Fixed #6344 (false positive: out of bounds access when array size is unknown)
This commit is contained in:
parent
f24e1b82cf
commit
a95e5bff2b
|
@ -568,6 +568,11 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
|
||||||
const std::size_t ri = indexes.size() - 1 - i;
|
const std::size_t ri = indexes.size() - 1 - i;
|
||||||
totalIndex += indexes[ri] * totalElements;
|
totalIndex += indexes[ri] * totalElements;
|
||||||
totalElements *= arrayInfo.num(ri);
|
totalElements *= arrayInfo.num(ri);
|
||||||
|
if (arrayInfo.num(ri) == -1) {
|
||||||
|
// unknown size
|
||||||
|
totalElements = 0;
|
||||||
|
break;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// totalElements == 0 => Unknown size
|
// totalElements == 0 => Unknown size
|
||||||
|
|
|
@ -3409,6 +3409,11 @@ private:
|
||||||
"}");
|
"}");
|
||||||
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'f.c[10]' accessed at index 10, which is out of bounds.\n", errout.str());
|
ASSERT_EQUALS("[test.cpp:5]: (error) Array 'f.c[10]' accessed at index 10, which is out of bounds.\n", errout.str());
|
||||||
|
|
||||||
|
check("static const size_t MAX_SIZE = UNAVAILABLE_TO_CPPCHECK;\n"
|
||||||
|
"struct Thing { char data[MAX_SIZE]; };\n"
|
||||||
|
"char f4(const Thing& t) { return !t.data[0]; }");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
check("void foo()\n"
|
check("void foo()\n"
|
||||||
"{\n"
|
"{\n"
|
||||||
"char * buf; buf = new char[8];\n"
|
"char * buf; buf = new char[8];\n"
|
||||||
|
|
Loading…
Reference in New Issue