Bug hunting; Detect array index out of bounds in loop better

lib/exprengine.cpp

@@ -1675,6 +1675,10 @@ static void assignExprValue(const Token *expr, ExprEngine::ValuePtr value, Data
                 if (!loopAssign)
                     arrayValue->assign(indexValue, value);
             }
+        } else {
+            const Token * const indexToken = expr->astOperand2();
+            auto indexValue = executeExpression(indexToken, data);
+            call(data.callbacks, indexToken, indexValue, &data);
         }
     } else if (expr->isUnaryOp("*")) {
         auto pval = executeExpression(expr->astOperand1(), data);
@@ -2509,6 +2513,7 @@ static std::string execute(const Token *start, const Token *end, Data &data)
                     data.assignValue(tok2, varid, getValueRangeFromValueType(vartok->valueType(), data));
                 }
             }
+            tok = tok->linkAt(1);
         }
 
         if (Token::simpleMatch(tok, "} else {"))

test/testbughuntingchecks.cpp

@@ -37,6 +37,7 @@ private:
         LOAD_LIB_2(settings.library, "std.cfg");
         TEST_CASE(checkAssignment);
         TEST_CASE(arrayIndexOutOfBounds1);
+        TEST_CASE(arrayIndexOutOfBounds2);
         TEST_CASE(bufferOverflowMemCmp1);
         TEST_CASE(bufferOverflowMemCmp2);
         TEST_CASE(bufferOverflowStrcpy1);
@@ -82,6 +83,17 @@ private:
                       errout.str());
     }
 
+    void arrayIndexOutOfBounds2() {
+        check("void foo(int n) {\n"
+              "  int p[8];"
+              "  for (int i = 0; i < n; i++)"
+              "    p[i] = 0;\n"
+              "}");
+        ASSERT_EQUALS("[test.cpp:2]: (error) Array index out of bounds, cannot determine that i is less than 8\n"
+                      "[test.cpp:2]: (error) Array index out of bounds, cannot determine that i is not negative\n",
+                      errout.str());
+    }
+
     void bufferOverflowMemCmp1() {
         // CVE-2020-24265
         check("void foo(const char *pktdata, int datalen) {\n"