Fixed #6344 (false positive: out of bounds access when array size is unknown)

This commit is contained in:
Daniel Marjamäki 2014-12-20 18:50:08 +01:00
parent f24e1b82cf
commit a95e5bff2b
2 changed files with 10 additions and 0 deletions

View File

@ -568,6 +568,11 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
const std::size_t ri = indexes.size() - 1 - i; const std::size_t ri = indexes.size() - 1 - i;
totalIndex += indexes[ri] * totalElements; totalIndex += indexes[ri] * totalElements;
totalElements *= arrayInfo.num(ri); totalElements *= arrayInfo.num(ri);
if (arrayInfo.num(ri) == -1) {
// unknown size
totalElements = 0;
break;
}
} }
// totalElements == 0 => Unknown size // totalElements == 0 => Unknown size

View File

@ -3409,6 +3409,11 @@ private:
"}"); "}");
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'f.c[10]' accessed at index 10, which is out of bounds.\n", errout.str()); ASSERT_EQUALS("[test.cpp:5]: (error) Array 'f.c[10]' accessed at index 10, which is out of bounds.\n", errout.str());
check("static const size_t MAX_SIZE = UNAVAILABLE_TO_CPPCHECK;\n"
"struct Thing { char data[MAX_SIZE]; };\n"
"char f4(const Thing& t) { return !t.data[0]; }");
ASSERT_EQUALS("", errout.str());
check("void foo()\n" check("void foo()\n"
"{\n" "{\n"
"char * buf; buf = new char[8];\n" "char * buf; buf = new char[8];\n"