From 12a87fa3a49962c6a0570efa6e3da0f7ca2a9d79 Mon Sep 17 00:00:00 2001
From: Reijo Tomperi <aggro80@users.sourceforge.net>
Date: Wed, 25 Nov 2009 22:40:51 +0200
Subject: [PATCH] Fix #1007 (False positive array index out of bounds
 concerning a switch statement in a for loop) Bailout if switch is found in
 for loop. http://sourceforge.net/apps/trac/cppcheck/ticket/1007

---
 lib/checkbufferoverrun.cpp |  2 +-
 test/testbufferoverrun.cpp | 40 ++++++++++++++++++++++++++++++++++++++
 2 files changed, 41 insertions(+), 1 deletion(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index f475722f5..bee58e46e 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -397,7 +397,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
                         break;
                 }
 
-                if (tok2->str() == "if")
+                if (Token::Match(tok2, "if|switch"))
                 {
                     // Bailout
                     break;
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 27e8bc5ba..b6c32c4ec 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -93,6 +93,7 @@ private:
         TEST_CASE(array_index_22);
         TEST_CASE(array_index_23);
         TEST_CASE(array_index_multidim);
+        TEST_CASE(array_index_switch_in_for);
 
         TEST_CASE(buffer_overrun_1);
         TEST_CASE(buffer_overrun_2);
@@ -753,6 +754,45 @@ private:
         TODO_ASSERT_EQUALS("[test.cpp:4]: (error) Array index out of bounds\n", errout.str());
     }
 
+    void array_index_switch_in_for()
+    {
+        check("void f()\n"
+              "{\n"
+              " int ar[10];\n"
+              " for (int i = 0; i < 10; ++i)\n"
+              " {\n"
+              "  switch(i)\n"
+              "  {\n"
+              "   case 9:\n"
+              "    ar[i] = 0;\n"
+              "    break;\n"
+              "   default:\n"
+              "    ar[i] = ar[i+1];\n"
+              "    break;\n"
+              "  };\n"
+              " }\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+
+        check("void f()\n"
+              "{\n"
+              " int ar[10];\n"
+              " for (int i = 0; i < 10; ++i)\n"
+              " {\n"
+              "  switch(i)\n"
+              "  {\n"
+              "   case 8:\n"
+              "    ar[i] = 0;\n"
+              "    break;\n"
+              "   default:\n"
+              "    ar[i] = ar[i+1];\n"
+              "    break;\n"
+              "  };\n"
+              " }\n"
+              "}\n");
+        TODO_ASSERT_EQUALS("[test.cpp:12]: (error) Array index out of bounds\n", errout.str());
+    }
+
     void buffer_overrun_1()
     {
         check("void f()\n"