Fixed #1418 (false negative: buffer access out of bounds)

This commit is contained in:
Monika Lukow 2010-05-16 23:53:42 +02:00
parent 20289b1f5b
commit 71e5c56bf9
2 changed files with 25 additions and 1 deletions

View File

@ -48,7 +48,7 @@ CheckBufferOverrun instance;
void CheckBufferOverrun::arrayIndexOutOfBounds(const Token *tok, int size, int index)
{
if (size <= 1)
if (size == 1)
return;
std::ostringstream errmsg;
@ -779,6 +779,17 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
}
}
// in case %var% is declared as a pointer
else if (Token::Match(tok, "%var% [ %num% ]"))
{
const int index = MathLib::toLongNumber(tok->strAt(2));
if (index < 0)
{
arrayIndexOutOfBounds(tok, index, index);
}
}
// Loop..
else if (Token::simpleMatch(tok, "for ("))

View File

@ -101,6 +101,7 @@ private:
TEST_CASE(array_index_25); // ticket #1536
TEST_CASE(array_index_26);
TEST_CASE(array_index_27);
TEST_CASE(array_index_28); // ticket #1418
TEST_CASE(array_index_multidim);
TEST_CASE(array_index_switch_in_for);
TEST_CASE(array_index_calculation);
@ -932,6 +933,18 @@ private:
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'a[10]' index -1 out of bounds\n", errout.str());
}
void array_index_28()
{
// ticket #1418
check("void f()\n"
"{\n"
" int i[2];\n"
" int *ip = &i[1];\n"
" ip[-10] = 1;\n"
"}\n");
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'ip[-10]' index -10 out of bounds\n", errout.str());
}
void array_index_multidim()
{