From e782d98241b35313ed844f6aeba484166a09c36e Mon Sep 17 00:00:00 2001
From: Robert Reif <reif@earthlink.net>
Date: Sat, 3 Sep 2011 21:51:00 -0400
Subject: [PATCH] final fix for #3063 (false negative: multi dimensional arrays
 not well supported)

---
 lib/checkbufferoverrun.cpp | 39 ++++++++++++++++++++++++--------------
 test/testbufferoverrun.cpp | 28 ++++++++++++++++++++++++---
 2 files changed, 50 insertions(+), 17 deletions(-)

diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp
index 2a5d82577..5d4102ac8 100644
--- a/lib/checkbufferoverrun.cpp
+++ b/lib/checkbufferoverrun.cpp
@@ -1099,8 +1099,12 @@ void CheckBufferOverrun::checkScope(const Token *tok, const ArrayInfo &arrayInfo
             continue;
         }
 
-        else if (Token::Match(tok, "%varid% [ %num% ]", arrayInfo.varid()))
+        else if (Token::Match(tok, "%var% [ %num% ]") && tok->varId())
         {
+            const Variable *var = _tokenizer->getSymbolDatabase()->getVariableFromVarId(tok->varId());
+            if (!var || var->varId() != arrayInfo.varid())
+                continue;
+
             std::vector<MathLib::bigint> indexes;
             for (const Token *tok2 = tok->next(); Token::Match(tok2, "[ %num% ]"); tok2 = tok2->tokAt(3))
             {
@@ -1302,21 +1306,28 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
         {
             ArrayInfo arrayInfo(var, _tokenizer);
             const Token *tok = var->nameToken();
-            while (tok && tok->str() != ";")
+            if (var->scope() && var->scope()->isClassOrStruct())
             {
-                if (tok->str() == "{")
-                {
-                    if (Token::simpleMatch(tok->previous(), "= {"))
-                        tok = tok->link();
-                    else
-                        break;
-                }
-                tok = tok->next();
+                tok = var->scope()->classEnd->next();
+            }
+            else
+            {
+                while (tok && tok->str() != ";")
+                {
+                    if (tok->str() == "{")
+                    {
+                        if (Token::simpleMatch(tok->previous(), "= {"))
+                            tok = tok->link();
+                        else
+                            break;
+                    }
+                    tok = tok->next();
+                }
+                if (!tok)
+                    break;
+                if (tok->str() == "{")
+                    tok = tok->next();
             }
-            if (!tok)
-                break;
-            if (tok->str() == "{")
-                tok = tok->next();
             checkScope(tok, arrayInfo);
         }
     }
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 0487dc86e..6d5479e7c 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -1102,6 +1102,30 @@ private:
               "}\n");
         ASSERT_EQUALS("[test.cpp:3]: (error) Array 'y[2][2][2]' index y[0][2][0] out of bounds\n"
                       "[test.cpp:4]: (error) Array 'y[2][2][2]' index y[0][0][2] out of bounds\n", errout.str());
+
+        check("struct TEST\n"
+              "{\n"
+              "    char a[10];\n"
+              "    char b[10][5];\n"
+              "};\n"
+              "void foo()\n"
+              "{\n"
+              "    TEST test;\n"
+              "    test.a[10] = 3;\n"
+              "    test.b[10][2] = 4;\n"
+              "    test.b[0][19] = 4;\n"
+              "    TEST *ptest;\n"
+              "    ptest = &test;\n"
+              "    ptest->a[10] = 3;\n"
+              "    ptest->b[10][2] = 4;\n"
+              "    ptest->b[0][19] = 4;\n"
+              "}\n");
+        ASSERT_EQUALS("[test.cpp:10]: (error) Array 'b[10][5]' index b[10][2] out of bounds\n"
+                      "[test.cpp:11]: (error) Array 'b[10][5]' index b[0][19] out of bounds\n"
+                      "[test.cpp:15]: (error) Array 'b[10][5]' index b[10][2] out of bounds\n"
+                      "[test.cpp:16]: (error) Array 'b[10][5]' index b[0][19] out of bounds\n"
+                      "[test.cpp:9]: (error) Array 'a[10]' index 10 out of bounds\n"
+                      "[test.cpp:14]: (error) Array 'a[10]' index 10 out of bounds\n", errout.str());
     }
 
     void array_index_multidim()
@@ -1988,9 +2012,7 @@ private:
               "        b[i] = b[i+1];\n"
               "    }\n"
               "}\n");
-        TODO_ASSERT_EQUALS("error",    // wanted result
-                           "",         // current result
-                           errout.str());
+        ASSERT_EQUALS("[test.cpp:8]: (error) Array 'b[7]' index 7 out of bounds\n", errout.str());
     }
 
     void buffer_overrun_19() // #2597 - class member with unknown type