Fixed #2597 (False positive: Buffer access out-of-bounds for u_char, uint*_t, ...)

This commit is contained in:
Daniel Marjamäki 2011-02-20 21:24:57 +01:00
parent c52704e636
commit bfe28d3b26
2 changed files with 16 additions and 1 deletions

View File

@ -992,7 +992,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
}
// Check function call..
if (Token::Match(tok, "%var% ("))
if (Token::Match(tok, "%var% (") && total_size > 0)
{
// No varid => function calls are not handled
if (varid == 0)

View File

@ -135,6 +135,7 @@ private:
TEST_CASE(buffer_overrun_16);
TEST_CASE(buffer_overrun_17); // ticket #2548
TEST_CASE(buffer_overrun_18); // ticket #2576 - for, calculation with loop variable
TEST_CASE(buffer_overrun_19); // #2597 - class member with unknown type
TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch
// It is undefined behaviour to point out of bounds of an array
@ -1891,6 +1892,20 @@ private:
errout.str());
}
void buffer_overrun_19() // #2597 - class member with unknown type
{
check("class A {\n"
"public:\n"
" u8 buf[10];\n"
" A();"
"};\n"
"\n"
"A::A() {\n"
" memset(buf, 0, 10);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_bailoutIfSwitch()
{
// No false positive