Fixed #4398 (False negative: out of bounds (for loop))

This commit is contained in:
Daniel Marjamäki 2012-12-22 08:00:05 +01:00
parent 80848c6e0e
commit 365a260ddc
2 changed files with 15 additions and 1 deletions

View File

@ -784,7 +784,7 @@ void CheckBufferOverrun::checkScopeForBody(const Token *tok, const ArrayInfo &ar
if (!for3(tok2->next(), counter_varid, min_counter_value, max_counter_value, maxMinFlipped)) if (!for3(tok2->next(), counter_varid, min_counter_value, max_counter_value, maxMinFlipped))
return; return;
if (Token::Match(tok2->next(), "%var% =") && MathLib::toLongNumber(max_counter_value) <= size) if (Token::Match(tok2->next(), "%var% =") && MathLib::toLongNumber(max_counter_value) < size)
condition_out_of_bounds = false; condition_out_of_bounds = false;
// Goto the end parenthesis of the for-statement: "for (x; y; z)" .. // Goto the end parenthesis of the for-statement: "for (x; y; z)" ..

View File

@ -862,6 +862,20 @@ private:
" a[i+6] = i;\n" " a[i+6] = i;\n"
"}\n"); "}\n");
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'a[12]' accessed at index 12, which is out of bounds.\n", errout.str()); ASSERT_EQUALS("[test.cpp:5]: (error) Array 'a[12]' accessed at index 12, which is out of bounds.\n", errout.str());
check("void f() {\n" // #4398
" int a[2];\n"
" for (int i = 0; i < 4; i+=2)\n"
" a[i] = 0;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: a\n", errout.str());
check("void f() {\n" // #4398
" int a[2];\n"
" for (int i = 0; i < 4; i+=2)\n"
" do_stuff(&a[i]);\n"
"}\n");
ASSERT_EQUALS("", errout.str());
} }
void array_index_18() { void array_index_18() {