From 74bf1821e6cc9ec1af670488eea3e2165fff3c91 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Mon, 11 Oct 2010 20:52:14 +0200
Subject: [PATCH] Array index: detect array index out of bounds when datatype
 is unknown. Ticket: #2086

---
 lib/checkbufferoverrun.cpp | 10 +++++++---
 test/testbufferoverrun.cpp | 11 +++++++++++
 2 files changed, 18 insertions(+), 3 deletions(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index 35b693543..aec70c65e 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -1172,7 +1172,7 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
         }
         else if (indentlevel > 0 && Token::Match(tok, "[;{}] %var% = %str% ;"))
         {
-            size = 1 + tok->tokAt(3)->strValue().size();
+            size = 1 + int(tok->tokAt(3)->strValue().size());
             type = "char";
             varid = tok->next()->varId();
             nextTok = 4;
@@ -1794,6 +1794,9 @@ bool CheckBufferOverrun::ArrayInfo::declare(const Token *tok, const Tokenizer &t
     if (!tok->isName())
         return false;
 
+    while (tok && (tok->str() == "static" || tok->str() == "const"))
+        tok = tok->next();
+
     int ivar = 0;
     if (Token::Match(tok, "%type% *| %var% ["))
         ivar = 1;
@@ -1802,6 +1805,9 @@ bool CheckBufferOverrun::ArrayInfo::declare(const Token *tok, const Tokenizer &t
     else
         return false;
 
+    if (tok->str().find(":") != std::string::npos)
+        return false;
+
     // Goto variable name token, get element size..
     const Token *vartok = tok->tokAt(ivar);
     if (vartok->str() == "*")
@@ -1813,8 +1819,6 @@ bool CheckBufferOverrun::ArrayInfo::declare(const Token *tok, const Tokenizer &t
     {
         _element_size = tokenizer.sizeOfType(tok);
     }
-    if (_element_size == 0)
-        return false;
 
     _varname = vartok->str();
     _varid = vartok->varId();
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 4d4cad893..1aafc8995 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -103,6 +103,7 @@ private:
         TEST_CASE(array_index_27);
         TEST_CASE(array_index_28); // ticket #1418
         TEST_CASE(array_index_29); // ticket #1734
+        TEST_CASE(array_index_30); // ticket #2086 - out of bounds when type is unknown
         TEST_CASE(array_index_multidim);
         TEST_CASE(array_index_switch_in_for);
         TEST_CASE(array_index_calculation);
@@ -976,6 +977,16 @@ private:
         TODO_ASSERT_EQUALS("[test.cpp:6]: (error) Array ii[10] out of bounds\n", errout.str());
     }
 
+    void array_index_30()
+    {
+        // ticket #2086 - unknown type
+        check("void f() {\n"
+              "    UINT8 x[2];\n"
+              "    x[5] = 0;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:3]: (error) Array 'x[2]' index 5 out of bounds\n", errout.str());
+    }
+
     void array_index_multidim()
     {
         check("void f()\n"