walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed #569 (Buffer overrun not detected when strcat() called few times) 

http://sourceforge.net/apps/trac/cppcheck/ticket/569
This commit is contained in:
Slava Semushin 2009-08-30 18:44:23 +07:00
parent 1a982a2a19
commit c50f7787f9
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
src/checkbufferoverrun.cpp
View File

@ -352,9 +352,9 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
if (len >= static_cast<size_t>(size)) if (len >= static_cast<size_t>(size))
{ {
bufferOverrun(tok); bufferOverrun(tok);
}
continue; continue;
} }
}
// Dangerous usage of strncat.. // Dangerous usage of strncat..
@ -374,6 +374,23 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
strncatUsage(tok->tokAt(9)); strncatUsage(tok->tokAt(9));
} }
// Detect few strcat() calls
if (varid > 0 && Token::Match(tok, "strcat ( %varid% , %str% ) ;", varid))
{
size_t charactersAppend = 0;
const Token *tok2 = tok;
while (tok2 && Token::Match(tok2, "strcat ( %varid% , %str% ) ;", varid))
{
charactersAppend += Token::getStrLength(tok2->tokAt(4));
if (charactersAppend >= static_cast<size_t>(size))
{
bufferOverrun(tok2);
break;
}
tok2 = tok2->tokAt(7);
}
}
// sprintf.. // sprintf..
if (varid > 0 && Token::Match(tok, "sprintf ( %varid% , %str% [,)]", varid)) if (varid > 0 && Token::Match(tok, "sprintf ( %varid% , %str% [,)]", varid))

11
test/testbufferoverrun.cpp
View File

@ -93,6 +93,7 @@ private:
TEST_CASE(buffer_overrun_3); TEST_CASE(buffer_overrun_3);
TEST_CASE(buffer_overrun_4); TEST_CASE(buffer_overrun_4);
TEST_CASE(buffer_overrun_5); TEST_CASE(buffer_overrun_5);
TEST_CASE(buffer_overrun_6);
TEST_CASE(sprintf1); TEST_CASE(sprintf1);
TEST_CASE(sprintf2); TEST_CASE(sprintf2);
@ -558,6 +559,16 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
void buffer_overrun_6()
{
check("void f()\n"
"{\n"
" char n[5];\n"
" strcat(n, \"abc\");\n"
" strcat(n, \"def\");\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (possible error) Buffer overrun\n", errout.str());
}
void sprintf1() void sprintf1()
{ {