From fb068a4e710d4e3b04d0d9b870065e4a524ebc81 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Sun, 7 Nov 2010 09:37:45 +0100
Subject: [PATCH] Fixed #2170 (false positive: After a strncpy() the buffer
 should be zero-terminated)

---
 lib/checkbufferoverrun.cpp |  4 +++-
 test/testbufferoverrun.cpp | 21 +++++++++++++++++++--
 2 files changed, 22 insertions(+), 3 deletions(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index df7bc0378..1df0e370a 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -989,7 +989,9 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
                         {
                             if (!Token::Match(tok2, "%varid% [ %any% ]  = 0 ;", tok->tokAt(2)->varId()))
                             {
-                                terminateStrncpyError(tok);
+                                // this is currently inconclusive. See TestBufferOverrun::terminateStrncpy3
+                                if (_settings && _settings->inconclusive)
+                                    terminateStrncpyError(tok);
                             }
 
                             break;
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 79e14502b..f2dc3bad9 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -36,7 +36,7 @@ private:
 
 
 
-    void check(const char code[], bool showAll = true)
+    void check(const char code[], bool inconclusive = true)
     {
         // Tokenize..
         Tokenizer tokenizer;
@@ -54,7 +54,7 @@ private:
 
         // Check for buffer overruns..
         Settings settings;
-        settings.inconclusive = showAll;
+        settings.inconclusive = inconclusive;
         settings._checkCodingStyle = true;
         CheckBufferOverrun checkBufferOverrun(&tokenizer, &settings, this);
         checkBufferOverrun.bufferOverrun();
@@ -174,6 +174,7 @@ private:
 
         TEST_CASE(terminateStrncpy1);
         TEST_CASE(terminateStrncpy2);
+        TEST_CASE(terminateStrncpy3);
         TEST_CASE(recursive_long_time);
 
         TEST_CASE(crash);	// Ticket #1587 - crash
@@ -2420,6 +2421,22 @@ private:
         ASSERT_EQUALS("[test.cpp:4]: (warning) After a strncpy() the buffer should be zero-terminated\n", errout.str());
     }
 
+    void terminateStrncpy3()
+    {
+        // Ticket #2170 - false positive
+        // The function bar is risky. But it might work that way intentionally.
+        check("char str[100];\n"
+              "\n"
+              "void foo(char *a) {\n"
+              "    strncpy(str, a, 100);\n"
+              "}\n"
+              "\n"
+              "void bar(char *p) {\n"
+              "    strncpy(p, str, 100);\n"
+              "}\n", false);
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void recursive_long_time()
     {
         // Just test that recursive check doesn't take long time