add CERT STR03-C check#1898
Conversation
| # Do not inadvertently truncate a string | ||
| def str03(data): | ||
| for token in data.tokenlist: | ||
| if simpleMatch(token, 'strncpy ('): # now search if the 3rd parameter is a sizeof() |
There was a problem hiding this comment.
I would suggest a early continue here.
if not simpleMatch(token, 'strncpy ('):
continue
| for token in data.tokenlist: | ||
| if simpleMatch(token, 'strncpy ('): # now search if the 3rd parameter is a sizeof() | ||
| paramToken = token.astParent | ||
| if paramToken is None: |
There was a problem hiding this comment.
I suggest a more strict condition if paramToken != token.next
| paramToken = token.astParent | ||
| if paramToken is None: | ||
| continue | ||
| if not paramToken.astOperand2 is None: |
There was a problem hiding this comment.
hmm.. this looks clumpsy.. maybe we should create a utility function in cppcheckdata to get the parameters in a function call. We have such function in cppcheck core and its name is getArguments
| if lengthOp2 is None: | ||
| continue | ||
| if simpleMatch(lengthOp2.astOperand1, 'sizeof ('): | ||
| reportError(token, 'style', 'Do not inadvertently truncate a string', 'STR03-C') |
There was a problem hiding this comment.
hmm.. isn't it typical to use a sizeof in the 3rd argument when using strncpy. I fear that this will warn about typical strncpy usage.
There was a problem hiding this comment.
We do allow more noise from addons. But I am uncertain about how much we can allow.
There was a problem hiding this comment.
Well the check fullfills rule CERT-STR03-C as defined here: https://wiki.sei.cmu.edu/confluence/display/c/STR03-C.+Do+not+inadvertently+truncate+a+string
The reason for this check is that if you use strncpy with a sizeof() as length it could happen that there isn't a null termination in the first n characters you want to copy. This would lead to a non null-terminated string but strncpy/strcpy normaly indicates that the string is automatically null-terminated ;)
There was a problem hiding this comment.
I have a bad feeling about it but I guess we should follow the cert guidelines.
…-STR03-C # Conflicts: # addons/cert.py # addons/test/cert-test.c
…-STR03-C and simplify STR03 check
* add CERT STR03-C check * fix cert test
2 participants
No description provided.