walkero
/
cppcheck
1
0
Fork 0
Code Issues Pull Requests Projects Releases 1 Wiki Activity

Fix #1590 (False negative: Array index out of bounds: "0 <= i") 

http://sourceforge.net/apps/trac/cppcheck/ticket/1590
This commit is contained in:
Reijo Tomperi 2010-04-12 22:04:59 +03:00
parent cd859a59f2
commit d102369196
2 changed files with 8 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
lib/checkbufferoverrun.cpp
View File

@ -358,35 +358,35 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
else else
continue; continue;
int value = 0;
if (counter_varid == 0) if (counter_varid == 0)
continue; continue;
bool maxMinFlipped = false;
const Token *strindextoken = 0; const Token *strindextoken = 0;
if (Token::Match(tok2, "%varid% < %num% ;", counter_varid)) if (Token::Match(tok2, "%varid% < %num% ;", counter_varid))
{ {
value = MathLib::toLongNumber(tok2->strAt(2)); long value = MathLib::toLongNumber(tok2->strAt(2));
max_counter_value = MathLib::toString<long>(value - 1); max_counter_value = MathLib::toString<long>(value - 1);
strindextoken = tok2; strindextoken = tok2;
} }
else if (Token::Match(tok2, "%varid% <= %num% ;", counter_varid)) else if (Token::Match(tok2, "%varid% <= %num% ;", counter_varid))
{ {
value = MathLib::toLongNumber(tok2->strAt(2)) + 1;
max_counter_value = tok2->strAt(2); max_counter_value = tok2->strAt(2);
strindextoken = tok2; strindextoken = tok2;
} }
else if (Token::Match(tok2, " %num% < %varid% ;", counter_varid)) else if (Token::Match(tok2, " %num% < %varid% ;", counter_varid))
{ {
long value = MathLib::toLongNumber(tok2->str());
maxMinFlipped = true;
max_counter_value = min_counter_value; max_counter_value = min_counter_value;
min_counter_value = MathLib::toString<long>(value + 1); min_counter_value = MathLib::toString<long>(value + 1);
value = MathLib::toLongNumber(max_counter_value);
strindextoken = tok2->tokAt(2); strindextoken = tok2->tokAt(2);
} }
else if (Token::Match(tok2, "%num% <= %varid% ;", counter_varid)) else if (Token::Match(tok2, "%num% <= %varid% ;", counter_varid))
{ {
maxMinFlipped = true;
max_counter_value = min_counter_value; max_counter_value = min_counter_value;
min_counter_value = tok2->str(); min_counter_value = tok2->str();
value = MathLib::toLongNumber(max_counter_value);
strindextoken = tok2->tokAt(2); strindextoken = tok2->tokAt(2);
} }
else else
@ -397,7 +397,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
// Get index variable and stopsize. // Get index variable and stopsize.
const std::string strindex = strindextoken->str(); const std::string strindex = strindextoken->str();
bool condition_out_of_bounds = true; bool condition_out_of_bounds = true;
if (value <= size) if (MathLib::toLongNumber(max_counter_value) < size)
condition_out_of_bounds = false; condition_out_of_bounds = false;
const Token *tok3 = tok2->tokAt(4); const Token *tok3 = tok2->tokAt(4);
@ -465,7 +465,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const std::vector<std::str
} }
else if (Token::Match(tok3, "--| %varid% --| )", counter_varid)) else if (Token::Match(tok3, "--| %varid% --| )", counter_varid))
{ {
if (MathLib::toLongNumber(min_counter_value) < MathLib::toLongNumber(max_counter_value)) if (!maxMinFlipped && MathLib::toLongNumber(min_counter_value) < MathLib::toLongNumber(max_counter_value))
{ {
// Code relies on the fact that integer will overflow: // Code relies on the fact that integer will overflow:
// for (unsigned int i = 3; i < 5; --i) // for (unsigned int i = 3; i < 5; --i)

2
test/testbufferoverrun.cpp
View File

@ -872,7 +872,7 @@ private:
" for (int i = 3; 0 <= i; i--)\n" " for (int i = 3; 0 <= i; i--)\n"
" a[i] = i;\n" " a[i] = i;\n"
"}\n"); "}\n");
TODO_ASSERT_EQUALS("[test.cpp:5]: (error) Array 'a[3]' index 3 out of bounds\n", errout.str()); ASSERT_EQUALS("[test.cpp:5]: (error) Buffer access out-of-bounds\n", errout.str());
check("void f()\n" check("void f()\n"
"{\n" "{\n"