Skip to content

Commit 6eab3cb

Browse files
chrchr-githubchrchr-github
authored
Fix #9788 ctu: false negative array index out of bounds for array arguments (cppcheck-opensource#4277)
1 parent 49117f5 commit 6eab3cb

2 files changed

Lines changed: 13 additions & 1 deletion

File tree

lib/ctu.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -439,7 +439,7 @@ static std::list<std::pair<const Token *, MathLib::bigint>> getUnsafeFunction(co
439439
{
440440
std::list<std::pair<const Token *, MathLib::bigint>> ret;
441441
const Variable * const argvar = scope->function->getArgumentVar(argnr);
442-
if (!argvar->isPointer() && !argvar->isReference())
442+
if (!argvar->isArrayOrPointer() && !argvar->isReference())
443443
return ret;
444444
for (const Token *tok2 = scope->bodyStart; tok2 != scope->bodyEnd; tok2 = tok2->next()) {
445445
if (Token::Match(tok2, ")|else {")) {

test/testbufferoverrun.cpp

Lines changed: 12 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -5058,6 +5058,18 @@ class TestBufferOverrun : public TestFixture {
50585058
" get_mac_address(macstrbuf);\n"
50595059
"}");
50605060
ASSERT_EQUALS("", errout.str());
5061+
5062+
// #9788
5063+
ctu("void f1(char *s) { s[2] = 'B'; }\n"
5064+
"void f2(char s[]) { s[2] = 'B'; }\n"
5065+
"void g() {\n"
5066+
" char str[2];\n"
5067+
" f1(str);\n"
5068+
" f2(str);\n"
5069+
"}\n");
5070+
ASSERT_EQUALS("[test.cpp:5] -> [test.cpp:1]: (error) Array index out of bounds; 's' buffer size is 2 and it is accessed at offset 2.\n"
5071+
"[test.cpp:6] -> [test.cpp:2]: (error) Array index out of bounds; 's' buffer size is 2 and it is accessed at offset 2.\n",
5072+
errout.str());
50615073
}
50625074

50635075
void ctu_variable() {

0 commit comments

Comments
 (0)