From 3911dd79cb172918ac2ba77ca0132ec46b5731eb Mon Sep 17 00:00:00 2001 From: Slava Semushin Date: Sun, 15 Nov 2009 18:02:03 +0600 Subject: [PATCH] Fixed #900 (Improve out-of-bounds check to detect error with "new char(x)") http://sourceforge.net/apps/trac/cppcheck/ticket/900 --- lib/checkbufferoverrun.cpp | 7 +++++++ test/testbufferoverrun.cpp | 12 ++++++++++++ 2 files changed, 19 insertions(+) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index b3f645a2d..18a1880b6 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -656,6 +656,13 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable() varid = tok->tokAt(1)->varId(); nextTok = 8; } + else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = new %type% ( %num% )")) + { + size = 1; + type = tok->strAt(4); + varid = tok->tokAt(1)->varId(); + nextTok = 8; + } else if (indentlevel > 0 && Token::Match(tok, "[*;{}] %var% = malloc ( %num% ) ;")) { size = std::strtoul(tok->strAt(5), NULL, 10); diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index c4e6dea9f..3e4200505 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -104,6 +104,7 @@ private: TEST_CASE(buffer_overrun_9); TEST_CASE(buffer_overrun_10); TEST_CASE(buffer_overrun_11); + TEST_CASE(buffer_overrun_12); TEST_CASE(sprintf1); TEST_CASE(sprintf2); @@ -956,6 +957,17 @@ private: ASSERT_EQUALS("", errout.str()); } + void buffer_overrun_12() + { + // ticket #900 + check("void f() {\n" + " char *a = new char(30);\n" + " sprintf(a, \"%s\", \"b\");\n" + " delete a;\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:3]: (error) Buffer access out-of-bounds\n", errout.str()); + } + void sprintf1() { check("void f()\n"