From eb9edbc17742d9fc1f134fe20762796f5017f645 Mon Sep 17 00:00:00 2001 From: amai2012 Date: Fri, 8 Mar 2019 11:07:33 +0100 Subject: [PATCH] #9024 Crash caused by package "procserv" in lib/token.h:921 function Token::getKnownIntValue - Fix and test for alternative code example. --- lib/checkbufferoverrun.cpp | 1 + test/testbufferoverrun.cpp | 8 ++++++++ 2 files changed, 9 insertions(+) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index da88c7f37..add83952e 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -1019,6 +1019,7 @@ void CheckBufferOverrun::checkScope_inner(const Token *tok, const ArrayInfo &arr args[1]->hasKnownValue() && args[1]->values().front().isTokValue() && args[1]->values().front().tokvalue->tokType() == Token::eString && + knownSize && Token::getStrLength(args[1]->values().front().tokvalue) < sizeArg->getKnownIntValue()); // check for strncpy which is not terminated diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 18fb39ac8..202fb09d2 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -229,6 +229,7 @@ private: TEST_CASE(crash3); // Ticket #5426 - crash TEST_CASE(crash4); // Ticket #8679 - crash TEST_CASE(crash5); // Ticket #8644 - crash + TEST_CASE(crash6); // Ticket #9024 - crash TEST_CASE(executionPaths1); TEST_CASE(executionPaths2); @@ -3702,6 +3703,13 @@ private: "}"); } + void crash6() { // 8644 - token has varId() but variable() is null + check("void start(char* name) {\n" + "char snapname[64] = { 0 }; \n" + "strncpy(snapname, \"snapshot\", arrayLength(snapname)); \n" + "}"); + } + void executionPaths1() { check("void f(int a)\n" "{\n"