Skip to content

Commit 5804cc4

Browse files
chrchr-githubchrchr-github
authored
Fix FP bufferAccessOutOfBounds (danmar#4427)
* Fix FN with buffer size 1 * Fix FP bufferAccessOutOfBounds
1 parent 3925a27 commit 5804cc4

2 files changed

Lines changed: 10 additions & 1 deletion

File tree

lib/checkbufferoverrun.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -655,7 +655,7 @@ void CheckBufferOverrun::bufferOverflow()
655655
if (bufferSize.intvalue <= 0)
656656
continue;
657657
// buffer size == 1 => do not warn for dynamic memory
658-
if (bufferSize.intvalue == 1 && args[argnr]->str() == ".") { // TODO: check if parent was allocated dynamically
658+
if (bufferSize.intvalue == 1 && Token::simpleMatch(argtok->astParent(), ".")) { // TODO: check if parent was allocated dynamically
659659
const Token *tok2 = argtok;
660660
while (Token::simpleMatch(tok2->astParent(), "."))
661661
tok2 = tok2->astParent();

test/testbufferoverrun.cpp

Lines changed: 9 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -3225,6 +3225,15 @@ class TestBufferOverrun : public TestFixture {
32253225
" free(p);\n"
32263226
"}\n");
32273227
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: p\n", errout.str());
3228+
3229+
check("typedef struct { char buf[1]; } S;\n"
3230+
"S* f() {\n"
3231+
" S* s = NULL;\n"
3232+
" s = (S*)malloc(sizeof(S) + 10);\n"
3233+
" sprintf((char*)s->buf, \"abc\");\n"
3234+
" return s;\n"
3235+
"}\n");
3236+
ASSERT_EQUALS("", errout.str());
32283237
}
32293238

32303239
void buffer_overrun_errorpath() {

0 commit comments

Comments
 (0)