From dc87659460edf128c21fc3e5bebb2ef4d6f2c733 Mon Sep 17 00:00:00 2001 From: Paul Date: Tue, 4 Apr 2023 16:53:16 -0500 Subject: [PATCH 1/2] Fix 11651: FP negativeIndex with for loop --- lib/valueflow.cpp | 6 ++++++ test/testbufferoverrun.cpp | 14 ++++++++++++++ 2 files changed, 20 insertions(+) diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp index 791c8b9bca6..6a4c0dd9bf6 100644 --- a/lib/valueflow.cpp +++ b/lib/valueflow.cpp @@ -7042,6 +7042,8 @@ static void valueFlowForLoop(TokenList *tokenlist, SymbolDatabase* symboldatabas for (const auto& p : mem1) { if (!p.second.isIntValue()) continue; + if (p.second.isImpossible()) + continue; if (p.first.tok->varId() == 0) continue; valueFlowForLoopSimplify(bodyStart, p.first.tok, false, p.second.intvalue, tokenlist, errorLogger, settings); @@ -7049,6 +7051,8 @@ static void valueFlowForLoop(TokenList *tokenlist, SymbolDatabase* symboldatabas for (const auto& p : mem2) { if (!p.second.isIntValue()) continue; + if (p.second.isImpossible()) + continue; if (p.first.tok->varId() == 0) continue; valueFlowForLoopSimplify(bodyStart, p.first.tok, false, p.second.intvalue, tokenlist, errorLogger, settings); @@ -7056,6 +7060,8 @@ static void valueFlowForLoop(TokenList *tokenlist, SymbolDatabase* symboldatabas for (const auto& p : memAfter) { if (!p.second.isIntValue()) continue; + if (p.second.isImpossible()) + continue; if (p.first.tok->varId() == 0) continue; valueFlowForLoopSimplifyAfter(tok, p.first.getExpressionId(), p.second.intvalue, tokenlist, settings); diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index d1c0faafd9f..2334fb2ad5e 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -197,6 +197,7 @@ class TestBufferOverrun : public TestFixture { TEST_CASE(array_index_negative5); // #10526 TEST_CASE(array_index_negative6); // #11349 TEST_CASE(array_index_negative7); // #5685 + TEST_CASE(array_index_negative8); // #11651 TEST_CASE(array_index_for_decr); TEST_CASE(array_index_varnames); // FP: struct member #1576, FN: #1586 TEST_CASE(array_index_for_continue); // for,continue @@ -2273,6 +2274,19 @@ class TestBufferOverrun : public TestFixture { ASSERT_EQUALS("[test.cpp:5]: (error) Array 'a[5]' accessed at index -9, which is out of bounds.\n", errout.str()); } + // #11651 + void array_index_negative8() + { + check("unsigned g(char*);\n" + "void f() {\n" + " char buf[10];\n" + " unsigned u = g(buf);\n" + " for (int i = u, j = sizeof(i); --i >= 0;)\n" + " char c = buf[i];\n" + "}\n"); + ASSERT_EQUALS("", errout.str()); + } + void array_index_for_decr() { check("void f()\n" "{\n" From 098233d5c4b50fd267d3eb6407796952c489690f Mon Sep 17 00:00:00 2001 From: Paul Date: Tue, 4 Apr 2023 16:54:21 -0500 Subject: [PATCH 2/2] Format --- test/testbufferoverrun.cpp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp index 2334fb2ad5e..28dab68e1a4 100644 --- a/test/testbufferoverrun.cpp +++ b/test/testbufferoverrun.cpp @@ -2278,12 +2278,12 @@ class TestBufferOverrun : public TestFixture { void array_index_negative8() { check("unsigned g(char*);\n" - "void f() {\n" - " char buf[10];\n" - " unsigned u = g(buf);\n" - " for (int i = u, j = sizeof(i); --i >= 0;)\n" - " char c = buf[i];\n" - "}\n"); + "void f() {\n" + " char buf[10];\n" + " unsigned u = g(buf);\n" + " for (int i = u, j = sizeof(i); --i >= 0;)\n" + " char c = buf[i];\n" + "}\n"); ASSERT_EQUALS("", errout.str()); }