Fix 10740: valueflow; conditional value. incremented value is oob. (#4208)

2022-06-12 00:16:28 -05:00 · 2022-06-12 00:16:28 -05:00 · bd63534a1c
parent cee48e5e19
commit bd63534a1c
2 changed files with 17 additions and 0 deletions
--- a/lib/forwardanalyzer.cpp
+++ b/lib/forwardanalyzer.cpp
@ -580,6 +580,8 @@ struct ForwardTraversal {
                if (!scopeEndToken)
                    return Break();
                tok = skipTo(tok, scopeEndToken, end);
+                if (!precedes(tok, end))
+                    return Break(Analyzer::Terminate::Escape);
                if (!analyzer->lowerToPossible())
                    return Break(Analyzer::Terminate::Bail);
                // TODO: Don't break, instead move to the outer scope
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -190,6 +190,7 @@ private:
        TEST_CASE(array_index_63); // #10979
        TEST_CASE(array_index_64); // #10878
        TEST_CASE(array_index_65); // #11066
+        TEST_CASE(array_index_66); // #10740
        TEST_CASE(array_index_multidim);
        TEST_CASE(array_index_switch_in_for);
        TEST_CASE(array_index_for_in_for);   // FP: #2634
@ -1835,6 +1836,20 @@ private:
        ASSERT_EQUALS("", errout.str());
    }

+    void array_index_66()
+    {
+        check("void foo(int j) {\n"
+              "    int offsets[256];\n"
+              "    while (x) {\n"
+              "        if (j >= 256) break;\n"
+              "        offsets[++j] = -1;\n"
+              "    }\n"
+              "}\n");
+        ASSERT_EQUALS(
+            "[test.cpp:4] -> [test.cpp:5]: (warning) Either the condition 'j>=256' is redundant or the array 'offsets[256]' is accessed at index 256, which is out of bounds.\n",
+            errout.str());
+    }
+
    void array_index_multidim() {
        check("void f()\n"
              "{\n"