CheckBufferOverrun Class Reference

buffer overruns and array index out of bounds More...

#include <checkbufferoverrun.h>

Inheritance diagram for CheckBufferOverrun:

List of all members.

Classes
class	ArrayInfo
	Information about N-dimensional array. More...
Public Member Functions
	CheckBufferOverrun ()
	This constructor is used when registering the CheckClass.
	CheckBufferOverrun (const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
	This constructor is used when running checks.
void	runSimplifiedChecks (const Tokenizer *tokenizer, const Settings *settings, ErrorLogger *errorLogger)
	run checks, the token list is simplified
void	bufferOverrun ()
	Check for buffer overruns
void	arrayIndexThenCheck ()
	Using array index before bounds check.
void	executionPaths ()
	Check for buffer overruns by inspecting execution paths
void	writeOutsideBufferSize ()
	Check using POSIX write function and writing outside buffer size
void	checkSprintfCall (const Token *tok, const MathLib::bigint size)
	Check code that matches: "sprintf ( %varid% , %str% [,)]" when varid is not 0, and report found errors.
void	checkStructVariable ()
	Check for buffer overruns - locate struct variables and check them with the .._CheckScope function.
void	checkGlobalAndLocalVariable ()
	Check for buffer overruns - locate global variables and local function variables and check them with the checkScope function.
void	checkBufferAllocatedWithStrlen ()
	Check for buffer overruns due to allocating strlen(src) bytes instead of (strlen(src)+1) bytes before copying a string.
void	checkInsecureCmdLineArgs ()
	Check for buffer overruns due to copying command-line args to fixed-sized buffers without bounds checking.
void	negativeIndex ()
	Check for negative index.
void	checkScope (const Token *tok, const ArrayInfo &arrayInfo)
	Check for buffer overruns (based on ArrayInfo)
void	checkScope (const Token *tok, const std::vector< std::string > &varname, const ArrayInfo &arrayInfo)
	Check for buffer overruns.
void	checkScopeForBody (const Token *tok, const ArrayInfo &arrayInfo, bool &bailout)
	Check scope helper function - parse for body.
void	parse_for_body (const Token *tok2, const ArrayInfo &arrayInfo, const std::string &strindex, bool condition_out_of_bounds, unsigned int counter_varid, const std::string &min_counter_value, const std::string &max_counter_value)
	Helper function used when parsing for-loops.
void	checkReadlinkBufferUsage (const Token *tok, const Token *scope_begin, const MathLib::bigint total_size, const bool is_readlinkat)
	Check readlink or readlinkat() buffer usage.
void	checkFunctionParameter (const Token &tok, const unsigned int par, const ArrayInfo &arrayInfo, std::list< const Token * > callstack)
	Helper function for checkFunctionCall - check a function parameter.
void	checkFunctionCall (const Token *tok, const ArrayInfo &arrayInfo, std::list< const Token * > callstack)
	Helper function that checks if the array is used and if so calls the checkFunctionCall.
void	arrayIndexOutOfBoundsError (const Token *tok, const ArrayInfo &arrayInfo, const std::vector< MathLib::bigint > &index)
void	arrayIndexInForLoop (const Token *tok, const ArrayInfo &arrayInfo)
void	getErrorMessages (ErrorLogger *errorLogger, const Settings *settings) const
	get error messages
Static Public Member Functions
static MathLib::bigint	countSprintfLength (const std::string &input_string, const std::list< const Token * > &parameters)
	Get minimum length of format string result.
Private Member Functions
bool	isArrayOfStruct (const Token *tok, int &position)
void	arrayIndexOutOfBoundsError (const std::list< const Token * > &callstack, const ArrayInfo &arrayInfo, const std::vector< MathLib::bigint > &index)
void	bufferOverrunError (const Token *tok, const std::string &varnames="")
void	bufferOverrunError (const std::list< const Token * > &callstack, const std::string &varnames="")
void	strncatUsageError (const Token *tok)
void	outOfBoundsError (const Token *tok, const std::string &what, const bool show_size_info, const MathLib::bigint &supplied_size, const MathLib::bigint &actual_size)
void	sizeArgumentAsCharError (const Token *tok)
void	terminateStrncpyError (const Token *tok, const std::string &varname)
void	bufferNotZeroTerminatedError (const Token *tok, const std::string &varname, const std::string &function)
void	negativeIndexError (const Token *tok, MathLib::bigint index)
void	cmdLineArgsError (const Token *tok)
void	pointerOutOfBoundsError (const Token *tok, const std::string &object)
void	arrayIndexThenCheckError (const Token *tok, const std::string &indexName)
void	possibleBufferOverrunError (const Token *tok, const std::string &src, const std::string &dst, bool cat)
void	possibleReadlinkBufferOverrunError (const Token *tok, const std::string &funcname, const std::string &varname)
void	argumentSizeError (const Token *tok, const std::string &functionName, const std::string &varname)
void	writeOutsideBufferSizeError (const Token *tok, const std::size_t stringLength, const MathLib::bigint writeLength, const std::string &functionName)
std::string	classInfo () const
	get information about this class, used to generate documentation
Static Private Member Functions
static std::string	myName ()

