Fixed #5518 (FP regression in 1.64: Array accessed out of bounds)
This commit is contained in:
parent
a3f5beb75d
commit
01c29ed15f
|
@ -567,6 +567,9 @@ void CheckNullPointer::nullPointerByDeRefAndChec()
|
||||||
if (!value)
|
if (!value)
|
||||||
continue;
|
continue;
|
||||||
|
|
||||||
|
if (!_settings->inconclusive && value->inconclusive)
|
||||||
|
continue;
|
||||||
|
|
||||||
// Is pointer used as function parameter?
|
// Is pointer used as function parameter?
|
||||||
if (Token::Match(tok->previous(), "[(,] %var% [,)]")) {
|
if (Token::Match(tok->previous(), "[(,] %var% [,)]")) {
|
||||||
const Token *ftok = tok->previous();
|
const Token *ftok = tok->previous();
|
||||||
|
|
|
@ -78,8 +78,8 @@ static bool bailoutFunctionPar(const Token *tok, const ValueFlow::Value &value,
|
||||||
// if value is 0 and the library says 0 is invalid => do not bailout
|
// if value is 0 and the library says 0 is invalid => do not bailout
|
||||||
if (value.intvalue==0 && settings->library.isnullargbad(tok->str(), 1+argnr))
|
if (value.intvalue==0 && settings->library.isnullargbad(tok->str(), 1+argnr))
|
||||||
return false;
|
return false;
|
||||||
// inconclusive => don't bailout
|
// addressOf => inconclusive
|
||||||
if (inconclusive && !addressOf && settings->inconclusive) {
|
if (!addressOf) {
|
||||||
*inconclusive = true;
|
*inconclusive = true;
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
@ -506,7 +506,7 @@ static void valueFlowAfterAssign(TokenList *tokenlist, ErrorLogger *errorLogger,
|
||||||
}
|
}
|
||||||
|
|
||||||
// noreturn scopes..
|
// noreturn scopes..
|
||||||
if (number_of_if > 0 &&
|
if ((number_of_if > 0 || Token::findmatch(tok2, "%varid%", start, varid)) &&
|
||||||
(Token::findmatch(start, "return|continue|break", end) ||
|
(Token::findmatch(start, "return|continue|break", end) ||
|
||||||
(Token::simpleMatch(end,"} else {") && Token::findmatch(end, "return|continue|break", end->linkAt(2))))) {
|
(Token::simpleMatch(end,"} else {") && Token::findmatch(end, "return|continue|break", end->linkAt(2))))) {
|
||||||
if (settings->debugwarnings)
|
if (settings->debugwarnings)
|
||||||
|
|
|
@ -271,7 +271,7 @@ private:
|
||||||
"}";
|
"}";
|
||||||
ASSERT_EQUALS(true, testValueOfX(std::string("void setx(int x);")+code, 2U, 1));
|
ASSERT_EQUALS(true, testValueOfX(std::string("void setx(int x);")+code, 2U, 1));
|
||||||
ASSERT_EQUALS(false, testValueOfX(std::string("void setx(int &x);")+code, 2U, 1));
|
ASSERT_EQUALS(false, testValueOfX(std::string("void setx(int &x);")+code, 2U, 1));
|
||||||
ASSERT_EQUALS(false, testValueOfX(code, 2U, 1));
|
ASSERT_EQUALS(true, testValueOfX(code, 2U, 1));
|
||||||
|
|
||||||
code = "void f(char* x) {\n"
|
code = "void f(char* x) {\n"
|
||||||
" strcpy(x,\"abc\");\n"
|
" strcpy(x,\"abc\");\n"
|
||||||
|
@ -569,6 +569,22 @@ private:
|
||||||
"}";
|
"}";
|
||||||
ASSERT_EQUALS(false, testValueOfX(code, 4U, 0));
|
ASSERT_EQUALS(false, testValueOfX(code, 4U, 0));
|
||||||
|
|
||||||
|
code = "void f() {\n"
|
||||||
|
" int x = 32;\n"
|
||||||
|
" if (x>=32) return;\n"
|
||||||
|
" a[x]=0;\n"
|
||||||
|
"}";
|
||||||
|
ASSERT_EQUALS(false, testValueOfX(code, 4U, 32));
|
||||||
|
|
||||||
|
code = "void f() {\n"
|
||||||
|
" int x = 32;\n"
|
||||||
|
" if (x>=32) {\n"
|
||||||
|
" a[x] = 0;\n" // <- should have possible value 32
|
||||||
|
" return;\n"
|
||||||
|
" }\n"
|
||||||
|
"}";
|
||||||
|
TODO_ASSERT_EQUALS(true, false, testValueOfX(code, 4U, 32));
|
||||||
|
|
||||||
// multivariables
|
// multivariables
|
||||||
code = "void f(int a) {\n"
|
code = "void f(int a) {\n"
|
||||||
" int x = a;\n"
|
" int x = a;\n"
|
||||||
|
|
Loading…
Reference in New Issue