walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

#6303 crash in CheckBufferOverrun. Add check on loop variable in CheckBufferOverrun::checkScope().

This commit is contained in:
Alexander Mai 2014-12-04 20:49:58 +01:00
parent 7a6cd54059
commit c2584aa635
2 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/checkbufferoverrun.cpp
View File

@ -517,7 +517,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
const bool isPortabilityEnabled = _settings->isEnabled("portability"); const bool isPortabilityEnabled = _settings->isEnabled("portability");
for (const Token* const end = tok->scope()->classEnd; tok != end; tok = tok->next()) { for (const Token* const end = tok->scope()->classEnd; tok && tok != end; tok = tok->next()) {
if (declarationId != 0 && Token::Match(tok, "%varid% = new|malloc|realloc", declarationId)) { if (declarationId != 0 && Token::Match(tok, "%varid% = new|malloc|realloc", declarationId)) {
// Abort // Abort
break; break;

10
test/testbufferoverrun.cpp
View File

@ -316,6 +316,8 @@ private:
TEST_CASE(writeOutsideBufferSize) TEST_CASE(writeOutsideBufferSize)
TEST_CASE(negativeMemoryAllocationSizeError) // #389 TEST_CASE(negativeMemoryAllocationSizeError) // #389
TEST_CASE(garbage1) // #6303
} }
@ -4262,6 +4264,14 @@ private:
"}\n"); "}\n");
ASSERT_EQUALS("[test.cpp:4]: (error) Memory allocation size is negative.\n", errout.str()); ASSERT_EQUALS("[test.cpp:4]: (error) Memory allocation size is negative.\n", errout.str());
} }
void garbage1() {
check("void foo() {\n"
"char *a = malloc(10);\n"
"a[0]\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}
}; };
REGISTER_TEST(TestBufferOverrun) REGISTER_TEST(TestBufferOverrun)