---

Detailed Description

buffer overruns and array index out of bounds

Buffer overrun and array index out of bounds are pretty much the same. But I generally use 'array index' if the code contains []. And the given index is out of bounds. I generally use 'buffer overrun' if you for example call a strcpy or other function and pass a buffer and reads or writes too much data.

Definition at line 50 of file checkbufferoverrun.h.

---

Constructor & Destructor Documentation

CheckBufferOverrun::CheckBufferOverrun

(

)

[inline]

This constructor is used when registering the CheckClass.

Definition at line 54 of file checkbufferoverrun.h.

CheckBufferOverrun::CheckBufferOverrun	(	const Tokenizer *	tokenizer,
		const Settings *	settings,
		ErrorLogger *	errorLogger
	)		[inline]

This constructor is used when running checks.

Definition at line 58 of file checkbufferoverrun.h.

---

Member Function Documentation

void CheckBufferOverrun::argumentSizeError	(	const Token *	tok,
		const std::string &	functionName,
		const std::string &	varname
	)		[private]

Definition at line 179 of file checkbufferoverrun.cpp.

References Check::reportError(), and Severity::warning.

Referenced by checkFunctionParameter(), and getErrorMessages().

void CheckBufferOverrun::arrayIndexInForLoop	(	const Token *	tok,
		const ArrayInfo &	arrayInfo
	)

Definition at line 845 of file checkbufferoverrun.cpp.

References Check::_tokenizer, bufferOverrunError(), SymbolDatabase::debugMessage(), Token::eIncDecOp, for_condition(), for_init(), Tokenizer::getSymbolDatabase(), Token::Match(), Token::next(), CheckBufferOverrun::ArrayInfo::num(), Token::str(), Token::strAt(), Token::tokAt(), MathLib::toLongNumber(), CheckBufferOverrun::ArrayInfo::varid(), and CheckBufferOverrun::ArrayInfo::varname().

Referenced by checkScope().

void CheckBufferOverrun::arrayIndexOutOfBoundsError	(	const Token *	tok,
		const ArrayInfo &	arrayInfo,
		const std::vector< MathLib::bigint > &	index
	)

Definition at line 59 of file checkbufferoverrun.cpp.

References Severity::error, makeArrayIndexOutOfBoundsError(), and Check::reportError().

Referenced by ExecutionPathBufferOverrun::array_index(), checkFunctionParameter(), checkScope(), getErrorMessages(), and parse_for_body().

void CheckBufferOverrun::arrayIndexOutOfBoundsError	(	const std::list< const Token * > &	callstack,
		const ArrayInfo &	arrayInfo,
		const std::vector< MathLib::bigint > &	index
	)		[private]

Definition at line 66 of file checkbufferoverrun.cpp.

References Severity::error, makeArrayIndexOutOfBoundsError(), and Check::reportError().

void CheckBufferOverrun::arrayIndexThenCheck

(

)

Using array index before bounds check.

