#9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example.

This commit is contained in:
amai2012 2019-03-08 11:07:33 +01:00
parent ecff903b4f
commit eb9edbc177
2 changed files with 9 additions and 0 deletions

View File

@ -1019,6 +1019,7 @@ void CheckBufferOverrun::checkScope_inner(const Token *tok, const ArrayInfo &arr
args[1]->hasKnownValue() &&
args[1]->values().front().isTokValue() &&
args[1]->values().front().tokvalue->tokType() == Token::eString &&
knownSize &&
Token::getStrLength(args[1]->values().front().tokvalue) < sizeArg->getKnownIntValue());
// check for strncpy which is not terminated

View File

@ -229,6 +229,7 @@ private:
TEST_CASE(crash3); // Ticket #5426 - crash
TEST_CASE(crash4); // Ticket #8679 - crash
TEST_CASE(crash5); // Ticket #8644 - crash
TEST_CASE(crash6); // Ticket #9024 - crash
TEST_CASE(executionPaths1);
TEST_CASE(executionPaths2);
@ -3702,6 +3703,13 @@ private:
"}");
}
void crash6() { // 8644 - token has varId() but variable() is null
check("void start(char* name) {\n"
"char snapname[64] = { 0 }; \n"
"strncpy(snapname, \"snapshot\", arrayLength(snapname)); \n"
"}");
}
void executionPaths1() {
check("void f(int a)\n"
"{\n"