Skip to content

Commit 5f6b56a

Browse files
danmardanmar
committed
buffer overrun; Fixed false negative for dynamically allocated float buffer
1 parent 0db649c commit 5f6b56a

File tree

2 files changed

+9
-1
lines changed

2 files changed

+9
-1
lines changed

lib/checkbufferoverrun.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -205,7 +205,7 @@ static bool getDimensionsEtc(const Token * const arrayToken, const Settings *set
205205
dim.num = Token::getStrArraySize(stringLiteral);
206206
dim.known = array->hasKnownValue();
207207
dimensions->emplace_back(dim);
208-
} else if (array->valueType() && array->valueType()->pointer >= 1 && array->valueType()->isIntegral()) {
208+
} else if (array->valueType() && array->valueType()->pointer >= 1 && (array->valueType()->isIntegral() || array->valueType()->isFloat())) {
209209
const ValueFlow::Value *value = getBufferSizeValue(array);
210210
if (!value)
211211
return false;

test/testbufferoverrun.cpp

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1247,6 +1247,14 @@ class TestBufferOverrun : public TestFixture {
12471247
"}");
12481248
ASSERT_EQUALS("[test.cpp:4]: (error) Array 'p[10]' accessed at index 10, which is out of bounds.\n", errout.str());
12491249

1250+
check("void f()\n"
1251+
"{\n"
1252+
" float *p; p = (float *)malloc(10 * sizeof(float));\n"
1253+
" p[10] = 7;\n"
1254+
" free(p);\n"
1255+
"}");
1256+
ASSERT_EQUALS("[test.cpp:4]: (error) Array 'p[10]' accessed at index 10, which is out of bounds.\n", errout.str());
1257+
12501258
check("void f()\n"
12511259
"{\n"
12521260
" char *p; p = (char *)malloc(10);\n"

0 commit comments

Comments
 (0)