From bf6926232b3c9767a4f7a412c0b254f93fede41b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Thu, 27 Mar 2008 05:41:21 +0000 Subject: [PATCH] CheckBufferOverrun: Improved checking of arrays declared like this: "type * var [ num ]" --- CheckBufferOverrun.cpp | 14 ++++++++++---- tests.cpp | 40 ++++++++++++++++++++++++++++++++++++---- 2 files changed, 46 insertions(+), 8 deletions(-) diff --git a/CheckBufferOverrun.cpp b/CheckBufferOverrun.cpp index 498a29551..9644424a1 100644 --- a/CheckBufferOverrun.cpp +++ b/CheckBufferOverrun.cpp @@ -461,11 +461,14 @@ static void CheckBufferOverrun_LocalVariable() static void CheckBufferOverrun_StructVariable() { - const char *declstruct_pattern[] = {"struct","","{",0}; + const char *declstruct_pattern[] = {"","","{",0}; for ( const TOKEN * tok = findtoken( tokens, declstruct_pattern ); tok; tok = findtoken( tok->next, declstruct_pattern ) ) { + if ( strcmp(tok->str, "struct") && strcmp(tok->str, "class") ) + continue; + const char *structname = tok->next->str; if ( ! IsName( structname ) ) @@ -480,11 +483,14 @@ static void CheckBufferOverrun_StructVariable() if ( strchr( ";{,(", tok2->str[0] ) ) { // Declare array.. - if ( match(tok2->next, "var var [ num ] ;") ) + if ( match(tok2->next, "type var [ num ] ;") || + match(tok2->next, "type * var [ num ] ;") ) { const char *varname[3] = {0,0,0}; - varname[1] = getstr(tok2, 2); - int arrsize = atoi(getstr(tok2, 4)); + int ivar = IsName(getstr(tok2, 2)) ? 2 : 3; + + varname[1] = getstr(tok2, ivar); + int arrsize = atoi(getstr(tok2, ivar+2)); int total_size = arrsize * SizeOfType(tok2->next->str); if (total_size == 0) continue; diff --git a/tests.cpp b/tests.cpp index 16fb3f588..9542ee9c9 100644 --- a/tests.cpp +++ b/tests.cpp @@ -418,7 +418,20 @@ static void buffer_overrun() - const char test11[] = "static void memclr( char *data )\n" + const char test11[] = "struct ABC\n" + "{\n" + " char str[5];\n" + "};\n" + "\n" + "static void f(ABC *abc)\n" + "{\n" + " strcpy( abc->str, \"abcdef\" );\n" + "}\n"; + check( CheckBufferOverrun, __LINE__, test11, "[test.cpp:8]: Buffer overrun\n" ); + + + + const char test12[] = "static void memclr( char *data )\n" "{\n" " data[10] = 0;\n" "}\n" @@ -428,10 +441,10 @@ static void buffer_overrun() " char str[5];\n" " memclr( str ); // ERROR\n" "}\n"; - check( CheckBufferOverrun, __LINE__, test11, "[test.cpp:9] -> [test.cpp:3]: Array index out of bounds\n" ); + check( CheckBufferOverrun, __LINE__, test12, "[test.cpp:9] -> [test.cpp:3]: Array index out of bounds\n" ); - const char test12[] = "struct ABC\n" + const char test13[] = "struct ABC\n" "{\n" " char str[10];\n" "};\n" @@ -445,7 +458,26 @@ static void buffer_overrun() "{\n" " memclr(abc->str);\n" "}\n"; - check( CheckBufferOverrun, __LINE__, test12, "[test.cpp:13] -> [test.cpp:8]: Array index out of bounds\n" ); + check( CheckBufferOverrun, __LINE__, test13, "[test.cpp:13] -> [test.cpp:8]: Array index out of bounds\n" ); + + + + const char test14[] = "class ABC\n" + "{\n" + "public:\n" + " ABC();\n" + " char *str[10];\n" + " struct ABC *next;" + "};\n" + "\n" + "static void f()\n" + "{\n" + " for ( ABC *abc = abc1; abc; abc = abc->next )\n" + " {\n" + " abc->str[10] = 0;\n" + " }\n" + "}\n"; + check( CheckBufferOverrun, __LINE__, test14, "[test.cpp:12]: Array index out of bounds\n" );