From 10be2a19418f0d56e56990da6780dc6178a3c3d5 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <daniel.marjamaki@gmail.com>
Date: Wed, 24 Jul 2019 11:39:18 +0200
Subject: [PATCH] Safe checks: container parameters

---
 lib/valueflow.cpp      | 18 +++++++++++++++++-
 test/testvalueflow.cpp |  9 +++++++++
 2 files changed, 26 insertions(+), 1 deletion(-)

diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
index d2b3914c0..5383b4c78 100644
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@@ -5448,12 +5448,28 @@ static void valueFlowSafeFunctions(TokenList *tokenlist, SymbolDatabase *symbold
         if (!function)
             continue;
 
-        const bool all = function->isSafe(settings) && settings->platformType != cppcheck::Platform::PlatformType::Unspecified;
+        const bool safe = function->isSafe(settings);
+        const bool all = safe && settings->platformType != cppcheck::Platform::PlatformType::Unspecified;
 
         for (const Variable &arg : function->argumentList) {
             if (!arg.nameToken())
                 continue;
 
+            if (arg.nameToken()->valueType() && arg.nameToken()->valueType()->type == ValueType::Type::CONTAINER) {
+                if (!safe)
+                    continue;
+                std::list<ValueFlow::Value> argValues;
+                argValues.emplace_back(0);
+                argValues.back().valueType = ValueFlow::Value::ValueType::CONTAINER_SIZE;
+                argValues.back().errorPath.emplace_back(arg.nameToken(), "Assuming " + arg.name() + " is empty");
+                argValues.emplace_back(1000000);
+                argValues.back().valueType = ValueFlow::Value::ValueType::CONTAINER_SIZE;
+                argValues.back().errorPath.emplace_back(arg.nameToken(), "Assuming " + arg.name() + " size is 1000000");
+                for (const ValueFlow::Value &value : argValues)
+                    valueFlowContainerForward(const_cast<Token*>(functionScope->bodyStart), arg.declarationId(), value, settings, tokenlist->isCPP());
+                continue;
+            }
+
             MathLib::bigint low, high;
             bool isLow = arg.nameToken()->getCppcheckAttribute(TokenImpl::CppcheckAttributes::Type::LOW, &low);
             bool isHigh = arg.nameToken()->getCppcheckAttribute(TokenImpl::CppcheckAttributes::Type::HIGH, &high);
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
index e2e232582..d4c3b5756 100644
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@@ -3910,6 +3910,7 @@ private:
         const char *code;
         std::list<ValueFlow::Value> values;
         Settings s;
+        LOAD_LIB_2(s.library, "std.cfg");
         s.safeChecks.classes = s.safeChecks.externalFunctions = s.safeChecks.internalFunctions = true;
 
         code = "short f(short x) {\n"
@@ -3920,6 +3921,14 @@ private:
         ASSERT_EQUALS(-0x8000, values.front().intvalue);
         ASSERT_EQUALS(0x7fff, values.back().intvalue);
 
+        code = "short f(std::string x) {\n"
+               "  return x[10];\n"
+               "}";
+        values = tokenValues(code, "x [", &s);
+        ASSERT_EQUALS(2, values.size());
+        ASSERT_EQUALS(0, values.front().intvalue);
+        ASSERT_EQUALS(1000000, values.back().intvalue);
+
         code = "short f(__cppcheck_in_range__(0,100) short x) {\n"
                "  return x + 0;\n"
                "}";