Definition at line 2182 of file checkbufferoverrun.cpp.

References Check::_settings, Check::_tokenizer, arrayIndexThenCheckError(), Scope::classEnd, Scope::classStart, Token::eComparisonOp, SymbolDatabase::functionScopes, Tokenizer::getSymbolDatabase(), Settings::isEnabled(), Token::Match(), and Token::next().

Referenced by runSimplifiedChecks().

void CheckBufferOverrun::arrayIndexThenCheckError	(	const Token *	tok,
		const std::string &	indexName
	)		[private]

Definition at line 2216 of file checkbufferoverrun.cpp.

References Check::reportError(), and Severity::style.

Referenced by arrayIndexThenCheck(), and getErrorMessages().

void CheckBufferOverrun::bufferNotZeroTerminatedError	(	const Token *	tok,
		const std::string &	varname,
		const std::string &	function
	)		[private]

Definition at line 170 of file checkbufferoverrun.cpp.

References Check::reportError(), and Severity::warning.

Referenced by checkReadlinkBufferUsage(), checkScope(), and getErrorMessages().

void CheckBufferOverrun::bufferOverrun

(

)

Check for buffer overruns

Definition at line 1673 of file checkbufferoverrun.cpp.

References checkBufferAllocatedWithStrlen(), checkGlobalAndLocalVariable(), checkInsecureCmdLineArgs(), and checkStructVariable().

Referenced by runSimplifiedChecks().

void CheckBufferOverrun::bufferOverrunError	(	const Token *	tok,
		const std::string &	varnames = ""
	)		[private]

Definition at line 86 of file checkbufferoverrun.cpp.

References bufferOverrunMessage(), Severity::error, and Check::reportError().

Referenced by arrayIndexInForLoop(), checkBufferAllocatedWithStrlen(), checkFunctionParameter(), checkGlobalAndLocalVariable(), checkScope(), checkSprintfCall(), getErrorMessages(), and parse_for_body().

void CheckBufferOverrun::bufferOverrunError	(	const std::list< const Token * > &	callstack,
		const std::string &	varnames = ""
	)		[private]

Definition at line 92 of file checkbufferoverrun.cpp.

References bufferOverrunMessage(), Severity::error, and Check::reportError().

void CheckBufferOverrun::checkBufferAllocatedWithStrlen

(

)

Check for buffer overruns due to allocating strlen(src) bytes instead of (strlen(src)+1) bytes before copying a string.

Definition at line 1823 of file checkbufferoverrun.cpp.

References Check::_tokenizer, bufferOverrunError(), Scope::classEnd, Scope::classStart, SymbolDatabase::functionScopes, Tokenizer::getSymbolDatabase(), Token::Match(), Token::next(), and Token::scope().

Referenced by bufferOverrun().

void CheckBufferOverrun::checkFunctionCall	(	const Token *	tok,
		const ArrayInfo &	arrayInfo,
		std::list< const Token * >	callstack
	)

Helper function that checks if the array is used and if so calls the checkFunctionCall.

Parameters:

tok	token that matches "%var% ("
arrayInfo	the array information
callstack	call stack. This is used to prevent recursion and to provide better error messages. Pass a empty list from checkScope etc.

Definition at line 730 of file checkbufferoverrun.cpp.

References checkFunctionParameter(), CheckBufferOverrun::ArrayInfo::limit(), Token::Match(), Token::nextArgument(), Token::str(), Token::strAt(), Token::tokAt(), MathLib::toLongNumber(), and CheckBufferOverrun::ArrayInfo::varid().

Referenced by checkFunctionParameter(), and checkScope().

void CheckBufferOverrun::checkFunctionParameter	(	const Token &	tok,
		const unsigned int	par,
		const ArrayInfo &	arrayInfo,
		std::list< const Token * >	callstack
	)

Helper function for checkFunctionCall - check a function parameter.

Parameters:

tok	token for the function name
par	on what parameter is the array used
arrayInfo	the array information
callstack	call stack. This is used to prevent recursion and to provide better error messages. Pass a empty list from checkScope etc.

