fixed ticket 997, now fread and fwrite checked for bufferoverrun
This commit is contained in:
parent
928163b0cf
commit
c4d1d47f6b
|
@ -608,6 +608,24 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// fread|frwite
|
||||||
|
// size_t fread ( void * ptr, size_t size, size_t count, FILE * stream );
|
||||||
|
// ptr -> Pointer to a block of memory with a minimum size of (size*count) bytes.
|
||||||
|
// size -> Size in bytes of each element to be read.
|
||||||
|
// count -> Number of elements, each one with a size of size bytes.
|
||||||
|
// stream -> Pointer to a FILE object that specifies an input stream.
|
||||||
|
if (varid > 0 &&
|
||||||
|
Token::Match(tok, "fread|fwrite ( %varid% , %num% , %num% , %any% )", varid) &&
|
||||||
|
MathLib::isInt(tok->strAt(6)))
|
||||||
|
{
|
||||||
|
long len = MathLib::toLongNumber(tok->strAt(4))*MathLib::toLongNumber(tok->strAt(6));
|
||||||
|
if (len < 0 || len > total_size)
|
||||||
|
{
|
||||||
|
bufferOverrun(tok);
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
// Writing data into array..
|
// Writing data into array..
|
||||||
if (varid > 0 &&
|
if (varid > 0 &&
|
||||||
Token::Match(tok, "fgets ( %varid% , %num% , %any% )", varid) &&
|
Token::Match(tok, "fgets ( %varid% , %num% , %any% )", varid) &&
|
||||||
|
|
|
@ -1070,6 +1070,36 @@ private:
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str());
|
||||||
|
|
||||||
|
// fread
|
||||||
|
check("void f(FILE* fd)\n"
|
||||||
|
"{\n"
|
||||||
|
"char str[3];\n"
|
||||||
|
"fread(str,sizeof(char),4,fd);\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str());
|
||||||
|
|
||||||
|
check("void f(FILE* fd)\n"
|
||||||
|
"{\n"
|
||||||
|
"char str[3*sizeof(char)];\n"
|
||||||
|
"fread(str,sizeof(char),3,fd);\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
// fwrite
|
||||||
|
check("void f(FILE* fd)\n"
|
||||||
|
"{\n"
|
||||||
|
"char str[3];\n"
|
||||||
|
"fwrite(str,sizeof(char),4,fd);\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str());
|
||||||
|
|
||||||
|
check("void f(FILE* fd)\n"
|
||||||
|
"{\n"
|
||||||
|
"char str[3*sizeof(char)];\n"
|
||||||
|
"fwrite(str,sizeof(char),3,fd);\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue