Fix FN buffer overrun with array of pointers (#3582)
This commit is contained in:
parent
1e327dfbd3
commit
cea649761c
|
@ -216,7 +216,7 @@ static bool getDimensionsEtc(const Token * const arrayToken, const Settings *set
|
||||||
Dimension dim;
|
Dimension dim;
|
||||||
dim.known = value->isKnown();
|
dim.known = value->isKnown();
|
||||||
dim.tok = nullptr;
|
dim.tok = nullptr;
|
||||||
const int typeSize = array->valueType()->typeSize(*settings);
|
const int typeSize = array->valueType()->typeSize(*settings, array->valueType()->pointer > 1);
|
||||||
if (typeSize == 0)
|
if (typeSize == 0)
|
||||||
return false;
|
return false;
|
||||||
dim.num = value->intvalue / typeSize;
|
dim.num = value->intvalue / typeSize;
|
||||||
|
|
|
@ -3449,6 +3449,20 @@ private:
|
||||||
" cache[i][0xFFFF] = 0;\n"
|
" cache[i][0xFFFF] = 0;\n"
|
||||||
"}");
|
"}");
|
||||||
ASSERT_EQUALS("", errout.str());
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
check("void f() {\n"
|
||||||
|
" int **a = malloc(2 * sizeof(int*));\n"
|
||||||
|
" for (int i = 0; i < 3; i++)\n"
|
||||||
|
" a[i] = NULL;\n"
|
||||||
|
"}");
|
||||||
|
ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (error) Array 'a[2]' accessed at index 2, which is out of bounds.\n", errout.str());
|
||||||
|
|
||||||
|
check("void f() {\n"
|
||||||
|
" int **a = new int*[2];\n"
|
||||||
|
" for (int i = 0; i < 3; i++)\n"
|
||||||
|
" a[i] = NULL;\n"
|
||||||
|
"}");
|
||||||
|
TODO_ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (error) Array 'a[2]' accessed at index 2, which is out of bounds.\n", "", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
// statically allocated buffer
|
// statically allocated buffer
|
||||||
|
|
Loading…
Reference in New Issue