Array index out of bounds: Fixed false positive when size is not known.

2011-12-17 13:20:42 +01:00 · 2011-12-17 13:20:42 +01:00 · 95123854ba
parent e008a0508b
commit 95123854ba
2 changed files with 9 additions and 0 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -801,6 +801,9 @@ void CheckBufferOverrun::checkScopeForBody(const Token *tok, const ArrayInfo &ar
 void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::string> &varname, const ArrayInfo &arrayInfo)
 {
    const MathLib::bigint size = arrayInfo.num(0);
+    if (size == 0)  // unknown size
+        return;
+
    const MathLib::bigint total_size = arrayInfo.element_size() * arrayInfo.num(0);
    unsigned int varid = arrayInfo.varid();

--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -624,6 +624,12 @@ private:
              "        f.str[i] = 0;\n"
              "}\n");
        ASSERT_EQUALS("[test.cpp:10]: (error) Buffer access out-of-bounds: f.str\n", errout.str());
+
+        check("struct AB { char a[NUM]; char b[NUM]; }\n"
+              "void f(struct AB *ab) {\n"
+              "    ab->a[0] = 0;\n"
+              "}");
+        ASSERT_EQUALS("", errout.str());
    }