From 98e22f6162f2ea49e988f0b5f751584cb2bb1b89 Mon Sep 17 00:00:00 2001 From: Paul Fultz II Date: Mon, 6 Sep 2021 00:15:24 -0500 Subject: [PATCH] Fix 10413: FP arrayIndexOutOfBoundsCond after check (#3446) --- lib/valueflow.cpp | 4 ++++ test/testbufferoverrun.cpp | 13 +++++++++++++ 2 files changed, 17 insertions(+) diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp index e0a79627a..1f5047a6f 100644 --- a/lib/valueflow.cpp +++ b/lib/valueflow.cpp @@ -7711,6 +7711,10 @@ static std::vector isOutOfBoundsImpl(const ValueFlow::Value& s // TODO: Use a better way to decide if the variable in unconstrained if (!indexTok->variable() || !indexTok->variable()->isArgument()) return {}; + if (std::any_of(indexTok->values().begin(), indexTok->values().end(), [&](const ValueFlow::Value& v) { + return v.isSymbolicValue() && v.isPossible() && v.bound == ValueFlow::Value::Bound::Upper; + })) + return {}; if (indexValue->bound != ValueFlow::Value::Bound::Lower) return {}; if (size.bound == ValueFlow::Value::Bound::Lower) diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index b314af3aa..d3355d648 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -135,6 +135,7 @@ private: TEST_CASE(array_index_56); // #10284 TEST_CASE(array_index_57); // #10023 TEST_CASE(array_index_58); // #7524 + TEST_CASE(array_index_59); // #10413 TEST_CASE(array_index_multidim); TEST_CASE(array_index_switch_in_for); TEST_CASE(array_index_for_in_for); // FP: #2634 @@ -1652,6 +1653,18 @@ private: errout.str()); } + void array_index_59() + { + check("long f(long b) {\n" + " const long a[] = { 0, 1, };\n" + " const long c = std::size(a);\n" + " if (b < 0 || b >= c)\n" + " return 0;\n" + " return a[b];\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } + void array_index_multidim() { check("void f()\n" "{\n"