diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 810232c57..5e2800ac0 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -666,7 +666,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector 0 ? std::string("snprintf ( %varid% , %num% ,") : ("snprintf ( " + varnames + " , %num% ,"); if (Token::Match(tok, snprintfPattern.c_str(), declarationId)) { const MathLib::bigint n = MathLib::toLongNumber(tok->strAt(4 + varcount)); - if (n > total_size) + if ((n > total_size) && total_size > 0) outOfBoundsError(tok->tokAt(4 + varcount), "snprintf size", true, n, total_size); } diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 7709dd15e..d7a4db38a 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -3176,6 +3176,17 @@ private: " snprintf(pString, 1024, \"ab\");\n" "}"); ASSERT_EQUALS("", errout.str()); + + // #6141 FP: Unknown type is assumed to have size 0 + check("typedef struct {\n" + " CHAR s[42];\n" + "} sct_t;\n" + "void foo() {\n" + " sct_t p;\n" + " snprintf(p.s, 42, \"abcdef\");\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } void strncat1() {