mirrors/cdt
1
0
Fork 0
mirror of https://github.com/eclipse-cdt/cdt synced 2025-08-11 18:25:40 +02:00
Code Issues Wiki Activity

Bug 547763 - Consistently handle IArrayType.getSize() returning a null IValue

Browse source 
Change-Id: I0246f1af5f3ed16f6ab03ff30dd9a0b27ee37df6
This commit is contained in:
Nathan Ridge 2019-06-04 22:29:55 -04:00
parent 84e2470069
commit 141142dcab
3 changed files with 32 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
codan/org.eclipse.cdt.codan.checkers/src/org/eclipse/cdt/codan/internal/checkers/fs/ScanfFormatStringSecurityChecker.java
View file

@ -24,6 +24,7 @@ import org.eclipse.cdt.core.dom.ast.IASTInitializerClause;
import org.eclipse.cdt.core.dom.ast.IASTTranslationUnit; import org.eclipse.cdt.core.dom.ast.IASTTranslationUnit;
import org.eclipse.cdt.core.dom.ast.IArrayType; import org.eclipse.cdt.core.dom.ast.IArrayType;
import org.eclipse.cdt.core.dom.ast.IType; import org.eclipse.cdt.core.dom.ast.IType;
import org.eclipse.cdt.core.dom.ast.IValue;
/** /**
* This checker detects format string vulnerabilities in the source code of * This checker detects format string vulnerabilities in the source code of
@ -168,9 +169,15 @@ public class ScanfFormatStringSecurityChecker extends AbstractIndexAstChecker {
IType expressionType = idExpression.getExpressionType(); IType expressionType = idExpression.getExpressionType();
if (expressionType instanceof IArrayType) { if (expressionType instanceof IArrayType) {
IArrayType arrayExpressionType = (IArrayType) expressionType; IArrayType arrayExpressionType = (IArrayType) expressionType;
long arraySize = arrayExpressionType.getSize().numberValue().longValue(); IValue sizeVal = arrayExpressionType.getSize();
if (argumentSize > arraySize) { if (sizeVal != null) {
reportProblem(ER_ID, idExpression, idExpression.getRawSignature()); Number sizeNum = sizeVal.numberValue();
if (sizeNum != null) {
long arraySize = sizeNum.longValue();
if (argumentSize > arraySize) {
reportProblem(ER_ID, idExpression, idExpression.getRawSignature());
}
}
} }
} }
} }

36
core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/AggregateInitialization.java
View file

@ -74,12 +74,14 @@ class AggregateInitialization {
if (initFromStringLiteral(nestedType, initializer)) { if (initFromStringLiteral(nestedType, initializer)) {
// [dcl.init.string] // [dcl.init.string]
fIndex++; fIndex++;
Number sizeOfCharArrayNumber = getArraySize(nestedType); // nestedType is guaranteed to be an IArrayType if initFromStringLiteral() returns true
Number sizeOfCharArrayNumber = getArraySize((IArrayType) nestedType);
long sizeofCharArray = 0; // will error in case we cannot determine the size long sizeofCharArray = 0; // will error in case we cannot determine the size
if (sizeOfCharArrayNumber != null) { if (sizeOfCharArrayNumber != null) {
sizeofCharArray = sizeOfCharArrayNumber.longValue(); sizeofCharArray = sizeOfCharArrayNumber.longValue();
} }
Number sizeofStringLiteralNumber = getArraySize(initializer.getType()); // so is initializer.getType()
Number sizeofStringLiteralNumber = getArraySize((IArrayType) initializer.getType());
long sizeofStringLiteral = Long.MAX_VALUE; // will error in case we cannot determine the size long sizeofStringLiteral = Long.MAX_VALUE; // will error in case we cannot determine the size
if (sizeofStringLiteralNumber != null) { if (sizeofStringLiteralNumber != null) {
sizeofStringLiteral = sizeofStringLiteralNumber.longValue(); sizeofStringLiteral = sizeofStringLiteralNumber.longValue();
@ -140,16 +142,20 @@ class AggregateInitialization {
} }
} else if (type instanceof IArrayType) { } else if (type instanceof IArrayType) {
IArrayType arrayType = (IArrayType) type; IArrayType arrayType = (IArrayType) type;
Number arraySize = arrayType.getSize().numberValue(); IValue sizeVal = arrayType.getSize();
if (arraySize != null) if (sizeVal != null) {
for (long i = 0; i < arraySize.longValue(); i++) { Number arraySize = sizeVal.numberValue();
Cost cost = checkElement(arrayType.getType(), null, worstCost); if (arraySize != null) {
if (!cost.converts()) for (long i = 0; i < arraySize.longValue(); i++) {
return cost; Cost cost = checkElement(arrayType.getType(), null, worstCost);
if (cost.compareTo(worstCost) > 0) { if (!cost.converts())
worstCost = cost; return cost;
if (cost.compareTo(worstCost) > 0) {
worstCost = cost;
}
} }
} }
}
} }
return worstCost; return worstCost;
} }
@ -262,12 +268,10 @@ class AggregateInitialization {
return isCharArray(target) && fromStringLiteral(initializer); return isCharArray(target) && fromStringLiteral(initializer);
} }
private static Number getArraySize(IType type) { private static Number getArraySize(IArrayType type) {
if (((IArrayType) type).getSize() != null) { IValue size = type.getSize();
IValue size = ((IArrayType) type).getSize(); if (size != null) {
if (size.numberValue() != null) { return size.numberValue();
return ((IArrayType) type).getSize().numberValue();
}
} }
return null; return null;
} }

2
core/org.eclipse.cdt.core/parser/org/eclipse/cdt/internal/core/dom/parser/cpp/semantics/CPPTemplates.java
View file

@ -1287,6 +1287,8 @@ public class CPPTemplates {
} }
static int determinePackSize(IValue value, ICPPTemplateParameterMap tpMap) { static int determinePackSize(IValue value, ICPPTemplateParameterMap tpMap) {
if (value == null)
return PACK_SIZE_NOT_FOUND;
ICPPEvaluation eval = value.getEvaluation(); ICPPEvaluation eval = value.getEvaluation();
if (eval == null) if (eval == null)
return PACK_SIZE_NOT_FOUND; return PACK_SIZE_NOT_FOUND;