checkIntegerOverflow: check all calculations, not only in function bodies

2017-09-19 14:43:48 +02:00 · 2017-09-19 14:43:48 +02:00 · cac7146cac
parent 6bc0df2908
commit cac7146cac
2 changed files with 20 additions and 22 deletions
--- a/lib/checktype.cpp
+++ b/lib/checktype.cpp
@ -145,32 +145,27 @@ void CheckType::checkIntegerOverflow()
    // max int value according to platform settings.
    const MathLib::bigint maxint = (1LL << (_settings->int_bit - 1)) - 1;

-    const SymbolDatabase *symbolDatabase = _tokenizer->getSymbolDatabase();
-    const std::size_t functions = symbolDatabase->functionScopes.size();
-    for (std::size_t i = 0; i < functions; ++i) {
-        const Scope * scope = symbolDatabase->functionScopes[i];
-        for (const Token* tok = scope->classStart->next(); tok != scope->classEnd; tok = tok->next()) {
-            if (!tok->isArithmeticalOp())
-                continue;
+    for (const Token *tok = _tokenizer->tokens(); tok; tok = tok->next()) {
+        if (!tok->isArithmeticalOp())
+            continue;

-            // is result signed integer?
-            const ValueType *vt = tok->valueType();
-            if (!vt || vt->type != ValueType::Type::INT || vt->sign != ValueType::Sign::SIGNED)
-                continue;
+        // is result signed integer?
+        const ValueType *vt = tok->valueType();
+        if (!vt || vt->type != ValueType::Type::INT || vt->sign != ValueType::Sign::SIGNED)
+            continue;

-            // is there a overflow result value
-            const ValueFlow::Value *value = tok->getValueGE(maxint + 1, _settings);
-            if (!value)
-                value = tok->getValueLE(-maxint - 2, _settings);
-            if (!value || !_settings->isEnabled(value,false))
-                continue;
+        // is there a overflow result value
+        const ValueFlow::Value *value = tok->getValueGE(maxint + 1, _settings);
+        if (!value)
+            value = tok->getValueLE(-maxint - 2, _settings);
+        if (!value || !_settings->isEnabled(value,false))
+            continue;

-            // For left shift, it's common practice to shift into the sign bit
-            if (tok->str() == "<<" && value->intvalue > 0 && value->intvalue < (1LL << _settings->int_bit))
-                continue;
+        // For left shift, it's common practice to shift into the sign bit
+        if (tok->str() == "<<" && value->intvalue > 0 && value->intvalue < (1LL << _settings->int_bit))
+            continue;

-            integerOverflowError(tok, *value);
-        }
+        integerOverflowError(tok, *value);
    }
 }

--- a/test/testtype.cpp
+++ b/test/testtype.cpp
@ -110,6 +110,9 @@ private:
        settings.platform(Settings::Unix32);
        settings.addEnabled("warning");

+        check("x = (int)0x10000 * (int)0x10000;", &settings);
+        ASSERT_EQUALS("[test.cpp:1]: (error) Signed integer overflow for expression '(int)65536*(int)65536'.\n", errout.str());
+
        check("void foo() {\n"
              "    int intmax = 0x7fffffff;\n"
              "    return intmax + 1;\n"