From bd63534a1cb6c61857659316195a0160ab7558fb Mon Sep 17 00:00:00 2001 From: Paul Fultz II Date: Sun, 12 Jun 2022 00:16:28 -0500 Subject: [PATCH] Fix 10740: valueflow; conditional value. incremented value is oob. (#4208) --- lib/forwardanalyzer.cpp | 2 ++ test/testbufferoverrun.cpp | 15 +++++++++++++++ 2 files changed, 17 insertions(+) diff --git a/lib/forwardanalyzer.cpp b/lib/forwardanalyzer.cpp index 32d5d5e43..5bc852df3 100644 --- a/lib/forwardanalyzer.cpp +++ b/lib/forwardanalyzer.cpp @@ -580,6 +580,8 @@ struct ForwardTraversal { if (!scopeEndToken) return Break(); tok = skipTo(tok, scopeEndToken, end); + if (!precedes(tok, end)) + return Break(Analyzer::Terminate::Escape); if (!analyzer->lowerToPossible()) return Break(Analyzer::Terminate::Bail); // TODO: Don't break, instead move to the outer scope diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 0a7d07548..aee55054c 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -190,6 +190,7 @@ private: TEST_CASE(array_index_63); // #10979 TEST_CASE(array_index_64); // #10878 TEST_CASE(array_index_65); // #11066 + TEST_CASE(array_index_66); // #10740 TEST_CASE(array_index_multidim); TEST_CASE(array_index_switch_in_for); TEST_CASE(array_index_for_in_for); // FP: #2634 @@ -1835,6 +1836,20 @@ private: ASSERT_EQUALS("", errout.str()); } + void array_index_66() + { + check("void foo(int j) {\n" + " int offsets[256];\n" + " while (x) {\n" + " if (j >= 256) break;\n" + " offsets[++j] = -1;\n" + " }\n" + "}\n"); + ASSERT_EQUALS( + "[test.cpp:4] -> [test.cpp:5]: (warning) Either the condition 'j>=256' is redundant or the array 'offsets[256]' is accessed at index 256, which is out of bounds.\n", + errout.str()); + } + void array_index_multidim() { check("void f()\n" "{\n"