Fix 11072: FP arrayIndexOutOfBounds, nullPointer with nested loops (#4113)
* Fix 11072: FP arrayIndexOutOfBounds, nullPointer with nested loops * Format * Remove print statement
This commit is contained in:
parent
8dbc1b802a
commit
90e6c10c12
|
@ -6343,6 +6343,8 @@ static void valueFlowForLoopSimplify(Token* const bodyStart,
|
||||||
ErrorLogger* errorLogger,
|
ErrorLogger* errorLogger,
|
||||||
const Settings* settings)
|
const Settings* settings)
|
||||||
{
|
{
|
||||||
|
// TODO: Refactor this to use arbitary expressions
|
||||||
|
assert(expr->varId() > 0);
|
||||||
const Token * const bodyEnd = bodyStart->link();
|
const Token * const bodyEnd = bodyStart->link();
|
||||||
|
|
||||||
// Is variable modified inside for loop
|
// Is variable modified inside for loop
|
||||||
|
@ -6512,24 +6514,26 @@ static void valueFlowForLoop(TokenList *tokenlist, SymbolDatabase* symboldatabas
|
||||||
} else {
|
} else {
|
||||||
ProgramMemory mem1, mem2, memAfter;
|
ProgramMemory mem1, mem2, memAfter;
|
||||||
if (valueFlowForLoop2(tok, &mem1, &mem2, &memAfter)) {
|
if (valueFlowForLoop2(tok, &mem1, &mem2, &memAfter)) {
|
||||||
ProgramMemory::Map::const_iterator it;
|
for (const auto& p : mem1) {
|
||||||
for (it = mem1.begin(); it != mem1.end(); ++it) {
|
if (!p.second.isIntValue())
|
||||||
if (!it->second.isIntValue())
|
|
||||||
continue;
|
continue;
|
||||||
valueFlowForLoopSimplify(
|
if (p.first.tok->varId() == 0)
|
||||||
bodyStart, it->first.tok, false, it->second.intvalue, tokenlist, errorLogger, settings);
|
continue;
|
||||||
|
valueFlowForLoopSimplify(bodyStart, p.first.tok, false, p.second.intvalue, tokenlist, errorLogger, settings);
|
||||||
}
|
}
|
||||||
for (it = mem2.begin(); it != mem2.end(); ++it) {
|
for (const auto& p : mem2) {
|
||||||
if (!it->second.isIntValue())
|
if (!p.second.isIntValue())
|
||||||
continue;
|
continue;
|
||||||
valueFlowForLoopSimplify(
|
if (p.first.tok->varId() == 0)
|
||||||
bodyStart, it->first.tok, false, it->second.intvalue, tokenlist, errorLogger, settings);
|
continue;
|
||||||
|
valueFlowForLoopSimplify(bodyStart, p.first.tok, false, p.second.intvalue, tokenlist, errorLogger, settings);
|
||||||
}
|
}
|
||||||
for (it = memAfter.begin(); it != memAfter.end(); ++it) {
|
for (const auto& p : memAfter) {
|
||||||
if (!it->second.isIntValue())
|
if (!p.second.isIntValue())
|
||||||
continue;
|
continue;
|
||||||
valueFlowForLoopSimplifyAfter(
|
if (p.first.tok->varId() == 0)
|
||||||
tok, it->first.getExpressionId(), it->second.intvalue, tokenlist, settings);
|
continue;
|
||||||
|
valueFlowForLoopSimplifyAfter(tok, p.first.getExpressionId(), p.second.intvalue, tokenlist, settings);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
@ -4267,6 +4267,22 @@ private:
|
||||||
" }\n"
|
" }\n"
|
||||||
"}\n";
|
"}\n";
|
||||||
testValueOfX(code, 0, 0); // <- don't throw
|
testValueOfX(code, 0, 0); // <- don't throw
|
||||||
|
|
||||||
|
// #11072
|
||||||
|
code = "struct a {\n"
|
||||||
|
" long b;\n"
|
||||||
|
" long c[6];\n"
|
||||||
|
" long d;\n"
|
||||||
|
"};\n"
|
||||||
|
"void e(long) {\n"
|
||||||
|
" a f = {0};\n"
|
||||||
|
" for (f.d = 0; 2; f.d++)\n"
|
||||||
|
" e(f.c[f.b]);\n"
|
||||||
|
"}\n";
|
||||||
|
values = tokenValues(code, ". c");
|
||||||
|
ASSERT_EQUALS(true, values.empty());
|
||||||
|
values = tokenValues(code, "[ f . b");
|
||||||
|
ASSERT_EQUALS(true, values.empty());
|
||||||
}
|
}
|
||||||
|
|
||||||
void valueFlowSubFunction() {
|
void valueFlowSubFunction() {
|
||||||
|
|
Loading…
Reference in New Issue