From e8c83613e4bcc95b7c3d91d5c71f4e2363a5cdf3 Mon Sep 17 00:00:00 2001
From: Slava Semushin <php-coder@altlinux.ru>
Date: Sun, 27 Sep 2009 22:50:59 +0700
Subject: [PATCH] Fixed #740 (False positive, buffer overrun with --all)

Regression since 07f41f4563fc138b527af6ce153433a661250020 commit.

http://sourceforge.net/apps/trac/cppcheck/ticket/740
---
 src/checkbufferoverrun.cpp |  2 +-
 test/testbufferoverrun.cpp | 15 +++++++++++++++
 2 files changed, 16 insertions(+), 1 deletion(-)

diff --git a/src/checkbufferoverrun.cpp b/src/checkbufferoverrun.cpp
index e40770fc7..3dba65926 100644
--- a/src/checkbufferoverrun.cpp
+++ b/src/checkbufferoverrun.cpp
@@ -264,7 +264,7 @@ void CheckBufferOverrun::checkScope(const Token *tok, const char *varname[], con
             // Get index variable and stopsize.
             const char *strindex = tok2->str().c_str();
             bool condition_out_of_bounds = true;
-            if (value < size)
+            if (value <= size)
                 condition_out_of_bounds = false;
 
             const Token *tok3 = tok2->tokAt(4);
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
index 6f460866c..84c6544e4 100644
--- a/test/testbufferoverrun.cpp
+++ b/test/testbufferoverrun.cpp
@@ -97,6 +97,7 @@ private:
         TEST_CASE(buffer_overrun_7);
         TEST_CASE(buffer_overrun_8);
         TEST_CASE(buffer_overrun_9);
+        TEST_CASE(buffer_overrun_10);
 
         TEST_CASE(sprintf1);
         TEST_CASE(sprintf2);
@@ -645,6 +646,20 @@ private:
         ASSERT_EQUALS("", errout.str());
     }
 
+    void buffer_overrun_10()
+    {
+        // ticket #740
+        check("void f()\n"
+              "{\n"
+              "    char a[4];\n"
+              "    for (int i = 0; i < 4; i++)\n"
+              "    {\n"
+              "        char b = a[i];\n"
+              "    }\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
 
     void sprintf1()
     {