Fixed #2170 (false positive: After a strncpy() the buffer should be zero-terminated)
This commit is contained in:
Daniel Marjamäki
parent
bd2b1b2914
commit
fb068a4e71
|
|
@ -989,6 +989,8 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
|
||||||
{
|
{
|
||||||
if (!Token::Match(tok2, "%varid% [ %any% ] = 0 ;", tok->tokAt(2)->varId()))
|
if (!Token::Match(tok2, "%varid% [ %any% ] = 0 ;", tok->tokAt(2)->varId()))
|
||||||
{
|
{
|
||||||
|
// this is currently inconclusive. See TestBufferOverrun::terminateStrncpy3
|
||||||
|
if (_settings && _settings->inconclusive)
|
||||||
terminateStrncpyError(tok);
|
terminateStrncpyError(tok);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -36,7 +36,7 @@ private:
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void check(const char code[], bool showAll = true)
|
void check(const char code[], bool inconclusive = true)
|
||||||
{
|
{
|
||||||
// Tokenize..
|
// Tokenize..
|
||||||
Tokenizer tokenizer;
|
Tokenizer tokenizer;
|
||||||
|
|
@ -54,7 +54,7 @@ private:
|
||||||
|
|
||||||
// Check for buffer overruns..
|
// Check for buffer overruns..
|
||||||
Settings settings;
|
Settings settings;
|
||||||
settings.inconclusive = showAll;
|
settings.inconclusive = inconclusive;
|
||||||
settings._checkCodingStyle = true;
|
settings._checkCodingStyle = true;
|
||||||
CheckBufferOverrun checkBufferOverrun(&tokenizer, &settings, this);
|
CheckBufferOverrun checkBufferOverrun(&tokenizer, &settings, this);
|
||||||
checkBufferOverrun.bufferOverrun();
|
checkBufferOverrun.bufferOverrun();
|
||||||
|
|
@ -174,6 +174,7 @@ private:
|
||||||
|
|
||||||
TEST_CASE(terminateStrncpy1);
|
TEST_CASE(terminateStrncpy1);
|
||||||
TEST_CASE(terminateStrncpy2);
|
TEST_CASE(terminateStrncpy2);
|
||||||
|
TEST_CASE(terminateStrncpy3);
|
||||||
TEST_CASE(recursive_long_time);
|
TEST_CASE(recursive_long_time);
|
||||||
|
|
||||||
TEST_CASE(crash); // Ticket #1587 - crash
|
TEST_CASE(crash); // Ticket #1587 - crash
|
||||||
|
|
@ -2420,6 +2421,22 @@ private:
|
||||||
ASSERT_EQUALS("[test.cpp:4]: (warning) After a strncpy() the buffer should be zero-terminated\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:4]: (warning) After a strncpy() the buffer should be zero-terminated\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
void terminateStrncpy3()
|
||||||
|
{
|
||||||
|
// Ticket #2170 - false positive
|
||||||
|
// The function bar is risky. But it might work that way intentionally.
|
||||||
|
check("char str[100];\n"
|
||||||
|
"\n"
|
||||||
|
"void foo(char *a) {\n"
|
||||||
|
" strncpy(str, a, 100);\n"
|
||||||
|
"}\n"
|
||||||
|
"\n"
|
||||||
|
"void bar(char *p) {\n"
|
||||||
|
" strncpy(p, str, 100);\n"
|
||||||
|
"}\n", false);
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
}
|
||||||
|
|
||||||
void recursive_long_time()
|
void recursive_long_time()
|
||||||
{
|
{
|
||||||
// Just test that recursive check doesn't take long time
|
// Just test that recursive check doesn't take long time
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue