Bug hunting; Fix false positive, unsigned array index can't be negative

This commit is contained in:
Daniel Marjamäki 2021-01-01 08:57:35 +01:00
parent 1d6c0976e5
commit 214f90c10a
2 changed files with 11 additions and 1 deletions

View File

@ -72,7 +72,8 @@ static void arrayIndex(const Token *tok, const ExprEngine::Value &value, ExprEng
bailout);
}
}
if (value.isLessThan(dataBase, 0)) {
bool isUnsigned = tok->valueType() && tok->valueType()->sign == ::ValueType::Sign::UNSIGNED;
if (!isUnsigned && value.isLessThan(dataBase, 0)) {
const bool bailout = (value.type == ExprEngine::ValueType::BailoutValue);
dataBase->reportError(tok,
Severity::SeverityType::error,

View File

@ -41,6 +41,7 @@ private:
TEST_CASE(arrayIndexOutOfBounds3);
TEST_CASE(arrayIndexOutOfBounds4);
TEST_CASE(arrayIndexOutOfBounds5);
TEST_CASE(arrayIndexOutOfBounds6);
TEST_CASE(arrayIndexOutOfBoundsDim1);
TEST_CASE(bufferOverflowMemCmp1);
TEST_CASE(bufferOverflowMemCmp2);
@ -157,6 +158,14 @@ private:
"[test.cpp:9]: (error) Cannot determine that 'buf[i]' is initialized\n",
errout.str());
}
void arrayIndexOutOfBounds6() {
check("int buf[5];\n"
"uint16_t foo(size_t offset) {\n"
" uint8_t c = (offset & 0xc0) >> 6;\n"
" return 2 * buf[c];\n"
"}");
ASSERT_EQUALS("", errout.str());
}
void arrayIndexOutOfBoundsDim1() { // itc test case
check("void overrun_st_008 () {\n"