Fixed #6353 (False positive: CheckBufferOverrun checking reassigned array function parameter)

lib/checkbufferoverrun.cpp

@@ -835,9 +835,18 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
     const bool isPortabilityEnabled = _settings->isEnabled("portability");
     const bool isWarningEnabled = _settings->isEnabled("warning");
 
+    bool reassigned = false;
+
     for (const Token* const end = tok->scope()->classEnd; tok != end; tok = tok->next()) {
+        if (reassigned && tok->str() == ";")
+            break;
+
         if (tok->varId() == declarationId) {
-            if (tok->strAt(1) == "[") {
+            if (tok->strAt(1) == "=") {
+                reassigned = true;
+            }
+
+            else if (tok->strAt(1) == "[") {
                 valueFlowCheckArrayIndex(tok->next(), arrayInfo);
             }
 

test/testbufferoverrun.cpp

@@ -190,6 +190,7 @@ private:
         TEST_CASE(array_index_string_literal);
         TEST_CASE(array_index_same_struct_and_var_name); // #4751 - not handled well when struct name and var name is same
         TEST_CASE(array_index_valueflow);
+        TEST_CASE(array_index_function_parameter);
 
         TEST_CASE(buffer_overrun_1_standard_functions);
         TEST_CASE(buffer_overrun_1_posix_functions);
@@ -2147,6 +2148,19 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void array_index_function_parameter() {
+        check("void f(char a[10]) {\n"
+              "  a[20] = 0;\n" // <- cppcheck warn here even though it's not a definite access out of bounds
+              "}");
+        ASSERT_EQUALS("[test.cpp:2]: (error) Array 'a[10]' accessed at index 20, which is out of bounds.\n", errout.str());
+
+        check("void f(char a[10]) {\n" // #6353 - reassign 'a'
+              "  a += 4;\n"
+              "  a[-1] = 0;\n"
+              "}");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void buffer_overrun_1_posix_functions() {
         checkposix("void f(int fd)\n"
                    "{\n"