Fix 6370: ValueFlow: array element with known value (#4447)

* Fix 6370: ValueFlow: array element with known value * Format * Move comment
2022-09-07 12:16:07 -05:00 · 2022-09-07 12:16:07 -05:00 · 32d96104d6
parent 6543b429c5
commit 32d96104d6
2 changed files with 19 additions and 2 deletions
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@ -1433,16 +1433,20 @@ static void valueFlowArrayElement(TokenList* tokenlist, const Settings* settings
        for (const ValueFlow::Value& arrayValue : arrayTok->values()) {
            if (!arrayValue.isTokValue())
                continue;
+            if (arrayValue.isImpossible())
+                continue;
            for (const ValueFlow::Value& indexValue : indexTok->values()) {
                if (!indexValue.isIntValue())
                    continue;
-                if (arrayValue.varId != 0 && indexValue.varId != 0 &&
+                if (indexValue.isImpossible())
+                    continue;
+                if (!arrayValue.isKnown() && !indexValue.isKnown() && arrayValue.varId != 0 && indexValue.varId != 0 &&
                    !(arrayValue.varId == indexValue.varId && arrayValue.varvalue == indexValue.varvalue))
                    continue;

                ValueFlow::Value result(0);
                result.condition = arrayValue.condition ? arrayValue.condition : indexValue.condition;
-                result.setInconclusive(arrayValue.isInconclusive() | indexValue.isInconclusive());
+                result.setInconclusive(arrayValue.isInconclusive() || indexValue.isInconclusive());
                result.varId = (arrayValue.varId != 0) ? arrayValue.varId : indexValue.varId;
                result.varvalue = (result.varId == arrayValue.varId) ? arrayValue.intvalue : indexValue.intvalue;
                if (arrayValue.valueKind == indexValue.valueKind)
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -194,6 +194,7 @@ private:
        TEST_CASE(array_index_66); // #10740
        TEST_CASE(array_index_67); // #1596
        TEST_CASE(array_index_68); // #6655
+        TEST_CASE(array_index_69); // #6370
        TEST_CASE(array_index_multidim);
        TEST_CASE(array_index_switch_in_for);
        TEST_CASE(array_index_for_in_for);   // FP: #2634
@ -1889,6 +1890,18 @@ private:
        ASSERT_EQUALS("[test.cpp:4]: (error) Array 'ia[10]' accessed at index 19, which is out of bounds.\n", errout.str());
    }

+    // #6370
+    void array_index_69()
+    {
+        check("void f() {\n"
+              "    const int e[] = {0,10,20,30};\n"
+              "    int a[4];\n"
+              "    for(int i = 0; i < 4; ++i)\n"
+              "      a[e[i]] = 0;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:5]: (error) Array 'a[4]' accessed at index 30, which is out of bounds.\n", errout.str());
+    }
+
    void array_index_multidim() {
        check("void f()\n"
              "{\n"