chrchr-github
GitHub
parent
119ec0582a
commit
c05e2cc6c4
|
|
@ -1015,6 +1015,15 @@ void CheckBufferOverrun::objectIndex()
|
||||||
if (var->valueType()->pointer > obj->valueType()->pointer)
|
if (var->valueType()->pointer > obj->valueType()->pointer)
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
|
if (obj->valueType() && var->valueType() && (obj->isCast() || (mTokenizer->isCPP() && isCPPCast(obj)) || obj->valueType()->pointer)) { // allow cast to a different type
|
||||||
|
const auto varSize = var->valueType()->typeSize(*mSettings);
|
||||||
|
if (varSize == 0)
|
||||||
|
continue;
|
||||||
|
if (obj->valueType()->type != var->valueType()->type) {
|
||||||
|
if (ValueFlow::isOutOfBounds(makeSizeValue(varSize, v.path), idx).empty())
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
}
|
||||||
if (v.path != 0) {
|
if (v.path != 0) {
|
||||||
std::vector<ValueFlow::Value> idxValues;
|
std::vector<ValueFlow::Value> idxValues;
|
||||||
std::copy_if(idx->values().begin(),
|
std::copy_if(idx->values().begin(),
|
||||||
|
|
|
||||||
|
|
@ -4905,6 +4905,44 @@ private:
|
||||||
" f(&u, N);\n"
|
" f(&u, N);\n"
|
||||||
"}");
|
"}");
|
||||||
ASSERT_EQUALS("", errout.str());
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
check("uint32_t f(uint32_t u) {\n" // #10154
|
||||||
|
" return ((uint8_t*)&u)[3];\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
check("uint32_t f(uint32_t u) {\n"
|
||||||
|
" return ((uint8_t*)&u)[4];\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:2]: (error) The address of local variable 'u' is accessed at non-zero index.\n", errout.str());
|
||||||
|
|
||||||
|
check("uint32_t f(uint32_t u) {\n"
|
||||||
|
" return reinterpret_cast<unsigned char*>(&u)[3];\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
check("uint32_t f(uint32_t u) {\n"
|
||||||
|
" return reinterpret_cast<unsigned char*>(&u)[4];\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:2]: (error) The address of local variable 'u' is accessed at non-zero index.\n", errout.str());
|
||||||
|
|
||||||
|
check("uint32_t f(uint32_t u) {\n"
|
||||||
|
" uint8_t* p = (uint8_t*)&u;\n"
|
||||||
|
" return p[3];\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
|
|
||||||
|
check("uint32_t f(uint32_t u) {\n"
|
||||||
|
" uint8_t* p = (uint8_t*)&u;\n"
|
||||||
|
" return p[4];\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("[test.cpp:2] -> [test.cpp:3]: (error) The address of local variable 'u' is accessed at non-zero index.\n", errout.str());
|
||||||
|
|
||||||
|
check("uint32_t f(uint32_t* pu) {\n"
|
||||||
|
" uint8_t* p = (uint8_t*)pu;\n"
|
||||||
|
" return p[4];\n"
|
||||||
|
"}\n");
|
||||||
|
ASSERT_EQUALS("", errout.str());
|
||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue