buffer overrun; Fixed false negative for dynamically allocated float buffer

2021-05-22 15:39:20 +02:00 · 2021-05-22 15:39:20 +02:00 · 5f6b56ada2
parent 0db649c075
commit 5f6b56ada2
2 changed files with 9 additions and 1 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -205,7 +205,7 @@ static bool getDimensionsEtc(const Token * const arrayToken, const Settings *set
        dim.num = Token::getStrArraySize(stringLiteral);
        dim.known = array->hasKnownValue();
        dimensions->emplace_back(dim);
-    } else if (array->valueType() && array->valueType()->pointer >= 1 && array->valueType()->isIntegral()) {
+    } else if (array->valueType() && array->valueType()->pointer >= 1 && (array->valueType()->isIntegral() || array->valueType()->isFloat())) {
        const ValueFlow::Value *value = getBufferSizeValue(array);
        if (!value)
            return false;
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -1247,6 +1247,14 @@ private:
              "}");
        ASSERT_EQUALS("[test.cpp:4]: (error) Array 'p[10]' accessed at index 10, which is out of bounds.\n", errout.str());

+        check("void f()\n"
+              "{\n"
+              "  float *p; p = (float *)malloc(10 * sizeof(float));\n"
+              "  p[10] = 7;\n"
+              "  free(p);\n"
+              "}");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Array 'p[10]' accessed at index 10, which is out of bounds.\n", errout.str());
+
        check("void f()\n"
              "{\n"
              "  char *p; p = (char *)malloc(10);\n"