From 0518eed937702a3fcc22d992462aacf16c929eb1 Mon Sep 17 00:00:00 2001 From: Reijo Tomperi Date: Thu, 12 Nov 2009 23:24:44 +0200 Subject: [PATCH] Fix #946 (False positive: Buffer access out-of-bounds) http://sourceforge.net/apps/trac/cppcheck/ticket/946 --- lib/checkbufferoverrun.cpp | 4 ++-- test/testbufferoverrun.cpp | 16 ++++++++++++++++ 2 files changed, 18 insertions(+), 2 deletions(-) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 3a9b53d9e..b3f645a2d 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -716,6 +716,7 @@ void CheckBufferOverrun::checkStructVariable() continue; const char *varname[3] = {0, 0, 0}; + const unsigned int varId = tok2->tokAt(ivar)->varId(); varname[1] = tok2->strAt(ivar); int arrsize = std::atoi(tok2->strAt(ivar + 2)); int total_size = arrsize * _tokenizer->sizeOfType(tok2->tokAt(1)); @@ -737,8 +738,7 @@ void CheckBufferOverrun::checkStructVariable() if (Token::simpleMatch(tok4, ") {")) { - const char *names[2] = {varname[1], 0}; - checkScope(tok4->tokAt(2), names, arrsize, total_size, 0); + checkScope(tok4->tokAt(2), 0, arrsize, total_size, varId); break; } } diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index d2a5ae72d..833e686f4 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -89,6 +89,7 @@ private: TEST_CASE(array_index_18); TEST_CASE(array_index_19); TEST_CASE(array_index_20); + TEST_CASE(array_index_21); TEST_CASE(array_index_multidim); TEST_CASE(buffer_overrun_1); @@ -653,6 +654,21 @@ private: ASSERT_EQUALS("", errout.str()); } + void array_index_21() + { + check("class A {\n" + " int indices[2];\n" + " void foo(int indices[3]);\n" + "};\n" + "\n" + "void A::foo(int indices[3]) {\n" + " for(int j=0; j<3; ++j) {\n" + " int b = indices[j];\n" + " }\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } + void array_index_multidim() { check("void f()\n"