Skip to content

Commit 77095e2

Browse files
amai2012amai2012
committed
Add some more functions to posix.cfg which allow to enable TestBufferOverrun::buffer_overrun_1_posix_functions
Fix some compiler warnings on MSVC
1 parent a3acc32 commit 77095e2

File tree

5 files changed

+87
-22
lines changed

5 files changed

+87
-22
lines changed

cfg/posix.cfg

Lines changed: 35 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -91,7 +91,41 @@
9191
<arg nr="1"><not-uninit/><not-null/></arg>
9292
<arg nr="2"><not-uninit/><not-null/></arg>
9393
<arg nr="3"><not-bool/><valid>0:</valid></arg>
94-
</function>
94+
</function>
95+
<function name="read">
96+
<arg nr="1"><not-uninit/></arg>
97+
<arg nr="2"><minsize type="argvalue" arg="3"/></arg>
98+
<arg nr="3"><not-uninit/></arg>
99+
</function>
100+
<function name="write">
101+
<arg nr="1"><not-uninit/></arg>
102+
<arg nr="2"><minsize type="argvalue" arg="3"/></arg>
103+
<arg nr="3"><not-uninit/></arg>
104+
</function>
105+
<function name="recv">
106+
<arg nr="1"><not-uninit/></arg>
107+
<arg nr="2"><minsize type="argvalue" arg="3"/></arg>
108+
<arg nr="3"><not-uninit/></arg>
109+
<arg nr="4"><not-uninit/></arg>
110+
</function>
111+
<function name="recvfrom">
112+
<arg nr="1"><not-uninit/></arg>
113+
<arg nr="2"><minsize type="argvalue" arg="3"/></arg>
114+
<arg nr="3"><not-uninit/></arg>
115+
<arg nr="4"><not-uninit/></arg>
116+
</function>
117+
<function name="send">
118+
<arg nr="1"><not-uninit/></arg>
119+
<arg nr="2"><minsize type="argvalue" arg="3"/></arg>
120+
<arg nr="3"><not-uninit/></arg>
121+
<arg nr="4"><not-uninit/></arg>
122+
</function>
123+
<function name="sendto">
124+
<arg nr="1"><not-uninit/></arg>
125+
<arg nr="2"><minsize type="argvalue" arg="3"/></arg>
126+
<arg nr="3"><not-uninit/></arg>
127+
<arg nr="4"><not-uninit/></arg>
128+
</function>
95129
<memory>
96130
<dealloc>free</dealloc>
97131
<alloc init="true">strdup</alloc>

cli/threadexecutor.cpp

Lines changed: 7 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -460,8 +460,14 @@ unsigned int __stdcall ThreadExecutor::threadProc(void *args)
460460

461461
LeaveCriticalSection(&threadExecutor->_fileSync);
462462
};
463-
463+
#ifdef _MSC_VER
464+
#pragma warning(push)
465+
#pragma warning( disable : 4702 )
466+
#endif
464467
return result;
468+
#ifdef _MSC_VER
469+
#pragma warning(pop)
470+
#endif
465471
}
466472

467473
void ThreadExecutor::reportOut(const std::string &outmsg)

lib/checkbufferoverrun.cpp

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -287,31 +287,31 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &ftok, unsigned int
287287
if (!argtok)
288288
break;
289289
switch (minsize->type) {
290-
case Library::ArgumentChecks::MinSize::Type::ARGVALUE:
290+
case Library::ArgumentChecks::MinSize::ARGVALUE:
291291
if (Token::Match(argtok, "%num% ,|)")) {
292292
const MathLib::bigint sz = MathLib::toLongNumber(argtok->str());
293293
if (sz > arraySize)
294294
error = true;
295295
} else if (argtok->type() == Token::eChar && Token::Match(argtok->next(), ",|)"))
296296
sizeArgumentAsCharError(argtok);
297297
break;
298-
case Library::ArgumentChecks::MinSize::Type::MUL:
298+
case Library::ArgumentChecks::MinSize::MUL:
299299
// TODO: handle arbitrary arg2
300300
if (minsize->arg2 == minsize->arg+1 && Token::Match(argtok, "%num% , %num% ,|)")) {
301301
const MathLib::bigint sz = MathLib::toLongNumber(argtok->str()) * MathLib::toLongNumber(argtok->strAt(2));
302302
if (sz > arraySize)
303303
error = true;
304304
}
305305
break;
306-
case Library::ArgumentChecks::MinSize::Type::STRLEN:
306+
case Library::ArgumentChecks::MinSize::STRLEN:
307307
if (argtok->type() == Token::eString && Token::getStrLength(argtok) >= arraySize)
308308
error = true;
309309
break;
310-
case Library::ArgumentChecks::MinSize::Type::SIZEOF:
310+
case Library::ArgumentChecks::MinSize::SIZEOF:
311311
if (argtok->type() == Token::eString && Token::getStrLength(argtok) >= arraySize)
312312
error = true;
313313
break;
314-
case Library::ArgumentChecks::MinSize::Type::NONE:
314+
case Library::ArgumentChecks::MinSize::NONE:
315315
break;
316316
};
317317
}

lib/library.cpp

Lines changed: 5 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -214,13 +214,13 @@ Library::Error Library::load(const tinyxml2::XMLDocument &doc)
214214

