Fixed #4432 (Crash on parsing PHP interpreter)

This commit is contained in:
Robert Reif 2012-12-26 08:29:10 +01:00 committed by Daniel Marjamäki
parent 33f4bd0298
commit ce380301fd
2 changed files with 13 additions and 1 deletions

View File

@ -700,7 +700,7 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &tok, unsigned int p
// If argument is '%type% a[num]' then check bounds against num
if (func) {
const Variable* argument = func->getArgumentVar(par-1);
if (Token::Match(argument->typeStartToken(), "%type% %var% [ %num% ] [,)[]")) {
if (argument && Token::Match(argument->typeStartToken(), "%type% %var% [ %num% ] [,)[]")) {
const Token *tok2 = argument->nameToken()->next();
MathLib::bigint argsize = _tokenizer->sizeOfType(argument->typeStartToken());

View File

@ -158,6 +158,7 @@ private:
TEST_CASE(buffer_overrun_23); // #3153
TEST_CASE(buffer_overrun_24); // #4106
TEST_CASE(buffer_overrun_25); // #4096
TEST_CASE(buffer_overrun_26); // #4432 (segmentation fault)
TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch
TEST_CASE(buffer_overrun_function_array_argument);
TEST_CASE(possible_buffer_overrun_1); // #3035
@ -2634,6 +2635,17 @@ private:
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: array\n", errout.str());
}
void buffer_overrun_26() { // ticket #4432 (segmentation fault)
check("extern int split();\n"
"void regress() {\n"
" char inbuf[1000];\n"
" char *f[10];\n"
" split(inbuf, f, 10, \"\t\t\");\n"
"}n");
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_bailoutIfSwitch() {
// No false positive
check("void f1(char *s) {\n"