Buffer overrun : Use variable id if available in check of memset etc

This commit is contained in:
Daniel Marjamäki 2008-12-13 08:49:13 +00:00
parent 5ea8d411b5
commit e99744ae9b
2 changed files with 35 additions and 3 deletions

View File

@ -134,7 +134,23 @@ void CheckBufferOverrunClass::CheckBufferOverrun_CheckScope( const TOKEN *tok, c
// memset, memcmp, memcpy, strncpy, fgets.. // memset, memcmp, memcpy, strncpy, fgets..
if (TOKEN::Match(tok,"memset|memcpy|memmove|memcmp|strncpy|fgets") ) if ( varid > 0 )
{
if ( TOKEN::Match(tok, "memset|memcpy|memmove|memcmp|strncpy|fgets") )
{
if ( TOKEN::Match( tok->next(), "( %varid% , %num% , %num% )", 0, 0, varid ) ||
TOKEN::Match( tok->next(), "( %var% , %varid% , %num% )", 0, 0, varid ) )
{
const char *num = tok->strAt(6);
if ( atoi(num) > total_size )
{
ReportError(tok, "Buffer overrun");
}
}
continue;
}
}
else if (TOKEN::Match(tok,"memset|memcpy|memmove|memcmp|strncpy|fgets") )
{ {
if ( TOKEN::Match( tok->next(), "( %var1% , %num% , %num% )", varname ) || if ( TOKEN::Match( tok->next(), "( %var1% , %num% , %num% )", varname ) ||
TOKEN::Match( tok->next(), "( %var% , %var1% , %num% )", varname ) ) TOKEN::Match( tok->next(), "( %var% , %var1% , %num% )", varname ) )

View File

@ -84,6 +84,7 @@ private:
TEST_CASE( buffer_overrun_2 ); TEST_CASE( buffer_overrun_2 );
TEST_CASE( varid1 ); TEST_CASE( varid1 );
TEST_CASE( varid2 );
} }
@ -374,6 +375,21 @@ private:
} }
void varid2()
{
check( "void foo()\n"
"{\n"
" char str[10];\n"
" if (str[0])\n"
" {\n"
" char str[50];\n"
" memset(str,0,50);\n"
" }\n"
"}\n" );
ASSERT_EQUALS( std::string(""), errout.str() );
}
}; };
REGISTER_TEST( TestBufferOverrun ) REGISTER_TEST( TestBufferOverrun )