Fixed #2634 (False positive: buffer access out of bounds)

2011-03-08 19:49:56 +01:00 · 2011-03-08 19:49:56 +01:00 · bf2362d558
parent c34a129102
commit bf2362d558
2 changed files with 23 additions and 0 deletions
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@ -469,6 +469,15 @@ void CheckBufferOverrun::parse_for_body(const Token *tok2, const ArrayInfo &arra
        if (tok2->str() == "?")
            break;
        if (Token::simpleMatch(tok2, "for (") && Token::simpleMatch(tok2->next()->link(), ") {"))
        {
            const Token *endpar = tok2->next()->link();
            const Token *startbody = endpar->next();
            const Token *endbody = startbody->link();
            tok2 = endbody;
            continue;
        }
        if (Token::Match(tok2, "if|switch"))
        {
            if (bailoutIfSwitch(tok2, arrayInfo.varid))
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@ -108,6 +108,7 @@ private:
        TEST_CASE(array_index_32);
        TEST_CASE(array_index_multidim);
        TEST_CASE(array_index_switch_in_for);
        TEST_CASE(array_index_for_in_for);   // FP: #2634
        TEST_CASE(array_index_calculation);
        TEST_CASE(array_index_negative);
        TEST_CASE(array_index_for_decr);
@ -1189,6 +1190,19 @@ private:
        TODO_ASSERT_EQUALS("[test.cpp:12]: (error) Array index out of bounds\n", "", errout.str());
    }
    void array_index_for_in_for()
    {
        check("void f() {\n"
              "    int a[5];\n"
              "    for (int i = 0; i < 10; ++i) {\n"
              "        for (int j = i; j < 5; ++j) {\n"
              "            a[i] = 0;\n"
              "        }\n"
              "    }\n"
              "}\n");
        ASSERT_EQUALS("", errout.str());
    }
    void array_index_calculation()
    {
        // #1193 - false negative: array out of bounds in loop when there is calculation