From ea60c5b14b65872b38643d02e3c59cb7a13c80e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Sun, 5 May 2013 08:14:19 +0200 Subject: [PATCH] CheckBufferOverrun: Code cleanup --- lib/checkbufferoverrun.cpp | 44 ++++++++++++++++---------------------- test/testbufferoverrun.cpp | 4 ++-- 2 files changed, 20 insertions(+), 28 deletions(-) diff --git a/lib/checkbufferoverrun.cpp b/lib/checkbufferoverrun.cpp index 83f8a49b5..3dc6a3ba3 100644 --- a/lib/checkbufferoverrun.cpp +++ b/lib/checkbufferoverrun.cpp @@ -859,37 +859,29 @@ void CheckBufferOverrun::arrayIndexInForLoop(const Token *tok, const ArrayInfo & bool maxMinFlipped = false; std::string min_counter_value = counter_init_value; std::string max_counter_value; - MathLib::bigint max_value = MathLib::toLongNumber(max_counter_value); - for_condition(tok3, counter_varid, min_counter_value, max_counter_value, maxMinFlipped); - while (tok3 && tok3->str() != ";") { + if (!for_condition(tok3, counter_varid, min_counter_value, max_counter_value, maxMinFlipped)) + return; + + const MathLib::bigint max_value = MathLib::toLongNumber(max_counter_value); + + // Skip condition + while (tok3 && tok3->str() != ";") tok3 = tok3->next(); - } - for (const Token* tok2 = tok; tok2; tok2 = tok2->next()) { - if (Token::Match(tok2, "%var% < %num%")) { - max_value = MathLib::toLongNumber(tok2->strAt(2)); - max_value = max_value - 1; + if (max_value > size && Token::simpleMatch(tok3, "; ) {")) { + const Token * const endToken = tok3->linkAt(2); + const Token *useToken = NULL; + bool incrementInLoop = false; + for (const Token *loopTok = tok3->tokAt(3); loopTok != endToken; loopTok = loopTok->next()) { + if (Token::Match(loopTok, "%varid% [ %var% ++| ]", arrayInfo.varid()) && loopTok->tokAt(2)->varId() == counter_varid) + useToken = loopTok; + if (Token::Match(loopTok, "%varid% ++", counter_varid)) + incrementInLoop = true; } - } - if (max_value > size) { - if (tok3 && tok3->strAt(1) == ")") { - bool usedInArray = false; - for (const Token *loopTok = tok3->tokAt(2); loopTok->str() != "}" ; loopTok = loopTok->next()) { - if (loopTok->varId() == arrayInfo.varid() && loopTok->tokAt(2)->varId() == counter_varid) - usedInArray = true; - } - - for (const Token *loopTok = tok3->tokAt(2); loopTok->str() != "}" ; loopTok = loopTok->next()) { - if (usedInArray && (counter_varid == loopTok->varId())) { - if (loopTok->strAt(1) == "++" || - (loopTok->previous()->type() == Token::eIncDecOp)) { - bufferOverrunError(tok, arrayInfo.varname()); - } - } - } - } + if ((useToken != NULL) && incrementInLoop) + bufferOverrunError(useToken, arrayInfo.varname()); } } diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index f8bf64309..0c643cc87 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -2569,7 +2569,7 @@ private: " x += array[i];\n" " i++; }\n" "}"); - ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: array\n", errout.str()); + ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds: array\n", errout.str()); check("void main() {\n" " int array[] = {1,2};\n" @@ -2588,7 +2588,7 @@ private: " }\n" "}"); - ASSERT_EQUALS("[test.cpp:4]: (error) Buffer is accessed out of bounds: array\n", errout.str()); + ASSERT_EQUALS("[test.cpp:5]: (error) Buffer is accessed out of bounds: array\n", errout.str()); } void buffer_overrun_26() { // ticket #4432 (segmentation fault)