Definition at line 553 of file checkbufferoverrun.cpp.

References Check::_settings, Check::_tokenizer, argumentSizeError(), arrayIndexOutOfBoundsError(), bailoutIfSwitch(), bufferOverrunError(), checkFunctionCall(), Scope::classEnd, Scope::classStart, Token::eChar, CheckBufferOverrun::ArrayInfo::element_size(), Token::function(), Function::functionScope, Function::getArgumentVar(), Function::hasBody, Settings::isEnabled(), Token::Match(), MathLib::multiply(), Variable::nameToken(), Token::next(), Token::nextArgument(), CheckBufferOverrun::ArrayInfo::num(), Token::simpleMatch(), sizeArgumentAsCharError(), Tokenizer::sizeOfType(), Token::str(), Token::strAt(), Token::tokAt(), MathLib::toLongNumber(), Token::type(), Variable::typeStartToken(), CheckBufferOverrun::ArrayInfo::varid(), Variable::varId(), and CheckBufferOverrun::ArrayInfo::varname().

Referenced by checkFunctionCall(), and checkScope().

void CheckBufferOverrun::checkGlobalAndLocalVariable

(

)

Check for buffer overruns - locate global variables and local function variables and check them with the checkScope function.

Todo:

false negatives: this may be too conservative

Definition at line 1377 of file checkbufferoverrun.cpp.

References Check::_errorLogger, Check::_tokenizer, bufferOverrunError(), checkScope(), Scope::classEnd, Scope::classStart, Variable::dimension(), Token::findmatch(), SymbolDatabase::functionScopes, Tokenizer::getSourceFilePath(), Tokenizer::getSymbolDatabase(), SymbolDatabase::getVariableFromVarId(), Variable::isArray(), Token::link(), Token::Match(), Variable::nameToken(), Token::next(), Token::previous(), ErrorLogger::reportProgress(), Token::simpleMatch(), Tokenizer::sizeOfType(), Token::str(), Tokenizer::tokens(), MathLib::toLongNumber(), Variable::typeEndToken(), Variable::typeStartToken(), Variable::varId(), Token::varId(), and Tokenizer::varIdCount().

Referenced by bufferOverrun().

void CheckBufferOverrun::checkInsecureCmdLineArgs

(

)

Check for buffer overruns due to copying command-line args to fixed-sized buffers without bounds checking.

Definition at line 1883 of file checkbufferoverrun.cpp.

References Check::_tokenizer, cmdLineArgsError(), Scope::function, SymbolDatabase::functionScopes, Tokenizer::getSymbolDatabase(), Token::link(), Token::Match(), Token::next(), Token::simpleMatch(), Token::strAt(), Token::tokAt(), Function::token, and Token::varId().

Referenced by bufferOverrun().

void CheckBufferOverrun::checkReadlinkBufferUsage	(	const Token *	tok,
		const Token *	scope_begin,
		const MathLib::bigint	total_size,
		const bool	is_readlinkat
	)

Check readlink or readlinkat() buffer usage.

Definition at line 1342 of file checkbufferoverrun.cpp.

References Check::_settings, bufferNotZeroTerminatedError(), Settings::inconclusive, Token::link(), Token::Match(), Token::next(), Token::nextArgument(), outOfBoundsError(), possibleReadlinkBufferOverrunError(), Token::str(), Token::strAt(), Token::tokAt(), MathLib::toLongNumber(), and Token::varId().

Referenced by checkScope().

void CheckBufferOverrun::checkScope	(	const Token *	tok,
		const ArrayInfo &	arrayInfo
	)

Check for buffer overruns (based on ArrayInfo)

Definition at line 1122 of file checkbufferoverrun.cpp.

