Fix #12489 FN bufferAccessOutOfBounds with overlong strcat() parameter (regression) (danmar#7268)

chrchr-github · web-flow · commit fb8bd0eb711a · 2025-01-28T14:04:25.000+01:00
diff --git a/cfg/std.cfg b/cfg/std.cfg
@@ -4820,6 +4820,7 @@ The obsolete function 'gets' is called. With 'gets' you'll get a buffer overrun
       <not-null/>
       <not-uninit/>
       <strz/>
+      <minsize type="strlen" arg="2"/>
     </arg>
     <arg nr="2" direction="in">
       <not-null/>
diff --git a/test/cfg/std.c b/test/cfg/std.c
@@ -3446,7 +3446,7 @@ void bufferAccessOutOfBounds_strcat(char *dest, const char * const source)
     char buf4[4] = {0};
     const char * const srcstr3 = "123";
     const char * const srcstr4 = "1234";
-    // @todo #8599 cppcheck-suppress bufferAccessOutOfBounds
+    // cppcheck-suppress bufferAccessOutOfBounds
     (void)strcat(buf4,srcstr4); // off by one issue: strcat is appends \0' at the end
 
     // no warning shall be shown for
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -3151,6 +3151,20 @@ class TestBufferOverrun : public TestFixture {
               "   strcat(n, \"def\");\n"
               "}");
         TODO_ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds: n\n", "", errout_str());
+
+        check("void f()\n" // #12489
+              "{\n"
+              "   char d[3] = {};\n"
+              "   strcat(d, \"12345678\");\n"
+              "}");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: d\n", errout_str());
+
+        check("void f()\n"
+              "{\n"
+              "   char d[3] = \"ab\"; \n"
+              "   strcat(d, \"c\");\n"
+              "}");
+        TODO_ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: d\n", "", errout_str());
     }
 
     void buffer_overrun_7() {
