From 5804cc44e71d132c85e496e5653bd77e38aedf32 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Wed, 31 Aug 2022 19:31:37 +0200
Subject: [PATCH] Fix FP bufferAccessOutOfBounds (#4427)

* Fix FN with buffer size 1

* Fix FP bufferAccessOutOfBounds
---
 lib/checkbufferoverrun.cpp | 2 +-
 test/testbufferoverrun.cpp | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index d8160e81b..7bda69dcc 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -655,7 +655,7 @@ void CheckBufferOverrun::bufferOverflow()
                 if (bufferSize.intvalue <= 0)
                     continue;
                 // buffer size == 1 => do not warn for dynamic memory
-                if (bufferSize.intvalue == 1 && args[argnr]->str() == ".") { // TODO: check if parent was allocated dynamically
+                if (bufferSize.intvalue == 1 && Token::simpleMatch(argtok->astParent(), ".")) { // TODO: check if parent was allocated dynamically
                     const Token *tok2 = argtok;
                     while (Token::simpleMatch(tok2->astParent(), "."))
                         tok2 = tok2->astParent();
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 5d9e8bf3e..9aa5eea15 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -3225,6 +3225,15 @@ private:
               "    free(p);\n"
               "}\n");
         ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: p\n", errout.str());
+
+        check("typedef struct { char buf[1]; } S;\n"
+              "S* f() {\n"
+              "    S* s = NULL;\n"
+              "    s = (S*)malloc(sizeof(S) + 10);\n"
+              "    sprintf((char*)s->buf, \"abc\");\n"
+              "    return s;\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void buffer_overrun_errorpath() {