References Check::_settings, arrayIndexInForLoop(), arrayIndexOutOfBoundsError(), bufferNotZeroTerminatedError(), bufferOverrunError(), checkFunctionCall(), checkReadlinkBufferUsage(), checkScopeForBody(), checkSprintfCall(), CheckBufferOverrun::ArrayInfo::element_size(), Token::getStrLength(), Settings::inconclusive, Settings::isEnabled(), Token::link(), Token::linkAt(), Token::Match(), Token::next(), Token::nextArgument(), CheckBufferOverrun::ArrayInfo::num(), outOfBoundsError(), pointerOutOfBoundsError(), Standards::posix, Token::previous(), Token::scope(), Token::simpleMatch(), Settings::standards, Token::str(), Token::strAt(), strncatUsageError(), terminateStrncpyError(), Token::tokAt(), MathLib::toLongNumber(), CheckBufferOverrun::ArrayInfo::varid(), Token::varId(), and CheckBufferOverrun::ArrayInfo::varname().

Referenced by checkGlobalAndLocalVariable(), and checkStructVariable().

void CheckBufferOverrun::checkScope	(	const Token *	tok,
		const std::vector< std::string > &	varname,
		const ArrayInfo &	arrayInfo
	)

Check for buffer overruns.

Definition at line 896 of file checkbufferoverrun.cpp.

References Check::_settings, arrayIndexOutOfBoundsError(), bufferOverrunError(), checkFunctionCall(), checkFunctionParameter(), checkScopeForBody(), checkSprintfCall(), Variable::dimension(), Variable::dimensions(), CheckBufferOverrun::ArrayInfo::element_size(), Token::getStrLength(), Settings::inconclusive, Variable::isArray(), Settings::isEnabled(), Token::isName(), Token::Match(), Token::next(), CheckBufferOverrun::ArrayInfo::num(), outOfBoundsError(), pointerOutOfBoundsError(), possibleBufferOverrunError(), Token::previous(), Token::scope(), Token::simpleMatch(), Token::str(), Token::strAt(), Token::tokAt(), MathLib::toLongNumber(), Token::variable(), CheckBufferOverrun::ArrayInfo::varid(), and Token::varId().

void CheckBufferOverrun::checkScopeForBody	(	const Token *	tok,
		const ArrayInfo &	arrayInfo,
		bool &	bailout
	)

Check scope helper function - parse for body.

Definition at line 765 of file checkbufferoverrun.cpp.

References Check::_tokenizer, SymbolDatabase::debugMessage(), Token::findsimplematch(), for3(), for_bailout(), for_condition(), for_init(), Tokenizer::getSymbolDatabase(), Token::link(), Token::Match(), Token::next(), CheckBufferOverrun::ArrayInfo::num(), parse_for_body(), Token::str(), Token::tokAt(), and MathLib::toLongNumber().

Referenced by checkScope().

void CheckBufferOverrun::checkSprintfCall	(	const Token *	tok,
		const MathLib::bigint	size
	)

Check code that matches: "sprintf ( %varid% , %str% [,)]" when varid is not 0, and report found errors.

Parameters:

tok	The "sprintf" token.
size	The size of the buffer where sprintf is writing.

Definition at line 1784 of file checkbufferoverrun.cpp.

References bufferOverrunError(), countSprintfLength(), Token::eString, Token::isNumber(), Token::Match(), Token::next(), Token::nextArgument(), Token::strValue(), Token::tokAt(), and Token::type().

Referenced by checkScope().

void CheckBufferOverrun::checkStructVariable

(

)

Check for buffer overruns - locate struct variables and check them with the .._CheckScope function.

Todo:

false negatives: handle inner scopes someday

Definition at line 1502 of file checkbufferoverrun.cpp.

References Check::_tokenizer, checkScope(), SymbolDatabase::classAndStructScopes, Scope::classDef, Scope::classEnd, Scope::className, Scope::classStart, Scope::eFunction, CheckBufferOverrun::ArrayInfo::element_size(), Scope::eStruct, Scope::functionOf, SymbolDatabase::functionScopes, Tokenizer::getSymbolDatabase(), isArrayOfStruct(), Scope::isClassOrStruct(), Token::Match(), Scope::nestedIn, Token::next(), CheckBufferOverrun::ArrayInfo::num(), Token::simpleMatch(), Token::tokAt(), MathLib::toLongNumber(), Scope::type, CheckBufferOverrun::ArrayInfo::varid(), Scope::varlist, and CheckBufferOverrun::ArrayInfo::varname().

