diff options
3 files changed, 32 insertions, 19 deletions
diff --git a/codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java b/codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java index 3e1ba3f4dbf..d3e5b7cf61c 100644 --- a/codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java +++ b/codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java @@ -24,6 +24,7 @@ import org.eclipse.cdt.core.dom.ast.IASTInitializerClause; import org.eclipse.cdt.core.dom.ast.IASTTranslationUnit; import org.eclipse.cdt.core.dom.ast.IArrayType; import org.eclipse.cdt.core.dom.ast.IType; +import org.eclipse.cdt.core.dom.ast.IValue; /** * This checker detects format string vulnerabilities in the source code of @@ -168,9 +169,15 @@ public class ScanfFormatStringSecurityChecker extends AbstractIndexAstChecker { IType expressionType = idExpression.getExpressionType(); if (expressionType instanceof IArrayType) { IArrayType arrayExpressionType = (IArrayType) expressionType; - long arraySize = arrayExpressionType.getSize().numberValue().longValue(); - if (argumentSize > arraySize) { - reportProblem(ER_ID, idExpression, idExpression.getRawSignature()); + IValue sizeVal = arrayExpressionType.getSize(); + if (sizeVal != null) { + Number sizeNum = sizeVal.numberValue(); + if (sizeNum != null) { + long arraySize = sizeNum.longValue(); + if (argumentSize > arraySize) { + reportProblem(ER_ID, idExpression, idExpression.getRawSignature()); + } + } } } } diff --git a/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java b/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java index 35b839e671f..71790051d2e 100644 --- a/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java +++ b/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java @@ -74,12 +74,14 @@ class AggregateInitialization { if (initFromStringLiteral(nestedType, initializer)) { // [dcl.init.string] fIndex++; - Number sizeOfCharArrayNumber = getArraySize(nestedType); + // nestedType is guaranteed to be an IArrayType if initFromStringLiteral() returns true + Number sizeOfCharArrayNumber = getArraySize((IArrayType) nestedType); long sizeofCharArray = 0; // will error in case we cannot determine the size if (sizeOfCharArrayNumber != null) { sizeofCharArray = sizeOfCharArrayNumber.longValue(); } - Number sizeofStringLiteralNumber = getArraySize(initializer.getType()); + // so is initializer.getType() + Number sizeofStringLiteralNumber = getArraySize((IArrayType) initializer.getType()); long sizeofStringLiteral = Long.MAX_VALUE; // will error in case we cannot determine the size if (sizeofStringLiteralNumber != null) { sizeofStringLiteral = sizeofStringLiteralNumber.longValue(); @@ -140,16 +142,20 @@ class AggregateInitialization { } } else if (type instanceof IArrayType) { IArrayType arrayType = (IArrayType) type; - Number arraySize = arrayType.getSize().numberValue(); - if (arraySize != null) - for (long i = 0; i < arraySize.longValue(); i++) { - Cost cost = checkElement(arrayType.getType(), null, worstCost); - if (!cost.converts()) - return cost; - if (cost.compareTo(worstCost) > 0) { - worstCost = cost; + IValue sizeVal = arrayType.getSize(); + if (sizeVal != null) { + Number arraySize = sizeVal.numberValue(); + if (arraySize != null) { + for (long i = 0; i < arraySize.longValue(); i++) { + Cost cost = checkElement(arrayType.getType(), null, worstCost); + if (!cost.converts()) + return cost; + if (cost.compareTo(worstCost) > 0) { + worstCost = cost; + } } } + } } return worstCost; } @@ -262,12 +268,10 @@ class AggregateInitialization { return isCharArray(target) && fromStringLiteral(initializer); } - private static Number getArraySize(IType type) { - if (((IArrayType) type).getSize() != null) { - IValue size = ((IArrayType) type).getSize(); - if (size.numberValue() != null) { - return ((IArrayType) type).getSize().numberValue(); - } + private static Number getArraySize(IArrayType type) { + IValue size = type.getSize(); + if (size != null) { + return size.numberValue(); } return null; } diff --git a/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java b/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java index 5d96ed989a6..07e27e0a235 100644 --- a/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java +++ b/core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java @@ -1287,6 +1287,8 @@ public class CPPTemplates { } static int determinePackSize(IValue value, ICPPTemplateParameterMap tpMap) { + if (value == null) + return PACK_SIZE_NOT_FOUND; ICPPEvaluation eval = value.getEvaluation(); if (eval == null) return PACK_SIZE_NOT_FOUND; |