Fix #11026 FP pointerOutOfBounds with strlen() (#4366)

2022-08-17 09:45:07 +02:00 · 2022-08-17 09:45:07 +02:00 · 5b4c6c1e73
parent 1a95515e47
commit 5b4c6c1e73
4 changed files with 15 additions and 3 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -202,7 +202,7 @@ static bool getDimensionsEtc(const Token * const arrayToken, const Settings *set
                return ChildrenToVisit::op1_and_op2;
            });
        }
-    } else if (const Token *stringLiteral = array->getValueTokenMinStrSize(settings)) {
+    } else if (const Token *stringLiteral = array->getValueTokenMinStrSize(settings, path)) {
        Dimension dim;
        dim.tok = nullptr;
        dim.num = Token::getStrArraySize(stringLiteral);
--- a/lib/token.cpp
+++ b/lib/token.cpp
@ -1844,7 +1844,7 @@ const ValueFlow::Value * Token::getInvalidValue(const Token *ftok, nonneg int ar
    return ret;
 }

-const Token *Token::getValueTokenMinStrSize(const Settings *settings) const
+const Token *Token::getValueTokenMinStrSize(const Settings *settings, MathLib::bigint* path) const
 {
    if (!mImpl->mValues)
        return nullptr;
@ -1857,6 +1857,8 @@ const Token *Token::getValueTokenMinStrSize(const Settings *settings) const
            if (!ret || size < minsize) {
                minsize = size;
                ret = it->tokvalue;
+                if (path)
+                    *path = it->path;
            }
        }
    }
--- a/lib/token.h
+++ b/lib/token.h
@ -1199,7 +1199,7 @@ public:
    const ValueFlow::Value* getContainerSizeValue(const MathLib::bigint val) const;

    const Token *getValueTokenMaxStrLength() const;
-    const Token *getValueTokenMinStrSize(const Settings *settings) const;
+    const Token *getValueTokenMinStrSize(const Settings *settings, MathLib::bigint* path = nullptr) const;

    /** Add token value. Return true if value is added. */
    bool addValue(const ValueFlow::Value &value);
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -3575,6 +3575,16 @@ private:
              "    std::cout << hi << std::endl;\n"
              "}\n");
        ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:3]: (portability) Undefined behaviour, pointer arithmetic '\"hi\"+val' is out of bounds.\n", errout.str());
+
+        check("void f(const char* s, int len) {\n" // #11026
+              "    const char* end = s + len;\n"
+              "    printf(\"%s, %d\\n\", s, *end);\n"
+              "}\n"
+              "void g() {\n"
+              "    f(\"a\", 1);\n"
+              "    f(\"bbb\", 3);\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
    }