#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.
This commit is contained in:
parent
ecff903b4f
commit
eb9edbc177
|
@ -1019,6 +1019,7 @@ void CheckBufferOverrun::checkScope_inner(const Token *tok, const ArrayInfo &arr
|
|||
args[1]->hasKnownValue() &&
|
||||
args[1]->values().front().isTokValue() &&
|
||||
args[1]->values().front().tokvalue->tokType() == Token::eString &&
|
||||
knownSize &&
|
||||
Token::getStrLength(args[1]->values().front().tokvalue) < sizeArg->getKnownIntValue());
|
||||
|
||||
// check for strncpy which is not terminated
|
||||
|
|
|
@ -229,6 +229,7 @@ private:
|
|||
TEST_CASE(crash3); // Ticket #5426 - crash
|
||||
TEST_CASE(crash4); // Ticket #8679 - crash
|
||||
TEST_CASE(crash5); // Ticket #8644 - crash
|
||||
TEST_CASE(crash6); // Ticket #9024 - crash
|
||||
|
||||
TEST_CASE(executionPaths1);
|
||||
TEST_CASE(executionPaths2);
|
||||
|
@ -3702,6 +3703,13 @@ private:
|
|||
"}");
|
||||
}
|
||||
|
||||
void crash6() { // 8644 - token has varId() but variable() is null
|
||||
check("void start(char* name) {\n"
|
||||
"char snapname[64] = { 0 }; \n"
|
||||
"strncpy(snapname, \"snapshot\", arrayLength(snapname)); \n"
|
||||
"}");
|
||||
}
|
||||
|
||||
void executionPaths1() {
|
||||
check("void f(int a)\n"
|
||||
"{\n"
|
||||
|
|
Loading…
Reference in New Issue