walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed #10861 (False positive: CERT-API01: only warn about char/wchar arrays.)

This commit is contained in:
Daniel Marjamäki 2022-03-13 16:42:07 +01:00
parent df2c8f3a65
commit ee0d93e5da
2 changed files with 41 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
addons/cert.py
View File

@ -380,16 +380,23 @@ def api01(data):
if scope.type!='Struct': if scope.type!='Struct':
continue continue
token = scope.bodyStart token = scope.bodyStart
arrayFound=False string_found = False
# loop through the complete struct # loop through the complete struct
while token != scope.bodyEnd: while token != scope.bodyEnd:
if token.isName and token.variable: if token.isName and token.variable:
is_string = False
if token.variable.isArray: if token.variable.isArray:
arrayFound=True type_token = token.variable.typeStartToken
elif arrayFound and not token.variable.isArray and not token.variable.isConst: while type_token and type_token.isName:
if type_token.str in ('char', 'wchar_t') and not type_token.isExpandedMacro:
is_string = True
type_token = type_token.next
if is_string:
string_found = True
elif string_found and not token.variable.isConst:
reportError(token, 'style', 'Avoid laying out strings in memory directly before sensitive data', 'API01-C') reportError(token, 'style', 'Avoid laying out strings in memory directly before sensitive data', 'API01-C')
# reset flags to report other positions in the same struct # reset flags to report other positions in the same struct
arrayFound=False string_found = False
token = token.next token = token.next
@ -453,13 +460,16 @@ if __name__ == '__main__':
api01(cfg) api01(cfg)
if VERIFY: if VERIFY:
fail = False
for expected in VERIFY_EXPECTED: for expected in VERIFY_EXPECTED:
if expected not in VERIFY_ACTUAL: if expected not in VERIFY_ACTUAL:
print('Expected but not seen: ' + expected) print('Expected but not seen: ' + expected)
sys.exit(1) fail = True
for actual in VERIFY_ACTUAL: for actual in VERIFY_ACTUAL:
if actual not in VERIFY_EXPECTED: if actual not in VERIFY_EXPECTED:
print('Not expected: ' + actual) print('Not expected: ' + actual)
sys.exit(1) fail = True
if fail:
sys.exit(1)
sys.exit(cppcheckdata.EXIT_CODE) sys.exit(cppcheckdata.EXIT_CODE)

45
addons/test/cert-test.c
View File

@ -18,25 +18,30 @@ struct PackedStruct {
short b; short b;
}; };
void api01()
struct api01_bad_node_s
{ {
const size_t String_Size = 20; char name[10];
struct bad_node_s struct api01_bad_node_s* next; // cert-API01-C
{ };
char name[String_Size]; struct api01_good_node_s
struct bad_node_s* next; // cert-API01-C {
}; struct api01_good_node_s* next;
struct good_node_s char name[String_Size];
{ };
struct good_node_s* next; struct api01_also_good_node_s
char name[String_Size]; {
}; struct api01_also_good_node_s* next;
struct also_good_node_s char *name;
{ };
struct also_good_node_s* next; struct api01_no_string_1 {
char *name; int data[10];
}; int x;
} };
struct api01_no_string_2 {
int8_t data[10];
int x;
};
void dostuff(int *data); void dostuff(int *data);
@ -80,8 +85,8 @@ void int31(int x)
x = (unsigned char)-1; // cert-INT31-c x = (unsigned char)-1; // cert-INT31-c
x = (unsigned long long)-1; // cert-INT31-c x = (unsigned long long)-1; // cert-INT31-c
unsigned char c; unsigned char c;
c = 256; c = 256; // cert-INT31-c
c = -1; c = -1; // cert-INT31-c
// issue #10782 // issue #10782
uint16_t * ptr; uint16_t * ptr;