diff --git a/src/checkbufferoverrun.cpp b/src/checkbufferoverrun.cpp index a80733576..4ccbc6ffa 100644 --- a/src/checkbufferoverrun.cpp +++ b/src/checkbufferoverrun.cpp @@ -277,6 +277,9 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con if (Token::Match(tok3, "%varid% += %num% )", counter_varid) || Token::Match(tok3, "%varid% = %num% + %varid% )", counter_varid)) { + if (!MathLib::isInt(tok3->strAt(2))) + continue; + const int num = std::atoi(tok3->strAt(2)); // We have for example code: "for(i=2;i<22;i+=6) @@ -293,6 +296,9 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con } else if (Token::Match(tok3, "%varid% = %varid% + %num% )", counter_varid)) { + if (!MathLib::isInt(tok3->strAt(4))) + continue; + const int num = std::atoi(tok3->strAt(4)); long max = MathLib::toLongNumber(max_counter_value); long min = MathLib::toLongNumber(min_counter_value); diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 9e6b84b6f..bb7fad7f5 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -99,6 +99,7 @@ private: TEST_CASE(buffer_overrun_8); TEST_CASE(buffer_overrun_9); TEST_CASE(buffer_overrun_10); + TEST_CASE(buffer_overrun_11); TEST_CASE(sprintf1); TEST_CASE(sprintf2); @@ -735,6 +736,35 @@ private: ASSERT_EQUALS("", errout.str()); } + void buffer_overrun_11() + { + check("void f()\n" + "{\n" + " char a[4];\n" + " for (float i=0; i<10.0;i+=0.1)\n" + " {\n" + " }\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + + check("void f()\n" + "{\n" + " char a[4];\n" + " for (float i=0; i<10.0;i=i+0.1)\n" + " {\n" + " }\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + + check("void f()\n" + "{\n" + " char a[4];\n" + " for (float i=0; i<10.0;i=0.1+i)\n" + " {\n" + " }\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } void sprintf1() {