walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix 11072: FP arrayIndexOutOfBounds, nullPointer with nested loops (#4113) 

* Fix 11072: FP arrayIndexOutOfBounds, nullPointer with nested loops

* Format

* Remove print statement
This commit is contained in:
Paul Fultz II 2022-05-18 01:29:30 -05:00 committed by GitHub
parent 8dbc1b802a
commit 90e6c10c12
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 33 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
lib/valueflow.cpp
View File

@ -6343,6 +6343,8 @@ static void valueFlowForLoopSimplify(Token* const bodyStart,
ErrorLogger* errorLogger, ErrorLogger* errorLogger,
const Settings* settings) const Settings* settings)
{ {
// TODO: Refactor this to use arbitary expressions
assert(expr->varId() > 0);
const Token * const bodyEnd = bodyStart->link(); const Token * const bodyEnd = bodyStart->link();
// Is variable modified inside for loop // Is variable modified inside for loop
@ -6512,24 +6514,26 @@ static void valueFlowForLoop(TokenList *tokenlist, SymbolDatabase* symboldatabas
} else { } else {
ProgramMemory mem1, mem2, memAfter; ProgramMemory mem1, mem2, memAfter;
if (valueFlowForLoop2(tok, &mem1, &mem2, &memAfter)) { if (valueFlowForLoop2(tok, &mem1, &mem2, &memAfter)) {
ProgramMemory::Map::const_iterator it; for (const auto& p : mem1) {
for (it = mem1.begin(); it != mem1.end(); ++it) { if (!p.second.isIntValue())
if (!it->second.isIntValue())
continue; continue;
valueFlowForLoopSimplify( if (p.first.tok->varId() == 0)
bodyStart, it->first.tok, false, it->second.intvalue, tokenlist, errorLogger, settings); continue;
valueFlowForLoopSimplify(bodyStart, p.first.tok, false, p.second.intvalue, tokenlist, errorLogger, settings);
} }
for (it = mem2.begin(); it != mem2.end(); ++it) { for (const auto& p : mem2) {
if (!it->second.isIntValue()) if (!p.second.isIntValue())
continue; continue;
valueFlowForLoopSimplify( if (p.first.tok->varId() == 0)
bodyStart, it->first.tok, false, it->second.intvalue, tokenlist, errorLogger, settings); continue;
valueFlowForLoopSimplify(bodyStart, p.first.tok, false, p.second.intvalue, tokenlist, errorLogger, settings);
} }
for (it = memAfter.begin(); it != memAfter.end(); ++it) { for (const auto& p : memAfter) {
if (!it->second.isIntValue()) if (!p.second.isIntValue())
continue; continue;
valueFlowForLoopSimplifyAfter( if (p.first.tok->varId() == 0)
tok, it->first.getExpressionId(), it->second.intvalue, tokenlist, settings); continue;
valueFlowForLoopSimplifyAfter(tok, p.first.getExpressionId(), p.second.intvalue, tokenlist, settings);
} }
} }
} }

16
test/testvalueflow.cpp
View File

@ -4267,6 +4267,22 @@ private:
" }\n" " }\n"
"}\n"; "}\n";
testValueOfX(code, 0, 0); // <- don't throw testValueOfX(code, 0, 0); // <- don't throw
// #11072
code = "struct a {\n"
" long b;\n"
" long c[6];\n"
" long d;\n"
"};\n"
"void e(long) {\n"
" a f = {0};\n"
" for (f.d = 0; 2; f.d++)\n"
" e(f.c[f.b]);\n"
"}\n";
values = tokenValues(code, ". c");
ASSERT_EQUALS(true, values.empty());
values = tokenValues(code, "[ f . b");
ASSERT_EQUALS(true, values.empty());
} }
void valueFlowSubFunction() { void valueFlowSubFunction() {