Fix #9788 ctu: false negative array index out of bounds for array arguments (#4277)

2022-07-13 21:08:51 +02:00 · 2022-07-13 21:08:51 +02:00 · 6eab3cb8bd
parent 49117f5aeb
commit 6eab3cb8bd
2 changed files with 13 additions and 1 deletions
--- a/lib/ctu.cpp
+++ b/lib/ctu.cpp
@ -439,7 +439,7 @@ static std::list<std::pair<const Token *, MathLib::bigint>> getUnsafeFunction(co
 {
    std::list<std::pair<const Token *, MathLib::bigint>> ret;
    const Variable * const argvar = scope->function->getArgumentVar(argnr);
-    if (!argvar->isPointer() && !argvar->isReference())
+    if (!argvar->isArrayOrPointer() && !argvar->isReference())
        return ret;
    for (const Token *tok2 = scope->bodyStart; tok2 != scope->bodyEnd; tok2 = tok2->next()) {
        if (Token::Match(tok2, ")|else {")) {
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -5058,6 +5058,18 @@ private:
            "    get_mac_address(macstrbuf);\n"
            "}");
        ASSERT_EQUALS("", errout.str());
+
+        // #9788
+        ctu("void f1(char *s) { s[2] = 'B'; }\n"
+            "void f2(char s[]) { s[2] = 'B'; }\n"
+            "void g() {\n"
+            "    char str[2];\n"
+            "    f1(str);\n"
+            "    f2(str);\n"
+            "}\n");
+        ASSERT_EQUALS("[test.cpp:5] -> [test.cpp:1]: (error) Array index out of bounds; 's' buffer size is 2 and it is accessed at offset 2.\n"
+                      "[test.cpp:6] -> [test.cpp:2]: (error) Array index out of bounds; 's' buffer size is 2 and it is accessed at offset 2.\n",
+                      errout.str());
    }

    void ctu_variable() {