Fixed #1670 (False negative: Array index out of bounds in return statement)

2010-08-04 20:38:52 +02:00 · 2010-08-04 20:38:52 +02:00 · 33bf8bf730
parent c9b1804954
commit 33bf8bf730
2 changed files with 16 additions and 0 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -593,6 +593,14 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
                    }
                }
            }
+            if (Token::Match(tok, "return %varid% [ %num% ]", varid))
+            {
+                int index = MathLib::toLongNumber(tok->strAt(3));
+                if (index < 0 || index >= size)
+                {
+                    arrayIndexOutOfBounds(tok->next(), size, index);
+                }
+            }
        }
        else if (!tok->isName() && !Token::Match(tok, "[.&]") && Token::Match(tok->next(), (varnames + " [ %num% ]").c_str()))
        {
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -1961,6 +1961,14 @@ private:
              "}\n");
        ASSERT_EQUALS("[test.cpp:4]: (error) Array 's[10]' index 10 out of bounds\n", errout.str());

+        // ticket #1670 - false negative when using return
+        check("void f()\n"
+              "{\n"
+              "    char *s = new int[10];\n"
+              "    return s[10];\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Array 's[10]' index 10 out of bounds\n", errout.str());
+
        check("void foo()\n"
              "{\n"
              "char * buf = new char[8];\n"