From 5deb046ac5dcfe045ce4c2f1abb48e4c7bf05aad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Sat, 23 Oct 2010 08:49:03 +0200
Subject: [PATCH] Fixed #2120 (False positive: array index out of bounds
 (unknown type in struct, sub function))

---
 lib/checkbufferoverrun.cpp |  2 +-
 test/testbufferoverrun.cpp | 34 ++++++++++++++++++++++++++++++++++
 2 files changed, 35 insertions(+), 1 deletion(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index ad735e006..b22966ef8 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -596,7 +596,7 @@ void CheckBufferOverrun::checkFunctionCall(const Token &tok, unsigned int par, c
                     if (Token::Match(ftok->previous(), "[=+-*/;{}] %var% [ %num% ]"))
                     {
                         long index = MathLib::toLongNumber(ftok->strAt(2));
-                        if (index >= 0 && static_cast<unsigned long>(index) >= arrayInfo.num[0])
+                        if (index >= 0 && arrayInfo.num[0] > 0 && static_cast<unsigned long>(index) >= arrayInfo.num[0])
                         {
                             std::list<const Token *> callstack;
                             callstack.push_back(&tok);
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 6e2d65875..3633afb93 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -104,6 +104,7 @@ private:
         TEST_CASE(array_index_28); // ticket #1418
         TEST_CASE(array_index_29); // ticket #1734
         TEST_CASE(array_index_30); // ticket #2086 - out of bounds when type is unknown
+        TEST_CASE(array_index_31); // ticket #2120 - out of bounds in subfunction when type is unknown
         TEST_CASE(array_index_multidim);
         TEST_CASE(array_index_switch_in_for);
         TEST_CASE(array_index_calculation);
@@ -1004,6 +1005,39 @@ private:
         ASSERT_EQUALS("[test.cpp:3]: (error) Array 'x[2]' index 5 out of bounds\n", errout.str());
     }
 
+    void array_index_31()
+    {
+        // ticket #2120 - sub function, unknown type
+        check("struct s1 {\n"
+              "    unknown_type_t delay[3];\n"
+              "};\n"
+              "\n"
+              "void x(unknown_type_t *delay, const int *net) {\n"
+              "    delay[0] = 0;\n"
+              "}\n"
+              "\n"
+              "void y() {\n"
+              "    struct s1 obj;\n"
+              "    x(obj.delay, 123);\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+
+        check("struct s1 {\n"
+              "    unknown_type_t delay[3];\n"
+              "};\n"
+              "\n"
+              "void x(unknown_type_t *delay, const int *net) {\n"
+              "    delay[4] = 0;\n"
+              "}\n"
+              "\n"
+              "void y() {\n"
+              "    struct s1 obj;\n"
+              "    x(obj.delay, 123);\n"
+              "}\n");
+        TODO_ASSERT_EQUALS("[test.cpp:11] -> [test.cpp:6] (error) array index 4 is out of bounds", errout.str());
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void array_index_multidim()
     {
         check("void f()\n"