diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 8fcf99c37..b15487b2e 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -1420,7 +1420,7 @@ void CheckBufferOverrun::checkBufferAllocatedWithStrlen() { unsigned int dstVarId; unsigned int srcVarId; - + // Look for allocation of a buffer based on the size of a string if (Token::Match(tok, "%var% = malloc|g_malloc|g_try_malloc ( strlen ( %var% ) )")) { @@ -1442,7 +1442,7 @@ void CheckBufferOverrun::checkBufferAllocatedWithStrlen() } else continue; - + int indentlevel = 0; for (; tok && tok->next(); tok = tok->next()) { @@ -1459,25 +1459,25 @@ void CheckBufferOverrun::checkBufferAllocatedWithStrlen() if (indentlevel < 0) return; } - + // If the buffers are modified, we can't be sure of their sizes if (tok->varId() == srcVarId || tok->varId() == dstVarId) break; - + if (Token::Match(tok, "strcpy ( %varid% , %var% )", dstVarId) && tok->tokAt(4)->varId() == srcVarId) { bufferOverrun(tok); } else if (Token::Match(tok, "sprintf ( %varid% , %str% , %var% )", dstVarId) && - tok->tokAt(6)->varId() == srcVarId && - tok->tokAt(4)->str().find("%s") != std::string::npos) + tok->tokAt(6)->varId() == srcVarId && + tok->tokAt(4)->str().find("%s") != std::string::npos) { bufferOverrun(tok); } - + } - + } } //--------------------------------------------------------------------------- diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 083de993f..bee9b7602 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -1530,14 +1530,14 @@ private: " return b;\n" "}\n"); ASSERT_EQUALS("[test.cpp:3]: (error) Buffer access out-of-bounds\n", errout.str()); - + check("void f(char *a) {\n" " char *b = new char[strlen(a) + 1];\n" " strcpy(b, a);\n" " return b;\n" "}\n"); ASSERT_EQUALS("", errout.str()); - + check("void f(char *a) {\n" " char *b = new char[strlen(a)];\n" " a[0] = '\\0';\n" @@ -1545,7 +1545,7 @@ private: " return b;\n" "}\n"); ASSERT_EQUALS("", errout.str()); - + check("void f(char *a) {\n" " char *b = malloc(strlen(a));\n" " b = realloc(b, 10000);\n" @@ -1560,7 +1560,7 @@ private: " return b;\n" "}\n"); ASSERT_EQUALS("[test.cpp:3]: (error) Buffer access out-of-bounds\n", errout.str()); - + check("void f(char *a) {\n" " char *b = malloc(strlen(a));\n" " if (1) {\n" @@ -1569,28 +1569,28 @@ private: " return b;\n" "}\n"); ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds\n", errout.str()); - + check("void f(char *a) {\n" " char *b = malloc(strlen(a) + 1);\n" " strcpy(b, a);\n" " return b;\n" "}\n"); ASSERT_EQUALS("", errout.str()); - + check("void f(char *a, char *c) {\n" " char *b = realloc(c, strlen(a));\n" " strcpy(b, a);\n" " return b;\n" "}\n"); ASSERT_EQUALS("[test.cpp:3]: (error) Buffer access out-of-bounds\n", errout.str()); - + check("void f(char *a, char *c) {\n" " char *b = realloc(c, strlen(a) + 1);\n" " strcpy(b, a);\n" " return b;\n" "}\n"); ASSERT_EQUALS("", errout.str()); - + check("void f(char *a) {\n" " char *b = malloc(strlen(a));\n" " sprintf(b, \"%s\", a);\n"