From 75de485c4df9b10c76f3b0d963f8a43878386e73 Mon Sep 17 00:00:00 2001 From: Paul Fultz II Date: Sun, 29 Dec 2019 01:23:58 -0600 Subject: [PATCH] Fix issue 9551: Out-of-bounds in getLifetimeTokens() (#2461) --- lib/valueflow.cpp | 6 +++++- test/testvalueflow.cpp | 10 ++++++++++ 2 files changed, 15 insertions(+), 1 deletion(-) diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp index bde555e54..815a993e6 100644 --- a/lib/valueflow.cpp +++ b/lib/valueflow.cpp @@ -3199,7 +3199,11 @@ std::vector getLifetimeTokens(const Token* tok, ValueFlow::Value: int n = getArgumentPos(argvar, f); if (n < 0) return std::vector {}; - const Token* argTok = getArguments(tok->previous()).at(n); + std::vector args = getArguments(tok->previous()); + // TODO: Track lifetimes of default parameters + if (n >= args.size()) + return std::vector {}; + const Token* argTok = args[n]; lt.errorPath.emplace_back(returnTok, "Return reference."); lt.errorPath.emplace_back(tok->previous(), "Called function passing '" + argTok->str() + "'."); std::vector arglts = LifetimeToken::setInconclusive( diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp index 73e5a88af..3dab3c61c 100644 --- a/test/testvalueflow.cpp +++ b/test/testvalueflow.cpp @@ -4387,6 +4387,16 @@ private: " if (0 * (x > 2)) {}\n" "}\n"; valueOfTok(code, "x"); + + code = "const int& f(int, const int& y = 0);\n" + "const int& f(int, const int& y) {\n" + " return y;\n" + "}\n" + "const int& g(int x) {\n" + " const int& r = f(x);\n" + " return r;\n" + "}\n"; + valueOfTok(code, "0"); } };