Buffer overrun : Use variable id if available in check of memset etc

CheckBufferOverrun.cpp

@@ -133,8 +133,24 @@ void CheckBufferOverrunClass::CheckBufferOverrun_CheckScope( const TOKEN *tok, c
         }
 
 
-        // memset, memcmp, memcpy, strncpy, fgets..
-        if (TOKEN::Match(tok,"memset|memcpy|memmove|memcmp|strncpy|fgets") )
+        // memset, memcmp, memcpy, strncpy, fgets..
+        if ( varid > 0 )
+        {
+            if ( TOKEN::Match(tok, "memset|memcpy|memmove|memcmp|strncpy|fgets") )
+            {
+                if ( TOKEN::Match( tok->next(), "( %varid% , %num% , %num% )", 0, 0, varid ) ||
+                     TOKEN::Match( tok->next(), "( %var% , %varid% , %num% )", 0, 0, varid ) )
+                {
+                    const char *num  = tok->strAt(6);
+                    if ( atoi(num) > total_size )
+                    {
+                        ReportError(tok, "Buffer overrun");
+                    }
+                }
+                continue;
+            }
+        }
+        else if (TOKEN::Match(tok,"memset|memcpy|memmove|memcmp|strncpy|fgets") )
         {
             if ( TOKEN::Match( tok->next(), "( %var1% , %num% , %num% )", varname ) ||
                  TOKEN::Match( tok->next(), "( %var% , %var1% , %num% )", varname ) )

testbufferoverrun.cpp

@@ -83,7 +83,8 @@ private:
         TEST_CASE( buffer_overrun_1 );
         TEST_CASE( buffer_overrun_2 );
 
-        TEST_CASE( varid1 );
+        TEST_CASE( varid1 );
+        TEST_CASE( varid2 );
     }
 
 
@@ -373,6 +374,21 @@ private:
         ASSERT_EQUALS( std::string(""), errout.str() );
     }
 
+
+    void varid2()
+    {
+        check( "void foo()\n"
+               "{\n"
+               "    char str[10];\n"
+               "    if (str[0])\n"
+               "    {\n"
+               "        char str[50];\n"
+               "        memset(str,0,50);\n"
+               "    }\n"
+               "}\n" );
+        ASSERT_EQUALS( std::string(""), errout.str() );
+    }
+
 
 };