From 848fd59cbdbdc1576343f6bd561d186e051e85d6 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <daniel.marjamaki@gmail.com>
Date: Sun, 8 Jul 2012 14:34:47 +0200
Subject: [PATCH] Fixed #3913 (boundcheck, false positive continue in loop)

---
 lib/checkbufferoverrun.cpp |  2 +-
 test/testbufferoverrun.cpp | 26 ++++++++++++++++++++++++++
 2 files changed, 27 insertions(+), 1 deletion(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index 825be1e26..52846944d 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -224,7 +224,7 @@ static bool bailoutIfSwitch(const Token *tok, const unsigned int varid)
         end = end->linkAt(2);
     for (; tok != end; tok = tok->next()) {
         // If scanning a "if" block then bailout for "break"
-        if (is_if && tok->str() == "break")
+        if (is_if && (tok->str() == "break" || tok->str() == "continue"))
             return true;
 
         // bailout for "return"
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index cefb45cc2..49e4bbe61 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -120,6 +120,7 @@ private:
         TEST_CASE(array_index_for_decr);
         TEST_CASE(array_index_varnames);   // FP: struct member. #1576
         TEST_CASE(array_index_for_break);  // FP: for,break
+        TEST_CASE(array_index_for_continue); // for,continue
         TEST_CASE(array_index_for);        // FN: for,if
         TEST_CASE(array_index_for_neq);    // #2211: Using != in condition
         TEST_CASE(array_index_for_question);	// #2561: for, ?:
@@ -1739,6 +1740,31 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void array_index_for_continue() {
+		// #3913
+        check("void f() {\n"
+              "    int a[2];\n"
+              "    for (int i = 0; i < 2; ++i) {\n"
+              "        if (i == 0) {\n"
+              "            continue;\n"
+              "        }\n"
+              "        a[i - 1] = 0;\n"
+              "    }\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+
+        check("void f() {\n"
+              "    int a[2];\n"
+              "    for (int i = 0; i < 2; ++i) {\n"
+              "        if (somecondition) {\n"
+              "            continue;\n"
+              "        }\n"
+              "        a[i - 1] = 0;\n"
+              "    }\n"
+              "}\n");
+        TODO_ASSERT_EQUALS("[test.cpp:7]: (error) Array 'a[2]' accessed at index -1, which is out of bounds", "", errout.str());
+    }
+
     void array_index_for() {
         // Ticket #2370 - No false negative when there is no "break"
         check("void f() {\n"