CheckBufferOverrun: Improved checking of arrays declared like this: "type * var [ num ]"

This commit is contained in:
Daniel Marjamäki 2008-03-27 05:41:21 +00:00
parent 021b86afa2
commit bf6926232b
2 changed files with 46 additions and 8 deletions

View File

@ -461,11 +461,14 @@ static void CheckBufferOverrun_LocalVariable()
static void CheckBufferOverrun_StructVariable()
{
const char *declstruct_pattern[] = {"struct","","{",0};
const char *declstruct_pattern[] = {"","","{",0};
for ( const TOKEN * tok = findtoken( tokens, declstruct_pattern );
tok;
tok = findtoken( tok->next, declstruct_pattern ) )
{
if ( strcmp(tok->str, "struct") && strcmp(tok->str, "class") )
continue;
const char *structname = tok->next->str;
if ( ! IsName( structname ) )
@ -480,11 +483,14 @@ static void CheckBufferOverrun_StructVariable()
if ( strchr( ";{,(", tok2->str[0] ) )
{
// Declare array..
if ( match(tok2->next, "var var [ num ] ;") )
if ( match(tok2->next, "type var [ num ] ;") ||
match(tok2->next, "type * var [ num ] ;") )
{
const char *varname[3] = {0,0,0};
varname[1] = getstr(tok2, 2);
int arrsize = atoi(getstr(tok2, 4));
int ivar = IsName(getstr(tok2, 2)) ? 2 : 3;
varname[1] = getstr(tok2, ivar);
int arrsize = atoi(getstr(tok2, ivar+2));
int total_size = arrsize * SizeOfType(tok2->next->str);
if (total_size == 0)
continue;

View File

@ -418,7 +418,20 @@ static void buffer_overrun()
const char test11[] = "static void memclr( char *data )\n"
const char test11[] = "struct ABC\n"
"{\n"
" char str[5];\n"
"};\n"
"\n"
"static void f(ABC *abc)\n"
"{\n"
" strcpy( abc->str, \"abcdef\" );\n"
"}\n";
check( CheckBufferOverrun, __LINE__, test11, "[test.cpp:8]: Buffer overrun\n" );
const char test12[] = "static void memclr( char *data )\n"
"{\n"
" data[10] = 0;\n"
"}\n"
@ -428,10 +441,10 @@ static void buffer_overrun()
" char str[5];\n"
" memclr( str ); // ERROR\n"
"}\n";
check( CheckBufferOverrun, __LINE__, test11, "[test.cpp:9] -> [test.cpp:3]: Array index out of bounds\n" );
check( CheckBufferOverrun, __LINE__, test12, "[test.cpp:9] -> [test.cpp:3]: Array index out of bounds\n" );
const char test12[] = "struct ABC\n"
const char test13[] = "struct ABC\n"
"{\n"
" char str[10];\n"
"};\n"
@ -445,7 +458,26 @@ static void buffer_overrun()
"{\n"
" memclr(abc->str);\n"
"}\n";
check( CheckBufferOverrun, __LINE__, test12, "[test.cpp:13] -> [test.cpp:8]: Array index out of bounds\n" );
check( CheckBufferOverrun, __LINE__, test13, "[test.cpp:13] -> [test.cpp:8]: Array index out of bounds\n" );
const char test14[] = "class ABC\n"
"{\n"
"public:\n"
" ABC();\n"
" char *str[10];\n"
" struct ABC *next;"
"};\n"
"\n"
"static void f()\n"
"{\n"
" for ( ABC *abc = abc1; abc; abc = abc->next )\n"
" {\n"
" abc->str[10] = 0;\n"
" }\n"
"}\n";
check( CheckBufferOverrun, __LINE__, test14, "[test.cpp:12]: Array index out of bounds\n" );