Fixed #1418 (false negative: buffer access out of bounds)
This commit is contained in:
parent
20289b1f5b
commit
71e5c56bf9
|
@ -48,7 +48,7 @@ CheckBufferOverrun instance;
|
|||
|
||||
void CheckBufferOverrun::arrayIndexOutOfBounds(const Token *tok, int size, int index)
|
||||
{
|
||||
if (size <= 1)
|
||||
if (size == 1)
|
||||
return;
|
||||
|
||||
std::ostringstream errmsg;
|
||||
|
@ -779,6 +779,17 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
|
|||
}
|
||||
|
||||
}
|
||||
|
||||
// in case %var% is declared as a pointer
|
||||
else if (Token::Match(tok, "%var% [ %num% ]"))
|
||||
{
|
||||
const int index = MathLib::toLongNumber(tok->strAt(2));
|
||||
if (index < 0)
|
||||
{
|
||||
arrayIndexOutOfBounds(tok, index, index);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
// Loop..
|
||||
else if (Token::simpleMatch(tok, "for ("))
|
||||
|
|
|
@ -101,6 +101,7 @@ private:
|
|||
TEST_CASE(array_index_25); // ticket #1536
|
||||
TEST_CASE(array_index_26);
|
||||
TEST_CASE(array_index_27);
|
||||
TEST_CASE(array_index_28); // ticket #1418
|
||||
TEST_CASE(array_index_multidim);
|
||||
TEST_CASE(array_index_switch_in_for);
|
||||
TEST_CASE(array_index_calculation);
|
||||
|
@ -932,6 +933,18 @@ private:
|
|||
"}\n");
|
||||
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'a[10]' index -1 out of bounds\n", errout.str());
|
||||
}
|
||||
|
||||
void array_index_28()
|
||||
{
|
||||
// ticket #1418
|
||||
check("void f()\n"
|
||||
"{\n"
|
||||
" int i[2];\n"
|
||||
" int *ip = &i[1];\n"
|
||||
" ip[-10] = 1;\n"
|
||||
"}\n");
|
||||
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'ip[-10]' index -10 out of bounds\n", errout.str());
|
||||
}
|
||||
|
||||
void array_index_multidim()
|
||||
{
|
||||
|
|
Loading…
Reference in New Issue