Fix FN with buffer size 1 (#4410)
This commit is contained in:
chrchr-github
GitHub
parent
399c5887cc
commit
df704361f6
|
|
@ -649,7 +649,7 @@ void CheckBufferOverrun::bufferOverflow()
|
||||||
if (bufferSize.intvalue <= 0)
|
if (bufferSize.intvalue <= 0)
|
||||||
continue;
|
continue;
|
||||||
// buffer size == 1 => do not warn for dynamic memory
|
// buffer size == 1 => do not warn for dynamic memory
|
||||||
if (bufferSize.intvalue == 1) {
|
if (bufferSize.intvalue == 1 && args[argnr]->str() == ".") { // TODO: check if parent was allocated dynamically
|
||||||
const Token *tok2 = argtok;
|
const Token *tok2 = argtok;
|
||||||
while (Token::simpleMatch(tok2->astParent(), "."))
|
while (Token::simpleMatch(tok2->astParent(), "."))
|
||||||
tok2 = tok2->astParent();
|
tok2 = tok2->astParent();
|
||||||
|
|
@ -667,7 +667,7 @@ void CheckBufferOverrun::bufferOverflow()
|
||||||
return checkBufferSize(tok, minsize, args, bufferSize.intvalue, mSettings, mTokenizer);
|
return checkBufferSize(tok, minsize, args, bufferSize.intvalue, mSettings, mTokenizer);
|
||||||
});
|
});
|
||||||
if (error)
|
if (error)
|
||||||
bufferOverflowError(args[argnr], &bufferSize, (bufferSize.intvalue == 1) ? Certainty::inconclusive : Certainty::normal);
|
bufferOverflowError(args[argnr], &bufferSize, Certainty::normal);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -3155,7 +3155,7 @@ private:
|
||||||
" (void)strxfrm(dest,src,1);\n"
|
" (void)strxfrm(dest,src,1);\n"
|
||||||
" (void)strxfrm(dest,src,2);\n"// <<
|
" (void)strxfrm(dest,src,2);\n"// <<
|
||||||
"}");
|
"}");
|
||||||
ASSERT_EQUALS("[test.cpp:5]: (error, inconclusive) Buffer is accessed out of bounds: dest\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds: dest\n", errout.str());
|
||||||
// destination size is too small
|
// destination size is too small
|
||||||
check("void f(void) {\n"
|
check("void f(void) {\n"
|
||||||
" const char src[3] = \"abc\";\n"
|
" const char src[3] = \"abc\";\n"
|
||||||
|
|
@ -3181,7 +3181,7 @@ private:
|
||||||
" (void)strxfrm(dest,src,1);\n"
|
" (void)strxfrm(dest,src,1);\n"
|
||||||
" (void)strxfrm(dest,src,2);\n" // <<
|
" (void)strxfrm(dest,src,2);\n" // <<
|
||||||
"}");
|
"}");
|
||||||
ASSERT_EQUALS("[test.cpp:5]: (error, inconclusive) Buffer is accessed out of bounds: src\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds: src\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
void buffer_overrun_33() { // #2019
|
void buffer_overrun_33() { // #2019
|
||||||
|
|
@ -3217,6 +3217,14 @@ private:
|
||||||
" free(p);\n"
|
" free(p);\n"
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: p\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: p\n", errout.str());
|
||||||
|
|
||||||
|
check("void f() {\n"
|
||||||
|
" char* q = \"0123456789\";\n"
|
||||||
|
" char* p = (char*)malloc(1);\n"
|
||||||
|
" strcpy(p, q);\n"
|
||||||
|
" free(p);\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: p\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
void buffer_overrun_errorpath() {
|
void buffer_overrun_errorpath() {
|
||||||
|
|
@ -4231,20 +4239,20 @@ private:
|
||||||
" struct Foo x;\n"
|
" struct Foo x;\n"
|
||||||
" mysprintf(x.a, \"aa\");\n"
|
" mysprintf(x.a, \"aa\");\n"
|
||||||
"}", settings);
|
"}", settings);
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (error, inconclusive) Buffer is accessed out of bounds: x.a\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: x.a\n", errout.str());
|
||||||
|
|
||||||
// ticket #900
|
// ticket #900
|
||||||
check("void f() {\n"
|
check("void f() {\n"
|
||||||
" char *a = new char(30);\n"
|
" char *a = new char(30);\n"
|
||||||
" mysprintf(a, \"a\");\n"
|
" mysprintf(a, \"a\");\n"
|
||||||
"}", settings);
|
"}", settings);
|
||||||
TODO_ASSERT_EQUALS("[test.cpp:3]: (error) Buffer is accessed out of bounds.\n", "", errout.str());
|
ASSERT_EQUALS("[test.cpp:3]: (error) Buffer is accessed out of bounds: a\n", errout.str());
|
||||||
|
|
||||||
check("void f(char value) {\n"
|
check("void f(char value) {\n"
|
||||||
" char *a = new char(value);\n"
|
" char *a = new char(value);\n"
|
||||||
" mysprintf(a, \"a\");\n"
|
" mysprintf(a, \"a\");\n"
|
||||||
"}", settings);
|
"}", settings);
|
||||||
TODO_ASSERT_EQUALS("[test.cpp:3]: (error) Buffer is accessed out of bounds.\n", "", errout.str());
|
ASSERT_EQUALS("[test.cpp:3]: (error) Buffer is accessed out of bounds: a\n", errout.str());
|
||||||
|
|
||||||
// This is out of bounds if 'sizeof(ABC)' is 1 (No padding)
|
// This is out of bounds if 'sizeof(ABC)' is 1 (No padding)
|
||||||
check("struct Foo { char a[1]; };\n"
|
check("struct Foo { char a[1]; };\n"
|
||||||
|
|
@ -4266,7 +4274,7 @@ private:
|
||||||
" struct Foo x;\n"
|
" struct Foo x;\n"
|
||||||
" mysprintf(x.a, \"aa\");\n"
|
" mysprintf(x.a, \"aa\");\n"
|
||||||
"}", settings);
|
"}", settings);
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (error, inconclusive) Buffer is accessed out of bounds: x.a\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: x.a\n", errout.str());
|
||||||
|
|
||||||
check("struct Foo {\n" // #6668 - unknown size
|
check("struct Foo {\n" // #6668 - unknown size
|
||||||
" char a[LEN];\n"
|
" char a[LEN];\n"
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue