrun();
|
||||
|
||||
// Class
|
||||
void CheckConstructors();
|
||||
void CheckUnusedPrivateFunctions();
|
||||
|
|
@ -106,6 +110,9 @@ static void CppCheck(const char FileName[])
|
|||
// Memory leak
|
||||
CheckMemoryLeak();
|
||||
|
||||
// Buffer overruns..
|
||||
CheckBufferOverrun();
|
||||
|
||||
|
||||
//std::ofstream f("tokens.txt");
|
||||
//for (TOKEN *tok = tokens; tok; tok = tok->next)
|
||||
|
|
@ -434,6 +441,11 @@ bool IsName(const char str[])
|
|||
return (str[0]=='_' || isalpha(str[0]));
|
||||
}
|
||||
|
||||
bool IsNumber(const char str[])
|
||||
{
|
||||
return isdigit(str[0]);
|
||||
}
|
||||
|
||||
TOKEN *findtoken(TOKEN *tok1, const char *tokenstr[])
|
||||
{
|
||||
for (TOKEN *ret = tok1; ret; ret = ret->next)
|
||||
|
|
@ -1278,6 +1290,13 @@ void CheckMemoryLeak()
|
|||
iflevel--;
|
||||
break;
|
||||
|
||||
// Not very interested in these..
|
||||
case STATEMENT::LOOP:
|
||||
case STATEMENT::ENDLOOP:
|
||||
case STATEMENT::SWITCH:
|
||||
case STATEMENT::ENDSWITCH:
|
||||
break;
|
||||
|
||||
case STATEMENT::MALLOC:
|
||||
case STATEMENT::NEW:
|
||||
case STATEMENT::NEWARRAY:
|
||||
|
|
@ -1414,6 +1433,7 @@ void CheckMemoryLeak()
|
|||
endswitch = (it->Type == STATEMENT::ENDSWITCH);
|
||||
}
|
||||
}
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
|
||||
|
|
@ -1421,6 +1441,68 @@ void CheckMemoryLeak()
|
|||
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Buffer overrun..
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
void CheckBufferOverrun()
|
||||
{
|
||||
int indentlevel = 0;
|
||||
for (TOKEN *tok = tokens; tok; tok = tok->next)
|
||||
{
|
||||
if (tok->str[0]=='{')
|
||||
indentlevel++;
|
||||
|
||||
else if (tok->str[0]=='}')
|
||||
indentlevel--;
|
||||
|
||||
else if (indentlevel > 0)
|
||||
{
|
||||
// Declaring array..
|
||||
if (match(tok, "type var [ num ] ;"))
|
||||
{
|
||||
const char *varname = getstr(tok,1);
|
||||
unsigned int size = strtoul(getstr(tok,3), NULL, 10);
|
||||
int _indentlevel = indentlevel;
|
||||
for (TOKEN *tok2 = gettok(tok,5); tok2; tok2 = tok2->next)
|
||||
{
|
||||
if (tok2->str[0]=='{')
|
||||
{
|
||||
_indentlevel++;
|
||||
}
|
||||
else if (tok2->str[0]=='}')
|
||||
{
|
||||
_indentlevel--;
|
||||
if (_indentlevel <= 0)
|
||||
break;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (strcmp(tok2->str,varname)==0 &&
|
||||
strcmp(getstr(tok2,1),"[")==0 &&
|
||||
IsNumber(getstr(tok2,2)) &&
|
||||
strcmp(getstr(tok2,3),"]")==0 )
|
||||
{
|
||||
if (strtoul(getstr(tok,3), NULL, 10) >= size)
|
||||
{
|
||||
std::ostringstream ostr;
|
||||
ostr << FileLine(tok2) << ": Array index out of bounds";
|
||||
ReportErr(ostr.str());
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
//---------------------------------------------------------------------------
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
//---------------------------------------------------------------------------
|
||||
// Check that all class constructors are ok.
|
||||
|
|
@ -2012,6 +2094,9 @@ void WarningIf()
|
|||
|
||||
void WarningDangerousFunctions()
|
||||
{
|
||||
char str[10];
|
||||
str[20] = 0;
|
||||
|
||||
for (TOKEN *tok = tokens; tok; tok = tok->next)
|
||||
{
|
||||
if (match(tok, "gets ("))
|
||||
|
|
|
|||
Loading…
Reference in New Issue