temp.bufferSizeArg2 was not initialized when only bufferSizeArg1 was specified or the value was out of range. But in valueflow.cpp in valueFlowDynamicBufferSize() it was used as if it is always initialized and has a sane value (greater than 0).
This commit is contained in:
parent
5a96173455
commit
d233b56d58
|
@ -213,9 +213,10 @@ Library::Error Library::load(const tinyxml2::XMLDocument &doc)
|
||||||
temp.bufferSize = AllocFunc::BufferSize::strdup;
|
temp.bufferSize = AllocFunc::BufferSize::strdup;
|
||||||
else
|
else
|
||||||
return Error(BAD_ATTRIBUTE_VALUE, bufferSize);
|
return Error(BAD_ATTRIBUTE_VALUE, bufferSize);
|
||||||
if (bufferSize[6] == 0) {
|
|
||||||
temp.bufferSizeArg1 = 1;
|
temp.bufferSizeArg1 = 1;
|
||||||
temp.bufferSizeArg2 = 2;
|
temp.bufferSizeArg2 = 2;
|
||||||
|
if (bufferSize[6] == 0) {
|
||||||
|
// use default values
|
||||||
} else if (bufferSize[6] == ':' && bufferSize[7] >= '1' && bufferSize[7] <= '5') {
|
} else if (bufferSize[6] == ':' && bufferSize[7] >= '1' && bufferSize[7] <= '5') {
|
||||||
temp.bufferSizeArg1 = bufferSize[7] - '0';
|
temp.bufferSizeArg1 = bufferSize[7] - '0';
|
||||||
if (bufferSize[8] == ',' && bufferSize[9] >= '1' && bufferSize[9] <= '5')
|
if (bufferSize[8] == ',' && bufferSize[9] >= '1' && bufferSize[9] <= '5')
|
||||||
|
|
Loading…
Reference in New Issue