From c327dc10d836af369198df162672ded0c22a2ad5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <hyd_danmar@users.sourceforge.net>
Date: Mon, 24 Mar 2008 10:03:45 +0000
Subject: [PATCH] Made the checking for buffer overruns more generic

---
 CheckBufferOverrun.cpp | 70 +++++++++++++++++++++++++++++++++++++-----
 1 file changed, 62 insertions(+), 8 deletions(-)

diff --git a/CheckBufferOverrun.cpp b/CheckBufferOverrun.cpp
index e6d6c412c..66bfd3c62 100644
--- a/CheckBufferOverrun.cpp
+++ b/CheckBufferOverrun.cpp
@@ -274,26 +274,80 @@ static void CheckBufferOverrun_LocalVariable_CheckScope( const TOKEN *tok, const
 
 
         // Function call..
-        // Todo: This is just experimental. It must be more versatile..
-        if ( match( tok, "var ( var )" ) && strcmp(varname, getstr(tok,2)) == 0 )
+        if ( match( tok, "var (" ) )
         {
+            unsigned int parlevel = 0, par = 0;
+            for ( const TOKEN *tok2 = tok; tok2; tok2 = tok2->next )
+            {
+                if ( tok2->str[0] == '(' )
+                {
+                    parlevel++;
+                }
+
+                else if ( tok2->str[0] == ')' )
+                {
+                    parlevel--;
+                    if ( parlevel < 1 )
+                    {
+                        par = 0;
+                        break;
+                    }
+                }
+
+                else if ( parlevel == 1 && tok2->str[0] == ',' )
+                {
+                    par++;
+                }
+
+                if ( parlevel == 1 &&
+                    strchr( "(,", *getstr(tok2,0) ) &&
+                    strcmp( varname, getstr(tok2, 1) ) == 0 &&
+                    strchr( ",)", *getstr(tok2,2) ) )
+                {
+                    par++;
+                    break;
+                }
+            }
+
+            if ( par == 0 )
+                continue;
+
             // Find function..
             const TOKEN *ftok = FindFunction( tokens, tok->str );
             if ( ! ftok )
                 continue;
 
             // Parse head of function..
-            while ( ftok )
+            ftok = gettok( ftok, 2 );
+            parlevel = 1;
+            while ( ftok && parlevel == 1 && par >= 1 )
             {
-                if ( match( ftok, "var ) {" ) )
+                if ( ftok->str[0] == '(' )
+                    parlevel++;
+
+                else if ( ftok->str[0] == ')' )
+                    parlevel--;
+
+                else if ( ftok->str[0] == ',' )
+                    par--;
+
+                else if (par==1 && parlevel==1 && (match(ftok,"var ,") || match(ftok,"var )")))
                 {
-                    CheckBufferOverrun_LocalVariable_CheckScope( gettok(ftok,3), ftok->str, size, total_size );
+                    // Parameter name..
+                    const char *parname = ftok->str;
+
+                    // Goto function body..
+                    while ( ftok && ftok->str[0] != '{' )
+                        ftok = ftok->next;
+                    ftok = ftok ? ftok->next : 0;
+
+                    // Check variable usage in the function..
+                    CheckBufferOverrun_LocalVariable_CheckScope( ftok, parname, size, total_size );
+
+                    // break out..
                     break;
                 }
 
-                if ( ftok->str[0] == '{' )
-                    break;
-
                 ftok = ftok->next;
             }
         }