From a2ee32695fac4fd8303dcd29e1432730464934d9 Mon Sep 17 00:00:00 2001 From: Paul Fultz II Date: Sun, 25 Jun 2023 13:38:44 -0500 Subject: [PATCH] Fix 11530: FP arrayIndexOutOfBounds with array of functions (#5191) --- lib/forwardanalyzer.cpp | 5 +++-- test/testbufferoverrun.cpp | 12 ++++++++++++ 2 files changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/forwardanalyzer.cpp b/lib/forwardanalyzer.cpp index 4fc0b8765..dc31c76b3 100644 --- a/lib/forwardanalyzer.cpp +++ b/lib/forwardanalyzer.cpp @@ -796,14 +796,15 @@ struct ForwardTraversal { return Break(); return Break(); } else if (Token* callTok = callExpr(tok)) { + // TODO: Dont traverse tokens a second time + if (start != callTok && tok != callTok && updateRecursive(callTok->astOperand1()) == Progress::Break) + return Break(); // Since the call could be an unknown macro, traverse the tokens as a range instead of recursively if (!Token::simpleMatch(callTok, "( )") && updateRange(callTok->next(), callTok->link(), depth - 1) == Progress::Break) return Break(); if (updateTok(callTok) == Progress::Break) return Break(); - if (start != callTok && updateRecursive(callTok->astOperand1()) == Progress::Break) - return Break(); tok = callTok->link(); if (!tok) return Break(); diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 1da579d0d..8f250ffa1 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -175,6 +175,7 @@ private: TEST_CASE(array_index_70); // #11355 TEST_CASE(array_index_71); // #11461 TEST_CASE(array_index_72); // #11784 + TEST_CASE(array_index_73); // #11530 TEST_CASE(array_index_multidim); TEST_CASE(array_index_switch_in_for); TEST_CASE(array_index_for_in_for); // FP: #2634 @@ -1940,6 +1941,17 @@ private: ASSERT_EQUALS("", errout.str()); } + // #11530 + void array_index_73() + { + check("void f() {\n" + " int k = 0;\n" + " std::function a[1] = {};\n" + " a[k++](0);\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } + void array_index_multidim() { check("void f()\n" "{\n"