Referenced by bufferOverrun().

std::string CheckBufferOverrun::classInfo

(

)

const [inline, private, virtual]

get information about this class, used to generate documentation

Implements Check.

Definition at line 265 of file checkbufferoverrun.h.

void CheckBufferOverrun::cmdLineArgsError

(

const Token *

tok

)

[private]

Definition at line 165 of file checkbufferoverrun.cpp.

References Severity::error, and Check::reportError().

Referenced by checkInsecureCmdLineArgs(), and getErrorMessages().

MathLib::bigint CheckBufferOverrun::countSprintfLength	(	const std::string &	input_string,
		const std::list< const Token * > &	parameters
	)		[static]

Get minimum length of format string result.

Parameters:

input_string	format string
parameters	given parameters to sprintf

Returns:

minimum length of resulting string

Definition at line 1683 of file checkbufferoverrun.cpp.

References Token::eString, and Token::getStrLength().

Referenced by checkSprintfCall().

void CheckBufferOverrun::executionPaths

(

)

Check for buffer overruns by inspecting execution paths

Definition at line 2164 of file checkbufferoverrun.cpp.

References Check::_tokenizer, checkExecutionPaths(), Variable::dimension(), Tokenizer::getSymbolDatabase(), SymbolDatabase::getVariableFromVarId(), Variable::isArray(), and Tokenizer::varIdCount().

Referenced by runSimplifiedChecks().

void CheckBufferOverrun::getErrorMessages	(	ErrorLogger *	errorLogger,
		const Settings *	settings
	)		const [inline, virtual]

get error messages

Implements Check.

Definition at line 239 of file checkbufferoverrun.h.

References argumentSizeError(), arrayIndexOutOfBoundsError(), arrayIndexThenCheckError(), bufferNotZeroTerminatedError(), bufferOverrunError(), cmdLineArgsError(), negativeIndexError(), outOfBoundsError(), pointerOutOfBoundsError(), possibleBufferOverrunError(), possibleReadlinkBufferOverrunError(), sizeArgumentAsCharError(), strncatUsageError(), terminateStrncpyError(), and writeOutsideBufferSizeError().

bool CheckBufferOverrun::isArrayOfStruct	(	const Token *	tok,
		int &	position
	)		[private]

Definition at line 1322 of file checkbufferoverrun.cpp.

References Token::Match(), Token::next(), and Token::tokAt().

Referenced by checkStructVariable().

static std::string CheckBufferOverrun::myName

(

)

[inline, static, private]

Definition at line 261 of file checkbufferoverrun.h.

void CheckBufferOverrun::negativeIndex

(

)

Check for negative index.

Definition at line 1943 of file checkbufferoverrun.cpp.

References Check::_tokenizer, Token::findmatch(), Variable::isArray(), Token::link(), negativeIndexError(), Token::previous(), Token::strAt(), Tokenizer::tokens(), MathLib::toLongNumber(), Token::variable(), and Token::varId().

Referenced by runSimplifiedChecks().

void CheckBufferOverrun::negativeIndexError	(	const Token *	tok,
		MathLib::bigint	index
	)		[private]

Definition at line 1936 of file checkbufferoverrun.cpp.

References Severity::error, and Check::reportError().

Referenced by getErrorMessages(), and negativeIndex().

void CheckBufferOverrun::outOfBoundsError	(	const Token *	tok,
		const std::string &	what,
		const bool	show_size_info,
		const MathLib::bigint &	supplied_size,
		const MathLib::bigint &	actual_size
	)		[private]

Definition at line 131 of file checkbufferoverrun.cpp.

References Severity::error, and Check::reportError().

Referenced by checkReadlinkBufferUsage(), checkScope(), and getErrorMessages().

void CheckBufferOverrun::parse_for_body	(	const Token *	tok2,
		const ArrayInfo &	arrayInfo,
		const std::string &	strindex,
		bool	condition_out_of_bounds,
		unsigned int	counter_varid,
		const std::string &	min_counter_value,
		const std::string &	max_counter_value
	)

Helper function used when parsing for-loops.

