Fixed #4432 (Crash on parsing PHP interpreter)
This commit is contained in:
parent
33f4bd0298
commit
ce380301fd
|
@ -700,7 +700,7 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &tok, unsigned int p
|
|||
// If argument is '%type% a[num]' then check bounds against num
|
||||
if (func) {
|
||||
const Variable* argument = func->getArgumentVar(par-1);
|
||||
if (Token::Match(argument->typeStartToken(), "%type% %var% [ %num% ] [,)[]")) {
|
||||
if (argument && Token::Match(argument->typeStartToken(), "%type% %var% [ %num% ] [,)[]")) {
|
||||
const Token *tok2 = argument->nameToken()->next();
|
||||
|
||||
MathLib::bigint argsize = _tokenizer->sizeOfType(argument->typeStartToken());
|
||||
|
|
|
@ -158,6 +158,7 @@ private:
|
|||
TEST_CASE(buffer_overrun_23); // #3153
|
||||
TEST_CASE(buffer_overrun_24); // #4106
|
||||
TEST_CASE(buffer_overrun_25); // #4096
|
||||
TEST_CASE(buffer_overrun_26); // #4432 (segmentation fault)
|
||||
TEST_CASE(buffer_overrun_bailoutIfSwitch); // ticket #2378 : bailoutIfSwitch
|
||||
TEST_CASE(buffer_overrun_function_array_argument);
|
||||
TEST_CASE(possible_buffer_overrun_1); // #3035
|
||||
|
@ -2634,6 +2635,17 @@ private:
|
|||
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: array\n", errout.str());
|
||||
}
|
||||
|
||||
void buffer_overrun_26() { // ticket #4432 (segmentation fault)
|
||||
check("extern int split();\n"
|
||||
"void regress() {\n"
|
||||
" char inbuf[1000];\n"
|
||||
" char *f[10];\n"
|
||||
" split(inbuf, f, 10, \"\t\t\");\n"
|
||||
"}n");
|
||||
|
||||
ASSERT_EQUALS("", errout.str());
|
||||
}
|
||||
|
||||
void buffer_overrun_bailoutIfSwitch() {
|
||||
// No false positive
|
||||
check("void f1(char *s) {\n"
|
||||
|
|
Loading…
Reference in New Issue