/**
* @brief parse a function call and extract information about variable usage
* @param tok first token
* @param var variables that the function read / write.
* @param library --library files data
*/
void CheckNullPointer::parseFunctionCall(const Token &tok, std::list<const Token *> &var, const Library *library)
{
if (Token::Match(&tok, "%name% ( )") || !tok.tokAt(2))
return;
const Token* firstParam = tok.tokAt(2);
const Token* secondParam = firstParam->nextArgument();
// 1st parameter..
if (Token::Match(&tok, "snprintf|vsnprintf|fnprintf|vfnprintf") && secondParam && secondParam->str() != "0") // Only if length (second parameter) is not zero
var.push_back(firstParam);
if (library || tok.function() != nullptr) {
const Token *param = firstParam;
int argnr = 1;
while (param) {
if (library && library->isnullargbad(&tok, argnr) && checkNullpointerFunctionCallPlausibility(tok.function(), argnr))
var.push_back(param);
else if (tok.function()) {
const Variable* argVar = tok.function()->getArgumentVar(argnr-1);
if (argVar && argVar->isStlStringType() && !argVar->isArrayOrPointer())
var.push_back(param);
}
param = param->nextArgument();
argnr++;
}
}
if (Token::Match(&tok, "printf|sprintf|snprintf|fprintf|fnprintf|scanf|sscanf|fscanf|wprintf|swprintf|fwprintf|wscanf|swscanf|fwscanf")) {
const Token* argListTok = nullptr; // Points to first va_list argument
std::string formatString;
const bool scan = Token::Match(&tok, "scanf|sscanf|fscanf|wscanf|swscanf|fwscanf");
if (Token::Match(&tok, "printf|scanf|wprintf|wscanf ( %str%")) {
formatString = firstParam->strValue();
argListTok = secondParam;
} else if (Token::Match(&tok, "sprintf|fprintf|sscanf|fscanf|fwprintf|fwscanf|swscanf")) {
const Token* formatStringTok = secondParam; // Find second parameter (format string)
if (formatStringTok && formatStringTok->tokType() == Token::eString) {
argListTok = formatStringTok->nextArgument(); // Find third parameter (first argument of va_args)
formatString = formatStringTok->strValue();
}
} else if (Token::Match(&tok, "snprintf|fnprintf|swprintf") && secondParam) {
const Token* formatStringTok = secondParam->nextArgument(); // Find third parameter (format string)
if (formatStringTok && formatStringTok->tokType() == Token::eString) {
argListTok = formatStringTok->nextArgument(); // Find fourth parameter (first argument of va_args)
formatString = formatStringTok->strValue();
}
}
if (argListTok) {
bool percent = false;
for (std::string::iterator i = formatString.begin(); i != formatString.end(); ++i) {
if (*i == '%') {
percent = !percent;
} else if (percent) {
percent = false;
bool _continue = false;
while (!std::isalpha((unsigned char)*i)) {
if (*i == '*') {
if (scan)
_continue = true;
else
argListTok = argListTok->nextArgument();
}
++i;
if (!argListTok || i == formatString.end())
return;
}
if (_continue)
continue;
if ((*i == 'n' || *i == 's' || scan)) {
var.push_back(argListTok);
}
if (*i != 'm') // %m is a non-standard glibc extension that requires no parameter
argListTok = argListTok->nextArgument(); // Find next argument
if (!argListTok)
break;
}
}
}
}
}
/**
* @brief parse a function call and extract information about variable usage
* @param tok first token
* @param var variables that the function read / write.
* @param library --library files data
* @param value 0 => invalid with null pointers as parameter.
* 1-.. => only invalid with uninitialized data.
*/
void CheckNullPointer::parseFunctionCall(const Token &tok, std::list<const Token *> &var, const Library *library, unsigned char value)
{
if (Token::Match(&tok, "%var% ( )") || !tok.tokAt(2))
return;
const Token* firstParam = tok.tokAt(2);
const Token* secondParam = firstParam->nextArgument();
// 1st parameter..
if ((Token::Match(firstParam, "%var% ,|)") && firstParam->varId() > 0) ||
(value == 0 && Token::Match(firstParam, "0|NULL ,|)"))) {
if (value == 0 && Token::Match(&tok, "snprintf|vsnprintf|fnprintf|vfnprintf") && secondParam && secondParam->str() != "0") // Only if length (second parameter) is not zero
var.push_back(firstParam);
else if (value == 0 && library != nullptr && library->isnullargbad(tok.str(), 1) && checkNullpointerFunctionCallPlausibility(tok.function(), 1))
var.push_back(firstParam);
else if (value == 1 && library != nullptr && library->isuninitargbad(tok.str(), 1))
var.push_back(firstParam);
}
// 2nd parameter..
if ((value == 0 && Token::Match(secondParam, "0|NULL ,|)")) || (secondParam && secondParam->varId() > 0 && Token::Match(secondParam->next(),"[,)]"))) {
if (value == 0 && library != nullptr && library->isnullargbad(tok.str(), 2) && checkNullpointerFunctionCallPlausibility(tok.function(), 2))
var.push_back(secondParam);
else if (value == 1 && library != nullptr && library->isuninitargbad(tok.str(), 2))
var.push_back(secondParam);
}
if (Token::Match(&tok, "printf|sprintf|snprintf|fprintf|fnprintf|scanf|sscanf|fscanf|wprintf|swprintf|fwprintf|wscanf|swscanf|fwscanf")) {
const Token* argListTok = 0; // Points to first va_list argument
std::string formatString;
bool scan = Token::Match(&tok, "scanf|sscanf|fscanf|wscanf|swscanf|fwscanf");
if (Token::Match(&tok, "printf|scanf|wprintf|wscanf ( %str%")) {
formatString = firstParam->strValue();
argListTok = secondParam;
} else if (Token::Match(&tok, "sprintf|fprintf|sscanf|fscanf|fwprintf|fwscanf|swscanf")) {
const Token* formatStringTok = secondParam; // Find second parameter (format string)
if (formatStringTok && formatStringTok->type() == Token::eString) {
argListTok = formatStringTok->nextArgument(); // Find third parameter (first argument of va_args)
formatString = formatStringTok->strValue();
}
} else if (Token::Match(&tok, "snprintf|fnprintf|swprintf") && secondParam) {
const Token* formatStringTok = secondParam->nextArgument(); // Find third parameter (format string)
if (formatStringTok && formatStringTok->type() == Token::eString) {
argListTok = formatStringTok->nextArgument(); // Find fourth parameter (first argument of va_args)
formatString = formatStringTok->strValue();
}
}
if (argListTok) {
bool percent = false;
for (auto i = formatString.begin(); i != formatString.end(); ++i) {
if (*i == '%') {
percent = !percent;
} else if (percent) {
percent = false;
bool _continue = false;
while (!std::isalpha((unsigned char)*i)) {
if (*i == '*') {
if (scan)
_continue = true;
else
argListTok = argListTok->nextArgument();
}
++i;
if (!argListTok || i == formatString.end())
return;
}
if (_continue)
continue;
if ((*i == 'n' || *i == 's' || scan) && (!scan || value == 0)) {
if ((value == 0 && argListTok->str() == "0") || (argListTok->varId() > 0 && Token::Match(argListTok,"%var% [,)]"))) {
var.push_back(argListTok);
}
}
if (*i != 'm') // %m is a non-standard glibc extension that requires no parameter
argListTok = argListTok->nextArgument(); // Find next argument
if (!argListTok)
break;
}
}
}
}
}
