Fixed #10861 (False positive: CERT-API01: only warn about char/wchar arrays.)

2022-03-13 16:42:07 +01:00 · 2022-03-13 16:42:07 +01:00 · ee0d93e5da
parent df2c8f3a65
commit ee0d93e5da
2 changed files with 41 additions and 26 deletions
--- a/addons/cert.py
+++ b/addons/cert.py
@ -380,16 +380,23 @@ def api01(data):
        if scope.type!='Struct':
            continue
        token = scope.bodyStart
-        arrayFound=False
+        string_found = False
        # loop through the complete struct
        while token != scope.bodyEnd:
            if token.isName and token.variable:
+                is_string = False
                if token.variable.isArray:
-                    arrayFound=True
-                elif arrayFound and not token.variable.isArray and not token.variable.isConst:
+                    type_token = token.variable.typeStartToken
+                    while type_token and type_token.isName:
+                        if type_token.str in ('char', 'wchar_t') and not type_token.isExpandedMacro:
+                            is_string = True
+                        type_token = type_token.next
+                if is_string:
+                    string_found = True
+                elif string_found and not token.variable.isConst:
                    reportError(token, 'style', 'Avoid laying out strings in memory directly before sensitive data', 'API01-C')
                    # reset flags to report other positions in the same struct
-                    arrayFound=False
+                    string_found = False
            token = token.next


@ -453,13 +460,16 @@ if __name__ == '__main__':
            api01(cfg)

        if VERIFY:
+            fail = False
            for expected in VERIFY_EXPECTED:
                if expected not in VERIFY_ACTUAL:
                    print('Expected but not seen: ' + expected)
-                    sys.exit(1)
+                    fail = True
            for actual in VERIFY_ACTUAL:
                if actual not in VERIFY_EXPECTED:
                    print('Not expected: ' + actual)
-                    sys.exit(1)
+                    fail = True
+            if fail:
+                sys.exit(1)

    sys.exit(cppcheckdata.EXIT_CODE)
--- a/addons/test/cert-test.c
+++ b/addons/test/cert-test.c
@ -18,25 +18,30 @@ struct PackedStruct {
    short b;
 };

-void api01()
+
+struct api01_bad_node_s
 {
-    const size_t String_Size = 20;
-    struct bad_node_s
-    {
-        char name[String_Size];
-        struct bad_node_s* next;      // cert-API01-C
-    };
-    struct good_node_s
-    {
-        struct good_node_s* next;
-        char name[String_Size];
-    };
-    struct also_good_node_s
-    {
-        struct also_good_node_s* next;
-        char *name;
-    };
-}
+    char name[10];
+    struct api01_bad_node_s* next;      // cert-API01-C
+};
+struct api01_good_node_s
+{
+    struct api01_good_node_s* next;
+    char name[String_Size];
+};
+struct api01_also_good_node_s
+{
+    struct api01_also_good_node_s* next;
+    char *name;
+};
+struct api01_no_string_1 {
+    int data[10];
+    int x;
+};
+struct api01_no_string_2 {
+    int8_t data[10];
+    int x;
+};

 void dostuff(int *data);

@ -80,8 +85,8 @@ void int31(int x)
    x = (unsigned char)-1; // cert-INT31-c
    x = (unsigned long long)-1; // cert-INT31-c
    unsigned char c;
-    c = 256;
-    c = -1;
+    c = 256; // cert-INT31-c
+    c = -1; // cert-INT31-c

    // issue #10782
    uint16_t * ptr;