215215
ArgumentChecks::MinSize::Type type;
216216
if (strcmp(typeattr,"strlen")==0)
217-
type = ArgumentChecks::MinSize::Type::STRLEN;
217+
type = ArgumentChecks::MinSize::STRLEN;
218218
else if (strcmp(typeattr,"argvalue")==0)
219-
type = ArgumentChecks::MinSize::Type::ARGVALUE;
219+
type = ArgumentChecks::MinSize::ARGVALUE;
220220
else if (strcmp(typeattr,"sizeof")==0)
221-
type = ArgumentChecks::MinSize::Type::SIZEOF;
221+
type = ArgumentChecks::MinSize::SIZEOF;
222222
else if (strcmp(typeattr,"mul")==0)
223-
type = ArgumentChecks::MinSize::Type::MUL;
223+
type = ArgumentChecks::MinSize::MUL;
224224
else
225225
return Error(BAD_ATTRIBUTE_VALUE, typeattr);
226226

@@ -231,7 +231,7 @@ Library::Error Library::load(const tinyxml2::XMLDocument &doc)
231231
return Error(BAD_ATTRIBUTE_VALUE, argattr);
232232

233233
minsizes.push_back(ArgumentChecks::MinSize(type,argattr[0]-'0'));
234-
if (type == ArgumentChecks::MinSize::Type::MUL) {
234+
if (type == ArgumentChecks::MinSize::MUL) {
235235
const char *arg2attr = argnode->Attribute("arg2");
236236
if (!arg2attr)
237237
return Error(MISSING_ATTRIBUTE, "arg2");

test/testbufferoverrun.cpp

Lines changed: 35 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -96,6 +96,30 @@ class TestBufferOverrun : public TestFixture {
9696
checkBufferOverrun.writeOutsideBufferSize();
9797
}
9898

99+
void checkposix(const char code[], const char filename[] = "test.cpp") {
100+
static bool init;
101+
static Settings settings;
102+
if (!init) {
103+
init = true;
104+
LOAD_LIB_2(settings.library, "posix.cfg");
105+
settings.addEnabled("warning");
106+
}
107+
108+
Tokenizer tokenizer(&settings, this);
109+
std::istringstream istr(code);
110+
tokenizer.tokenize(istr, filename);
111+
112+
// Clear the error buffer..
113+
errout.str("");
114+
115+
// Check for buffer overruns..
116+
CheckBufferOverrun checkBufferOverrun(&tokenizer, &settings, this);
117+
checkBufferOverrun.bufferOverrun();
118+
checkBufferOverrun.bufferOverrun2();
119+
checkBufferOverrun.arrayIndexThenCheck();
120+
checkBufferOverrun.writeOutsideBufferSize();
121+
}
122+
99123

100124
void run() {
101125
TEST_CASE(noerr1);
@@ -169,6 +193,7 @@ class TestBufferOverrun : public TestFixture {
169193
TEST_CASE(array_index_valueflow);
170194

171195
TEST_CASE(buffer_overrun_1_standard_functions);
196+
TEST_CASE(buffer_overrun_1_posix_functions);
172197
TEST_CASE(buffer_overrun_2_struct);
173198
TEST_CASE(buffer_overrun_3);
174199
TEST_CASE(buffer_overrun_4);
@@ -2097,63 +2122,63 @@ class TestBufferOverrun : public TestFixture {
20972122
}
20982123

20992124
void buffer_overrun_1_posix_functions() {
2100-
check("void f(int fd)\n"
2125+
checkposix("void f(int fd)\n"
21012126
"{\n"
21022127
" char str[3];\n"
21032128
" read(fd, str, 3);\n"
21042129
"}");
21052130
ASSERT_EQUALS("", errout.str());
21062131

2107-
check("void f(int fd)\n"
2132+
checkposix("void f(int fd)\n"
21082133
"{\n"
21092134
" char str[3];\n"
21102135
" read(fd, str, 4);\n"
21112136
"}");
21122137
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: str\n", errout.str());
21132138

2114-
check("void f(int fd)\n"
2139+
checkposix("void f(int fd)\n"
21152140
"{\n"
21162141
" char str[3];\n"
21172142
" write(fd, str, 3);\n"
21182143
"}");
21192144
ASSERT_EQUALS("", errout.str());
21202145

2121-
check("void f(int fd)\n"
2146+
checkposix("void f(int fd)\n"
21222147
"{\n"
21232148
" char str[3];\n"
21242149
" write(fd, str, 4);\n"
21252150
"}");
21262151
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: str\n", errout.str());
21272152

2128-
check("void f()\n"
2153+
checkposix("void f()\n"
21292154
"{\n"
21302155
" long bb[2];\n"
21312156
" write(stdin, bb, sizeof(bb));\n"
2132-
"}", false, "test.cpp", false);
2157+
"}");
21332158
ASSERT_EQUALS("", errout.str());
21342159

2135-
check("void f()\n"
2160+
checkposix("void f()\n"
21362161
"{\n"
21372162
"char str[3];\n"
21382163
"recv(s, str, 4, 0);\n"
21392164
"}");
21402165
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: str\n", errout.str());
21412166

2142-
check("void f()\n"
2167+
checkposix("void f()\n"
21432168
"{\n"
21442169
"char str[3];\n"
21452170
"recvfrom(s, str, 4, 0, 0x0, 0x0);\n"
21462171
"}");
21472172
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: str\n", errout.str());
21482173

2149-
check("void f()\n"
2174+
checkposix("void f()\n"
21502175
"{\n"
21512176
"char str[3];\n"
21522177
"send(s, str, 4, 0);\n"
21532178
"}");
21542179
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: str\n", errout.str());
21552180

2156-
check("void f()\n"
2181+
checkposix("void f()\n"
21572182
"{\n"
21582183
"char str[3];\n"
21592184
"sendto(s, str, 4, 0, 0x0, 0x0);\n"

0 commit comments

Comments
 (0)