From 79ef02812dd27c3502d8a763aa2dc08c5f715a66 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Sun, 9 Jan 2011 18:51:28 +0100
Subject: [PATCH] Fixed #2211 (false negative: buffer access out of bounds
 for(int i=0; i !=6;i++))

---
 lib/checkbufferoverrun.cpp |  8 ++++++--
 test/testbufferoverrun.cpp | 12 ++++++++++++
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index 3fecabf11..d117d77e6 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -289,7 +289,9 @@ static const Token *for_init(const Token *tok, unsigned int &varid, std::string
 /** Parse for condition */
 static bool for_condition(const Token * const tok2, unsigned int varid, std::string &min_value, std::string &max_value, std::string &strindex, bool &maxMinFlipped)
 {
-    if (Token::Match(tok2, "%varid% < %num% ;", varid))
+    if (Token::Match(tok2, "%varid% < %num% ;", varid) ||
+        Token::Match(tok2, "%varid% != %num% ; ++ %varid%", varid) ||
+        Token::Match(tok2, "%varid% != %num% ; %varid% ++", varid))
     {
         maxMinFlipped = false;
         const MathLib::bigint value = MathLib::toLongNumber(tok2->strAt(2));
@@ -300,7 +302,9 @@ static bool for_condition(const Token * const tok2, unsigned int varid, std::str
         maxMinFlipped = false;
         max_value = tok2->strAt(2);
     }
-    else if (Token::Match(tok2, " %num% < %varid% ;", varid))
+    else if (Token::Match(tok2, " %num% < %varid% ;", varid) ||
+             Token::Match(tok2, "%num% != %varid% ; ++ %varid%", varid) ||
+             Token::Match(tok2, "%num% != %varid% ; %varid% ++", varid))
     {
         maxMinFlipped = true;
         const MathLib::bigint value = MathLib::toLongNumber(tok2->str());
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 34794dbb6..10d32105e 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -114,6 +114,7 @@ private:
         TEST_CASE(array_index_varnames);   // FP: struct member. #1576
         TEST_CASE(array_index_for_break);  // FP: for,break
         TEST_CASE(array_index_for);        // FN: for,if
+        TEST_CASE(array_index_for_neq);    // #2211: Using != in condition
 
         TEST_CASE(buffer_overrun_1);
         TEST_CASE(buffer_overrun_2);
@@ -1355,6 +1356,17 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void array_index_for_neq()
+    {
+        // Ticket #2211 - for loop using != in the condition
+        check("void f() {\n"
+              "    int a[5];\n"
+              "    for (int i = 0; i != 10; ++i) {\n"
+              "        a[i] = 0;\n"
+              "    }\n"
+              "}");
+        ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds: a\n", errout.str());
+    }
 
     void buffer_overrun_1()
     {