diff --git a/main.cpp b/main.cpp index 29572c450..4fde0eadc 100644 --- a/main.cpp +++ b/main.cpp @@ -10,6 +10,7 @@ #include #include +#include #include //--------------------------------------------------------------------------- @@ -49,6 +50,9 @@ void CreateStatementList(); // Memory leak.. void CheckMemoryLeak(); +// Buffer overrun.. +void CheckBufferOverrun(); + // Class void CheckConstructors(); void CheckUnusedPrivateFunctions(); @@ -106,6 +110,9 @@ static void CppCheck(const char FileName[]) // Memory leak CheckMemoryLeak(); + // Buffer overruns.. + CheckBufferOverrun(); + //std::ofstream f("tokens.txt"); //for (TOKEN *tok = tokens; tok; tok = tok->next) @@ -434,6 +441,11 @@ bool IsName(const char str[]) return (str[0]=='_' || isalpha(str[0])); } +bool IsNumber(const char str[]) +{ + return isdigit(str[0]); +} + TOKEN *findtoken(TOKEN *tok1, const char *tokenstr[]) { for (TOKEN *ret = tok1; ret; ret = ret->next) @@ -1278,6 +1290,13 @@ void CheckMemoryLeak() iflevel--; break; + // Not very interested in these.. + case STATEMENT::LOOP: + case STATEMENT::ENDLOOP: + case STATEMENT::SWITCH: + case STATEMENT::ENDSWITCH: + break; + case STATEMENT::MALLOC: case STATEMENT::NEW: case STATEMENT::NEWARRAY: @@ -1414,6 +1433,7 @@ void CheckMemoryLeak() endswitch = (it->Type == STATEMENT::ENDSWITCH); } } +//--------------------------------------------------------------------------- @@ -1421,6 +1441,68 @@ void CheckMemoryLeak() +//--------------------------------------------------------------------------- +// Buffer overrun.. +//--------------------------------------------------------------------------- + +void CheckBufferOverrun() +{ + int indentlevel = 0; + for (TOKEN *tok = tokens; tok; tok = tok->next) + { + if (tok->str[0]=='{') + indentlevel++; + + else if (tok->str[0]=='}') + indentlevel--; + + else if (indentlevel > 0) + { + // Declaring array.. + if (match(tok, "type var [ num ] ;")) + { + const char *varname = getstr(tok,1); + unsigned int size = strtoul(getstr(tok,3), NULL, 10); + int _indentlevel = indentlevel; + for (TOKEN *tok2 = gettok(tok,5); tok2; tok2 = tok2->next) + { + if (tok2->str[0]=='{') + { + _indentlevel++; + } + else if (tok2->str[0]=='}') + { + _indentlevel--; + if (_indentlevel <= 0) + break; + } + else + { + if (strcmp(tok2->str,varname)==0 && + strcmp(getstr(tok2,1),"[")==0 && + IsNumber(getstr(tok2,2)) && + strcmp(getstr(tok2,3),"]")==0 ) + { + if (strtoul(getstr(tok,3), NULL, 10) >= size) + { + std::ostringstream ostr; + ostr << FileLine(tok2) << ": Array index out of bounds"; + ReportErr(ostr.str()); + } + } + } + } + } + } + } +} +//--------------------------------------------------------------------------- + + + + + + //--------------------------------------------------------------------------- // Check that all class constructors are ok. @@ -2012,6 +2094,9 @@ void WarningIf() void WarningDangerousFunctions() { + char str[10]; + str[20] = 0; + for (TOKEN *tok = tokens; tok; tok = tok->next) { if (match(tok, "gets ("))