From f6b42633e83ee478f57388b5cc6539cd5e707d14 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= <daniel.marjamaki@gmail.com>
Date: Sat, 22 Feb 2014 17:58:48 +0100
Subject: [PATCH] Fixed #5434 (FP: Out-of-bounds access with ternary operator
 in loop)

---
 lib/valueflow.cpp      | 13 +++++++++++++
 test/testvalueflow.cpp |  9 +++++++++
 2 files changed, 22 insertions(+)

diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
index 1acaf0f9b..bdbd5d9c5 100644
--- a/lib/valueflow.cpp
+++ b/lib/valueflow.cpp
@@ -665,6 +665,19 @@ static void valueFlowForLoop(TokenList *tokenlist, ErrorLogger *errorLogger, con
 
         for (Token *tok2 = bodyStart->next(); tok2 != bodyEnd; tok2 = tok2->next()) {
             if (tok2->varId() == vartok->varId()) {
+                const Token * parent = tok2->astParent();
+                while (parent) {
+                    const Token * const p = parent;
+                    parent = parent->astParent();
+                    if (parent && parent->str() == "?" && parent->astOperand2() == p)
+                        break;
+                }
+                if (parent) {
+                    if (settings->debugwarnings)
+                        bailout(tokenlist, errorLogger, tok2, "For loop variable " + vartok->str() + " stopping on ?");
+                    continue;
+                }
+
                 ValueFlow::Value value1(num1);
                 value1.varId = tok2->varId();
                 setTokenValue(tok2, value1);
diff --git a/test/testvalueflow.cpp b/test/testvalueflow.cpp
index ba1122e69..db65c38e8 100644
--- a/test/testvalueflow.cpp
+++ b/test/testvalueflow.cpp
@@ -624,6 +624,15 @@ private:
         ASSERT_EQUALS(true, testValueOfX(code, 3U, 0));
         ASSERT_EQUALS(true, testValueOfX(code, 3U, 9));
         ASSERT_EQUALS(false, testValueOfX(code, 3U, 10));
+
+        code = "void f() {\n"
+               "    for (int x = 0; x < 10; x++)\n"
+               "        x<4 ?\n"
+               "        a[x] : 0;\n"
+               "}";
+        ASSERT_EQUALS(true, testValueOfX(code, 3U, 0));
+        ASSERT_EQUALS(true, testValueOfX(code, 3U, 9));
+        ASSERT_EQUALS(false, testValueOfX(code, 4U, 9));
     }
 
     void valueFlowSubFunction() {