Fix 11306: FP knownConditionTrueFalse with strlen() (#4477)

* Fix 11306: FP knownConditionTrueFalse with strlen() * Add another test
2022-09-18 01:29:10 -05:00 · 2022-09-18 01:29:10 -05:00 · d34de745c0
parent 8126d5c1a6
commit d34de745c0
2 changed files with 19 additions and 7 deletions
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@ -5223,16 +5223,11 @@ static void valueFlowSymbolicOperators(TokenList* tokenlist, SymbolDatabase* sym
                        continue;
                    if (value.intvalue != 0)
                        continue;
-                    if (value.bound == ValueFlow::Value::Bound::Upper)
-                        continue;
-                    if (value.isImpossible() && value.bound != ValueFlow::Value::Bound::Lower)
-                        continue;
-                    if (value.isKnown() && value.bound != ValueFlow::Value::Bound::Point)
-                        continue;
                    const Token* strlenTok = isStrlenOf(value.tokvalue, arrayTok);
                    if (!strlenTok)
                        continue;
                    ValueFlow::Value v = value;
+                    v.bound = ValueFlow::Value::Bound::Point;
                    v.valueType = ValueFlow::Value::ValueType::INT;
                    v.errorPath.emplace_back(strlenTok, "Return index of string to the first element that is 0");
                    setTokenValue(tok, v, tokenlist->getSettings());
@ -8865,7 +8860,7 @@ void ValueFlow::setValues(TokenList *tokenlist, SymbolDatabase* symboldatabase,

    std::size_t values = 0;
    std::size_t n = 4;
-    while (n > 0 && values < getTotalValues(tokenlist)) {
+    while (n > 0 && values != getTotalValues(tokenlist)) {
        values = getTotalValues(tokenlist);
        valueFlowImpossibleValues(tokenlist, settings);
        valueFlowSymbolicOperators(tokenlist, symboldatabase);
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@ -7585,6 +7585,23 @@ private:
               "    return 0;\n"
               "}\n";
        ASSERT_EQUALS(true, testValueOfXImpossible(code, 4U, 0));
+
+        code = "int f(char *s, size_t i) {\n"
+               "    if (i < strlen(s)) {\n"
+               "      int x = s[i] != ' ';\n"
+               "      return x;\n"
+               "    }\n"
+               "    return 0;\n"
+               "}\n";
+        ASSERT_EQUALS(false, testValueOfXKnown(code, 4U, 1));
+
+        code = "int f(char *s, size_t i) {\n"
+               "    if (i == strlen(s)) {}\n"
+               "    int x = s[i];\n"
+               "    return x;\n"
+               "}\n";
+        ASSERT_EQUALS(false, testValueOfXKnown(code, 4U, 0));
+        ASSERT_EQUALS(true, testValueOfX(code, 4U, 0));
    }

    void valueFlowSmartPointer()