buffer overrun: dangerous usage of strncpy+strncat
This commit is contained in:
parent
15e86db3ed
commit
ed86d924df
|
@ -105,7 +105,6 @@ void CheckBufferOverrunClass::CheckBufferOverrun_CheckScope(const Token *tok, co
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
int indentlevel = 0;
|
int indentlevel = 0;
|
||||||
for (; tok; tok = tok->next())
|
for (; tok; tok = tok->next())
|
||||||
{
|
{
|
||||||
|
@ -159,7 +158,6 @@ void CheckBufferOverrunClass::CheckBufferOverrun_CheckScope(const Token *tok, co
|
||||||
_errorLogger->bufferOverrun(_tokenizer, tok);
|
_errorLogger->bufferOverrun(_tokenizer, tok);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
continue;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
else if (Token::Match(tok, "memset|memcpy|memmove|memcmp|strncpy|fgets"))
|
else if (Token::Match(tok, "memset|memcpy|memmove|memcmp|strncpy|fgets"))
|
||||||
|
@ -256,8 +254,8 @@ void CheckBufferOverrunClass::CheckBufferOverrun_CheckScope(const Token *tok, co
|
||||||
}
|
}
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// Dangerous usage of strncat..
|
// Dangerous usage of strncat..
|
||||||
if (Token::Match(tok, "strncat ( %varid% , %any% , %num% )", varid))
|
if (Token::Match(tok, "strncat ( %varid% , %any% , %num% )", varid))
|
||||||
{
|
{
|
||||||
|
@ -265,7 +263,16 @@ void CheckBufferOverrunClass::CheckBufferOverrun_CheckScope(const Token *tok, co
|
||||||
if (n == size)
|
if (n == size)
|
||||||
_errorLogger->strncatUsage(_tokenizer, tok);
|
_errorLogger->strncatUsage(_tokenizer, tok);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// Dangerous usage of strncpy + strncat..
|
||||||
|
if (Token::Match(tok, "strncpy|strncat ( %varid% , %any% , %num% ) ; strncat ( %varid% , %any% , %num% )", varid))
|
||||||
|
{
|
||||||
|
int n = atoi(tok->strAt(6)) + atoi(tok->strAt(15));
|
||||||
|
if (n > size)
|
||||||
|
_errorLogger->strncatUsage(_tokenizer, tok->tokAt(9));
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
// sprintf..
|
// sprintf..
|
||||||
if (varid > 0 && Token::Match(tok, "sprintf ( %varid% , %str% ,", varid))
|
if (varid > 0 && Token::Match(tok, "sprintf ( %varid% , %str% ,", varid))
|
||||||
|
|
|
@ -91,8 +91,8 @@ private:
|
||||||
TEST_CASE(snprintf1);
|
TEST_CASE(snprintf1);
|
||||||
TEST_CASE(snprintf2);
|
TEST_CASE(snprintf2);
|
||||||
TEST_CASE(snprintf3);
|
TEST_CASE(snprintf3);
|
||||||
|
|
||||||
// TODO TEST_CASE(strncat1);
|
TEST_CASE(strncat1);
|
||||||
TEST_CASE(strncat2);
|
TEST_CASE(strncat2);
|
||||||
|
|
||||||
TEST_CASE(varid1);
|
TEST_CASE(varid1);
|
||||||
|
@ -473,11 +473,11 @@ private:
|
||||||
{
|
{
|
||||||
check("void f()\n"
|
check("void f()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
" char str[10];\n"
|
" char str[16];\n"
|
||||||
" strncpy(str, a, 5);\n"
|
" strncpy(str, a, 10);\n"
|
||||||
" strncat(str, b, 5);\n"
|
" strncat(str, b, 10);\n"
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS(std::string("[test.cpp:5]: (error) possible buffer overrun"), errout.str());
|
ASSERT_EQUALS(std::string("[test.cpp:5]: (all) Dangerous usage of strncat, possible buffer overrun\n"), errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
void strncat2()
|
void strncat2()
|
||||||
|
|
Loading…
Reference in New Issue