diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index f304d1890..7ca09cef8 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -216,7 +216,7 @@ static bool getDimensionsEtc(const Token * const arrayToken, const Settings *set Dimension dim; dim.known = value->isKnown(); dim.tok = nullptr; - const int typeSize = array->valueType()->typeSize(*settings); + const int typeSize = array->valueType()->typeSize(*settings, array->valueType()->pointer > 1); if (typeSize == 0) return false; dim.num = value->intvalue / typeSize; diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index a14736433..49db805e4 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -3449,6 +3449,20 @@ private: " cache[i][0xFFFF] = 0;\n" "}"); ASSERT_EQUALS("", errout.str()); + + check("void f() {\n" + " int **a = malloc(2 * sizeof(int*));\n" + " for (int i = 0; i < 3; i++)\n" + " a[i] = NULL;\n" + "}"); + ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (error) Array 'a[2]' accessed at index 2, which is out of bounds.\n", errout.str()); + + check("void f() {\n" + " int **a = new int*[2];\n" + " for (int i = 0; i < 3; i++)\n" + " a[i] = NULL;\n" + "}"); + TODO_ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (error) Array 'a[2]' accessed at index 2, which is out of bounds.\n", "", errout.str()); } // statically allocated buffer