Skip to main content
aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java13
-rw-r--r--core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java36
-rw-r--r--core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java2
3 files changed, 32 insertions, 19 deletions
diff --git a/codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java b/codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java
index 3e1ba3f4dbf..d3e5b7cf61c 100644
--- a/codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java
+++ b/codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java
@@ -24,6 +24,7 @@ import org.eclipse.cdt.core.dom.ast.IASTInitializerClause;
import org.eclipse.cdt.core.dom.ast.IASTTranslationUnit;
import org.eclipse.cdt.core.dom.ast.IArrayType;
import org.eclipse.cdt.core.dom.ast.IType;
+import org.eclipse.cdt.core.dom.ast.IValue;
/**
* This checker detects format string vulnerabilities in the source code of
@@ -168,9 +169,15 @@ public class ScanfFormatStringSecurityChecker extends AbstractIndexAstChecker {
IType expressionType = idExpression.getExpressionType();
if (expressionType instanceof IArrayType) {
IArrayType arrayExpressionType = (IArrayType) expressionType;
- long arraySize = arrayExpressionType.getSize().numberValue().longValue();
- if (argumentSize > arraySize) {
- reportProblem(ER_ID, idExpression, idExpression.getRawSignature());
+ IValue sizeVal = arrayExpressionType.getSize();
+ if (sizeVal != null) {
+ Number sizeNum = sizeVal.numberValue();
+ if (sizeNum != null) {
+ long arraySize = sizeNum.longValue();
+ if (argumentSize > arraySize) {
+ reportProblem(ER_ID, idExpression, idExpression.getRawSignature());
+ }
+ }
}
}
}
diff --git a/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java b/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java
index 35b839e671f..71790051d2e 100644
--- a/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java
+++ b/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java
@@ -74,12 +74,14 @@ class AggregateInitialization {
if (initFromStringLiteral(nestedType, initializer)) {
// [dcl.init.string]
fIndex++;
- Number sizeOfCharArrayNumber = getArraySize(nestedType);
+ // nestedType is guaranteed to be an IArrayType if initFromStringLiteral() returns true
+ Number sizeOfCharArrayNumber = getArraySize((IArrayType) nestedType);
long sizeofCharArray = 0; // will error in case we cannot determine the size
if (sizeOfCharArrayNumber != null) {
sizeofCharArray = sizeOfCharArrayNumber.longValue();
}
- Number sizeofStringLiteralNumber = getArraySize(initializer.getType());
+ // so is initializer.getType()
+ Number sizeofStringLiteralNumber = getArraySize((IArrayType) initializer.getType());
long sizeofStringLiteral = Long.MAX_VALUE; // will error in case we cannot determine the size
if (sizeofStringLiteralNumber != null) {
sizeofStringLiteral = sizeofStringLiteralNumber.longValue();
@@ -140,16 +142,20 @@ class AggregateInitialization {
}
} else if (type instanceof IArrayType) {
IArrayType arrayType = (IArrayType) type;
- Number arraySize = arrayType.getSize().numberValue();
- if (arraySize != null)
- for (long i = 0; i < arraySize.longValue(); i++) {
- Cost cost = checkElement(arrayType.getType(), null, worstCost);
- if (!cost.converts())
- return cost;
- if (cost.compareTo(worstCost) > 0) {
- worstCost = cost;
+ IValue sizeVal = arrayType.getSize();
+ if (sizeVal != null) {
+ Number arraySize = sizeVal.numberValue();
+ if (arraySize != null) {
+ for (long i = 0; i < arraySize.longValue(); i++) {
+ Cost cost = checkElement(arrayType.getType(), null, worstCost);
+ if (!cost.converts())
+ return cost;
+ if (cost.compareTo(worstCost) > 0) {
+ worstCost = cost;
+ }
}
}
+ }
}
return worstCost;
}
@@ -262,12 +268,10 @@ class AggregateInitialization {
return isCharArray(target) && fromStringLiteral(initializer);
}
- private static Number getArraySize(IType type) {
- if (((IArrayType) type).getSize() != null) {
- IValue size = ((IArrayType) type).getSize();
- if (size.numberValue() != null) {
- return ((IArrayType) type).getSize().numberValue();
- }
+ private static Number getArraySize(IArrayType type) {
+ IValue size = type.getSize();
+ if (size != null) {
+ return size.numberValue();
}
return null;
}
diff --git a/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java b/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java
index 5d96ed989a6..07e27e0a235 100644
--- a/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java
+++ b/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java
@@ -1287,6 +1287,8 @@ public class CPPTemplates {
}
static int determinePackSize(IValue value, ICPPTemplateParameterMap tpMap) {
+ if (value == null)
+ return PACK_SIZE_NOT_FOUND;
ICPPEvaluation eval = value.getEvaluation();
if (eval == null)
return PACK_SIZE_NOT_FOUND;

Back to the top