From 8247270f357489a6639dfae589565b05082b1806 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <daniel@daniel-laptop.(none)>
Date: Sun, 19 Dec 2010 10:39:43 +0100
Subject: [PATCH] Fixed #2328 (false positive: buffer overrun (for loop with a
 break => the end value is not reached))

---
 lib/checkbufferoverrun.cpp | 16 ++++++++++++++++
 test/testbufferoverrun.cpp | 16 ++++++++++++++++
 2 files changed, 32 insertions(+)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index b0278dd03..aadae8aaa 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -729,6 +729,14 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
         {
             const Token *tok2 = tok->tokAt(2);
 
+            // Check if there is a break in the body..
+            {
+                const Token *bodyStart = tok->next()->link()->next();
+                const Token *bodyEnd = bodyStart->link();
+                if (Token::findmatch(bodyStart, "break ;", bodyEnd))
+                    continue;
+            }
+
             unsigned int counter_varid = 0;
             std::string min_counter_value;
             std::string max_counter_value;
@@ -898,6 +906,14 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
         {
             const Token *tok2 = tok->tokAt(2);
 
+            // Check if there is a break in the body..
+            {
+                const Token *bodyStart = tok->next()->link()->next();
+                const Token *bodyEnd = bodyStart->link();
+                if (Token::findmatch(bodyStart, "break ;", bodyEnd))
+                    continue;
+            }
+
             unsigned int counter_varid = 0;
             std::string min_counter_value;
             std::string max_counter_value;
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 8a33de23e..f908a0b63 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -112,6 +112,7 @@ private:
         TEST_CASE(array_index_negative);
         TEST_CASE(array_index_for_decr);
         TEST_CASE(array_index_varnames);   // FP: struct member. #1576
+        TEST_CASE(array_index_for_break);  // FP: for,break
 
         TEST_CASE(buffer_overrun_1);
         TEST_CASE(buffer_overrun_2);
@@ -1303,6 +1304,21 @@ private:
     }
 
 
+    void array_index_for_break()
+    {
+        check("void f() {\n"
+              "    int a[2];\n"
+              "    for (int i = 0; i <= 2; ++i) {\n"
+              "        a[i] = 0;\n"
+              "        if (i==1) {\n"
+              "            break;\n"
+              "        }\n"
+              "    }\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
+
     void buffer_overrun_1()
     {
         check("void f()\n"