From 6e5375f7b7b48c16eb4ffe079522790ad5a576c6 Mon Sep 17 00:00:00 2001
From: chrchr-github <78114321+chrchr-github@users.noreply.github.com>
Date: Fri, 21 Apr 2023 16:09:52 +0200
Subject: [PATCH] Add tests for #8075, #11608, #11635 (#4995)

* Add tests for #6925, #11042, #11494

* Format

* Add tests for # 6561, #6619, #7475,

* Add tests for #8075, #11608, #11635
---
 test/testbufferoverrun.cpp | 16 ++++++++++++++++
 test/testnullpointer.cpp   | 12 ++++++++++++
 test/testuninitvar.cpp     |  9 +++++++++
 3 files changed, 37 insertions(+)

diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 15fae01f9..e0b1aa5c9 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -199,6 +199,7 @@ private:
         TEST_CASE(array_index_negative6);    // #11349
         TEST_CASE(array_index_negative7);    // #5685
         TEST_CASE(array_index_negative8);    // #11651
+        TEST_CASE(array_index_negative9);
         TEST_CASE(array_index_for_decr);
         TEST_CASE(array_index_varnames);     // FP: struct member #1576, FN: #1586
         TEST_CASE(array_index_for_continue); // for,continue
@@ -2288,6 +2289,21 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    // #8075
+    void array_index_negative9()
+    {
+        check("int g(int i) {\n"
+              "    if (i < 10)\n"
+              "        return -1;\n"
+              "    return 0;\n"
+              "}\n"
+              "void f() {\n"
+              "    int a[] = { 1, 2, 3 };\n"
+              "    printf(\"%d\\n\", a[g(4)]);\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:8]: (error) Array 'a[3]' accessed at index -1, which is out of bounds.\n", errout.str());
+    }
+
     void array_index_for_decr() {
         check("void f()\n"
               "{\n"
diff --git a/test/testnullpointer.cpp b/test/testnullpointer.cpp
index 3edddf773..8172e0857 100644
--- a/test/testnullpointer.cpp
+++ b/test/testnullpointer.cpp
@@ -3541,6 +3541,18 @@ private:
               "  *ptr++ = 0;\n"
               "}");
         ASSERT_EQUALS("", errout.str());
+
+        // #11635
+        check("void f(char *cons, int rlen, int pos) {\n"
+              "    int i;\n"
+              "    char* cp1;\n"
+              "    for (cp1 = &cons[pos], i = 1; i < rlen; cp1--)\n"
+              "        if (*cp1 == '*')\n"
+              "            continue;\n"
+              "        else\n"
+              "            i++;\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void nullpointerDelete() {
diff --git a/test/testuninitvar.cpp b/test/testuninitvar.cpp
index d08cd174d..277fcd2d7 100644
--- a/test/testuninitvar.cpp
+++ b/test/testuninitvar.cpp
@@ -5989,6 +5989,15 @@ private:
                         "    printf(\"%d\", s.a);\n"
                         "}\n");
         ASSERT_EQUALS("[test.cpp:6]: (error) Uninitialized variable: s.a\n", errout.str());
+
+        valueFlowUninit("void f(char* src) {\n" // #11608
+                        "    char envar[64], *cp, c;\n"
+                        "    for (src += 2, cp = envar; (c = *src) != '\\0'; src++)\n"
+                        "        *cp++ = c;\n"
+                        "    if (cp != envar)\n"
+                        "        if ((cp = getenv(envar)) != NULL) {}\n"
+                        "}\n");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void valueFlowUninitBreak() { // Do not show duplicate warnings about the same uninitialized value