Fixed #5416 (False positive: Array accessed at index, which is out of bounds.)
This commit is contained in:
parent
2048313915
commit
abe8439917
|
@ -1176,7 +1176,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
|
|||
for (int warn = 0; warn == 0 || warn == 1; ++warn) {
|
||||
std::vector<ValueFlow::Value> indexes;
|
||||
unsigned int valuevarid = 0;
|
||||
for (const Token *tok2 = tok->next(); Token::Match(tok2, "["); tok2 = tok2->link()->next()) {
|
||||
for (const Token *tok2 = tok->next(); indexes.size() < arrayInfo.num().size() && Token::Match(tok2, "["); tok2 = tok2->link()->next()) {
|
||||
if (!tok2->astOperand2()) {
|
||||
indexes.clear();
|
||||
break;
|
||||
|
|
|
@ -3520,8 +3520,8 @@ bool Tokenizer::simplifyTokenList2()
|
|||
}
|
||||
|
||||
for (Token *tok = list.front(); tok; tok = tok->next()) {
|
||||
if (!Token::Match(tok, "%num%|%var%") && !Token::Match(tok, "]|)") &&
|
||||
(Token::Match(tok->next(), "& %var% [ %num%|%var% ]"))) {
|
||||
if (!Token::Match(tok, "%num%|%var%|]|)") &&
|
||||
(Token::Match(tok->next(), "& %var% [ %num%|%var% ] !!["))) {
|
||||
tok = tok->next();
|
||||
|
||||
if (tok->next()->varId()) {
|
||||
|
@ -5018,7 +5018,7 @@ void Tokenizer::simplifyPointerToStandardType()
|
|||
return;
|
||||
|
||||
for (Token *tok = list.front(); tok; tok = tok->next()) {
|
||||
if (!Token::Match(tok, "& %var% [ 0 ]"))
|
||||
if (!Token::Match(tok, "& %var% [ 0 ] !!["))
|
||||
continue;
|
||||
|
||||
// Remove '[ 0 ]' suffix
|
||||
|
|
|
@ -2069,6 +2069,12 @@ private:
|
|||
" str[((unsigned char)3) - 1] = 0;\n"
|
||||
"}", false, "test.cpp", false);
|
||||
ASSERT_EQUALS("", errout.str());
|
||||
|
||||
check("void f() {\n" // #5416 FP
|
||||
" char *str[3];\n"
|
||||
" do_something(&str[0][5]);\n"
|
||||
"}", false, "test.cpp", false);
|
||||
ASSERT_EQUALS("", errout.str());
|
||||
}
|
||||
|
||||
void buffer_overrun_1_standard_functions() {
|
||||
|
|
Loading…
Reference in New Issue