CheckBufferOverrun: Array index out of bounds.

This commit is contained in:
Daniel Marjamäki 2007-05-20 17:47:07 +00:00
parent 9ac1525d8e
commit bda349f9a6
1 changed files with 85 additions and 0 deletions

View File

@ -10,6 +10,7 @@
#include <vector>
#include <ctype.h>
#include <stdlib.h>
#include <string.h>
//---------------------------------------------------------------------------
@ -49,6 +50,9 @@ void CreateStatementList();
// Memory leak..
void CheckMemoryLeak();
// Buffer overrun..
void CheckBufferOverrun();
// Class
void CheckConstructors();
void CheckUnusedPrivateFunctions();
@ -106,6 +110,9 @@ static void CppCheck(const char FileName[])
// Memory leak
CheckMemoryLeak();
// Buffer overruns..
CheckBufferOverrun();
//std::ofstream f("tokens.txt");
//for (TOKEN *tok = tokens; tok; tok = tok->next)
@ -434,6 +441,11 @@ bool IsName(const char str[])
return (str[0]=='_' || isalpha(str[0]));
}
bool IsNumber(const char str[])
{
return isdigit(str[0]);
}
TOKEN *findtoken(TOKEN *tok1, const char *tokenstr[])
{
for (TOKEN *ret = tok1; ret; ret = ret->next)
@ -1278,6 +1290,13 @@ void CheckMemoryLeak()
iflevel--;
break;
// Not very interested in these..
case STATEMENT::LOOP:
case STATEMENT::ENDLOOP:
case STATEMENT::SWITCH:
case STATEMENT::ENDSWITCH:
break;
case STATEMENT::MALLOC:
case STATEMENT::NEW:
case STATEMENT::NEWARRAY:
@ -1414,6 +1433,7 @@ void CheckMemoryLeak()
endswitch = (it->Type == STATEMENT::ENDSWITCH);
}
}
//---------------------------------------------------------------------------
@ -1421,6 +1441,68 @@ void CheckMemoryLeak()
//---------------------------------------------------------------------------
// Buffer overrun..
//---------------------------------------------------------------------------
void CheckBufferOverrun()
{
int indentlevel = 0;
for (TOKEN *tok = tokens; tok; tok = tok->next)
{
if (tok->str[0]=='{')
indentlevel++;
else if (tok->str[0]=='}')
indentlevel--;
else if (indentlevel > 0)
{
// Declaring array..
if (match(tok, "type var [ num ] ;"))
{
const char *varname = getstr(tok,1);
unsigned int size = strtoul(getstr(tok,3), NULL, 10);
int _indentlevel = indentlevel;
for (TOKEN *tok2 = gettok(tok,5); tok2; tok2 = tok2->next)
{
if (tok2->str[0]=='{')
{
_indentlevel++;
}
else if (tok2->str[0]=='}')
{
_indentlevel--;
if (_indentlevel <= 0)
break;
}
else
{
if (strcmp(tok2->str,varname)==0 &&
strcmp(getstr(tok2,1),"[")==0 &&
IsNumber(getstr(tok2,2)) &&
strcmp(getstr(tok2,3),"]")==0 )
{
if (strtoul(getstr(tok,3), NULL, 10) >= size)
{
std::ostringstream ostr;
ostr << FileLine(tok2) << ": Array index out of bounds";
ReportErr(ostr.str());
}
}
}
}
}
}
}
}
//---------------------------------------------------------------------------
//---------------------------------------------------------------------------
// Check that all class constructors are ok.
@ -2012,6 +2094,9 @@ void WarningIf()
void WarningDangerousFunctions()
{
char str[10];
str[20] = 0;
for (TOKEN *tok = tokens; tok; tok = tok->next)
{
if (match(tok, "gets ("))