Fix 11461: arrayIndexOutOfBounds false positive (danmar#4686)

pfultz2 · web-flow · commit 6020feb27140 · 2023-01-07T22:09:17.000+01:00
diff --git a/lib/valueflow.cpp b/lib/valueflow.cpp
@@ -9197,6 +9197,9 @@ static std::vector<ValueFlow::Value> isOutOfBoundsImpl(const ValueFlow::Value& s
         return {};
     if (size.bound == ValueFlow::Value::Bound::Lower)
         return {};
+    // Checking for underflow doesnt mean it could be out of bounds
+    if (indexValue->intvalue == 0)
+        return {};
     ValueFlow::Value value = inferCondition(">=", indexTok, indexValue->intvalue);
     if (!value.isKnown())
         return {};
diff --git a/test/testbufferoverrun.cpp b/test/testbufferoverrun.cpp
@@ -195,6 +195,7 @@ class TestBufferOverrun : public TestFixture {
         TEST_CASE(array_index_68); // #6655
         TEST_CASE(array_index_69); // #6370
         TEST_CASE(array_index_70); // #11355
+        TEST_CASE(array_index_71); // #11461
         TEST_CASE(array_index_multidim);
         TEST_CASE(array_index_switch_in_for);
         TEST_CASE(array_index_for_in_for);   // FP: #2634
@@ -1912,6 +1913,19 @@ class TestBufferOverrun : public TestFixture {
         ASSERT_EQUALS("[test.cpp:3]: (error) Array 'a[5]' accessed at index 5, which is out of bounds.\n", errout.str());
     }
 
+    // #11461
+    void array_index_71()
+    {
+        check("unsigned int f(unsigned int Idx) {\n"
+              "  if (Idx < 64)\n"
+              "    return 0;\n"
+              "  Idx -= 64;\n"
+              "  int arr[64] = { 0 };\n"
+              "  return arr[Idx];\n"
+              "}\n");
+        ASSERT_EQUALS("", errout.str());
+    }
+
     void array_index_multidim() {
         check("void f()\n"
               "{\n"
