CheckBufferOverrun: Code cleanup

This commit is contained in:
Daniel Marjamäki 2013-05-05 08:14:19 +02:00
parent 079d22fbee
commit ea60c5b14b
2 changed files with 20 additions and 28 deletions

View File

@ -859,37 +859,29 @@ void CheckBufferOverrun::arrayIndexInForLoop(const Token *tok, const ArrayInfo &
bool maxMinFlipped = false;
std::string min_counter_value = counter_init_value;
std::string max_counter_value;
MathLib::bigint max_value = MathLib::toLongNumber(max_counter_value);
for_condition(tok3, counter_varid, min_counter_value, max_counter_value, maxMinFlipped);
while (tok3 && tok3->str() != ";") {
if (!for_condition(tok3, counter_varid, min_counter_value, max_counter_value, maxMinFlipped))
return;
const MathLib::bigint max_value = MathLib::toLongNumber(max_counter_value);
// Skip condition
while (tok3 && tok3->str() != ";")
tok3 = tok3->next();
}
for (const Token* tok2 = tok; tok2; tok2 = tok2->next()) {
if (Token::Match(tok2, "%var% < %num%")) {
max_value = MathLib::toLongNumber(tok2->strAt(2));
max_value = max_value - 1;
if (max_value > size && Token::simpleMatch(tok3, "; ) {")) {
const Token * const endToken = tok3->linkAt(2);
const Token *useToken = NULL;
bool incrementInLoop = false;
for (const Token *loopTok = tok3->tokAt(3); loopTok != endToken; loopTok = loopTok->next()) {
if (Token::Match(loopTok, "%varid% [ %var% ++| ]", arrayInfo.varid()) && loopTok->tokAt(2)->varId() == counter_varid)
useToken = loopTok;
if (Token::Match(loopTok, "%varid% ++", counter_varid))
incrementInLoop = true;
}
}
if (max_value > size) {
if (tok3 && tok3->strAt(1) == ")") {
bool usedInArray = false;
for (const Token *loopTok = tok3->tokAt(2); loopTok->str() != "}" ; loopTok = loopTok->next()) {
if (loopTok->varId() == arrayInfo.varid() && loopTok->tokAt(2)->varId() == counter_varid)
usedInArray = true;
}
for (const Token *loopTok = tok3->tokAt(2); loopTok->str() != "}" ; loopTok = loopTok->next()) {
if (usedInArray && (counter_varid == loopTok->varId())) {
if (loopTok->strAt(1) == "++" ||
(loopTok->previous()->type() == Token::eIncDecOp)) {
bufferOverrunError(tok, arrayInfo.varname());
}
}
}
}
if ((useToken != NULL) && incrementInLoop)
bufferOverrunError(useToken, arrayInfo.varname());
}
}

View File

@ -2569,7 +2569,7 @@ private:
" x += array[i];\n"
" i++; }\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: array\n", errout.str());
ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds: array\n", errout.str());
check("void main() {\n"
" int array[] = {1,2};\n"
@ -2588,7 +2588,7 @@ private:
" }\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: array\n", errout.str());
ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds: array\n", errout.str());
}
void buffer_overrun_26() { // ticket #4432 (segmentation fault)