Fix #9079 (make checkcfg crashes on Linux) (#1769)

temp.bufferSizeArg2 was not initialized when only bufferSizeArg1
was specified or the value was out of range. But in valueflow.cpp in
valueFlowDynamicBufferSize() it was used as if it is always initialized
and has a sane value (greater than 0).
This commit is contained in:
Sebastian 2019-03-30 05:58:23 +01:00 committed by GitHub
parent 5a96173455
commit d233b56d58
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 2 deletions

View File

@ -213,9 +213,10 @@ Library::Error Library::load(const tinyxml2::XMLDocument &doc)
temp.bufferSize = AllocFunc::BufferSize::strdup; temp.bufferSize = AllocFunc::BufferSize::strdup;
else else
return Error(BAD_ATTRIBUTE_VALUE, bufferSize); return Error(BAD_ATTRIBUTE_VALUE, bufferSize);
if (bufferSize[6] == 0) {
temp.bufferSizeArg1 = 1; temp.bufferSizeArg1 = 1;
temp.bufferSizeArg2 = 2; temp.bufferSizeArg2 = 2;
if (bufferSize[6] == 0) {
// use default values
} else if (bufferSize[6] == ':' && bufferSize[7] >= '1' && bufferSize[7] <= '5') { } else if (bufferSize[6] == ':' && bufferSize[7] >= '1' && bufferSize[7] <= '5') {
temp.bufferSizeArg1 = bufferSize[7] - '0'; temp.bufferSizeArg1 = bufferSize[7] - '0';
if (bufferSize[8] == ',' && bufferSize[9] >= '1' && bufferSize[9] <= '5') if (bufferSize[8] == ',' && bufferSize[9] >= '1' && bufferSize[9] <= '5')