From 68acd770530c74ce752e17cee2d42b3d77f0dd5c Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Wed, 23 Nov 2022 19:11:47 +0100
Subject: [PATCH] Fix #11361 FP ctuPointerArith with unknown buffer size
 (#4591)

---
 lib/ctu.cpp                | 2 +-
 test/testbufferoverrun.cpp | 9 +++++++++
 2 files changed, 10 insertions(+), 1 deletion(-)

diff --git a/lib/ctu.cpp b/lib/ctu.cpp
index 68884deef..bab57d151 100644
--- a/lib/ctu.cpp
+++ b/lib/ctu.cpp
@@ -357,7 +357,7 @@ CTU::FileInfo *CTU::getFileInfo(const Tokenizer *tokenizer)
                     fileInfo->functionCalls.push_back(std::move(functionCall));
                 }
                 // array
-                if (argtok->variable() && argtok->variable()->isArray() && argtok->variable()->dimensions().size() == 1) {
+                if (argtok->variable() && argtok->variable()->isArray() && argtok->variable()->dimensions().size() == 1 && argtok->variable()->dimensionKnown(0)) {
                     FileInfo::FunctionCall functionCall;
                     functionCall.callValueType = ValueFlow::Value::ValueType::BUFFER_SIZE;
                     functionCall.callId = getFunctionId(tokenizer, tokFunction);
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 23d27d03f..f63e4e2e2 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -5213,6 +5213,15 @@ private:
             "  dostuff(x);\n"
             "}");
         ASSERT_EQUALS("[test.cpp:4] -> [test.cpp:1]: (error) Pointer arithmetic overflow; 'p' buffer size is 12\n", errout.str());
+
+        ctu("void f(const char *p) {\n" // #11361
+            "    const char* c = p + 1;\n"
+            "}\n"
+            "void g() {\n"
+            "    const char s[N] = \"ab\";\n"
+            "    f(s);\n"
+            "}\n");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void objectIndex() {