Definition at line 434 of file checkbufferoverrun.cpp.

References arrayIndexOutOfBoundsError(), bailoutIfSwitch(), bufferOverrunError(), MathLib::calculate(), Token::link(), Token::Match(), Token::next(), CheckBufferOverrun::ArrayInfo::num(), Token::previous(), Token::simpleMatch(), Token::str(), CheckBufferOverrun::ArrayInfo::varid(), and CheckBufferOverrun::ArrayInfo::varname().

Referenced by checkScopeForBody().

void CheckBufferOverrun::pointerOutOfBoundsError	(	const Token *	tok,
		const std::string &	object
	)		[private]

Definition at line 142 of file checkbufferoverrun.cpp.

References Severity::portability, and Check::reportError().

Referenced by checkScope(), and getErrorMessages().

void CheckBufferOverrun::possibleBufferOverrunError	(	const Token *	tok,
		const std::string &	src,
		const std::string &	dst,
		bool	cat
	)		[private]

Definition at line 97 of file checkbufferoverrun.cpp.

References Check::reportError(), and Severity::warning.

Referenced by checkScope(), and getErrorMessages().

void CheckBufferOverrun::possibleReadlinkBufferOverrunError	(	const Token *	tok,
		const std::string &	funcname,
		const std::string &	varname
	)		[private]

Definition at line 111 of file checkbufferoverrun.cpp.

References Check::reportError(), and Severity::warning.

Referenced by checkReadlinkBufferUsage(), and getErrorMessages().

void CheckBufferOverrun::runSimplifiedChecks	(	const Tokenizer *	tokenizer,
		const Settings *	settings,
		ErrorLogger *	errorLogger
	)		[inline, virtual]

run checks, the token list is simplified

ExecutionPath checking..

Implements Check.

Definition at line 62 of file checkbufferoverrun.h.

References arrayIndexThenCheck(), bufferOverrun(), executionPaths(), negativeIndex(), and writeOutsideBufferSize().

void CheckBufferOverrun::sizeArgumentAsCharError

(

const Token *

tok

)

[private]

Definition at line 148 of file checkbufferoverrun.cpp.

References Check::_settings, Settings::isEnabled(), Check::reportError(), and Severity::warning.

Referenced by checkFunctionParameter(), and getErrorMessages().

void CheckBufferOverrun::strncatUsageError

(

const Token *

tok

)

[private]

Definition at line 120 of file checkbufferoverrun.cpp.

References Check::_settings, Settings::isEnabled(), Check::reportError(), and Severity::warning.

Referenced by checkScope(), and getErrorMessages().

void CheckBufferOverrun::terminateStrncpyError	(	const Token *	tok,
		const std::string &	varname
	)		[private]

Definition at line 156 of file checkbufferoverrun.cpp.

References Check::reportError(), and Severity::warning.

Referenced by checkScope(), and getErrorMessages().

void CheckBufferOverrun::writeOutsideBufferSize

(

)

Check using POSIX write function and writing outside buffer size

Definition at line 2241 of file checkbufferoverrun.cpp.

References Check::_settings, Check::_tokenizer, Scope::classEnd, Scope::classStart, SymbolDatabase::functionScopes, Token::getStrLength(), Tokenizer::getSymbolDatabase(), Token::Match(), Token::next(), Standards::posix, Settings::standards, MathLib::toLongNumber(), and writeOutsideBufferSizeError().

Referenced by runSimplifiedChecks().

void CheckBufferOverrun::writeOutsideBufferSizeError	(	const Token *	tok,
		const std::size_t	stringLength,
		const MathLib::bigint	writeLength,
		const std::string &	functionName
	)		[private]

Definition at line 2264 of file checkbufferoverrun.cpp.

References Severity::error, MathLib::longToString(), and Check::reportError().

Referenced by getErrorMessages(), and writeOutsideBufferSize().

---

The documentation for this class was generated from the following files:

• checkbufferoverrun.h
• checkbufferoverrun.cpp