CheckBufferOverrun: Better handling of functions with variable arguments

lib/checkbufferoverrun.cpp

@@ -605,6 +605,10 @@ void CheckBufferOverrun::checkFunctionParameter(const Token &tok, unsigned int p
             if (!parameter || _tokenizer->sizeOfType(parameter->typeStartToken()) != arrayInfo.element_size())
                 return;
 
+            // Variable function arguments..
+            if (Token::simpleMatch(parameter->typeStartToken(), ". . ."))
+                return;
+
             // Check the parameter usage in the function scope..
             for (const Token* ftok = func->functionScope->classStart; ftok != func->functionScope->classEnd; ftok = ftok->next()) {
                 if (Token::Match(ftok, "if|for|while (")) {

test/testbufferoverrun.cpp

@@ -112,6 +112,7 @@ private:
         TEST_CASE(array_index_42);
         TEST_CASE(array_index_43); // struct with array
         TEST_CASE(array_index_44); // #3979
+        TEST_CASE(array_index_45); // #4207 - calling function with variable number of parameters (...)
         TEST_CASE(array_index_multidim);
         TEST_CASE(array_index_switch_in_for);
         TEST_CASE(array_index_for_in_for);   // FP: #2634
@@ -1452,6 +1453,18 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void array_index_45() { // #4207 - handling of function with variable number of parameters
+        check("void f(const char *format, ...) {\n"
+              "    va_args args;\n"
+              "    va_start(args, format);\n"
+              "}\n"
+              "void test() {\n"
+              "    CHAR buffer[1024];\n"
+              "    f(\"%s\", buffer);\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void array_index_multidim() {
         check("void f()\n"
               "{\n"