From 7e2f39290db5f3eb7df98a9a2d28caf625fc617f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <danielm77@spray.se>
Date: Tue, 20 Apr 2010 16:43:51 +0200
Subject: [PATCH] Fixed #1614 (negative array index issues in latest from git)

---
 lib/checkbufferoverrun.cpp | 12 +++++++++++-
 test/testbufferoverrun.cpp |  7 +++++++
 2 files changed, 18 insertions(+), 1 deletion(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index a5f82559c..cf97ff414 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -1280,7 +1280,17 @@ void CheckBufferOverrun::negativeIndex()
         const long index = MathLib::toLongNumber(tok->next()->str());
         if (index < 0)
         {
-            negativeIndexError(tok, index);
+            // Multidimension index => error
+            if (Token::simpleMatch(tok->previous(), "]") || Token::simpleMatch(tok->tokAt(3), "["))
+                negativeIndexError(tok, index);
+
+            // 1-dimensional array => error
+            else if (tok->previous() && tok->previous()->varId())
+            {
+                const Token *tok2 = Token::findmatch(_tokenizer->tokens(), "%varid%", tok->previous()->varId());
+                if (tok2 && Token::Match(tok2->next(), "[ %any% ] ;"))
+                    negativeIndexError(tok, index);
+            }
         }
     }
 }
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 4fd2bb89b..7e14f6a68 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -1022,6 +1022,13 @@ private:
               "    data[5][-1] = 0;\n"
               "}\n");
         ASSERT_EQUALS("[test.cpp:4]: (error) Array index -1 corresponds with 4294967295, which is likely out of bounds\n", errout.str());
+
+        // #1614 - negative index is ok for pointers
+        check("void foo(char *p)\n"
+              "{\n"
+              "    p[-1] = 0;\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
     }
 
     void array_index_for_decr()