Fixed #5416 (False positive: Array accessed at index, which is out of bounds.)

This commit is contained in:
Daniel Marjamäki 2014-01-28 16:55:10 +01:00
parent 2048313915
commit abe8439917
3 changed files with 10 additions and 4 deletions

View File

@ -1176,7 +1176,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
for (int warn = 0; warn == 0 || warn == 1; ++warn) {
std::vector<ValueFlow::Value> indexes;
unsigned int valuevarid = 0;
for (const Token *tok2 = tok->next(); Token::Match(tok2, "["); tok2 = tok2->link()->next()) {
for (const Token *tok2 = tok->next(); indexes.size() < arrayInfo.num().size() && Token::Match(tok2, "["); tok2 = tok2->link()->next()) {
if (!tok2->astOperand2()) {
indexes.clear();
break;

View File

@ -3520,8 +3520,8 @@ bool Tokenizer::simplifyTokenList2()
}
for (Token *tok = list.front(); tok; tok = tok->next()) {
if (!Token::Match(tok, "%num%|%var%") && !Token::Match(tok, "]|)") &&
(Token::Match(tok->next(), "& %var% [ %num%|%var% ]"))) {
if (!Token::Match(tok, "%num%|%var%|]|)") &&
(Token::Match(tok->next(), "& %var% [ %num%|%var% ] !!["))) {
tok = tok->next();
if (tok->next()->varId()) {
@ -5018,7 +5018,7 @@ void Tokenizer::simplifyPointerToStandardType()
return;
for (Token *tok = list.front(); tok; tok = tok->next()) {
if (!Token::Match(tok, "& %var% [ 0 ]"))
if (!Token::Match(tok, "& %var% [ 0 ] !!["))
continue;
// Remove '[ 0 ]' suffix

View File

@ -2069,6 +2069,12 @@ private:
" str[((unsigned char)3) - 1] = 0;\n"
"}", false, "test.cpp", false);
ASSERT_EQUALS("", errout.str());
check("void f() {\n" // #5416 FP
" char *str[3];\n"
" do_something(&str[0][5]);\n"
"}", false, "test.cpp", false);
ASSERT_EQUALS("", errout.str());
}
void buffer_overrun_1_standard_functions() {