From a95e5bff2b5ffc2e8355f3f6b970495d3289e27d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <daniel.marjamaki@gmail.com>
Date: Sat, 20 Dec 2014 18:50:08 +0100
Subject: [PATCH] Fixed #6344 (false positive: out of bounds access when array
 size is unknown)

---
 lib/checkbufferoverrun.cpp | 5 +++++
 test/testbufferoverrun.cpp | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index 08fb69c7e..269af706c 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -568,6 +568,11 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
                     const std::size_t ri = indexes.size() - 1 - i;
                     totalIndex += indexes[ri] * totalElements;
                     totalElements *= arrayInfo.num(ri);
+                    if (arrayInfo.num(ri) == -1) {
+                        // unknown size
+                        totalElements = 0;
+                        break;
+                    }
                 }
 
                 // totalElements == 0 => Unknown size
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index a20a4349f..a7bfc9c0a 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -3409,6 +3409,11 @@ private:
               "}");
         ASSERT_EQUALS("[test.cpp:5]: (error) Array 'f.c[10]' accessed at index 10, which is out of bounds.\n", errout.str());
 
+        check("static const size_t MAX_SIZE = UNAVAILABLE_TO_CPPCHECK;\n"
+              "struct Thing { char data[MAX_SIZE]; };\n"
+              "char f4(const Thing& t) { return !t.data[0]; }");
+        ASSERT_EQUALS("", errout.str());
+
         check("void foo()\n"
               "{\n"
               "char * buf; buf = new char[8];\n"