From 48e6ea271a08a0d1cb9d2a5a22b6f946e404b959 Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Wed, 22 Jun 2011 22:44:11 -0400
Subject: [PATCH] start using symbol database array info for buffer overrun
 checks

---
 lib/checkbufferoverrun.cpp | 29 ++++++++++++++++++++---------
 lib/checkbufferoverrun.h   |  2 ++
 2 files changed, 22 insertions(+), 9 deletions(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index 6e631ceeb..200066d22 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -25,6 +25,7 @@
 #include "tokenize.h"
 #include "errorlogger.h"
 #include "mathlib.h"
+#include "symboldatabase.h"
 
 #include <algorithm>
 #include <sstream>
@@ -1931,6 +1932,20 @@ CheckBufferOverrun::ArrayInfo::ArrayInfo(const CheckBufferOverrun::ArrayInfo &ai
     *this = ai;
 }
 
+CheckBufferOverrun::ArrayInfo::ArrayInfo(const Variable *var, const Tokenizer *tokenizer)
+{
+    _varid = var->varId();
+    _varname = var->name();
+    for (size_t i = 0; i < var->dimensions().size(); i++)
+        _num.push_back(var->dimension(i));
+    if (var->typeEndToken()->str() == "*")
+        _element_size = tokenizer->sizeOfType(var->typeEndToken());
+    else if (var->typeStartToken()->str() == "struct")
+        _element_size = 100;
+    else
+        _element_size = tokenizer->sizeOfType(var->typeEndToken());
+}
+
 CheckBufferOverrun::ArrayInfo & CheckBufferOverrun::ArrayInfo::operator=(const CheckBufferOverrun::ArrayInfo &ai)
 {
     if (&ai != this)
@@ -2197,17 +2212,13 @@ private:
 
 void CheckBufferOverrun::executionPaths()
 {
-    // Parse all tokens and extract array info..
+    // Parse all variables and extract array info..
     std::map<unsigned int, ArrayInfo> arrayInfo;
-    for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next())
+    for (size_t i = 1; i < _tokenizer->varIdCount(); i++)
     {
-        if (Token::Match(tok, "[;{}] %type%"))
-        {
-            ArrayInfo ai;
-            if (!ai.declare(tok->next(), *_tokenizer))
-                continue;
-            arrayInfo[ai.varid()] = ai;
-        }
+        const Variable *var = _tokenizer->getSymbolDatabase()->getVariableFromVarId(i);
+        if (var && var->isArray())
+            arrayInfo[i] = ArrayInfo(var, _tokenizer);
     }
 
     // Perform checking - check how the arrayInfo arrays are used
diff --git a/lib/checkbufferoverrun.h b/lib/checkbufferoverrun.h
index 445bd0ced..f004fa014 100644
--- a/lib/checkbufferoverrun.h
+++ b/lib/checkbufferoverrun.h
@@ -32,6 +32,7 @@
 class ErrorLogger;
 class Token;
 class Tokenizer;
+class Variable;
 
 /// @addtogroup Checks
 /// @{
@@ -127,6 +128,7 @@ public:
     public:
         ArrayInfo();
         ArrayInfo(const ArrayInfo &);
+        ArrayInfo(const Variable *var, const Tokenizer *tokenizer);
         ArrayInfo & operator=(const ArrayInfo &ai);
 
         /**