Fixed #7113 (False positive arrayIndexOutOfBounds - using pointer alias with cast)

This commit is contained in:
Daniel Marjamäki 2015-11-08 17:21:32 +01:00
parent 5318970f1e
commit ef5be435c7
2 changed files with 16 additions and 1 deletions

View File

@ -25,6 +25,7 @@
#include "tokenize.h" #include "tokenize.h"
#include "mathlib.h" #include "mathlib.h"
#include "symboldatabase.h" #include "symboldatabase.h"
#include "astutils.h"
#include <algorithm> #include <algorithm>
#include <sstream> #include <sstream>
@ -1083,6 +1084,9 @@ void CheckBufferOverrun::checkGlobalAndLocalVariable()
continue; continue;
const Variable *var = it->tokvalue->variable(); const Variable *var = it->tokvalue->variable();
if (var && var->isArray()) { if (var && var->isArray()) {
if (astCanonicalType(tok) != astCanonicalType(it->tokvalue))
continue;
const ArrayInfo arrayInfo(var, _tokenizer, &_settings->library); const ArrayInfo arrayInfo(var, _tokenizer, &_settings->library);
const MathLib::bigint elements = arrayInfo.numberOfElements(); const MathLib::bigint elements = arrayInfo.numberOfElements();
if (elements <= 0) // unknown size if (elements <= 0) // unknown size

View File

@ -141,6 +141,7 @@ private:
TEST_CASE(array_index_string_literal); TEST_CASE(array_index_string_literal);
TEST_CASE(array_index_same_struct_and_var_name); // #4751 - not handled well when struct name and var name is same TEST_CASE(array_index_same_struct_and_var_name); // #4751 - not handled well when struct name and var name is same
TEST_CASE(array_index_valueflow); TEST_CASE(array_index_valueflow);
TEST_CASE(array_index_valueflow_pointer);
TEST_CASE(array_index_function_parameter); TEST_CASE(array_index_function_parameter);
TEST_CASE(buffer_overrun_2_struct); TEST_CASE(buffer_overrun_2_struct);
@ -2059,6 +2060,9 @@ private:
"const int X::x[100] = {0}; }", false, "test.cpp"); "const int X::x[100] = {0}; }", false, "test.cpp");
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
}
void array_index_valueflow_pointer() {
check("void f() {\n" check("void f() {\n"
" int a[10];\n" " int a[10];\n"
" int *p = a;\n" " int *p = a;\n"
@ -2067,11 +2071,18 @@ private:
ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (error) Array 'a[10]' accessed at index 20, which is out of bounds.\n", errout.str()); ASSERT_EQUALS("[test.cpp:3] -> [test.cpp:4]: (error) Array 'a[10]' accessed at index 20, which is out of bounds.\n", errout.str());
check("void f() {\n" check("void f() {\n"
" int a[X];\n" " int a[X];\n" // unknown size
" int *p = a;\n" " int *p = a;\n"
" p[20] = 0;\n" " p[20] = 0;\n"
"}"); "}");
ASSERT_EQUALS("", errout.str()); ASSERT_EQUALS("", errout.str());
check("void f() {\n"
" int a[2];\n"
" char *p = (char *)a;\n" // cast
" p[4] = 0;\n"
"}");
ASSERT_EQUALS("", errout.str());
} }
void array_index_function_parameter() { void array_index_function_parameter() {