Fix 10290: false negative: container out of bounds (#3269)
This commit is contained in:
parent
1df93f5474
commit
8541e0503e
|
@ -111,8 +111,10 @@ struct ForwardTraversal {
|
||||||
return Progress::Skip;
|
return Progress::Skip;
|
||||||
T* firstOp = tok->astOperand1();
|
T* firstOp = tok->astOperand1();
|
||||||
T* secondOp = tok->astOperand2();
|
T* secondOp = tok->astOperand2();
|
||||||
// Evaluate RHS of assignment before LHS
|
// Evaluate:
|
||||||
if (tok->isAssignmentOp())
|
// 1. RHS of assignment before LHS
|
||||||
|
// 2. Unary op before operand
|
||||||
|
if (tok->isAssignmentOp() || !secondOp)
|
||||||
std::swap(firstOp, secondOp);
|
std::swap(firstOp, secondOp);
|
||||||
if (firstOp && traverseRecursive(firstOp, f, traverseUnknown, recursion+1) == Progress::Break)
|
if (firstOp && traverseRecursive(firstOp, f, traverseUnknown, recursion+1) == Progress::Break)
|
||||||
return Break();
|
return Break();
|
||||||
|
|
|
@ -1244,7 +1244,7 @@ static void valueFlowPointerAlias(TokenList *tokenlist)
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
static void valueFlowPointerAliasDeref(TokenList *tokenlist)
|
static void valueFlowUninitPointerAliasDeref(TokenList *tokenlist)
|
||||||
{
|
{
|
||||||
for (Token *tok = tokenlist->front(); tok; tok = tok->next()) {
|
for (Token *tok = tokenlist->front(); tok; tok = tok->next()) {
|
||||||
if (!tok->isUnaryOp("*"))
|
if (!tok->isUnaryOp("*"))
|
||||||
|
@ -6869,7 +6869,6 @@ void ValueFlow::setValues(TokenList *tokenlist, SymbolDatabase* symboldatabase,
|
||||||
while (n > 0 && values < getTotalValues(tokenlist)) {
|
while (n > 0 && values < getTotalValues(tokenlist)) {
|
||||||
values = getTotalValues(tokenlist);
|
values = getTotalValues(tokenlist);
|
||||||
valueFlowImpossibleValues(tokenlist, settings);
|
valueFlowImpossibleValues(tokenlist, settings);
|
||||||
valueFlowPointerAliasDeref(tokenlist);
|
|
||||||
valueFlowArrayBool(tokenlist);
|
valueFlowArrayBool(tokenlist);
|
||||||
valueFlowRightShift(tokenlist, settings);
|
valueFlowRightShift(tokenlist, settings);
|
||||||
valueFlowAfterMove(tokenlist, symboldatabase, errorLogger, settings);
|
valueFlowAfterMove(tokenlist, symboldatabase, errorLogger, settings);
|
||||||
|
@ -6883,6 +6882,7 @@ void ValueFlow::setValues(TokenList *tokenlist, SymbolDatabase* symboldatabase,
|
||||||
valueFlowLifetime(tokenlist, symboldatabase, errorLogger, settings);
|
valueFlowLifetime(tokenlist, symboldatabase, errorLogger, settings);
|
||||||
valueFlowFunctionDefaultParameter(tokenlist, symboldatabase, errorLogger, settings);
|
valueFlowFunctionDefaultParameter(tokenlist, symboldatabase, errorLogger, settings);
|
||||||
valueFlowUninit(tokenlist, symboldatabase, errorLogger, settings);
|
valueFlowUninit(tokenlist, symboldatabase, errorLogger, settings);
|
||||||
|
valueFlowUninitPointerAliasDeref(tokenlist);
|
||||||
if (tokenlist->isCPP()) {
|
if (tokenlist->isCPP()) {
|
||||||
valueFlowSmartPointer(tokenlist, errorLogger, settings);
|
valueFlowSmartPointer(tokenlist, errorLogger, settings);
|
||||||
valueFlowIterators(tokenlist, settings);
|
valueFlowIterators(tokenlist, settings);
|
||||||
|
|
|
@ -440,6 +440,13 @@ private:
|
||||||
" (*PArr)[i] = 1;\n"
|
" (*PArr)[i] = 1;\n"
|
||||||
"}\n");
|
"}\n");
|
||||||
ASSERT_EQUALS("", errout.str());
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
checkNormal("int f() {\n"
|
||||||
|
" std::vector<int> v;\n"
|
||||||
|
" std::vector<int> * pv = &v;\n"
|
||||||
|
" return (*pv).at(42);\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("test.cpp:4:error:Out of bounds access in expression '(*pv).at(42)' because '*pv' is empty and 'at' may be non-zero.\n", errout.str());
|
||||||
}
|
}
|
||||||
|
|
||||||
void outOfBoundsIndexExpression() {
|
void outOfBoundsIndexExpression() {
|
||||||
|
|
Loading…
Reference in New Issue