Fixed #843 (new check: Passing uninitialized array to strlen/strdup/strcpy/strcat/etc)
This commit is contained in:
parent
395ce30d81
commit
c83d9cd786
|
@ -1176,7 +1176,7 @@ void CheckOther::nullPointer()
|
||||||
nullPointerConditionalAssignment();
|
nullPointerConditionalAssignment();
|
||||||
}
|
}
|
||||||
|
|
||||||
static const Token *uninitvar_checkscope(const Token *tok, const unsigned int varid, bool &init, const bool pointer)
|
static const Token *uninitvar_checkscope(const Token *tok, const unsigned int varid, bool &init, const bool pointer, const bool array)
|
||||||
{
|
{
|
||||||
/* limit the checking in conditional code..
|
/* limit the checking in conditional code..
|
||||||
* int x;
|
* int x;
|
||||||
|
@ -1234,7 +1234,7 @@ static const Token *uninitvar_checkscope(const Token *tok, const unsigned int va
|
||||||
|
|
||||||
// Recursively check into the if ..
|
// Recursively check into the if ..
|
||||||
bool init2 = false;
|
bool init2 = false;
|
||||||
const Token *tokerr = uninitvar_checkscope(tok->next(), varid, init2, pointer);
|
const Token *tokerr = uninitvar_checkscope(tok->next(), varid, init2, pointer, array);
|
||||||
if (!limit && tokerr)
|
if (!limit && tokerr)
|
||||||
return tokerr;
|
return tokerr;
|
||||||
|
|
||||||
|
@ -1259,7 +1259,7 @@ static const Token *uninitvar_checkscope(const Token *tok, const unsigned int va
|
||||||
|
|
||||||
// there is no "if"..
|
// there is no "if"..
|
||||||
init2 = false;
|
init2 = false;
|
||||||
tokerr = uninitvar_checkscope(tok->next(), varid, init2, pointer);
|
tokerr = uninitvar_checkscope(tok->next(), varid, init2, pointer, array);
|
||||||
if (!limit && tokerr)
|
if (!limit && tokerr)
|
||||||
return tokerr;
|
return tokerr;
|
||||||
|
|
||||||
|
@ -1291,6 +1291,11 @@ static const Token *uninitvar_checkscope(const Token *tok, const unsigned int va
|
||||||
|
|
||||||
if (Token::Match(tok, "%var% ("))
|
if (Token::Match(tok, "%var% ("))
|
||||||
{
|
{
|
||||||
|
if (Token::Match(tok, "strlen ( %varid% )", varid))
|
||||||
|
return tok->tokAt(2);
|
||||||
|
if (Token::Match(tok, "strcpy|strcat|strncpy|strncat|memcpy ( %any% , %varid% [,)]", varid))
|
||||||
|
return tok->tokAt(4);
|
||||||
|
|
||||||
// is the variable passed as a parameter to some function?
|
// is the variable passed as a parameter to some function?
|
||||||
unsigned int parlevel = 0;
|
unsigned int parlevel = 0;
|
||||||
for (const Token *tok2 = tok->next(); tok2; tok2 = tok2->next())
|
for (const Token *tok2 = tok->next(); tok2; tok2 = tok2->next())
|
||||||
|
@ -1321,6 +1326,14 @@ static const Token *uninitvar_checkscope(const Token *tok, const unsigned int va
|
||||||
|
|
||||||
if (pointer && Token::simpleMatch(tok->next(), "."))
|
if (pointer && Token::simpleMatch(tok->next(), "."))
|
||||||
return tok;
|
return tok;
|
||||||
|
|
||||||
|
if (array && Token::simpleMatch(tok->next(), "["))
|
||||||
|
{
|
||||||
|
if (Token::simpleMatch(tok->previous(), "="))
|
||||||
|
return tok;
|
||||||
|
init = true;
|
||||||
|
return 0;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return 0;
|
return 0;
|
||||||
|
@ -1344,7 +1357,7 @@ void CheckOther::uninitvar()
|
||||||
break;
|
break;
|
||||||
--indentlevel;
|
--indentlevel;
|
||||||
}
|
}
|
||||||
if (Token::Match(tok, "[{};] %type% *| %var% ;"))
|
if (Token::Match(tok, "[{};] %type% *| %var% [;[]"))
|
||||||
{
|
{
|
||||||
if (Token::Match(tok->next(), "return|goto"))
|
if (Token::Match(tok->next(), "return|goto"))
|
||||||
continue;
|
continue;
|
||||||
|
@ -1365,9 +1378,12 @@ void CheckOther::uninitvar()
|
||||||
if (tok->varId() == 0)
|
if (tok->varId() == 0)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
// Is it an array?
|
||||||
|
const bool array(tok->next()->str() == "[");
|
||||||
|
|
||||||
// check if variable is accessed uninitialized..
|
// check if variable is accessed uninitialized..
|
||||||
bool init = false;
|
bool init = false;
|
||||||
const Token *tokerr = uninitvar_checkscope(tok->next(), tok->varId(), init, pointer);
|
const Token *tokerr = uninitvar_checkscope(tok->next(), tok->varId(), init, pointer, array);
|
||||||
if (tokerr)
|
if (tokerr)
|
||||||
uninitvarError(tokerr, tok->str());
|
uninitvarError(tokerr, tok->str());
|
||||||
}
|
}
|
||||||
|
|
|
@ -1037,6 +1037,14 @@ private:
|
||||||
" return i;\n"
|
" return i;\n"
|
||||||
"};\n");
|
"};\n");
|
||||||
ASSERT_EQUALS("", errout.str());
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
// arrays..
|
||||||
|
checkUninitVar("void f()\n"
|
||||||
|
"{\n"
|
||||||
|
" char s[20];\n"
|
||||||
|
" strcpy(s2, s);\n"
|
||||||
|
"};\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (error) Uninitialized variable: s\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue