Fixed #569 (Buffer overrun not detected when strcat() called few times)

http://sourceforge.net/apps/trac/cppcheck/ticket/569
This commit is contained in:
Slava Semushin 2009-08-30 18:44:23 +07:00
parent 1a982a2a19
commit c50f7787f9
2 changed files with 29 additions and 1 deletions

View File

@ -352,8 +352,8 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
if (len >= static_cast<size_t>(size))
{
bufferOverrun(tok);
continue;
}
continue;
}
@ -374,6 +374,23 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
strncatUsage(tok->tokAt(9));
}
// Detect few strcat() calls
if (varid > 0 && Token::Match(tok, "strcat ( %varid% , %str% ) ;", varid))
{
size_t charactersAppend = 0;
const Token *tok2 = tok;
while (tok2 && Token::Match(tok2, "strcat ( %varid% , %str% ) ;", varid))
{
charactersAppend += Token::getStrLength(tok2->tokAt(4));
if (charactersAppend >= static_cast<size_t>(size))
{
bufferOverrun(tok2);
break;
}
tok2 = tok2->tokAt(7);
}
}
// sprintf..
if (varid > 0 && Token::Match(tok, "sprintf ( %varid% , %str% [,)]", varid))

View File

@ -93,6 +93,7 @@ private:
TEST_CASE(buffer_overrun_3);
TEST_CASE(buffer_overrun_4);
TEST_CASE(buffer_overrun_5);
TEST_CASE(buffer_overrun_6);
TEST_CASE(sprintf1);
TEST_CASE(sprintf2);
@ -558,6 +559,16 @@ private:
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_6()
{
check("void f()\n"
"{\n"
" char n[5];\n"
" strcat(n, \"abc\");\n"
" strcat(n, \"def\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Buffer overrun\n", errout.str());
}
void sprintf1()
{