From 1a34e7daf607eedd057a3b60a40356cd2431a7c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 25 Apr 2010 07:34:50 +0200 Subject: [PATCH] Fixed #948 (array index out of bound not detected 'a[i-1] = 0') --- lib/checkbufferoverrun.cpp | 4 ++++ test/testbufferoverrun.cpp | 12 ++++++++++++ 2 files changed, 16 insertions(+) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index d762579a4..63ef213df 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -460,6 +460,10 @@ void CheckBufferOverrun::parse_for_body(const Token *tok2, const ArrayInfo &arra } //printf("min_index = %d, max_index = %d, size = %d\n", min_index, max_index, size); + if (min_index < 0 || max_index < 0) + { + arrayIndexOutOfBounds(tok2, (int)arrayInfo.num[0], std::min(min_index, max_index)); + } if (min_index >= (int)arrayInfo.num[0] || max_index >= (int)arrayInfo.num[0]) { arrayIndexOutOfBounds(tok2, (int)arrayInfo.num[0], std::max(min_index, max_index)); diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index fe48f1136..a3c1821cf 100755 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -98,6 +98,7 @@ private: TEST_CASE(array_index_24); // ticket #1492 and #1539 TEST_CASE(array_index_25); // ticket #1536 TEST_CASE(array_index_26); + TEST_CASE(array_index_27); TEST_CASE(array_index_multidim); TEST_CASE(array_index_switch_in_for); TEST_CASE(array_index_calculation); @@ -902,6 +903,17 @@ private: ASSERT_EQUALS("", errout.str()); } + void array_index_27() + { + check("void f()\n" + "{\n" + " int a[10];\n" + " for (int i = 0; i < 10; i++)\n" + " a[i-1] = a[i];\n" + "}\n"); + ASSERT_EQUALS("[test.cpp:5]: (error) Array 'a[10]' index -1 out of bounds\n", errout.str()); + } + void array_index_multidim() { check("void f()\n"