From 797eccc2038f233d9620ce128c5e9f697c8f45f5 Mon Sep 17 00:00:00 2001
From: Paul Fultz II <pfultz2@yahoo.com>
Date: Sat, 9 Feb 2019 01:47:36 -0600
Subject: [PATCH] Fix possible out of bounds access on arguments (#1652)

* Fix possible outbounds access on arguments

* Log a warning when the arguments mismatch

* Format
---
 lib/valueflow.cpp | 13 ++++++++++++-
 1 file changed, 12 insertions(+), 1 deletion(-)

diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
index 8870275ae..7fa2bd98b 100644
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@@ -2980,7 +2980,18 @@ static void valueFlowLifetimeFunction(Token *tok, TokenList *tokenlist, ErrorLog
             int n = getArgumentPos(var, f);
             if (n < 0)
                 continue;
-            const Token *argtok = getArguments(tok).at(n);
+            std::vector<const Token *> args = getArguments(tok);
+            if (n >= args.size()) {
+                if (tokenlist->getSettings()->debugwarnings)
+                    bailout(tokenlist,
+                            errorLogger,
+                            tok,
+                            "Argument mismatch: Function '" + tok->str() + "' returning lifetime from argument index " +
+                                std::to_string(n) + " but only " + std::to_string(args.size()) +
+                                " arguments are available.");
+                continue;
+            }
+            const Token *argtok = args[n];
             LifetimeStore ls{argtok, "Passed to '" + tok->str() + "'.", ValueFlow::Value::Object};
             ls.errorPath = v.errorPath;
             ls.errorPath.emplace_front(returnTok, "Return " + lifetimeType(returnTok, &v) + ".");