walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fixed #2211 (false negative: buffer access out of bounds for(int i=0; i !=6;i++))

This commit is contained in:
Daniel Marjamäki 2011-01-09 18:51:28 +01:00
parent 0b0c46e373
commit 79ef02812d
2 changed files with 18 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/checkbufferoverrun.cpp
View File

@ -289,7 +289,9 @@ static const Token *for_init(const Token *tok, unsigned int &varid, std::string
/** Parse for condition */ /** Parse for condition */
static bool for_condition(const Token * const tok2, unsigned int varid, std::string &min_value, std::string &max_value, std::string &strindex, bool &maxMinFlipped) static bool for_condition(const Token * const tok2, unsigned int varid, std::string &min_value, std::string &max_value, std::string &strindex, bool &maxMinFlipped)
{ {
if (Token::Match(tok2, "%varid% < %num% ;", varid)) if (Token::Match(tok2, "%varid% < %num% ;", varid) ||
Token::Match(tok2, "%varid% != %num% ; ++ %varid%", varid) ||
Token::Match(tok2, "%varid% != %num% ; %varid% ++", varid))
{ {
maxMinFlipped = false; maxMinFlipped = false;
const MathLib::bigint value = MathLib::toLongNumber(tok2->strAt(2)); const MathLib::bigint value = MathLib::toLongNumber(tok2->strAt(2));
@ -300,7 +302,9 @@ static bool for_condition(const Token * const tok2, unsigned int varid, std::str
maxMinFlipped = false; maxMinFlipped = false;
max_value = tok2->strAt(2); max_value = tok2->strAt(2);
} }
else if (Token::Match(tok2, " %num% < %varid% ;", varid)) else if (Token::Match(tok2, " %num% < %varid% ;", varid) ||
Token::Match(tok2, "%num% != %varid% ; ++ %varid%", varid) ||
Token::Match(tok2, "%num% != %varid% ; %varid% ++", varid))
{ {
maxMinFlipped = true; maxMinFlipped = true;
const MathLib::bigint value = MathLib::toLongNumber(tok2->str()); const MathLib::bigint value = MathLib::toLongNumber(tok2->str());

12
test/testbufferoverrun.cpp
View File

@ -114,6 +114,7 @@ private:
TEST_CASE(array_index_varnames); // FP: struct member. #1576 TEST_CASE(array_index_varnames); // FP: struct member. #1576
TEST_CASE(array_index_for_break); // FP: for,break TEST_CASE(array_index_for_break); // FP: for,break
TEST_CASE(array_index_for); // FN: for,if TEST_CASE(array_index_for); // FN: for,if
TEST_CASE(array_index_for_neq); // #2211: Using != in condition
TEST_CASE(buffer_overrun_1); TEST_CASE(buffer_overrun_1);
TEST_CASE(buffer_overrun_2); TEST_CASE(buffer_overrun_2);
@ -1355,6 +1356,17 @@ private:
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
} }
void array_index_for_neq()
{
// Ticket #2211 - for loop using != in the condition
check("void f() {\n"
" int a[5];\n"
" for (int i = 0; i != 10; ++i) {\n"
" a[i] = 0;\n"
" }\n"
"}");
ASSERT_EQUALS("[test.cpp:4]: (error) Buffer access out-of-bounds: a\n", errout.str());
}
void buffer_overrun_1() void buffer_overrun_1()
{ {