fixed ticket 997, now fread and fwrite checked for bufferoverrun

This commit is contained in:
Martin Ettl 2010-04-06 13:55:03 +02:00
parent 928163b0cf
commit c4d1d47f6b
2 changed files with 48 additions and 0 deletions

View File

@ -608,6 +608,24 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
}
}
// fread|frwite
// size_t fread ( void * ptr, size_t size, size_t count, FILE * stream );
// ptr -> Pointer to a block of memory with a minimum size of (size*count) bytes.
// size -> Size in bytes of each element to be read.
// count -> Number of elements, each one with a size of size bytes.
// stream -> Pointer to a FILE object that specifies an input stream.
if (varid > 0 &&
Token::Match(tok, "fread|fwrite ( %varid% , %num% , %num% , %any% )", varid) &&
MathLib::isInt(tok->strAt(6)))
{
long len = MathLib::toLongNumber(tok->strAt(4))*MathLib::toLongNumber(tok->strAt(6));
if (len < 0 || len > total_size)
{
bufferOverrun(tok);
continue;
}
}
// Writing data into array..
if (varid > 0 &&
Token::Match(tok, "fgets ( %varid% , %num% , %any% )", varid) &&

View File

@ -1070,6 +1070,36 @@ private:
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str());
// fread
check("void f(FILE* fd)\n"
"{\n"
"char str[3];\n"
"fread(str,sizeof(char),4,fd);\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str());
check("void f(FILE* fd)\n"
"{\n"
"char str[3*sizeof(char)];\n"
"fread(str,sizeof(char),3,fd);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
// fwrite
check("void f(FILE* fd)\n"
"{\n"
"char str[3];\n"
"fwrite(str,sizeof(char),4,fd);\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str());
check("void f(FILE* fd)\n"
"{\n"
"char str[3*sizeof(char)];\n"
"fwrite(str,sizeof(char),3,fd);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
}